Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make avatar lookup occur at image request #10540

Merged
merged 17 commits into from
Mar 27, 2020
Merged

make avatar lookup occur at image request #10540

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
c185a23
make avatar lookup occur at image request
zeripath Feb 28, 2020
bdcf287
Protect against evil email address ".."
zeripath Feb 29, 2020
9914e80
Fix tests
zeripath Feb 29, 2020
933320f
fix tests again
zeripath Feb 29, 2020
7609009
Obfuscate the email address in base64
zeripath Feb 29, 2020
58593d4
hash the complete email address
zeripath Mar 5, 2020
b4d479f
Merge branch 'master' into make-avatar-lookup-image
zeripath Mar 5, 2020
57339c0
Move to use a (potentially cached) db entry for emails
zeripath Mar 7, 2020
c6cca50
As per @lafriks and @guillep2k
zeripath Mar 8, 2020
08cf870
fix unit-tests
zeripath Mar 8, 2020
1e6efeb
Update models/avatar.go
zeripath Mar 8, 2020
2945e0b
Merge branch 'master' into make-avatar-lookup-image
zeripath Mar 9, 2020
d32222b
Merge branch 'master' into make-avatar-lookup-image
zeripath Mar 9, 2020
bb85931
Merge branch 'master' into make-avatar-lookup-image
zeripath Mar 22, 2020
c8fab76
Merge branch 'master' into make-avatar-lookup-image
zeripath Mar 26, 2020
4c09604
Merge branch 'master' into make-avatar-lookup-image
zeripath Mar 27, 2020
b5365ba
Add migration to create the EmailHash table
zeripath Mar 27, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
hash the complete email address
  • Loading branch information
@zeripath
zeripath committed Mar 5, 2020
commit 58593d4ca178dc061ea710e36cf823f0e0b9c94e
44 changes: 43 additions & 1 deletion modules/base/tool.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -207,11 +207,53 @@ func SizedAvatarLink(email string, size int) string {
return avatarURL.String()
}

// SizedAvatarLinkWithDomain returns a sized link to the avatar for the given email
// address.
func SizedAvatarLinkWithDomain(emailHash, domain string, size int) string {
var avatarURL *url.URL
if setting.EnableFederatedAvatar && setting.LibravatarService != nil {
var err error
avatarURL, err = libravatarURL("ignoreme@" + domain)
if err != nil {
return DefaultAvatarLink()
}
// now we replace the hash with the correct one...
avatarPath := avatarURL.EscapedPath()
lastSlash := strings.LastIndexByte(avatarPath, '/')
avatarURL.Path = avatarPath[:lastSlash+1] + emailHash
} else if !setting.DisableGravatar {
// copy GravatarSourceURL, because we will modify its Path.
copyOfGravatarSourceURL := *setting.GravatarSourceURL
avatarURL = &copyOfGravatarSourceURL
avatarURL.Path = path.Join(avatarURL.Path, emailHash)
} else {
return DefaultAvatarLink()
}

vals := avatarURL.Query()
vals.Set("d", "identicon")
if size != DefaultAvatarSize {
vals.Set("s", strconv.Itoa(size))
}
avatarURL.RawQuery = vals.Encode()
return avatarURL.String()
}

// AvatarLink returns relative avatar link to the site domain by given email,
// which includes app sub-url as prefix. However, it is possible
// to return full URL if user enables Gravatar-like service.
func AvatarLink(email string) string {
return setting.AppSubURL + "/avatar/" + base64.RawURLEncoding.EncodeToString([]byte(email))
lowerEmail := strings.ToLower(strings.TrimSpace(email))
sum := fmt.Sprintf("%x", md5.Sum([]byte(lowerEmail)))
index := strings.IndexByte(email, '@')
domain := ""
if index >= 0 {
domain = email[index+1:]
}
if len(domain) == 0 {
domain = "cdn.libravatar.org"
}
return setting.AppSubURL + "/avatar/" + url.PathEscape(domain) + "/" + url.PathEscape(sum)
}

// FileSize calculates the file size and generate user-friendly string.
Expand Down
7 changes: 4 additions & 3 deletions modules/base/tool_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
package base

import (
"encoding/base64"
"crypto/md5"
"fmt"
"net/url"
"testing"

Expand Down Expand Up @@ -93,11 +94,11 @@ func TestSizedAvatarLink(t *testing.T) {

func TestAvatarLink(t *testing.T) {
disableGravatar()
assert.Equal(t, "/avatar/"+base64.RawURLEncoding.EncodeToString([]byte("[email protected]")), AvatarLink("[email protected]"))
assert.Equal(t, "/avatar/example.com/"+fmt.Sprintf("%x", md5.Sum([]byte("[email protected]"))), AvatarLink("[email protected]"))

enableGravatar(t)
assert.Equal(t,
"/avatar/"+base64.RawURLEncoding.EncodeToString([]byte("[email protected]")),
"/avatar/example.com/"+fmt.Sprintf("%x", md5.Sum([]byte("[email protected]"))),
AvatarLink("[email protected]"),
)
}
Expand Down
5 changes: 3 additions & 2 deletions modules/repository/commits_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@ package repository

import (
"container/list"
"encoding/base64"
"crypto/md5"
"fmt"
"testing"
"time"

Expand Down Expand Up @@ -115,7 +116,7 @@ func TestPushCommits_AvatarLink(t *testing.T) {
pushCommits.AvatarLink("[email protected]"))

assert.Equal(t,
"/avatar/"+base64.RawURLEncoding.EncodeToString([]byte("[email protected]")),
"/avatar/example.com/"+fmt.Sprintf("%x", md5.Sum([]byte("[email protected]"))),
pushCommits.AvatarLink("[email protected]"))
}

Expand Down
2 changes: 1 addition & 1 deletion routers/routes/routes.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -417,7 +417,7 @@ func RegisterRoutes(m *macaron.Macaron) {
})
// ***** END: User *****

m.Get("/avatar/:email", user.AvatarByEmail)
m.Get("/avatar/:domain/:hash", user.AvatarByEmail)

adminReq := context.Toggle(&context.ToggleOptions{SignInRequired: true, AdminRequired: true})

Expand Down
14 changes: 4 additions & 10 deletions routers/user/avatar.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@
package user

import (
"encoding/base64"
"errors"
"strconv"
"strings"
Expand Down Expand Up @@ -47,20 +46,15 @@ func Avatar(ctx *context.Context) {

// AvatarByEmail redirects the browser to the appropriate Avatar link
func AvatarByEmail(ctx *context.Context) {
zeripath marked this conversation as resolved.
Show resolved Hide resolved
email := ctx.Params(":email")
addr, err := base64.RawURLEncoding.DecodeString(email)
email = string(addr)
if err != nil {
ctx.ServerError("invalid email address", err)
return
} else if email == "" {
domain := ctx.Params(":domain")
hash := ctx.Params(":hash")
if len(domain) == 0 || len(hash) == 0 {
ctx.ServerError("invalid email address", errors.New("email cannot be empty"))
return
}
size := ctx.QueryInt("size")
if size == 0 {
size = base.DefaultAvatarSize
}

ctx.Redirect(base.SizedAvatarLink(email, size))
ctx.Redirect(base.SizedAvatarLinkWithDomain(hash, domain, size))
}