discourse/app/controllers/user_avatars_controller.rb

require_dependency 'letter_avatar'

class UserAvatarsController < ApplicationController
  DOT = Base64.decode64("R0lGODlhAQABALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD//wBiZCH5BAEAAA8ALAAAAAABAAEAAAQC8EUAOw==")

  skip_before_filter :check_xhr, :verify_authenticity_token, only: :show

  def refresh_gravatar

    user = User.find_by(username_lower: params[:username].downcase)
    guardian.ensure_can_edit!(user)

    if user
      user.create_user_avatar(user_id: user.id) unless user.user_avatar
      user.user_avatar.update_gravatar!

      render json: {upload_id: user.user_avatar.gravatar_upload_id}
    else
      raise Discourse::NotFound
    end
  end


  def show
    username = params[:username].to_s
    return render_dot unless user = User.find_by(username_lower: username.downcase)

    size = params[:size].to_i
    if size > 1000 || size < 1
      return render_dot
    end

    image = nil
    version = params[:version].to_i

    return render_dot unless version > 0 && user_avatar = user.user_avatar

    upload = Upload.find(version) if user_avatar.contains_upload?(version)
    upload ||= user.uploaded_avatar if user.uploaded_avatar_id == version

    if user.uploaded_avatar && !upload
      return redirect_to "/avatar/#{user.username_lower}/#{size}/#{user.uploaded_avatar_id}.png"
    elsif upload
      original = Discourse.store.path_for(upload)
      if Discourse.store.external? || File.exists?(original)
        optimized = get_optimized_image(upload, size)

        if Discourse.store.external?
          expires_in 1.day, public: true
          return redirect_to optimized.url
        end

        image = Discourse.store.path_for(optimized)
      end
    end

    if image
      expires_in 1.year, public: true
      send_file image, disposition: nil
    else
      render_dot
    end
  end

  protected

  # this protects us from a DoS
  def render_dot
    expires_in 10.minutes, public: true
    render text: DOT, content_type: "image/png"
  end

  def get_optimized_image(upload, size)
    OptimizedImage.create_for(
      upload,
      size,
      size,
      allow_animation: SiteSetting.allow_animated_avatars
    )
  end

end
Work in progress, keeping avatars locally This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom) user can then pick which they want. 2014-05-22 15:37:02 +08:00			`require_dependency 'letter_avatar'`

Fix specs for avatars Implement avatar picker Correct avatar related jobs 2014-05-26 17:46:43 +08:00			`class UserAvatarsController < ApplicationController`
Add DoS protection to action 2014-05-27 20:29:27 +08:00			`DOT = Base64.decode64("R0lGODlhAQABALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD//wBiZCH5BAEAAA8ALAAAAAABAAEAAAQC8EUAOw==")`

Fix specs for avatars Implement avatar picker Correct avatar related jobs 2014-05-26 17:46:43 +08:00			`skip_before_filter :check_xhr, :verify_authenticity_token, only: :show`

			`def refresh_gravatar`

			`user = User.find_by(username_lower: params[:username].downcase)`
			`guardian.ensure_can_edit!(user)`

			`if user`
			`user.create_user_avatar(user_id: user.id) unless user.user_avatar`
			`user.user_avatar.update_gravatar!`

			`render json: {upload_id: user.user_avatar.gravatar_upload_id}`
			`else`
			`raise Discourse::NotFound`
			`end`
			`end`

Work in progress, keeping avatars locally This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom) user can then pick which they want. 2014-05-22 15:37:02 +08:00
			`def show`
			`username = params[:username].to_s`
Add DoS protection to action 2014-05-27 20:29:27 +08:00			`return render_dot unless user = User.find_by(username_lower: username.downcase)`
Work in progress, keeping avatars locally This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom) user can then pick which they want. 2014-05-22 15:37:02 +08:00
			`size = params[:size].to_i`
			`if size > 1000 \|\| size < 1`
Add DoS protection to action 2014-05-27 20:29:27 +08:00			`return render_dot`
Work in progress, keeping avatars locally This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom) user can then pick which they want. 2014-05-22 15:37:02 +08:00			`end`

			`image = nil`
			`version = params[:version].to_i`

Add DoS protection to action 2014-05-27 20:29:27 +08:00			`return render_dot unless version > 0 && user_avatar = user.user_avatar`
Work in progress, keeping avatars locally This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom) user can then pick which they want. 2014-05-22 15:37:02 +08:00
Fix specs for avatars Implement avatar picker Correct avatar related jobs 2014-05-26 17:46:43 +08:00			`upload = Upload.find(version) if user_avatar.contains_upload?(version)`
Work in progress, keeping avatars locally This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom) user can then pick which they want. 2014-05-22 15:37:02 +08:00			`upload \|\|= user.uploaded_avatar if user.uploaded_avatar_id == version`

			`if user.uploaded_avatar && !upload`
			`return redirect_to "/avatar/#{user.username_lower}/#{size}/#{user.uploaded_avatar_id}.png"`
			`elsif upload`
Fix specs for avatars Implement avatar picker Correct avatar related jobs 2014-05-26 17:46:43 +08:00			`original = Discourse.store.path_for(upload)`
BUGFIX: support CDN for avatars Correct broken spec Implement S3 support 2014-05-27 12:40:46 +08:00			`if Discourse.store.external? \|\| File.exists?(original)`
			`optimized = get_optimized_image(upload, size)`

			`if Discourse.store.external?`
			`expires_in 1.day, public: true`
			`return redirect_to optimized.url`
			`end`

Work in progress, keeping avatars locally This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom) user can then pick which they want. 2014-05-22 15:37:02 +08:00			`image = Discourse.store.path_for(optimized)`
			`end`
			`end`

			`if image`
			`expires_in 1.year, public: true`
			`send_file image, disposition: nil`
			`else`
Add DoS protection to action 2014-05-27 20:29:27 +08:00			`render_dot`
Work in progress, keeping avatars locally This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom) user can then pick which they want. 2014-05-22 15:37:02 +08:00			`end`
			`end`
BUGFIX: support CDN for avatars Correct broken spec Implement S3 support 2014-05-27 12:40:46 +08:00
			`protected`

Add DoS protection to action 2014-05-27 20:29:27 +08:00			`# this protects us from a DoS`
			`def render_dot`
			`expires_in 10.minutes, public: true`
			`render text: DOT, content_type: "image/png"`
			`end`

BUGFIX: support CDN for avatars Correct broken spec Implement S3 support 2014-05-27 12:40:46 +08:00			`def get_optimized_image(upload, size)`
			`OptimizedImage.create_for(`
			`upload,`
			`size,`
			`size,`
			`allow_animation: SiteSetting.allow_animated_avatars`
			`)`
			`end`

Work in progress, keeping avatars locally This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom) user can then pick which they want. 2014-05-22 15:37:02 +08:00			`end`