2019-05-03 06:17:27 +08:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2014-05-26 17:46:43 +08:00
|
|
|
class UserAvatarsController < ApplicationController
|
2017-08-31 12:06:56 +08:00
|
|
|
skip_before_action :preload_json,
|
|
|
|
:redirect_to_login_if_required,
|
|
|
|
:check_xhr,
|
|
|
|
:verify_authenticity_token,
|
|
|
|
only: %i[show show_letter show_proxy_letter]
|
2014-05-27 20:29:27 +08:00
|
|
|
|
2021-01-29 10:14:49 +08:00
|
|
|
before_action :apply_cdn_headers, only: %i[show show_letter show_proxy_letter]
|
|
|
|
|
2014-05-26 17:46:43 +08:00
|
|
|
def refresh_gravatar
|
|
|
|
user = User.find_by(username_lower: params[:username].downcase)
|
|
|
|
guardian.ensure_can_edit!(user)
|
|
|
|
|
|
|
|
if user
|
2017-11-27 14:43:24 +08:00
|
|
|
hijack do
|
|
|
|
user.create_user_avatar(user_id: user.id) unless user.user_avatar
|
|
|
|
user.user_avatar.update_gravatar!
|
|
|
|
|
2017-11-30 01:09:44 +08:00
|
|
|
gravatar =
|
|
|
|
if user.user_avatar.gravatar_upload_id
|
|
|
|
{
|
|
|
|
gravatar_upload_id: user.user_avatar.gravatar_upload_id,
|
|
|
|
gravatar_avatar_template:
|
|
|
|
User.avatar_template(user.username, user.user_avatar.gravatar_upload_id),
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{ gravatar_upload_id: nil, gravatar_avatar_template: nil }
|
|
|
|
end
|
|
|
|
|
|
|
|
render json: gravatar
|
2017-11-27 14:43:24 +08:00
|
|
|
end
|
2014-05-26 17:46:43 +08:00
|
|
|
else
|
|
|
|
raise Discourse::NotFound
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2015-11-25 11:42:46 +08:00
|
|
|
def show_proxy_letter
|
2018-03-06 12:20:39 +08:00
|
|
|
is_asset_path
|
|
|
|
|
2019-07-04 06:48:32 +08:00
|
|
|
if SiteSetting.external_system_avatars_url !~ %r{^/letter_avatar_proxy}
|
2016-07-28 06:59:58 +08:00
|
|
|
raise Discourse::NotFound
|
|
|
|
end
|
|
|
|
|
2015-11-25 11:42:46 +08:00
|
|
|
params.require(:letter)
|
|
|
|
params.require(:color)
|
|
|
|
params.require(:version)
|
|
|
|
params.require(:size)
|
2019-04-25 05:03:33 +08:00
|
|
|
|
2017-11-27 14:43:24 +08:00
|
|
|
hijack do
|
2019-04-25 05:03:33 +08:00
|
|
|
begin
|
2022-12-14 03:03:53 +08:00
|
|
|
proxy_avatar(
|
|
|
|
"https://avatars.discourse-cdn.com/#{params[:version]}/letter/#{params[:letter]}/#{params[:color]}/#{params[:size]}.png",
|
|
|
|
Time.new(1990, 01, 01),
|
|
|
|
)
|
2019-04-25 05:03:33 +08:00
|
|
|
rescue OpenURI::HTTPError
|
|
|
|
render_blank
|
|
|
|
end
|
2017-11-27 14:43:24 +08:00
|
|
|
end
|
2015-11-25 11:42:46 +08:00
|
|
|
end
|
|
|
|
|
2014-05-30 12:17:35 +08:00
|
|
|
def show_letter
|
2018-03-06 12:20:39 +08:00
|
|
|
is_asset_path
|
|
|
|
|
2014-05-30 12:17:35 +08:00
|
|
|
params.require(:username)
|
|
|
|
params.require(:version)
|
|
|
|
params.require(:size)
|
|
|
|
|
2015-05-22 14:15:46 +08:00
|
|
|
no_cookies
|
|
|
|
|
2015-12-16 11:02:09 +08:00
|
|
|
return render_blank if params[:version] != LetterAvatar.version
|
2014-05-30 12:17:35 +08:00
|
|
|
|
2017-11-27 14:43:24 +08:00
|
|
|
hijack do
|
|
|
|
image = LetterAvatar.generate(params[:username].to_s, params[:size].to_i)
|
2014-10-22 21:39:51 +08:00
|
|
|
|
2017-11-27 14:43:24 +08:00
|
|
|
response.headers["Last-Modified"] = File.ctime(image).httpdate
|
|
|
|
response.headers["Content-Length"] = File.size(image).to_s
|
|
|
|
immutable_for(1.year)
|
|
|
|
send_file image, disposition: nil
|
|
|
|
end
|
2014-05-30 12:17:35 +08:00
|
|
|
end
|
|
|
|
|
2014-05-22 15:37:02 +08:00
|
|
|
def show
|
2018-03-06 12:20:39 +08:00
|
|
|
is_asset_path
|
|
|
|
|
2014-05-27 21:13:42 +08:00
|
|
|
# we need multisite support to keep a single origin pull for CDNs
|
|
|
|
RailsMultisite::ConnectionManagement.with_hostname(params[:hostname]) do
|
2017-11-27 14:43:24 +08:00
|
|
|
hijack { show_in_site(params[:hostname]) }
|
2014-05-27 21:13:42 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
protected
|
|
|
|
|
2014-05-27 22:15:09 +08:00
|
|
|
def show_in_site(hostname)
|
2014-05-22 15:37:02 +08:00
|
|
|
username = params[:username].to_s
|
2015-12-16 11:02:09 +08:00
|
|
|
return render_blank unless user = User.find_by(username_lower: username.downcase)
|
2014-05-22 15:37:02 +08:00
|
|
|
|
2015-05-30 01:19:41 +08:00
|
|
|
upload_id, version = params[:version].split("_")
|
|
|
|
|
|
|
|
version = (version || OptimizedImage::VERSION).to_i
|
2019-01-08 16:51:33 +08:00
|
|
|
|
|
|
|
# old versions simply get new avatar
|
|
|
|
return render_blank if version > OptimizedImage::VERSION
|
2015-05-30 01:19:41 +08:00
|
|
|
|
|
|
|
upload_id = upload_id.to_i
|
2017-11-29 19:04:35 +08:00
|
|
|
return render_blank unless upload_id > 0
|
2014-05-22 15:37:02 +08:00
|
|
|
|
2015-05-26 21:54:25 +08:00
|
|
|
size = params[:size].to_i
|
2016-07-06 00:49:33 +08:00
|
|
|
return render_blank if size < 8 || size > 1000
|
2015-05-26 13:41:50 +08:00
|
|
|
|
|
|
|
if !Discourse.avatar_sizes.include?(size) && Discourse.store.external?
|
2015-05-29 15:57:54 +08:00
|
|
|
closest = Discourse.avatar_sizes.to_a.min { |a, b| (size - a).abs <=> (size - b).abs }
|
2020-06-06 00:31:58 +08:00
|
|
|
avatar_url =
|
|
|
|
UserAvatar.local_avatar_url(
|
|
|
|
hostname,
|
|
|
|
user.encoded_username(lower: true),
|
|
|
|
upload_id,
|
|
|
|
closest,
|
|
|
|
)
|
2022-03-21 22:28:52 +08:00
|
|
|
return redirect_to cdn_path(avatar_url), allow_other_host: true
|
2015-05-26 13:41:50 +08:00
|
|
|
end
|
|
|
|
|
2017-12-14 13:20:58 +08:00
|
|
|
upload = Upload.find_by(id: upload_id) if user&.user_avatar&.contains_upload?(upload_id)
|
2015-05-30 01:19:41 +08:00
|
|
|
upload ||= user.uploaded_avatar if user.uploaded_avatar_id == upload_id
|
2014-05-22 15:37:02 +08:00
|
|
|
|
|
|
|
if user.uploaded_avatar && !upload
|
2020-06-06 00:31:58 +08:00
|
|
|
avatar_url =
|
|
|
|
UserAvatar.local_avatar_url(
|
|
|
|
hostname,
|
|
|
|
user.encoded_username(lower: true),
|
|
|
|
user.uploaded_avatar_id,
|
|
|
|
size,
|
|
|
|
)
|
2022-03-21 22:28:52 +08:00
|
|
|
return redirect_to cdn_path(avatar_url), allow_other_host: true
|
2015-06-01 23:49:58 +08:00
|
|
|
elsif upload && optimized = get_optimized_image(upload, size)
|
|
|
|
if optimized.local?
|
|
|
|
optimized_path = Discourse.store.path_for(optimized)
|
2022-01-06 01:45:08 +08:00
|
|
|
image = optimized_path if File.exist?(optimized_path)
|
2022-12-02 18:07:25 +08:00
|
|
|
elsif GlobalSetting.redirect_avatar_requests
|
|
|
|
return redirect_s3_avatar(Discourse.store.cdn_url(optimized.url))
|
2015-06-01 23:49:58 +08:00
|
|
|
else
|
2018-08-24 07:36:11 +08:00
|
|
|
return proxy_avatar(Discourse.store.cdn_url(optimized.url), upload.created_at)
|
2014-05-22 15:37:02 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
if image
|
2014-07-08 15:16:07 +08:00
|
|
|
response.headers["Last-Modified"] = File.ctime(image).httpdate
|
2014-10-22 21:39:51 +08:00
|
|
|
response.headers["Content-Length"] = File.size(image).to_s
|
2017-02-24 02:05:00 +08:00
|
|
|
immutable_for 1.year
|
2014-05-22 15:37:02 +08:00
|
|
|
send_file image, disposition: nil
|
|
|
|
else
|
2015-12-16 11:02:09 +08:00
|
|
|
render_blank
|
2014-05-22 15:37:02 +08:00
|
|
|
end
|
2017-05-05 00:42:46 +08:00
|
|
|
rescue OpenURI::HTTPError
|
|
|
|
render_blank
|
2014-05-22 15:37:02 +08:00
|
|
|
end
|
2014-05-27 12:40:46 +08:00
|
|
|
|
2022-06-02 08:12:06 +08:00
|
|
|
# Allow plugins to overwrite max file size value
|
|
|
|
def max_file_size
|
|
|
|
1.megabyte
|
|
|
|
end
|
|
|
|
|
2015-12-16 10:18:12 +08:00
|
|
|
PROXY_PATH = Rails.root + "tmp/avatar_proxy"
|
2018-08-24 07:36:11 +08:00
|
|
|
def proxy_avatar(url, last_modified)
|
2016-06-27 17:26:43 +08:00
|
|
|
url = (SiteSetting.force_https ? "https:" : "http:") + url if url[0..1] == "//"
|
2015-12-17 10:21:09 +08:00
|
|
|
|
2015-12-16 10:18:12 +08:00
|
|
|
sha = Digest::SHA1.hexdigest(url)
|
|
|
|
filename = "#{sha}#{File.extname(url)}"
|
|
|
|
path = "#{PROXY_PATH}/#{filename}"
|
|
|
|
|
2015-12-16 10:40:34 +08:00
|
|
|
unless File.exist? path
|
2015-12-16 10:18:12 +08:00
|
|
|
FileUtils.mkdir_p PROXY_PATH
|
2017-05-25 01:42:52 +08:00
|
|
|
tmp =
|
|
|
|
FileHelper.download(
|
|
|
|
url,
|
2022-06-02 08:12:06 +08:00
|
|
|
max_file_size: max_file_size,
|
2017-05-25 01:42:52 +08:00
|
|
|
tmp_file_name: filename,
|
|
|
|
follow_redirect: true,
|
|
|
|
read_timeout: 10,
|
|
|
|
)
|
2019-10-22 23:05:36 +08:00
|
|
|
|
|
|
|
return render_blank if tmp.nil?
|
|
|
|
|
2015-12-16 10:18:12 +08:00
|
|
|
FileUtils.mv tmp.path, path
|
|
|
|
end
|
|
|
|
|
2018-08-24 07:36:11 +08:00
|
|
|
response.headers["Last-Modified"] = last_modified.httpdate
|
2015-12-16 10:18:12 +08:00
|
|
|
response.headers["Content-Length"] = File.size(path).to_s
|
2017-02-24 02:05:00 +08:00
|
|
|
immutable_for(1.year)
|
2015-12-16 10:18:12 +08:00
|
|
|
send_file path, disposition: nil
|
|
|
|
end
|
|
|
|
|
2022-12-02 18:07:25 +08:00
|
|
|
def redirect_s3_avatar(url)
|
|
|
|
immutable_for 1.hour
|
|
|
|
redirect_to url, allow_other_host: true
|
|
|
|
end
|
|
|
|
|
2014-05-27 20:29:27 +08:00
|
|
|
# this protects us from a DoS
|
2015-12-16 11:02:09 +08:00
|
|
|
def render_blank
|
|
|
|
path = Rails.root + "public/images/avatar.png"
|
2014-05-27 20:29:27 +08:00
|
|
|
expires_in 10.minutes, public: true
|
2022-12-14 03:03:53 +08:00
|
|
|
response.headers["Last-Modified"] = Time.new(1990, 01, 01).httpdate
|
2015-12-16 11:02:09 +08:00
|
|
|
response.headers["Content-Length"] = File.size(path).to_s
|
|
|
|
send_file path, disposition: nil
|
2014-05-27 20:29:27 +08:00
|
|
|
end
|
|
|
|
|
2018-08-16 14:32:36 +08:00
|
|
|
protected
|
|
|
|
|
|
|
|
# consider removal of hacks some time in 2019
|
|
|
|
|
2014-05-27 12:40:46 +08:00
|
|
|
def get_optimized_image(upload, size)
|
2018-08-17 12:00:27 +08:00
|
|
|
return if !upload
|
2018-11-07 12:29:14 +08:00
|
|
|
return upload if upload.extension == "svg"
|
2018-08-16 14:32:36 +08:00
|
|
|
|
2020-10-16 18:41:27 +08:00
|
|
|
upload.get_optimized_image(size, size)
|
2018-08-17 12:00:27 +08:00
|
|
|
# TODO decide if we want to detach here
|
2014-05-27 12:40:46 +08:00
|
|
|
end
|
2014-05-22 15:37:02 +08:00
|
|
|
end
|