make avatar lookup occur at image request (#10540)

speed up page generation by making avatar lookup occur at the browser
not at page generation

* Protect against evil email address ".."

* hash the complete email address

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-Authored-By: Lauris BH <lauris@nix.lv>

4 files changed, 67 insertions, 0 deletions

diff --git a/models/avatar.go b/models/avatar.go
new file mode 100644
index 0000000000..311d714629
--- /dev/null
+++ b/models/avatar.go
@@ -0,0 +1,48 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package models
+
+import (
+	"crypto/md5"
+	"fmt"
+	"net/url"
+	"strings"
+
+	"code.gitea.io/gitea/modules/cache"
+	"code.gitea.io/gitea/modules/setting"
+)
+
+// EmailHash represents a pre-generated hash map
+type EmailHash struct {
+	Hash  string `xorm:"pk varchar(32)"`
+	Email string `xorm:"UNIQUE NOT NULL"`
+}
+
+// GetEmailForHash converts a provided md5sum to the email
+func GetEmailForHash(md5Sum string) (string, error) {
+	return cache.GetString("Avatar:"+md5Sum, func() (string, error) {
+		emailHash := EmailHash{
+			Hash: strings.ToLower(strings.TrimSpace(md5Sum)),
+		}
+
+		_, err := x.Get(&emailHash)
+		return emailHash.Email, err
+	})
+}
+
+// AvatarLink returns an avatar link for a provided email
+func AvatarLink(email string) string {
+	lowerEmail := strings.ToLower(strings.TrimSpace(email))
+	sum := fmt.Sprintf("%x", md5.Sum([]byte(lowerEmail)))
+	_, _ = cache.GetString("Avatar:"+sum, func() (string, error) {
+		emailHash := &EmailHash{
+			Email: lowerEmail,
+			Hash:  sum,
+		}
+		_, _ = x.Insert(emailHash)
+		return lowerEmail, nil
+	})
+	return setting.AppSubURL + "/avatar/" + url.PathEscape(sum)
+}
diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go
index c554121e85..3f18a18c6d 100644
--- a/models/migrations/migrations.go
+++ b/models/migrations/migrations.go
@@ -198,6 +198,8 @@ var migrations = []Migration{
 	NewMigration("Add IsSystemWebhook column to webhooks table", addSystemWebhookColumn),
 	// v132 -> v133
 	NewMigration("Add Branch Protection Protected Files Column", addBranchProtectionProtectedFilesColumn),
+	// v133 -> v134
+	NewMigration("Add EmailHash Table", addEmailHashTable),
 }
 
 // Migrate database to current version
diff --git a/models/migrations/v133.go b/models/migrations/v133.go
new file mode 100644
index 0000000000..ea0411d470
--- /dev/null
+++ b/models/migrations/v133.go
@@ -0,0 +1,16 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package migrations
+
+import "xorm.io/xorm"
+
+func addEmailHashTable(x *xorm.Engine) error {
+	// EmailHash represents a pre-generated hash map
+	type EmailHash struct {
+		Hash  string `xorm:"pk varchar(32)"`
+		Email string `xorm:"UNIQUE NOT NULL"`
+	}
+	return x.Sync2(new(EmailHash))
+}
diff --git a/models/models.go b/models/models.go
index d2872422e3..3bf7713955 100644
--- a/models/models.go
+++ b/models/models.go
@@ -124,6 +124,7 @@ func init() {
 		new(OAuth2Grant),
 		new(Task),
 		new(LanguageStat),
+		new(EmailHash),
 	)
 
 	gonicNames := []string{"SSL", "UID"}