From e6baa656f757fd1f2f6ba20c677e0c83422a8739 Mon Sep 17 00:00:00 2001 From: zeripath Date: Fri, 27 Mar 2020 12:34:39 +0000 Subject: make avatar lookup occur at image request (#10540) speed up page generation by making avatar lookup occur at the browser not at page generation * Protect against evil email address ".." * hash the complete email address Signed-off-by: Andrew Thornton Co-Authored-By: Lauris BH --- modules/base/tool.go | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) (limited to 'modules/base/tool.go') diff --git a/modules/base/tool.go b/modules/base/tool.go index 86606c8bee..157bd9bc3d 100644 --- a/modules/base/tool.go +++ b/modules/base/tool.go @@ -193,11 +193,32 @@ func SizedAvatarLink(email string, size int) string { return avatarURL.String() } -// AvatarLink returns relative avatar link to the site domain by given email, -// which includes app sub-url as prefix. However, it is possible -// to return full URL if user enables Gravatar-like service. -func AvatarLink(email string) string { - return SizedAvatarLink(email, DefaultAvatarSize) +// SizedAvatarLinkWithDomain returns a sized link to the avatar for the given email +// address. +func SizedAvatarLinkWithDomain(email string, size int) string { + var avatarURL *url.URL + if setting.EnableFederatedAvatar && setting.LibravatarService != nil { + var err error + avatarURL, err = libravatarURL(email) + if err != nil { + return DefaultAvatarLink() + } + } else if !setting.DisableGravatar { + // copy GravatarSourceURL, because we will modify its Path. + copyOfGravatarSourceURL := *setting.GravatarSourceURL + avatarURL = ©OfGravatarSourceURL + avatarURL.Path = path.Join(avatarURL.Path, HashEmail(email)) + } else { + return DefaultAvatarLink() + } + + vals := avatarURL.Query() + vals.Set("d", "identicon") + if size != DefaultAvatarSize { + vals.Set("s", strconv.Itoa(size)) + } + avatarURL.RawQuery = vals.Encode() + return avatarURL.String() } // FileSize calculates the file size and generate user-friendly string. -- cgit v1.2.3