discourse/app/controllers/user_avatars_controller.rb

112 lines
3.4 KiB
Ruby
Raw Normal View History

require_dependency 'letter_avatar'
class UserAvatarsController < ApplicationController
2014-05-27 07:29:27 -05:00
DOT = Base64.decode64("R0lGODlhAQABALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD//wBiZCH5BAEAAA8ALAAAAAABAAEAAAQC8EUAOw==")
skip_before_filter :preload_json, :redirect_to_login_if_required, :check_xhr, :verify_authenticity_token, only: [:show, :show_letter]
def refresh_gravatar
user = User.find_by(username_lower: params[:username].downcase)
guardian.ensure_can_edit!(user)
if user
user.create_user_avatar(user_id: user.id) unless user.user_avatar
user.user_avatar.update_gravatar!
2015-02-03 11:44:18 -06:00
render json: { upload_id: user.user_avatar.gravatar_upload_id }
else
raise Discourse::NotFound
end
end
def show_letter
params.require(:username)
params.require(:version)
params.require(:size)
no_cookies
return render_dot if params[:version] != LetterAvatar.version
image = LetterAvatar.generate(params[:username].to_s, params[:size].to_i)
response.headers["Last-Modified"] = File.ctime(image).httpdate
response.headers["Content-Length"] = File.size(image).to_s
expires_in 1.year, public: true
send_file image, disposition: nil
end
def show
no_cookies
# we need multisite support to keep a single origin pull for CDNs
RailsMultisite::ConnectionManagement.with_hostname(params[:hostname]) do
2015-05-29 11:51:17 -05:00
show_in_site(params[:hostname])
end
end
protected
def show_in_site(hostname)
username = params[:username].to_s
2014-05-27 07:29:27 -05:00
return render_dot unless user = User.find_by(username_lower: username.downcase)
version = params[:version].to_i
2014-05-27 07:29:27 -05:00
return render_dot unless version > 0 && user_avatar = user.user_avatar
size = params[:size].to_i
return render_dot if size < 8 || size > 500
if !Discourse.avatar_sizes.include?(size) && Discourse.store.external?
closest = Discourse.avatar_sizes.to_a.min { |a,b| (size-a).abs <=> (size-b).abs }
2015-05-29 11:51:17 -05:00
avatar_url = UserAvatar.local_avatar_url(hostname, user.username_lower, version, closest)
return redirect_to cdn_path(avatar_url)
end
2014-07-25 00:26:43 -05:00
upload = Upload.find_by(id: version) if user_avatar.contains_upload?(version)
upload ||= user.uploaded_avatar if user.uploaded_avatar_id == version
if user.uploaded_avatar && !upload
2015-05-29 11:51:17 -05:00
avatar_url = UserAvatar.local_avatar_url(hostname, user.username_lower, user.uploaded_avatar_id, size)
return redirect_to cdn_path(avatar_url)
elsif upload
original = Discourse.store.path_for(upload)
if Discourse.store.external? || File.exists?(original)
if optimized = get_optimized_image(upload, size)
unless optimized.local?
expires_in 1.day, public: true
return redirect_to Discourse.store.cdn_url(optimized.url)
end
image = Discourse.store.path_for(optimized)
end
end
end
if image
2014-07-08 02:16:07 -05:00
response.headers["Last-Modified"] = File.ctime(image).httpdate
response.headers["Content-Length"] = File.size(image).to_s
expires_in 1.year, public: true
send_file image, disposition: nil
else
2014-05-27 07:29:27 -05:00
render_dot
end
end
2014-05-27 07:29:27 -05:00
# this protects us from a DoS
def render_dot
expires_in 10.minutes, public: true
render text: DOT, content_type: "image/png"
end
def get_optimized_image(upload, size)
OptimizedImage.create_for(
upload,
size,
size,
allow_animation: SiteSetting.allow_animated_avatars
)
end
end