discourse/app/controllers/user_avatars_controller.rb

require_dependency 'letter_avatar'

class UserAvatarsController < ApplicationController
  DOT = Base64.decode64("R0lGODlhAQABALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD//wBiZCH5BAEAAA8ALAAAAAABAAEAAAQC8EUAOw==")

  skip_before_filter :preload_json, :redirect_to_login_if_required, :check_xhr, :verify_authenticity_token, only: [:show, :show_letter]

  def refresh_gravatar
    user = User.find_by(username_lower: params[:username].downcase)
    guardian.ensure_can_edit!(user)

    if user
      user.create_user_avatar(user_id: user.id) unless user.user_avatar
      user.user_avatar.update_gravatar!

      render json: { upload_id: user.user_avatar.gravatar_upload_id }
    else
      raise Discourse::NotFound
    end
  end

  def show_letter
    params.require(:username)
    params.require(:version)
    params.require(:size)

    no_cookies

    return render_dot if params[:version] != LetterAvatar.version

    image = LetterAvatar.generate(params[:username].to_s, params[:size].to_i)

    response.headers["Last-Modified"] = File.ctime(image).httpdate
    response.headers["Content-Length"] = File.size(image).to_s
    expires_in 1.year, public: true
    send_file image, disposition: nil
  end

  def show
    no_cookies

    # we need multisite support to keep a single origin pull for CDNs
    RailsMultisite::ConnectionManagement.with_hostname(params[:hostname]) do
      show_in_site(params[:hostname])
    end
  end

  protected

  def show_in_site(hostname)
    username = params[:username].to_s
    return render_dot unless user = User.find_by(username_lower: username.downcase)

    upload_id, version = params[:version].split("_")

    version = (version || OptimizedImage::VERSION).to_i
    return render_dot if version != OptimizedImage::VERSION

    upload_id = upload_id.to_i
    return render_dot unless upload_id > 0 && user_avatar = user.user_avatar

    size = params[:size].to_i
    return render_dot if size < 8 || size > 500

    if !Discourse.avatar_sizes.include?(size) && Discourse.store.external?
      closest = Discourse.avatar_sizes.to_a.min { |a,b| (size-a).abs <=> (size-b).abs }
      avatar_url = UserAvatar.local_avatar_url(hostname, user.username_lower, upload_id, closest)
      return redirect_to cdn_path(avatar_url)
    end

    upload = Upload.find_by(id: upload_id) if user_avatar.contains_upload?(upload_id)
    upload ||= user.uploaded_avatar if user.uploaded_avatar_id == upload_id

    if user.uploaded_avatar && !upload
      avatar_url = UserAvatar.local_avatar_url(hostname, user.username_lower, user.uploaded_avatar_id, size)
      return redirect_to cdn_path(avatar_url)
    elsif upload && optimized = get_optimized_image(upload, size)
      if optimized.local?
        optimized_path = Discourse.store.path_for(optimized)
        image = optimized_path if File.exists?(optimized_path)
      else
        expires_in 1.day, public: true
        return redirect_to Discourse.store.cdn_url(optimized.url)
      end
    end

    if image
      response.headers["Last-Modified"] = File.ctime(image).httpdate
      response.headers["Content-Length"] = File.size(image).to_s
      expires_in 1.year, public: true
      send_file image, disposition: nil
    else
      render_dot
    end
  end

  # this protects us from a DoS
  def render_dot
    expires_in 10.minutes, public: true
    render text: DOT, content_type: "image/png"
  end

  def get_optimized_image(upload, size)
    OptimizedImage.create_for(
      upload,
      size,
      size,
      allow_animation: SiteSetting.allow_animated_avatars
    )
  end

end
Work in progress, keeping avatars locally This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom) user can then pick which they want. 2014-05-22 03:37:02 -04:00			`require_dependency 'letter_avatar'`

Fix specs for avatars Implement avatar picker Correct avatar related jobs 2014-05-26 05:46:43 -04:00			`class UserAvatarsController < ApplicationController`
Add DoS protection to action 2014-05-27 08:29:27 -04:00			`DOT = Base64.decode64("R0lGODlhAQABALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD//wBiZCH5BAEAAA8ALAAAAAABAAEAAAQC8EUAOw==")`

Revert "FEATURE: SVG letter avatars (based on @eviltrout's spike)" This reverts commit cd774657889f38749a23f72d402835c57af8f60e. 2015-09-10 18:23:52 -04:00			`skip_before_filter :preload_json, :redirect_to_login_if_required, :check_xhr, :verify_authenticity_token, only: [:show, :show_letter]`
Fix specs for avatars Implement avatar picker Correct avatar related jobs 2014-05-26 05:46:43 -04:00
			`def refresh_gravatar`
			`user = User.find_by(username_lower: params[:username].downcase)`
			`guardian.ensure_can_edit!(user)`

			`if user`
			`user.create_user_avatar(user_id: user.id) unless user.user_avatar`
			`user.user_avatar.update_gravatar!`

small upload code refactor 2015-02-03 12:44:18 -05:00			`render json: { upload_id: user.user_avatar.gravatar_upload_id }`
Fix specs for avatars Implement avatar picker Correct avatar related jobs 2014-05-26 05:46:43 -04:00			`else`
			`raise Discourse::NotFound`
			`end`
			`end`

Move letter avatars out of upload system FIX: S3 issues around system avatars FIX: reduced backup file size 2014-05-30 00:17:35 -04:00			`def show_letter`
			`params.require(:username)`
			`params.require(:version)`
			`params.require(:size)`

PERF: avoid cookies for all static, public, cached forever assets 2015-05-22 02:15:46 -04:00			`no_cookies`

Revert "FIX: Missing letter avatars" This reverts commit 03943554c6f8ece7f2b07d9aa34131ad1954e544. 2015-04-19 16:41:08 -04:00			`return render_dot if params[:version] != LetterAvatar.version`
Move letter avatars out of upload system FIX: S3 issues around system avatars FIX: reduced backup file size 2014-05-30 00:17:35 -04:00
			`image = LetterAvatar.generate(params[:username].to_s, params[:size].to_i)`
FIX: add 'Content-Length' header for avatars 2014-10-22 09:39:51 -04:00
FIX: letter avatars to live in uploads directory, add last modified 2014-07-08 03:20:27 -04:00			`response.headers["Last-Modified"] = File.ctime(image).httpdate`
FIX: add 'Content-Length' header for avatars 2014-10-22 09:39:51 -04:00			`response.headers["Content-Length"] = File.size(image).to_s`
Move letter avatars out of upload system FIX: S3 issues around system avatars FIX: reduced backup file size 2014-05-30 00:17:35 -04:00			`expires_in 1.year, public: true`
			`send_file image, disposition: nil`
			`end`

Work in progress, keeping avatars locally This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom) user can then pick which they want. 2014-05-22 03:37:02 -04:00			`def show`
PERF: avoid cookies for all static, public, cached forever assets 2015-05-22 02:15:46 -04:00			`no_cookies`

BUGFIX: proper multisite support for origin pull CDNs 2014-05-27 09:13:42 -04:00			`# we need multisite support to keep a single origin pull for CDNs`
			`RailsMultisite::ConnectionManagement.with_hostname(params[:hostname]) do`
user avatar urls/templates refactor 2015-05-29 12:51:17 -04:00			`show_in_site(params[:hostname])`
BUGFIX: proper multisite support for origin pull CDNs 2014-05-27 09:13:42 -04:00			`end`
			`end`

			`protected`

BUGFIX: fix redirect, correct multisite 2014-05-27 10:15:09 -04:00			`def show_in_site(hostname)`
Work in progress, keeping avatars locally This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom) user can then pick which they want. 2014-05-22 03:37:02 -04:00			`username = params[:username].to_s`
Add DoS protection to action 2014-05-27 08:29:27 -04:00			`return render_dot unless user = User.find_by(username_lower: username.downcase)`
Work in progress, keeping avatars locally This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom) user can then pick which they want. 2014-05-22 03:37:02 -04:00
FIX: don't break user avatars route 2015-05-29 13:19:41 -04:00			`upload_id, version = params[:version].split("_")`

			`version = (version \|\| OptimizedImage::VERSION).to_i`
			`return render_dot if version != OptimizedImage::VERSION`

			`upload_id = upload_id.to_i`
			`return render_dot unless upload_id > 0 && user_avatar = user.user_avatar`
Work in progress, keeping avatars locally This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom) user can then pick which they want. 2014-05-22 03:37:02 -04:00
FIX: crop avatars on the server instead of the client FIX: support for dots in S3 bucket names 2015-05-26 09:54:25 -04:00			`size = params[:size].to_i`
			`return render_dot if size < 8 \|\| size > 500`
FIX: allow handling for avatars that are not in the set of "resized sizes" 2015-05-26 01:41:50 -04:00
			`if !Discourse.avatar_sizes.include?(size) && Discourse.store.external?`
FIX: proper support for pixel ratios up to 3 2015-05-29 03:57:54 -04:00			`closest = Discourse.avatar_sizes.to_a.min { \|a,b\| (size-a).abs <=> (size-b).abs }`
FIX: don't break user avatars route 2015-05-29 13:19:41 -04:00			`avatar_url = UserAvatar.local_avatar_url(hostname, user.username_lower, upload_id, closest)`
user avatar urls/templates refactor 2015-05-29 12:51:17 -04:00			`return redirect_to cdn_path(avatar_url)`
FIX: allow handling for avatars that are not in the set of "resized sizes" 2015-05-26 01:41:50 -04:00			`end`

FIX: don't break user avatars route 2015-05-29 13:19:41 -04:00			`upload = Upload.find_by(id: upload_id) if user_avatar.contains_upload?(upload_id)`
			`upload \|\|= user.uploaded_avatar if user.uploaded_avatar_id == upload_id`
Work in progress, keeping avatars locally This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom) user can then pick which they want. 2014-05-22 03:37:02 -04:00
			`if user.uploaded_avatar && !upload`
user avatar urls/templates refactor 2015-05-29 12:51:17 -04:00			`avatar_url = UserAvatar.local_avatar_url(hostname, user.username_lower, user.uploaded_avatar_id, size)`
			`return redirect_to cdn_path(avatar_url)`
better support for mixed content 2015-06-01 11:49:58 -04:00			`elsif upload && optimized = get_optimized_image(upload, size)`
			`if optimized.local?`
			`optimized_path = Discourse.store.path_for(optimized)`
			`image = optimized_path if File.exists?(optimized_path)`
			`else`
			`expires_in 1.day, public: true`
			`return redirect_to Discourse.store.cdn_url(optimized.url)`
Work in progress, keeping avatars locally This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom) user can then pick which they want. 2014-05-22 03:37:02 -04:00			`end`
			`end`

			`if image`
FIX: missing last modified on avatars 2014-07-08 03:16:07 -04:00			`response.headers["Last-Modified"] = File.ctime(image).httpdate`
FIX: add 'Content-Length' header for avatars 2014-10-22 09:39:51 -04:00			`response.headers["Content-Length"] = File.size(image).to_s`
Work in progress, keeping avatars locally This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom) user can then pick which they want. 2014-05-22 03:37:02 -04:00			`expires_in 1.year, public: true`
			`send_file image, disposition: nil`
			`else`
Add DoS protection to action 2014-05-27 08:29:27 -04:00			`render_dot`
Work in progress, keeping avatars locally This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom) user can then pick which they want. 2014-05-22 03:37:02 -04:00			`end`
			`end`
BUGFIX: support CDN for avatars Correct broken spec Implement S3 support 2014-05-27 00:40:46 -04:00
Add DoS protection to action 2014-05-27 08:29:27 -04:00			`# this protects us from a DoS`
			`def render_dot`
			`expires_in 10.minutes, public: true`
			`render text: DOT, content_type: "image/png"`
			`end`

BUGFIX: support CDN for avatars Correct broken spec Implement S3 support 2014-05-27 00:40:46 -04:00			`def get_optimized_image(upload, size)`
			`OptimizedImage.create_for(`
			`upload,`
			`size,`
			`size,`
			`allow_animation: SiteSetting.allow_animated_avatars`
			`)`
			`end`

Work in progress, keeping avatars locally This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom) user can then pick which they want. 2014-05-22 03:37:02 -04:00			`end`