make avatar lookup occur at image request (#10540)

speed up page generation by making avatar lookup occur at the browser not at page generation * Protect against evil email address ".." * hash the complete email address Signed-off-by: Andrew Thornton <art27@cantab.net> Co-Authored-By: Lauris BH <lauris@nix.lv>
2020-03-27 12:34:39 +00:00 · 2020-03-27 12:34:39 +00:00 · e6baa656f7
commit e6baa656f7
parent a3f90948d8
13 changed files with 154 additions and 21 deletions
--- a/models/avatar.go
+++ b/models/avatar.go
@ -0,0 +1,48 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package models
+
+import (
+	"crypto/md5"
+	"fmt"
+	"net/url"
+	"strings"
+
+	"code.gitea.io/gitea/modules/cache"
+	"code.gitea.io/gitea/modules/setting"
+)
+
+// EmailHash represents a pre-generated hash map
+type EmailHash struct {
+	Hash  string `xorm:"pk varchar(32)"`
+	Email string `xorm:"UNIQUE NOT NULL"`
+}
+
+// GetEmailForHash converts a provided md5sum to the email
+func GetEmailForHash(md5Sum string) (string, error) {
+	return cache.GetString("Avatar:"+md5Sum, func() (string, error) {
+		emailHash := EmailHash{
+			Hash: strings.ToLower(strings.TrimSpace(md5Sum)),
+		}
+
+		_, err := x.Get(&emailHash)
+		return emailHash.Email, err
+	})
+}
+
+// AvatarLink returns an avatar link for a provided email
+func AvatarLink(email string) string {
+	lowerEmail := strings.ToLower(strings.TrimSpace(email))
+	sum := fmt.Sprintf("%x", md5.Sum([]byte(lowerEmail)))
+	_, _ = cache.GetString("Avatar:"+sum, func() (string, error) {
+		emailHash := &EmailHash{
+			Email: lowerEmail,
+			Hash:  sum,
+		}
+		_, _ = x.Insert(emailHash)
+		return lowerEmail, nil
+	})
+	return setting.AppSubURL + "/avatar/" + url.PathEscape(sum)
+}
--- a/models/migrations/migrations.go
+++ b/models/migrations/migrations.go
@ -198,6 +198,8 @@ var migrations = []Migration{
 	NewMigration("Add IsSystemWebhook column to webhooks table", addSystemWebhookColumn),
 	// v132 -> v133
 	NewMigration("Add Branch Protection Protected Files Column", addBranchProtectionProtectedFilesColumn),
+	// v133 -> v134
+	NewMigration("Add EmailHash Table", addEmailHashTable),
 }

 // Migrate database to current version
--- a/models/migrations/v133.go
+++ b/models/migrations/v133.go
@ -0,0 +1,16 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package migrations
+
+import "xorm.io/xorm"
+
+func addEmailHashTable(x *xorm.Engine) error {
+	// EmailHash represents a pre-generated hash map
+	type EmailHash struct {
+		Hash  string `xorm:"pk varchar(32)"`
+		Email string `xorm:"UNIQUE NOT NULL"`
+	}
+	return x.Sync2(new(EmailHash))
+}
--- a/models/models.go
+++ b/models/models.go
@ -124,6 +124,7 @@ func init() {
 		new(OAuth2Grant),
 		new(Task),
 		new(LanguageStat),
+		new(EmailHash),
 	)

 	gonicNames := []string{"SSL", "UID"}