make avatar lookup occur at image request (#10540)

speed up page generation by making avatar lookup occur at the browser not at page generation * Protect against evil email address ".." * hash the complete email address Signed-off-by: Andrew Thornton <art27@cantab.net> Co-Authored-By: Lauris BH <lauris@nix.lv>
2020-03-27 12:34:39 +00:00 · 2020-03-27 12:34:39 +00:00 · e6baa656f7
commit e6baa656f7
parent a3f90948d8
13 changed files with 154 additions and 21 deletions
--- a/routers/repo/blame.go
+++ b/routers/repo/blame.go
@ -230,7 +230,7 @@ func renderBlame(ctx *context.Context, blameParts []git.BlamePart, commitNames m
 					}
 					avatar = fmt.Sprintf(`<a href="%s/%s"><img class="ui avatar image" src="%s" title="%s" alt=""/></a>`, setting.AppSubURL, url.PathEscape(commit.User.Name), commit.User.RelAvatarLink(), html.EscapeString(authorName))
 				} else {
-					avatar = fmt.Sprintf(`<img class="ui avatar image" src="%s" title="%s"/>`, html.EscapeString(base.AvatarLink(commit.Author.Email)), html.EscapeString(commit.Author.Name))
+					avatar = fmt.Sprintf(`<img class="ui avatar image" src="%s" title="%s"/>`, html.EscapeString(models.AvatarLink(commit.Author.Email)), html.EscapeString(commit.Author.Name))
 				}
 				commitInfo.WriteString(fmt.Sprintf(`<div class="blame-info%s"><div class="blame-data"><div class="blame-avatar">%s</div><div class="blame-message"><a href="%s/commit/%s" title="%[5]s">%[5]s</a></div><div class="blame-time">%s</div></div></div>`, attr, avatar, repoLink, part.Sha, html.EscapeString(commit.CommitMessage), commitSince))
 			} else {
--- a/routers/routes/routes.go
+++ b/routers/routes/routes.go
@ -417,6 +417,8 @@ func RegisterRoutes(m *macaron.Macaron) {
 	})
 	// ***** END: User *****

+	m.Get("/avatar/:hash", user.AvatarByEmailHash)
+
 	adminReq := context.Toggle(&context.ToggleOptions{SignInRequired: true, AdminRequired: true})

 	// ***** START: Admin *****
--- a/routers/user/avatar.go
+++ b/routers/user/avatar.go
@ -5,10 +5,12 @@
 package user

 import (
+	"errors"
 	"strconv"
 	"strings"

 	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/log"
 )
@ -41,3 +43,26 @@ func Avatar(ctx *context.Context) {

 	ctx.Redirect(user.RealSizedAvatarLink(size))
 }
+
+// AvatarByEmailHash redirects the browser to the appropriate Avatar link
+func AvatarByEmailHash(ctx *context.Context) {
+	hash := ctx.Params(":hash")
+	if len(hash) == 0 {
+		ctx.ServerError("invalid avatar hash", errors.New("hash cannot be empty"))
+		return
+	}
+	email, err := models.GetEmailForHash(hash)
+	if err != nil {
+		ctx.ServerError("invalid avatar hash", err)
+		return
+	}
+	if len(email) == 0 {
+		ctx.Redirect(base.DefaultAvatarLink())
+		return
+	}
+	size := ctx.QueryInt("size")
+	if size == 0 {
+		size = base.DefaultAvatarSize
+	}
+	ctx.Redirect(base.SizedAvatarLinkWithDomain(email, size))
+}