Move letter-avatars into own request

To prevent further weakening of our CSP policies, moving the Avatars
into a non-inline version is the way to go.

This implementation probably needs some beautification. But already fixes
the bug.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>

1 files changed, 11 insertions, 6 deletions

diff --git a/lib/letter-avatars.js b/lib/letter-avatars.js
index 7ba336b6..b5b1d9e7 100644
--- a/lib/letter-avatars.js
+++ b/lib/letter-avatars.js
@@ -1,16 +1,17 @@
 'use strict'
 // external modules
-var randomcolor = require('randomcolor')
+const randomcolor = require('randomcolor')
+const config = require('./config')
 
 // core
-module.exports = function (name) {
-  var color = randomcolor({
+exports.generateAvatar = function (name) {
+  const color = randomcolor({
     seed: name,
     luminosity: 'dark'
   })
-  var letter = name.substring(0, 1).toUpperCase()
+  const letter = name.substring(0, 1).toUpperCase()
 
-  var svg = '<?xml version="1.0" encoding="UTF-8" standalone="no"?>'
+  let svg = '<?xml version="1.0" encoding="UTF-8" standalone="no"?>'
   svg += '<svg xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://www.w3.org/2000/svg" height="96" width="96" version="1.1" viewBox="0 0 96 96">'
   svg += '<g>'
   svg += '<rect width="96" height="96" fill="' + color + '" />'
@@ -20,5 +21,9 @@ module.exports = function (name) {
   svg += '</g>'
   svg += '</svg>'
 
-  return 'data:image/svg+xml;base64,' + new Buffer(svg).toString('base64')
+  return svg
+}
+
+exports.generateAvatarURL = function (name) {
+  return config.serverURL + '/user/' + name + '/avatar.svg'
 }