Move letter-avatars into own request

To prevent further weakening of our CSP policies, moving the Avatars into a non-inline version is the way to go. This implementation probably needs some beautification. But already fixes the bug. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
author: Sheogorath 2018-04-12 13:14:42 +0200
committer: Sheogorath 2018-04-17 19:06:59 +0200
commit: 69aed932820ab6175b3cdc778b152703bab81961 (patch)
tree: 022899fb8c188e172c6424e012dcf37136e4c066 /lib
parent: f23f403bcb990a03fe27d5d4dda491c5de89c464 (diff)
3 files changed, 23 insertions, 11 deletions
diff --git a/lib/letter-avatars.js b/lib/letter-avatars.js
index 7ba336b6..b5b1d9e7 100644
--- a/lib/letter-avatars.js
+++ b/lib/letter-avatars.js
@@ -1,16 +1,17 @@
 'use strict'
 // external modules
-var randomcolor = require('randomcolor')
+const randomcolor = require('randomcolor')
+const config = require('./config')
 
 // core
-module.exports = function (name) {
-  var color = randomcolor({
+exports.generateAvatar = function (name) {
+  const color = randomcolor({
     seed: name,
     luminosity: 'dark'
   })
-  var letter = name.substring(0, 1).toUpperCase()
+  const letter = name.substring(0, 1).toUpperCase()
 
-  var svg = '<?xml version="1.0" encoding="UTF-8" standalone="no"?>'
+  let svg = '<?xml version="1.0" encoding="UTF-8" standalone="no"?>'
   svg += '<svg xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://www.w3.org/2000/svg" height="96" width="96" version="1.1" viewBox="0 0 96 96">'
   svg += '<g>'
   svg += '<rect width="96" height="96" fill="' + color + '" />'
@@ -20,5 +21,9 @@ module.exports = function (name) {
   svg += '</g>'
   svg += '</svg>'
 
-  return 'data:image/svg+xml;base64,' + new Buffer(svg).toString('base64')
+  return svg
+}
+
+exports.generateAvatarURL = function (name) {
+  return config.serverURL + '/user/' + name + '/avatar.svg'
 }
diff --git a/lib/models/user.js b/lib/models/user.js
index f421fe43..4c823355 100644
--- a/lib/models/user.js
+++ b/lib/models/user.js
@@ -6,7 +6,7 @@ var scrypt = require('scrypt')
 
 // core
 var logger = require('../logger')
-var letterAvatars = require('../letter-avatars')
+var {generateAvatarURL} = require('../letter-avatars')
 
 module.exports = function (sequelize, DataTypes) {
   var User = sequelize.define('User', {
@@ -108,7 +108,7 @@ module.exports = function (sequelize, DataTypes) {
               if (bigger) photo = photo.replace(/(\?s=)\d*$/i, '$1400')
               else photo = photo.replace(/(\?s=)\d*$/i, '$196')
             } else {
-              photo = letterAvatars(profile.username)
+              photo = generateAvatarURL(profile.username)
             }
             break
           case 'mattermost':
@@ -117,7 +117,7 @@ module.exports = function (sequelize, DataTypes) {
               if (bigger) photo = photo.replace(/(\?s=)\d*$/i, '$1400')
               else photo = photo.replace(/(\?s=)\d*$/i, '$196')
             } else {
-              photo = letterAvatars(profile.username)
+              photo = generateAvatarURL(profile.username)
             }
             break
           case 'dropbox':
@@ -140,7 +140,7 @@ module.exports = function (sequelize, DataTypes) {
               if (bigger) photo += '?s=400'
               else photo += '?s=96'
             } else {
-              photo = letterAvatars(profile.username)
+              photo = generateAvatarURL(profile.username)
             }
             break
           case 'saml':
@@ -149,7 +149,7 @@ module.exports = function (sequelize, DataTypes) {
               if (bigger) photo += '?s=400'
               else photo += '?s=96'
             } else {
-              photo = letterAvatars(profile.username)
+              photo = generateAvatarURL(profile.username)
             }
             break
         }
diff --git a/lib/web/userRouter.js b/lib/web/userRouter.js
index ecfbaf8b..963961c7 100644
--- a/lib/web/userRouter.js
+++ b/lib/web/userRouter.js
@@ -5,6 +5,7 @@ const Router = require('express').Router
 const response = require('../response')
 const models = require('../models')
 const logger = require('../logger')
+const {generateAvatar} = require('../letter-avatars')
 
 const UserRouter = module.exports = Router()
 
@@ -34,3 +35,9 @@ UserRouter.get('/me', function (req, res) {
     })
   }
 })
+
+UserRouter.get('/user/:username/avatar.svg', function (req, res, next) {
+  res.setHeader('Content-Type', 'image/svg+xml')
+  res.setHeader('Cache-Control', 'public, max-age=86400')
+  res.send(generateAvatar(req.params.username))
+})
author	Sheogorath	2018-04-12 13:14:42 +0200
committer	Sheogorath	2018-04-17 19:06:59 +0200
commit	69aed932820ab6175b3cdc778b152703bab81961 (patch)
tree	022899fb8c188e172c6424e012dcf37136e4c066 /lib
parent	f23f403bcb990a03fe27d5d4dda491c5de89c464 (diff)