From 318b2d378f54805e99b7022db15136df7c920083 Mon Sep 17 00:00:00 2001 From: Sheogorath Date: Sat, 23 Jun 2018 23:40:46 +0200 Subject: Allow to disable gravatar Since Gravatar is an external image source and not perfect from a privacy perspective, forbidding it allows to improve privacy. This commit also simplifies and optimizes the avatar code. Signed-off-by: Sheogorath --- lib/config/default.js | 1 + lib/config/environment.js | 1 + lib/letter-avatars.js | 16 ++++++++++++++-- lib/models/user.js | 30 +++++------------------------- 4 files changed, 21 insertions(+), 27 deletions(-) (limited to 'lib') diff --git a/lib/config/default.js b/lib/config/default.js index f88c17b3..ec44ae78 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -146,5 +146,6 @@ module.exports = { }, email: true, allowEmailRegister: true, + allowGravatar: true, allowPDFExport: true } diff --git a/lib/config/environment.js b/lib/config/environment.js index e1c11569..0ca3d920 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -120,5 +120,6 @@ module.exports = { }, email: toBooleanConfig(process.env.HMD_EMAIL), allowEmailRegister: toBooleanConfig(process.env.HMD_ALLOW_EMAIL_REGISTER), + allowGravatar: toBooleanConfig(process.env.HMD_ALLOW_GRAVATAR), allowPDFExport: toBooleanConfig(process.env.HMD_ALLOW_PDF_EXPORT) } diff --git a/lib/letter-avatars.js b/lib/letter-avatars.js index b5b1d9e7..53fa011a 100644 --- a/lib/letter-avatars.js +++ b/lib/letter-avatars.js @@ -1,5 +1,6 @@ 'use strict' // external modules +const md5 = require('blueimp-md5') const randomcolor = require('randomcolor') const config = require('./config') @@ -24,6 +25,17 @@ exports.generateAvatar = function (name) { return svg } -exports.generateAvatarURL = function (name) { - return config.serverURL + '/user/' + name + '/avatar.svg' +exports.generateAvatarURL = function (name, email = '', big = true) { + let photo + if (email !== '' && config.allowGravatar) { + photo = 'https://www.gravatar.com/avatar/' + md5(email.toLowerCase()) + if (big) { + photo += '?s=400' + } else { + photo += '?s=96' + } + } else { + photo = config.serverURL + '/user/' + (name || email.substring(0, email.lastIndexOf('@')) || md5(email.toLowerCase())) + '/avatar.svg' + } + return photo } diff --git a/lib/models/user.js b/lib/models/user.js index 5dd13869..1bd8c745 100644 --- a/lib/models/user.js +++ b/lib/models/user.js @@ -1,6 +1,5 @@ 'use strict' // external modules -var md5 = require('blueimp-md5') var Sequelize = require('sequelize') var scrypt = require('scrypt') @@ -128,10 +127,7 @@ module.exports = function (sequelize, DataTypes) { } break case 'dropbox': - // no image api provided, use gravatar - photo = 'https://www.gravatar.com/avatar/' + md5(profile.emails[0].value) - if (bigger) photo += '?s=400' - else photo += '?s=96' + photo = generateAvatarURL('', profile.emails[0].value, bigger) break case 'google': photo = profile.photos[0].value @@ -139,35 +135,19 @@ module.exports = function (sequelize, DataTypes) { else photo = photo.replace(/(\?sz=)\d*$/i, '$196') break case 'ldap': - // no image api provided, - // use gravatar if email exists, - // otherwise generate a letter avatar - if (profile.emails[0]) { - photo = 'https://www.gravatar.com/avatar/' + md5(profile.emails[0]) - if (bigger) photo += '?s=400' - else photo += '?s=96' - } else { - photo = generateAvatarURL(profile.username) - } + photo = generateAvatarURL(profile.username, profile.emails[0], bigger) break case 'saml': - if (profile.emails[0]) { - photo = 'https://www.gravatar.com/avatar/' + md5(profile.emails[0]) - if (bigger) photo += '?s=400' - else photo += '?s=96' - } else { - photo = generateAvatarURL(profile.username) - } + photo = generateAvatarURL(profile.username, profile.emails[0], bigger) break } return photo }, parseProfileByEmail: function (email) { - var photoUrl = 'https://www.gravatar.com/avatar/' + md5(email) return { name: email.substring(0, email.lastIndexOf('@')), - photo: photoUrl + '?s=96', - biggerphoto: photoUrl + '?s=400' + photo: generateAvatarURL('', email, false), + biggerphoto: generateAvatarURL('', email, true) } } } -- cgit v1.2.3