From 69aed932820ab6175b3cdc778b152703bab81961 Mon Sep 17 00:00:00 2001 From: Sheogorath Date: Thu, 12 Apr 2018 13:14:42 +0200 Subject: [PATCH] Move letter-avatars into own request To prevent further weakening of our CSP policies, moving the Avatars into a non-inline version is the way to go. This implementation probably needs some beautification. But already fixes the bug. Signed-off-by: Sheogorath --- lib/letter-avatars.js | 17 +++++++++++------ lib/models/user.js | 10 +++++----- lib/web/userRouter.js | 7 +++++++ 3 files changed, 23 insertions(+), 11 deletions(-) diff --git a/lib/letter-avatars.js b/lib/letter-avatars.js index 7ba336b65..b5b1d9e7b 100644 --- a/lib/letter-avatars.js +++ b/lib/letter-avatars.js @@ -1,16 +1,17 @@ 'use strict' // external modules -var randomcolor = require('randomcolor') +const randomcolor = require('randomcolor') +const config = require('./config') // core -module.exports = function (name) { - var color = randomcolor({ +exports.generateAvatar = function (name) { + const color = randomcolor({ seed: name, luminosity: 'dark' }) - var letter = name.substring(0, 1).toUpperCase() + const letter = name.substring(0, 1).toUpperCase() - var svg = '' + let svg = '' svg += '' svg += '' svg += '' @@ -20,5 +21,9 @@ module.exports = function (name) { svg += '' svg += '' - return 'data:image/svg+xml;base64,' + new Buffer(svg).toString('base64') + return svg +} + +exports.generateAvatarURL = function (name) { + return config.serverURL + '/user/' + name + '/avatar.svg' } diff --git a/lib/models/user.js b/lib/models/user.js index f421fe431..4c8233556 100644 --- a/lib/models/user.js +++ b/lib/models/user.js @@ -6,7 +6,7 @@ var scrypt = require('scrypt') // core var logger = require('../logger') -var letterAvatars = require('../letter-avatars') +var {generateAvatarURL} = require('../letter-avatars') module.exports = function (sequelize, DataTypes) { var User = sequelize.define('User', { @@ -108,7 +108,7 @@ module.exports = function (sequelize, DataTypes) { if (bigger) photo = photo.replace(/(\?s=)\d*$/i, '$1400') else photo = photo.replace(/(\?s=)\d*$/i, '$196') } else { - photo = letterAvatars(profile.username) + photo = generateAvatarURL(profile.username) } break case 'mattermost': @@ -117,7 +117,7 @@ module.exports = function (sequelize, DataTypes) { if (bigger) photo = photo.replace(/(\?s=)\d*$/i, '$1400') else photo = photo.replace(/(\?s=)\d*$/i, '$196') } else { - photo = letterAvatars(profile.username) + photo = generateAvatarURL(profile.username) } break case 'dropbox': @@ -140,7 +140,7 @@ module.exports = function (sequelize, DataTypes) { if (bigger) photo += '?s=400' else photo += '?s=96' } else { - photo = letterAvatars(profile.username) + photo = generateAvatarURL(profile.username) } break case 'saml': @@ -149,7 +149,7 @@ module.exports = function (sequelize, DataTypes) { if (bigger) photo += '?s=400' else photo += '?s=96' } else { - photo = letterAvatars(profile.username) + photo = generateAvatarURL(profile.username) } break } diff --git a/lib/web/userRouter.js b/lib/web/userRouter.js index ecfbaf8b1..963961c7e 100644 --- a/lib/web/userRouter.js +++ b/lib/web/userRouter.js @@ -5,6 +5,7 @@ const Router = require('express').Router const response = require('../response') const models = require('../models') const logger = require('../logger') +const {generateAvatar} = require('../letter-avatars') const UserRouter = module.exports = Router() @@ -34,3 +35,9 @@ UserRouter.get('/me', function (req, res) { }) } }) + +UserRouter.get('/user/:username/avatar.svg', function (req, res, next) { + res.setHeader('Content-Type', 'image/svg+xml') + res.setHeader('Cache-Control', 'public, max-age=86400') + res.send(generateAvatar(req.params.username)) +})