make avatar lookup occur at image request (#10540)

speed up page generation by making avatar lookup occur at the browser not at page generation * Protect against evil email address ".." * hash the complete email address Signed-off-by: Andrew Thornton <art27@cantab.net> Co-Authored-By: Lauris BH <lauris@nix.lv>
2025-07-23 18:58:38 +00:00 · 2020-03-27 12:34:39 +00:00
parent a3f90948d8
commit e6baa656f7
13 changed files with 154 additions and 21 deletions
--- a/routers/user/avatar.go
+++ b/routers/user/avatar.go
@@ -5,10 +5,12 @@
 package user

 import (
+	"errors"
 	"strconv"
 	"strings"

 	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/log"
 )
@@ -41,3 +43,26 @@ func Avatar(ctx *context.Context) {

 	ctx.Redirect(user.RealSizedAvatarLink(size))
 }
+
+// AvatarByEmailHash redirects the browser to the appropriate Avatar link
+func AvatarByEmailHash(ctx *context.Context) {
+	hash := ctx.Params(":hash")
+	if len(hash) == 0 {
+		ctx.ServerError("invalid avatar hash", errors.New("hash cannot be empty"))
+		return
+	}
+	email, err := models.GetEmailForHash(hash)
+	if err != nil {
+		ctx.ServerError("invalid avatar hash", err)
+		return
+	}
+	if len(email) == 0 {
+		ctx.Redirect(base.DefaultAvatarLink())
+		return
+	}
+	size := ctx.QueryInt("size")
+	if size == 0 {
+		size = base.DefaultAvatarSize
+	}
+	ctx.Redirect(base.SizedAvatarLinkWithDomain(email, size))
+}