Move letter-avatars into own request
To prevent further weakening of our CSP policies, moving the Avatars into a non-inline version is the way to go. This implementation probably needs some beautification. But already fixes the bug. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This commit is contained in:
parent
f23f403bcb
commit
69aed93282
3 changed files with 23 additions and 11 deletions
|
@ -1,16 +1,17 @@
|
||||||
'use strict'
|
'use strict'
|
||||||
// external modules
|
// external modules
|
||||||
var randomcolor = require('randomcolor')
|
const randomcolor = require('randomcolor')
|
||||||
|
const config = require('./config')
|
||||||
|
|
||||||
// core
|
// core
|
||||||
module.exports = function (name) {
|
exports.generateAvatar = function (name) {
|
||||||
var color = randomcolor({
|
const color = randomcolor({
|
||||||
seed: name,
|
seed: name,
|
||||||
luminosity: 'dark'
|
luminosity: 'dark'
|
||||||
})
|
})
|
||||||
var letter = name.substring(0, 1).toUpperCase()
|
const letter = name.substring(0, 1).toUpperCase()
|
||||||
|
|
||||||
var svg = '<?xml version="1.0" encoding="UTF-8" standalone="no"?>'
|
let svg = '<?xml version="1.0" encoding="UTF-8" standalone="no"?>'
|
||||||
svg += '<svg xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://www.w3.org/2000/svg" height="96" width="96" version="1.1" viewBox="0 0 96 96">'
|
svg += '<svg xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://www.w3.org/2000/svg" height="96" width="96" version="1.1" viewBox="0 0 96 96">'
|
||||||
svg += '<g>'
|
svg += '<g>'
|
||||||
svg += '<rect width="96" height="96" fill="' + color + '" />'
|
svg += '<rect width="96" height="96" fill="' + color + '" />'
|
||||||
|
@ -20,5 +21,9 @@ module.exports = function (name) {
|
||||||
svg += '</g>'
|
svg += '</g>'
|
||||||
svg += '</svg>'
|
svg += '</svg>'
|
||||||
|
|
||||||
return 'data:image/svg+xml;base64,' + new Buffer(svg).toString('base64')
|
return svg
|
||||||
|
}
|
||||||
|
|
||||||
|
exports.generateAvatarURL = function (name) {
|
||||||
|
return config.serverURL + '/user/' + name + '/avatar.svg'
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,7 +6,7 @@ var scrypt = require('scrypt')
|
||||||
|
|
||||||
// core
|
// core
|
||||||
var logger = require('../logger')
|
var logger = require('../logger')
|
||||||
var letterAvatars = require('../letter-avatars')
|
var {generateAvatarURL} = require('../letter-avatars')
|
||||||
|
|
||||||
module.exports = function (sequelize, DataTypes) {
|
module.exports = function (sequelize, DataTypes) {
|
||||||
var User = sequelize.define('User', {
|
var User = sequelize.define('User', {
|
||||||
|
@ -108,7 +108,7 @@ module.exports = function (sequelize, DataTypes) {
|
||||||
if (bigger) photo = photo.replace(/(\?s=)\d*$/i, '$1400')
|
if (bigger) photo = photo.replace(/(\?s=)\d*$/i, '$1400')
|
||||||
else photo = photo.replace(/(\?s=)\d*$/i, '$196')
|
else photo = photo.replace(/(\?s=)\d*$/i, '$196')
|
||||||
} else {
|
} else {
|
||||||
photo = letterAvatars(profile.username)
|
photo = generateAvatarURL(profile.username)
|
||||||
}
|
}
|
||||||
break
|
break
|
||||||
case 'mattermost':
|
case 'mattermost':
|
||||||
|
@ -117,7 +117,7 @@ module.exports = function (sequelize, DataTypes) {
|
||||||
if (bigger) photo = photo.replace(/(\?s=)\d*$/i, '$1400')
|
if (bigger) photo = photo.replace(/(\?s=)\d*$/i, '$1400')
|
||||||
else photo = photo.replace(/(\?s=)\d*$/i, '$196')
|
else photo = photo.replace(/(\?s=)\d*$/i, '$196')
|
||||||
} else {
|
} else {
|
||||||
photo = letterAvatars(profile.username)
|
photo = generateAvatarURL(profile.username)
|
||||||
}
|
}
|
||||||
break
|
break
|
||||||
case 'dropbox':
|
case 'dropbox':
|
||||||
|
@ -140,7 +140,7 @@ module.exports = function (sequelize, DataTypes) {
|
||||||
if (bigger) photo += '?s=400'
|
if (bigger) photo += '?s=400'
|
||||||
else photo += '?s=96'
|
else photo += '?s=96'
|
||||||
} else {
|
} else {
|
||||||
photo = letterAvatars(profile.username)
|
photo = generateAvatarURL(profile.username)
|
||||||
}
|
}
|
||||||
break
|
break
|
||||||
case 'saml':
|
case 'saml':
|
||||||
|
@ -149,7 +149,7 @@ module.exports = function (sequelize, DataTypes) {
|
||||||
if (bigger) photo += '?s=400'
|
if (bigger) photo += '?s=400'
|
||||||
else photo += '?s=96'
|
else photo += '?s=96'
|
||||||
} else {
|
} else {
|
||||||
photo = letterAvatars(profile.username)
|
photo = generateAvatarURL(profile.username)
|
||||||
}
|
}
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,6 +5,7 @@ const Router = require('express').Router
|
||||||
const response = require('../response')
|
const response = require('../response')
|
||||||
const models = require('../models')
|
const models = require('../models')
|
||||||
const logger = require('../logger')
|
const logger = require('../logger')
|
||||||
|
const {generateAvatar} = require('../letter-avatars')
|
||||||
|
|
||||||
const UserRouter = module.exports = Router()
|
const UserRouter = module.exports = Router()
|
||||||
|
|
||||||
|
@ -34,3 +35,9 @@ UserRouter.get('/me', function (req, res) {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
|
UserRouter.get('/user/:username/avatar.svg', function (req, res, next) {
|
||||||
|
res.setHeader('Content-Type', 'image/svg+xml')
|
||||||
|
res.setHeader('Cache-Control', 'public, max-age=86400')
|
||||||
|
res.send(generateAvatar(req.params.username))
|
||||||
|
})
|
||||||
|
|
Loading…
Reference in a new issue