0
0
mirror of https://github.com/go-gitea/gitea.git synced 2025-10-26 12:51:06 +01:00
gitea/routers/web/user/avatar.go
wxiaoguang 71360a94cb
Address some CodeQL security concerns (#35572)
Although there is no real security problem
2025-10-04 01:21:26 +08:00

48 lines
1.7 KiB
Go

// Copyright 2019 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package user
import (
"time"
"code.gitea.io/gitea/models/avatars"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/httpcache"
"code.gitea.io/gitea/services/context"
)
func cacheableRedirect(ctx *context.Context, location string) {
// here we should not use `setting.StaticCacheTime`, it is pretty long (default: 6 hours)
// we must make sure the redirection cache time is short enough, otherwise a user won't see the updated avatar in 6 hours
// it's OK to make the cache time short, it is only a redirection, and doesn't cost much to make a new request
httpcache.SetCacheControlInHeader(ctx.Resp.Header(), &httpcache.CacheControlOptions{MaxAge: 5 * time.Minute})
ctx.Redirect(location)
}
// AvatarByUsernameSize redirect browser to user avatar of requested size
func AvatarByUsernameSize(ctx *context.Context) {
username := ctx.PathParam("username")
user := user_model.GetSystemUserByName(username)
if user == nil {
var err error
if user, err = user_model.GetUserByName(ctx, username); err != nil {
ctx.NotFoundOrServerError("GetUserByName", user_model.IsErrUserNotExist, err)
return
}
}
cacheableRedirect(ctx, user.AvatarLinkWithSize(ctx, ctx.PathParamInt("size")))
}
// AvatarByEmailHash redirects the browser to the email avatar link
func AvatarByEmailHash(ctx *context.Context) {
hash := ctx.PathParam("hash")
email, err := avatars.GetEmailForHash(ctx, hash)
if err != nil {
ctx.ServerError("invalid avatar hash: "+hash, err)
return
}
size := ctx.FormInt("size")
cacheableRedirect(ctx, avatars.GenerateEmailAvatarFinalLink(ctx, email, size))
}