commento/api/commenter_photo.go

package main

import (
	"fmt"
	"image/jpeg"
	"io"
	"net/http"
	"strings"

	"github.com/disintegration/imaging"
)

func commenterPhotoHandler(w http.ResponseWriter, r *http.Request) {
	c, err := commenterGetByHex(r.FormValue("commenterHex"))
	if err != nil {
		http.NotFound(w, r)
		return
	}

	url := c.Photo
	if c.Provider == "google" {
		if strings.HasSuffix(url, "photo.jpg") {
			url += "?sz=38"
		} else {
			url += "=s38"
		}
	} else if c.Provider == "github" {
		url += "&s=38"
	} else if c.Provider == "gitlab" {
		url += "?width=38"
	}

	resp, err := http.Get(url)
	if err != nil {
		http.NotFound(w, r)
		return
	}
	defer resp.Body.Close()

	if c.Provider != "commento" { // Custom URL avatars need to be resized.
		io.Copy(w, resp.Body)
		return
	}

	// Limit the size of the response to 128 KiB to prevent DoS attacks
	// that exhaust memory.
	limitedResp := &io.LimitedReader{R: resp.Body, N: 128 * 1024}

	img, err := jpeg.Decode(limitedResp)
	if err != nil {
		fmt.Fprintf(w, "JPEG decode failed: %v\n", err)
		return
	}

	if err = imaging.Encode(w, imaging.Resize(img, 38, 0, imaging.Lanczos), imaging.JPEG); err != nil {
		fmt.Fprintf(w, "image encoding failed: %v\n", err)
		return
	}
}
api: mirror user photos for better privacy 2019-02-23 11:20:55 +08:00			`package main`

			`import (`
commenter_photo.go: resize images to 38px 2020-02-14 08:58:52 +08:00			`"fmt"`
api: go fmt 2020-02-14 09:15:05 +08:00			`"image/jpeg"`
api: mirror user photos for better privacy 2019-02-23 11:20:55 +08:00			`"io"`
			`"net/http"`
api: go fmt 2020-02-14 09:15:05 +08:00			`"strings"`
commenter_photo.go: resize images to 38px 2020-02-14 08:58:52 +08:00
			`"github.com/disintegration/imaging"`
api: mirror user photos for better privacy 2019-02-23 11:20:55 +08:00			`)`

			`func commenterPhotoHandler(w http.ResponseWriter, r *http.Request) {`
			`c, err := commenterGetByHex(r.FormValue("commenterHex"))`
			`if err != nil {`
			`http.NotFound(w, r)`
			`return`
			`}`

			`url := c.Photo`
			`if c.Provider == "google" {`
commenter_photo.go: resize images to 38px 2020-02-14 08:58:52 +08:00			`if strings.HasSuffix(url, "photo.jpg") {`
			`url += "?sz=38"`
			`} else {`
			`url += "=s38"`
			`}`
api: mirror user photos for better privacy 2019-02-23 11:20:55 +08:00			`} else if c.Provider == "github" {`
commenter_photo.go: resize images to 38px 2020-02-14 08:58:52 +08:00			`url += "&s=38"`
api: mirror user photos for better privacy 2019-02-23 11:20:55 +08:00			`} else if c.Provider == "gitlab" {`
commenter_photo.go: resize images to 38px 2020-02-14 08:58:52 +08:00			`url += "?width=38"`
api: mirror user photos for better privacy 2019-02-23 11:20:55 +08:00			`}`

			`resp, err := http.Get(url)`
			`if err != nil {`
			`http.NotFound(w, r)`
			`return`
			`}`
			`defer resp.Body.Close()`

commenter_photo.go: resize images to 38px 2020-02-14 08:58:52 +08:00			`if c.Provider != "commento" { // Custom URL avatars need to be resized.`
			`io.Copy(w, resp.Body)`
			`return`
			`}`

			`// Limit the size of the response to 128 KiB to prevent DoS attacks`
			`// that exhaust memory.`
			`limitedResp := &io.LimitedReader{R: resp.Body, N: 128 * 1024}`

			`img, err := jpeg.Decode(limitedResp)`
			`if err != nil {`
			`fmt.Fprintf(w, "JPEG decode failed: %v\n", err)`
			`return`
			`}`

			`if err = imaging.Encode(w, imaging.Resize(img, 38, 0, imaging.Lanczos), imaging.JPEG); err != nil {`
			`fmt.Fprintf(w, "image encoding failed: %v\n", err)`
			`return`
			`}`
api: mirror user photos for better privacy 2019-02-23 11:20:55 +08:00			`}`