From d4b466b04ff4d3bf0e3cd0ef9c93d21cf39c9ebd Mon Sep 17 00:00:00 2001 From: Adhityaa Chandrasekar Date: Fri, 22 Feb 2019 22:20:55 -0500 Subject: [PATCH] api: mirror user photos for better privacy --- api/commenter_photo.go | 34 ++++++++++++++++++++++++++++++++++ api/router_api.go | 1 + frontend/js/commento.js | 20 ++------------------ 3 files changed, 37 insertions(+), 18 deletions(-) create mode 100644 api/commenter_photo.go diff --git a/api/commenter_photo.go b/api/commenter_photo.go new file mode 100644 index 0000000..16bfe5c --- /dev/null +++ b/api/commenter_photo.go @@ -0,0 +1,34 @@ +package main + +import ( + "io" + "net/http" +) + +func commenterPhotoHandler(w http.ResponseWriter, r *http.Request) { + c, err := commenterGetByHex(r.FormValue("commenterHex")) + if err != nil { + http.NotFound(w, r) + return + } + + url := c.Photo + if c.Provider == "google" { + url += "?sz=50" + } else if c.Provider == "github" { + url += "&s=50" + } else if c.Provider == "twitter" { + url += "?size=normal" + } else if c.Provider == "gitlab" { + url += "?width=50" + } + + resp, err := http.Get(url) + if err != nil { + http.NotFound(w, r) + return + } + defer resp.Body.Close() + + io.Copy(w, resp.Body) +} diff --git a/api/router_api.go b/api/router_api.go index ae3c1b0..eaeab95 100644 --- a/api/router_api.go +++ b/api/router_api.go @@ -27,6 +27,7 @@ func apiRouterInit(router *mux.Router) error { router.HandleFunc("/api/commenter/new", commenterNewHandler).Methods("POST") router.HandleFunc("/api/commenter/login", commenterLoginHandler).Methods("POST") router.HandleFunc("/api/commenter/self", commenterSelfHandler).Methods("POST") + router.HandleFunc("/api/commenter/photo", commenterPhotoHandler).Methods("GET") router.HandleFunc("/api/email/get", emailGetHandler).Methods("POST") router.HandleFunc("/api/email/update", emailUpdateHandler).Methods("POST") diff --git a/frontend/js/commento.js b/frontend/js/commento.js index 53fb956..3ddef80 100644 --- a/frontend/js/commento.js +++ b/frontend/js/commento.js @@ -258,15 +258,7 @@ classAdd(avatar, "avatar"); } else { avatar = create("img"); - if (commenter.provider === "google") { - attrSet(avatar, "src", commenter.photo + "?sz=50"); - } else if (commenter.provider === "github") { - attrSet(avatar, "src", commenter.photo + "&s=50"); - } else if (commenter.provider === "twitter") { - attrSet(avatar, "src", commenter.photo + "?size=normal"); - } else { - attrSet(avatar, "src", commenter.photo); - } + attrSet(avatar, "src", cdn + "/api/commenter/photo?commenterHex=" + commenter.commenterHex); classAdd(avatar, "avatar-img"); } @@ -743,15 +735,7 @@ classAdd(avatar, "avatar"); } else { avatar = create("img"); - if (commenter.provider === "google") { - attrSet(avatar, "src", commenter.photo + "?sz=50"); - } else if (commenter.provider === "github") { - attrSet(avatar, "src", commenter.photo + "&s=50"); - } else if (commenter.provider === "twitter") { - attrSet(avatar, "src", commenter.photo + "?size=normal"); - } else { - attrSet(avatar, "src", commenter.photo); - } + attrSet(avatar, "src", cdn + "/api/commenter/photo?commenterHex=" + commenter.commenterHex); classAdd(avatar, "avatar-img"); }