Fix avatar enumable (#1049)

lunny · web-flow · commit 80f900ebae5c · 2017-02-25T22:58:57.000+08:00
* fix avatar enumable

* fix import style
diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go
@@ -88,6 +88,8 @@ var migrations = []Migration{
 	NewMigration("add external login user", addExternalLoginUser),
 	// v19 -> v20
 	NewMigration("generate and migrate Git hooks", generateAndMigrateGitHooks),
+	// v20 -> v21
+	NewMigration("use new avtar path name for security reason", useNewNameAvatars),
 }
 
 // Migrate database to current version
diff --git a/models/migrations/v20.go b/models/migrations/v20.go
@@ -0,0 +1,66 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package migrations
+
+import (
+	"crypto/md5"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strconv"
+
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/go-xorm/xorm"
+)
+
+func useNewNameAvatars(x *xorm.Engine) error {
+	d, err := os.Open(setting.AvatarUploadPath)
+	if err != nil {
+		return err
+	}
+	names, err := d.Readdirnames(0)
+	if err != nil {
+		return err
+	}
+
+	type User struct {
+		Avatar          string
+		UseCustomAvatar bool
+	}
+
+	for _, name := range names {
+		userID, err := strconv.ParseInt(name, 10, 64)
+		if err != nil {
+			return err
+		}
+
+		var user User
+		if has, err := x.ID(userID).Get(&user); err != nil {
+			return err
+		} else if !has {
+			return errors.New("Avatar user is not exist")
+		}
+
+		fPath := filepath.Join(setting.AvatarUploadPath, name)
+		bs, err := ioutil.ReadFile(fPath)
+		if err != nil {
+			return err
+		}
+
+		user.Avatar = fmt.Sprintf("%x", md5.Sum(bs))
+		err = os.Rename(fPath, filepath.Join(setting.AvatarUploadPath, user.Avatar))
+		if err != nil {
+			return err
+		}
+		_, err = x.ID(userID).Cols("avatar").Update(&user)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/models/user.go b/models/user.go
@@ -7,6 +7,7 @@ package models
 import (
 	"bytes"
 	"container/list"
+	"crypto/md5"
 	"crypto/sha256"
 	"crypto/subtle"
 	"encoding/hex"
@@ -281,7 +282,7 @@ func (u *User) GenerateActivateCode() string {
 
 // CustomAvatarPath returns user custom avatar file path.
 func (u *User) CustomAvatarPath() string {
-	return filepath.Join(setting.AvatarUploadPath, com.ToStr(u.ID))
+	return filepath.Join(setting.AvatarUploadPath, u.Avatar)
 }
 
 // GenerateRandomAvatar generates a random avatar for user.
@@ -326,15 +327,15 @@ func (u *User) RelAvatarLink() string {
 		if !com.IsExist(u.CustomAvatarPath()) {
 			return defaultImgURL
 		}
-		return setting.AppSubURL + "/avatars/" + com.ToStr(u.ID)
+		return setting.AppSubURL + "/avatars/" + u.Avatar
 	case setting.DisableGravatar, setting.OfflineMode:
 		if !com.IsExist(u.CustomAvatarPath()) {
 			if err := u.GenerateRandomAvatar(); err != nil {
 				log.Error(3, "GenerateRandomAvatar: %v", err)
 			}
 		}
 
-		return setting.AppSubURL + "/avatars/" + com.ToStr(u.ID)
+		return setting.AppSubURL + "/avatars/" + u.Avatar
 	}
 	return base.AvatarLink(u.AvatarEmail)
 }
@@ -425,6 +426,7 @@ func (u *User) UploadAvatar(data []byte) error {
 	}
 
 	u.UseCustomAvatar = true
+	u.Avatar = fmt.Sprintf("%x", md5.Sum(data))
 	if err = updateUser(sess, u); err != nil {
 		return fmt.Errorf("updateUser: %v", err)
 	}

Original file line number	Diff line number	Diff line change
`@@ -88,6 +88,8 @@ var migrations = []Migration{`
`88`	`88`	`NewMigration("add external login user", addExternalLoginUser),`
`89`	`89`	`// v19 -> v20`
`90`	`90`	`NewMigration("generate and migrate Git hooks", generateAndMigrateGitHooks),`
	`91`	`+ // v20 -> v21`
	`92`	`+ NewMigration("use new avtar path name for security reason", useNewNameAvatars),`
`91`	`93`	`}`
`92`	`94`
`93`	`95`	`// Migrate database to current version`
Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,7 @@ package models`
`7`	`7`	`import (`
`8`	`8`	`"bytes"`
`9`	`9`	`"container/list"`
	`10`	`+ "crypto/md5"`
`10`	`11`	`"crypto/sha256"`
`11`	`12`	`"crypto/subtle"`
`12`	`13`	`"encoding/hex"`
`@@ -281,7 +282,7 @@ func (u *User) GenerateActivateCode() string {`
`281`	`282`
`282`	`283`	`// CustomAvatarPath returns user custom avatar file path.`
`283`	`284`	`func (u *User) CustomAvatarPath() string {`
`284`		`- return filepath.Join(setting.AvatarUploadPath, com.ToStr(u.ID))`
	`285`	`+ return filepath.Join(setting.AvatarUploadPath, u.Avatar)`
`285`	`286`	`}`
`286`	`287`
`287`	`288`	`// GenerateRandomAvatar generates a random avatar for user.`
`@@ -326,15 +327,15 @@ func (u *User) RelAvatarLink() string {`
`326`	`327`	`if !com.IsExist(u.CustomAvatarPath()) {`
`327`	`328`	`return defaultImgURL`
`328`	`329`	`}`
`329`		`- return setting.AppSubURL + "/avatars/" + com.ToStr(u.ID)`
	`330`	`+ return setting.AppSubURL + "/avatars/" + u.Avatar`
`330`	`331`	`case setting.DisableGravatar, setting.OfflineMode:`
`331`	`332`	`if !com.IsExist(u.CustomAvatarPath()) {`
`332`	`333`	`if err := u.GenerateRandomAvatar(); err != nil {`
`333`	`334`	`log.Error(3, "GenerateRandomAvatar: %v", err)`
`334`	`335`	`}`
`335`	`336`	`}`
`336`	`337`
`337`		`- return setting.AppSubURL + "/avatars/" + com.ToStr(u.ID)`
	`338`	`+ return setting.AppSubURL + "/avatars/" + u.Avatar`
`338`	`339`	`}`
`339`	`340`	`return base.AvatarLink(u.AvatarEmail)`
`340`	`341`	`}`
`@@ -425,6 +426,7 @@ func (u *User) UploadAvatar(data []byte) error {`
`425`	`426`	`}`
`426`	`427`
`427`	`428`	`u.UseCustomAvatar = true`
	`429`	`+ u.Avatar = fmt.Sprintf("%x", md5.Sum(data))`
`428`	`430`	`if err = updateUser(sess, u); err != nil {`
`429`	`431`	`return fmt.Errorf("updateUser: %v", err)`
`430`	`432`	`}`