Commit ea3419e8 authored by Adhityaa Chandrasekar's avatar Adhityaa Chandrasekar

commenter_photo.go: resize images to 38px

parent b29147a9
package main
import (
"fmt"
"strings"
"io"
"net/http"
"image/jpeg"
"github.com/disintegration/imaging"
)
func commenterPhotoHandler(w http.ResponseWriter, r *http.Request) {
......@@ -14,13 +19,17 @@ func commenterPhotoHandler(w http.ResponseWriter, r *http.Request) {
url := c.Photo
if c.Provider == "google" {
url += "?sz=50"
if strings.HasSuffix(url, "photo.jpg") {
url += "?sz=38"
} else {
url += "=s38"
}
} else if c.Provider == "github" {
url += "&s=50"
url += "&s=38"
} else if c.Provider == "twitter" {
url += "?size=normal"
} else if c.Provider == "gitlab" {
url += "?width=50"
url += "?width=38"
}
resp, err := http.Get(url)
......@@ -30,5 +39,23 @@ func commenterPhotoHandler(w http.ResponseWriter, r *http.Request) {
}
defer resp.Body.Close()
io.Copy(w, resp.Body)
if c.Provider != "commento" { // Custom URL avatars need to be resized.
io.Copy(w, resp.Body)
return
}
// Limit the size of the response to 128 KiB to prevent DoS attacks
// that exhaust memory.
limitedResp := &io.LimitedReader{R: resp.Body, N: 128 * 1024}
img, err := jpeg.Decode(limitedResp)
if err != nil {
fmt.Fprintf(w, "JPEG decode failed: %v\n", err)
return
}
if err = imaging.Encode(w, imaging.Resize(img, 38, 0, imaging.Lanczos), imaging.JPEG); err != nil {
fmt.Fprintf(w, "image encoding failed: %v\n", err)
return
}
}
......@@ -5,6 +5,7 @@ go 1.12
require (
cloud.google.com/go v0.26.0 // indirect
github.com/adtac/go-akismet v0.0.0-20181220032308-0ca9e1023047
github.com/disintegration/imaging v1.6.2
github.com/golang/protobuf v1.1.0 // indirect
github.com/gomodule/oauth1 v0.0.0-20181215000758-9a59ed3b0a84
github.com/gorilla/context v1.1.1 // indirect
......
......@@ -2,6 +2,8 @@ cloud.google.com/go v0.26.0 h1:e0WKqKTd5BnrG8aKH3J3h+QvEIQtSUcf2n5UZ5ZgLtQ=
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
github.com/adtac/go-akismet v0.0.0-20181220032308-0ca9e1023047 h1:ZC99vhH6LlWY7bstM3JhEZl1c0a0DWZPFe7+hvRwTlc=
github.com/adtac/go-akismet v0.0.0-20181220032308-0ca9e1023047/go.mod h1:DU/mtPMgEDGGfgxGATXm2Br5+F7JOClQj9nHVKZMlns=
github.com/disintegration/imaging v1.6.2 h1:w1LecBlG2Lnp8B3jk5zSuNqd7b4DXhcjwek1ei82L+c=
github.com/disintegration/imaging v1.6.2/go.mod h1:44/5580QXChDfwIclfc/PCwrr44amcmDAg8hxG0Ewe4=
github.com/golang/protobuf v1.1.0 h1:0iH4Ffd/meGoXqF2lSAhZHt8X+cPgkfn/cb6Cce5Vpc=
github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/gomodule/oauth1 v0.0.0-20181215000758-9a59ed3b0a84 h1:NlNEdePx7QY9Z4rds4EIe1dvUT8Ao1PZgLS80S5YTbU=
......@@ -24,9 +26,12 @@ github.com/russross/blackfriday v1.5.1 h1:B8ZN6pD4PVofmlDCDUdELeYrbsVIDM/bpjW3v3
github.com/russross/blackfriday v1.5.1/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
golang.org/x/crypto v0.0.0-20180808211826-de0752318171 h1:vYogbvSFj2YXcjQxFHu/rASSOt9sLytpCaSkiwQ135I=
golang.org/x/crypto v0.0.0-20180808211826-de0752318171/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/image v0.0.0-20191009234506-e7c1f5e7dbb8 h1:hVwzHzIUGRjiF7EcUjqNxk3NCfkPxbDKRdnNE1Rpg0U=
golang.org/x/image v0.0.0-20191009234506-e7c1f5e7dbb8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/net v0.0.0-20180811021610-c39426892332 h1:efGso+ep0DjyCBJPjvoz0HI6UldX4Md2F1rZFe1ir0E=
golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/oauth2 v0.0.0-20180724155351-3d292e4d0cdc h1:3ElrZeO6IBP+M8kgu5YFwRo92Gqr+zBg3aooYQ6ziqU=
golang.org/x/oauth2 v0.0.0-20180724155351-3d292e4d0cdc/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
google.golang.org/appengine v1.1.0 h1:igQkv0AAhEIvTEpD5LIpAfav2eeVO9HBTjvKHVJPRSs=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
......@@ -51,7 +51,7 @@
<input class="input" type="text" name="photo" id="photo" placeholder="https://i.imgur.com/BCKlYFQ.jpg">
</div>
<div class="small-subtitle" style="display: none" id="photo-subtitle">
Use an external image hosting service such as <a href="https://imgur.com" rel="nofollow">Imgur</a> and enter the direct link to the image here. Changes to your profile photo may take a few hours to reflect.
Use an external image hosting service such as <a href="https://imgur.com" rel="nofollow">Imgur</a> and enter the direct link to the image here. Changes to your profile photo may take a few hours to reflect. Maximum file size allowed is 128 KiB.
</div>
<div class="err" id="err"></div>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment