1# frozen_string_literal: true
2
3module Avatarable
4  extend ActiveSupport::Concern
5
6  USER_AVATAR_SIZES = [16, 20, 23, 24, 26, 32, 36, 38, 40, 48, 60, 64, 90, 96, 120, 160].freeze
7  PROJECT_AVATAR_SIZES = [15, 40, 48, 64, 88].freeze
8  GROUP_AVATAR_SIZES = [15, 37, 38, 39, 40, 64, 96].freeze
9
10  ALLOWED_IMAGE_SCALER_WIDTHS = (USER_AVATAR_SIZES | PROJECT_AVATAR_SIZES | GROUP_AVATAR_SIZES).freeze
11
12  # This value must not be bigger than then: https://gitlab.com/gitlab-org/gitlab/-/blob/master/workhorse/config.toml.example#L20
13  #
14  # https://docs.gitlab.com/ee/development/image_scaling.html
15  MAXIMUM_FILE_SIZE = 200.kilobytes.to_i
16
17  included do
18    prepend ShadowMethods
19    include ObjectStorage::BackgroundMove
20    include Gitlab::Utils::StrongMemoize
21    include ApplicationHelper
22
23    validate :avatar_type, if: ->(user) { user.avatar.present? && user.avatar_changed? }
24    validates :avatar, file_size: { maximum: MAXIMUM_FILE_SIZE }, if: :avatar_changed?
25
26    mount_uploader :avatar, AvatarUploader
27
28    after_initialize :add_avatar_to_batch
29    after_commit :clear_avatar_caches
30  end
31
32  module ShadowMethods
33    def avatar_url(**args)
34      # We use avatar_path instead of overriding avatar_url because of carrierwave.
35      # See https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/11001/diffs#note_28659864
36
37      avatar_path(only_path: args.fetch(:only_path, true), size: args[:size]) || super
38    end
39
40    def retrieve_upload(identifier, paths)
41      upload = retrieve_upload_from_batch(identifier)
42
43      # This fallback is needed when deleting an upload, because we may have
44      # already been removed from the DB. We have to check an explicit `#nil?`
45      # because it's a BatchLoader instance.
46      upload = super if upload.nil?
47
48      upload
49    end
50  end
51
52  class_methods do
53    def bot_avatar(image:)
54      Rails.root.join('lib', 'assets', 'images', 'bot_avatars', image).open
55    end
56  end
57
58  def avatar_type
59    unless self.avatar.image?
60      errors.add :avatar, "file format is not supported. Please try one of the following supported formats: #{AvatarUploader::SAFE_IMAGE_EXT.join(', ')}"
61    end
62  end
63
64  def avatar_path(only_path: true, size: nil)
65    unless self.try(:id)
66      return uncached_avatar_path(only_path: only_path, size: size)
67    end
68
69    # Cache this avatar path only within the request because avatars in
70    # object storage may be generated with time-limited, signed URLs.
71    key = "#{self.class.name}:#{self.id}:#{only_path}:#{size}"
72    Gitlab::SafeRequestStore[key] ||= uncached_avatar_path(only_path: only_path, size: size)
73  end
74
75  def uncached_avatar_path(only_path: true, size: nil)
76    return unless self.try(:avatar).present?
77
78    asset_host = ActionController::Base.asset_host
79    use_asset_host = asset_host.present?
80    use_authentication = respond_to?(:public?) && !public?
81    query_params = size&.nonzero? ? "?width=#{size}" : ""
82
83    # Avatars for private and internal groups and projects require authentication to be viewed,
84    # which means they can only be served by Rails, on the regular GitLab host.
85    # If an asset host is configured, we need to return the fully qualified URL
86    # instead of only the avatar path, so that Rails doesn't prefix it with the asset host.
87    if use_asset_host && use_authentication
88      use_asset_host = false
89      only_path = false
90    end
91
92    url_base = []
93
94    if use_asset_host
95      url_base << asset_host unless only_path
96    else
97      url_base << gitlab_config.base_url unless only_path
98      url_base << gitlab_config.relative_url_root
99    end
100
101    url_base.join + avatar.local_url + query_params
102  end
103
104  # Path that is persisted in the tracking Upload model. Used to fetch the
105  # upload from the model.
106  def upload_paths(identifier)
107    avatar_mounter.blank_uploader.store_dirs.map { |store, path| File.join(path, identifier) }
108  end
109
110  private
111
112  def retrieve_upload_from_batch(identifier)
113    BatchLoader.for(identifier: identifier, model: self)
114               .batch(key: self.class) do |upload_params, loader, args|
115      model_class = args[:key]
116      paths = upload_params.flat_map do |params|
117        params[:model].upload_paths(params[:identifier])
118      end
119
120      Upload.where(uploader: AvatarUploader.name, path: paths).find_each do |upload|
121        model = model_class.instantiate('id' => upload.model_id)
122
123        loader.call({ model: model, identifier: File.basename(upload.path) }, upload)
124      end
125    end
126  end
127
128  def add_avatar_to_batch
129    return unless avatar_mounter
130
131    avatar_mounter.read_identifiers.each { |identifier| retrieve_upload_from_batch(identifier) }
132  end
133
134  def avatar_mounter
135    strong_memoize(:avatar_mounter) { _mounter(:avatar) }
136  end
137
138  def clear_avatar_caches
139    return unless respond_to?(:verified_emails) && verified_emails.any? && avatar_changed?
140
141    Gitlab::AvatarCache.delete_by_email(*verified_emails)
142  end
143end
144