kosmos/akkounts
kosmos/akkounts
8
1
Fork 0
Code Issues 19 Pull Requests 1 Actions Packages Releases 12 Activity

Switch LDAP avatar to store raw JPEG instead of base64-encoded string #157

New Issue
Closed
opened 2024-01-22 10:58:40 +00:00 by raucao · 3 comments
raucao commented 2024-01-22 10:58:40 +00:00
Owner
Copy Link

I'm not sure where we found the information for it being generally stored as base64 string, but I just found out that Gitea only supports the binary format, and the RFC for inetOrgPerson also doesn't mention encoded strings.

Since I only just deployed the version with base64 today, I'll change it asap so we don't announce before it works with Gitea and ejabberd at least.

I'm not sure where we found the information for it being generally stored as base64 string, but I just found out that Gitea only supports the binary format, and the [RFC for inetOrgPerson](https://www.rfc-editor.org/rfc/rfc2798#section-2.6) also doesn't mention encoded strings. Since I only just deployed the version with base64 today, I'll change it asap so we don't announce before it works with Gitea and ejabberd at least.
raucao added the
bug
enhancement
 labels 2024-01-22 10:58:45 +00:00
raucao self-assigned this 2024-01-22 10:58:55 +00:00
raucao changed title from Switch LDAP avatar to store raw JPEG/PNG instead of base64-encoded string to Switch LDAP avatar to store raw JPEG instead of base64-encoded string 2024-01-22 10:59:14 +00:00
raucao commented 2024-01-22 17:04:09 +00:00
Author
Owner
Copy Link

This one turns out to be more difficult than I expected. Could use another set of eyes to look at what I have, which isn't working as it should...

This one turns out to be more difficult than I expected. Could use another set of eyes to look at what I have, which isn't working as it should...
raucao added this to the 1.0.0 Release milestone 2024-02-08 12:21:14 +00:00
raucao added the
integration
ldap
 label 2024-02-25 11:23:43 +00:00
raucao commented 2024-03-07 13:20:26 +00:00
Author
Owner
Copy Link

I have temporarily hidden the feature by default, so we don't have to care about migrating existing avatars at some point.

I have temporarily hidden the feature by default, so we don't have to care about migrating existing avatars at some point.
raucao commented 2025-05-11 10:00:56 +00:00
Author
Owner
Copy Link

I have a working implementation of this in 9e2210c now, but now I'm not sure it makes sense anymore. There are a few issues with the idea of storing this in LDAP in general, which I'll document here for posterity:

  • If we're strict about it, the file type would have to be a JPEG, which means when converting it, we lose e.g. PNG transparency for images that use it.
  • We can't store multiple versions (e.g. sizes) this way
  • A public HTTP endpoint would rely on LDAP as backing file store, but it would be more efficient and robust to just use our public S3 endpoints directly (which also have proxy caching built in already)
  • Not all services are able to use the avatar from LDAP directly, so if we want to have options for updating an avatar for multiple services, we need to store it in other places anyway. And we should probably make it possible to not overwrite all avatars in all places via UI options
  • I'm not sure how widely supported this is, but for XMPP, the protocol makes it possible to also use HTTP URIs instead of image data when publishing avatar updates to PEP

So, considering all these points, I think it makes more sense to just use ActiveStorage to store avatars in S3/Garage (or filesystem for smaller akkounts deployments), and then have multiple jobs to update them in services where needed or desired. One of them can be the LDAP one that from abovementioned commit, so it's possible to use it from there also.

I have a working implementation of this in 9e2210c now, but now I'm not sure it makes sense anymore. There are a few issues with the idea of storing this in LDAP in general, which I'll document here for posterity: * If we're strict about it, the file type would have to be a JPEG, which means when converting it, we lose e.g. PNG transparency for images that use it. * We can't store multiple versions (e.g. sizes) this way * A public HTTP endpoint would rely on LDAP as backing file store, but it would be more efficient and robust to just use our public S3 endpoints directly (which also have proxy caching built in already) * Not all services are able to use the avatar from LDAP directly, so if we want to have options for updating an avatar for multiple services, we need to store it in other places anyway. And we should probably make it possible to not overwrite all avatars in all places via UI options * I'm not sure how widely supported this is, but for XMPP, [the protocol](https://xmpp.org/extensions/xep-0084.html#examples) makes it possible to also use HTTP URIs instead of image data when publishing avatar updates to PEP So, considering all these points, I think it makes more sense to just use ActiveStorage to store avatars in S3/Garage (or filesystem for smaller akkounts deployments), and then have multiple jobs to update them in services where needed or desired. One of them can be the LDAP one that from abovementioned commit, so it's possible to use it from there also.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
integration
btcpay
integration
discourse
integration
ejabberd
integration
email
integration
ldap
integration
lndhub
integration
mastodon
integration
nostr
integration
remotestorage
bug
Something is not working
design
Graphic/visual design
dev environment
Config, builds, CI, deployment, etc.
docs
Documentation
duplicate
This issue or pull request already exists
enhancement
Improving existing functionality
feature
New functionality
good first issue
Dive in, and start contributing
idea
Something to consider
invalid
Not a bug
kredits-1
Small contribution
kredits-2
Medium contribution
kredits-3
Large contribution
on hold
Currently not actionable
ops
Manual IT ops activities
question
Looking for an answer
release
major
release
minor
release
patch
security
All your base are belong to us
ui/ux
User interface, process design, etc.
wontfix
This won't be fixed
No Label
integration
ldap
bug
enhancement
Milestone
No items
No Milestone 1.0.0 Release
Assignees
Clear assignees
bkero bumi fsmanuel galfert greg hueso raucao slvrbckt
No Assignees raucao
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: kosmos/akkounts#157
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?