class AvatarsController < ApplicationController
  def show
    if user = User.find_by(cn: params[:username])
      http_status :not_found and return unless user.avatar.attached?

      sha256_hash = params[:hash]
      format = params[:format].to_sym || :png
      size = params[:size]&.to_sym || :large

      unless user.avatar_filename == "#{sha256_hash}.#{format}"
        http_status :not_found and return
      end

      send_file user.avatar.service.path_for(user.avatar.key),
        disposition: "inline", type: "image/#{format}"
    else
      http_status :not_found and return
    end
  end
end