class AvatarsController < ApplicationController
  def show
    if user = User.find_by(cn: params[:username])
      http_status :not_found and return unless user.avatar.attached?

      sha256_hash = params[:hash]
      format = params[:format]&.to_sym || :png
      # size = params[:size]&.to_sym || :original

      unless user.avatar.filename.to_s == "#{sha256_hash}.#{format}"
        http_status :not_found and return
      end

      # TODO See note for avatar_variant in user model
      # blob = if size == :original
      #          user.avatar.blob
      #        else
      #          user.avatar_variant(size: size)&.blob
      #        end

      data = user.avatar.blob.download
      send_data data, type: "image/#{format}", disposition: "inline"
    else
      http_status :not_found
    end
  end
end