21 lines
607 B
Ruby
21 lines
607 B
Ruby
class AvatarsController < ApplicationController
|
|
def show
|
|
if user = User.find_by(cn: params[:username])
|
|
http_status :not_found and return unless user.avatar.attached?
|
|
|
|
sha256_hash = params[:hash]
|
|
format = params[:format].to_sym || :png
|
|
size = params[:size]&.to_sym || :large
|
|
|
|
unless user.avatar_filename == "#{sha256_hash}.#{format}"
|
|
http_status :not_found and return
|
|
end
|
|
|
|
send_file user.avatar.service.path_for(user.avatar.key),
|
|
disposition: "inline", type: "image/#{format}"
|
|
else
|
|
http_status :not_found and return
|
|
end
|
|
end
|
|
end
|