Commit Graph

19 Commits

Author SHA1 Message Date
Rhys McNeill 699c766049 fix: add timeouts to Gravatar, Unsplash, and SSRF-safe HTTP clients 2026-04-09 07:31:08 +00:00
kolaente 212968cec4
chore(lint): suppress additional gosec false positives
Add #nosec comments for G703/G704 findings in db, doctor, webhooks,
gravatar, unsplash, and migration helper code.
2026-03-23 16:40:07 +01:00
kolaente 731b7c3001
fix: avoid mutating global http.DefaultClient in webhook proxy (#2145)
Fixes a bug where the webhook HTTP client was mutating `http.DefaultClient` (the global singleton), causing ALL HTTP requests in the application to use the webhook proxy. This broke OIDC authentication and other external HTTP calls when webhook proxy was configured.

Fixes #2144
2026-01-24 13:58:47 +01:00
rhclayto c5969d9898
feat: add configurable gravatar-compatible base URL (#2083)
This adds the ability to set a base URL for a Gravatar-compatible avatar
service (Gravatar itself, or Libravatar, for instance). The default will
be www.gravatar.com, so nothing will change from current behaviour unless
the user explicitly configures another URL.

Resolves #2082
2026-01-13 14:58:08 +01:00
kolaente fb7764d9f1
feat: format user mentions with display names in email notifications (#1930)
Email notifications now display user mentions with inline avatar images for improved visual recognition and easier identification. Mentions gracefully fall back to display names if avatars are unavailable.
2025-12-10 12:39:05 +01:00
kolaente 542626fa7f
fix: deduplicate gravatar fetches to respect rate limits (#1955)
- avoid redundant concurrent Gravatar requests by coordinating fetches
per avatar cache key
- reuse cache lookups when requests are already cached and simplify
expiration checks
2025-12-08 22:42:58 +01:00
kolaente 0ecbd9e1a3
feat(user): add avatar cache flushing (#1041) 2025-06-27 14:01:43 +02:00
Dominik Pschenitschni 296577a875
fix: correct license header references (#882)
See originals:
- https://www.gnu.org/licenses/agpl-3.0.txt
- https://www.gnu.org/licenses/gpl-3.0.txt
2025-06-10 12:18:38 +02:00
kolaente 7803fe8aef
fix(avatar): use keyvalue store to cache gravatar instead of map
Resolves https://community.vikunja.io/t/docker-crash-concurrent-map-writes-google-login/3454
2025-03-30 16:24:34 +02:00
kolaente 734033c843
fix(avatars): always return correct mime type for cached avatar 2025-03-02 13:33:40 +01:00
kolaente e518fb1191
chore: remove year from copyright headers
Resolves https://kolaente.dev/vikunja/api/pulls/1483
2023-09-01 08:32:28 +02:00
renovate c5bd09702a chore(deps): update dependency golang to v1.19 (#1228)
Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/1228
Co-authored-by: renovate <renovatebot@kolaente.de>
Co-committed-by: renovate <renovatebot@kolaente.de>
2022-10-01 15:05:12 +00:00
Joseph Kavanagh 36bf3d216a
feat: gravatar - Lowercase emails before MD5 hash (#10) 2021-11-16 22:10:22 +01:00
kolaente c4a71016b8
Update copyright year 2021-02-02 20:19:13 +01:00
kolaente 456af4d4a9
Fix go header lint 2020-12-29 02:04:20 +01:00
kolaente 9baf6d39bd
Change license to AGPLv3 2020-12-23 16:41:52 +01:00
konrad 699d3d6060 Add Golangci Lint (#676)
Increase golangci timeout

Fix installing golangci-lint in ci

Remove mage targets replaced by golangci

Run golint in ci

Add goheader linter

Enable & fix more linters

Fix lint issues

Add mage target to automagically fix issues found by golangci

golangci-lint run --fix

Add golangci config

Add golangci mage target

Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/676
Co-Authored-By: konrad <konrad@kola-entertainments.de>
Co-Committed-By: konrad <konrad@kola-entertainments.de>
2020-10-11 20:10:03 +00:00
konrad cdd068cdb6 Add empty avatar provider (#149)
Fix lint

Add docs for avatar configuration

Add default avatar provider

Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/149
2020-03-01 21:10:25 +00:00
konrad 584e3af237 Add proxying gravatar requests for user avatars (#148)
Fix getting avatar based on email

Remove avatarUrl from user struct

Fix staticcheck

Add default avatar size

Add config option for caching avatars

go mod vendor

Add swagger docs

Add proxying gravatar requests for user avatars

Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/148
2020-03-01 20:30:37 +00:00