Commit Graph

42 Commits

Author SHA1 Message Date
Rhys McNeill 699c766049 fix: add timeouts to Gravatar, Unsplash, and SSRF-safe HTTP clients 2026-04-09 07:31:08 +00:00
kolaente c166eff95f test: remove obsolete invalid-cache-type test for avatar upload
RememberValue[T] always gob-decodes to the correct type, so the
corrupted-cache recovery path no longer exists.
2026-04-08 08:56:22 +00:00
kolaente 59b047f76a fix: register gob types and use RememberValue for avatar and unsplash cache
Register CachedAvatar and Photo with encoding/gob so Redis can properly
deserialize them. Migrate both to use RememberValue[T] which calls
GetWithValue() internally, fixing the broken type assertion when Redis
is the keyvalue backend.

Also removes the recursion-depth fallback in upload.go since
RememberValue eliminates the type mismatch failure mode entirely.
2026-04-08 08:56:22 +00:00
kolaente 212968cec4
chore(lint): suppress additional gosec false positives
Add #nosec comments for G703/G704 findings in db, doctor, webhooks,
gravatar, unsplash, and migration helper code.
2026-03-23 16:40:07 +01:00
kolaente 2a10b22c5c fix: use session-aware file creation to avoid nested transactions
files.Create() and files.CreateWithMime() internally create their own
sessions and transactions. When called from within an existing
transaction (now that db.NewSession() auto-begins), this creates nested
transactions that deadlock on SQLite.

Switch to files.CreateWithSession() and files.CreateWithMimeAndSession()
to participate in the caller's existing transaction instead.
2026-02-25 11:03:02 +01:00
kolaente 79d0942780 fix: use DelPrefix in upload avatar FlushCache to clear all cached sizes
FlushCache was using keyvalue.Del with the base key
(avatar_upload_{userID}) but the actual cache entries are stored with
size suffixes (avatar_upload_{userID}_{size}). The Del call targeted a
key that never existed, so cached avatars were never invalidated.

Switch to keyvalue.DelPrefix to delete all size variants at once,
matching the pattern the gravatar provider already uses correctly.
2026-02-13 09:31:28 +01:00
kolaente c93fa1b4ae test: add failing test for upload avatar FlushCache
The test populates the cache with multiple size-suffixed keys
and verifies that FlushCache removes all of them. Currently fails
because FlushCache uses Del with the base key which doesn't match
the actual size-suffixed cache keys.
2026-02-13 09:31:28 +01:00
kolaente dbd74491c4 fix(files): update all callers to provide seekable readers for S3 uploads
Update all code paths that pass file content to the storage layer to
provide io.ReadSeeker instead of io.Reader:

- Avatar upload: use bytes.NewReader instead of bytes.Buffer
- Background upload handler: use bytes.NewReader instead of bytes.Buffer
- Unsplash background: buffer response body into bytes.NewReader
- Dump restore: buffer zip entry into bytes.NewReader
- Migration structure: pass bytes.NewReader directly instead of wrapping
  in io.NopCloser
- Task attachment: change NewAttachment parameter from io.ReadCloser to
  io.ReadSeeker
2026-02-08 15:31:25 +01:00
kolaente 731b7c3001
fix: avoid mutating global http.DefaultClient in webhook proxy (#2145)
Fixes a bug where the webhook HTTP client was mutating `http.DefaultClient` (the global singleton), causing ALL HTTP requests in the application to use the webhook proxy. This broke OIDC authentication and other external HTTP calls when webhook proxy was configured.

Fixes #2144
2026-01-24 13:58:47 +01:00
rhclayto c5969d9898
feat: add configurable gravatar-compatible base URL (#2083)
This adds the ability to set a base URL for a Gravatar-compatible avatar
service (Gravatar itself, or Libravatar, for instance). The default will
be www.gravatar.com, so nothing will change from current behaviour unless
the user explicitly configures another URL.

Resolves #2082
2026-01-13 14:58:08 +01:00
kolaente fb7764d9f1
feat: format user mentions with display names in email notifications (#1930)
Email notifications now display user mentions with inline avatar images for improved visual recognition and easier identification. Mentions gracefully fall back to display names if avatars are unavailable.
2025-12-10 12:39:05 +01:00
kolaente 542626fa7f
fix: deduplicate gravatar fetches to respect rate limits (#1955)
- avoid redundant concurrent Gravatar requests by coordinating fetches
per avatar cache key
- reuse cache lookups when requests are already cached and simplify
expiration checks
2025-12-08 22:42:58 +01:00
Copilot 9c81afb7b2
feat: replace PNG-based initials avatar with SVG generation (#1802)
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: kolaente <13721712+kolaente@users.noreply.github.com>
2025-11-12 22:26:52 +00:00
Copilot 70ff047588
fix(avatar): recover gracefully from broken avatar cache (#1379) 2025-09-02 14:03:58 +00:00
kolaente c3fd659851 fix: correctly return cached intitals avatar
Resolves https://vikunja.sentry.io/issues/6752872121/events/92ff6a64c4b64aa3aecc6973611bd449/
2025-07-18 18:38:12 +02:00
kolaente 45e7f6e316 fix: upload avatar caching 2025-07-18 18:38:12 +02:00
kolaente fcdcdcf46a feat: use keyvalue.Remember where it makes sense 2025-07-17 16:19:13 +02:00
kolaente 59130766e8
fix(avatar): fallback to username when no name is set 2025-06-27 14:30:33 +02:00
kolaente 99bc065272
feat(user): use name for initals avatar, not username
For external auth providers, the username might be randomly generated,
which results in a random initial - this is unexpected and confusing for
users.
2025-06-27 14:13:49 +02:00
kolaente 4f8a2b0d38
chore(user): refactor invalidating upload avatar cache 2025-06-27 14:07:22 +02:00
kolaente 0ecbd9e1a3
feat(user): add avatar cache flushing (#1041) 2025-06-27 14:01:43 +02:00
Weijie Zhao a214d68a44
feat(auth): sync avatar from OpenID providers (#821) 2025-06-16 15:59:31 +02:00
Dominik Pschenitschni 296577a875
fix: correct license header references (#882)
See originals:
- https://www.gnu.org/licenses/agpl-3.0.txt
- https://www.gnu.org/licenses/gpl-3.0.txt
2025-06-10 12:18:38 +02:00
kolaente 7803fe8aef
fix(avatar): use keyvalue store to cache gravatar instead of map
Resolves https://community.vikunja.io/t/docker-crash-concurrent-map-writes-google-login/3454
2025-03-30 16:24:34 +02:00
kolaente e12ebfebed
feat(ldap): sync avatar from ldap 2025-03-18 18:28:54 +01:00
kolaente 26c7ceaed4
chore(avatar): decouple upload from web handler 2025-03-18 18:28:54 +01:00
kolaente 734033c843
fix(avatars): always return correct mime type for cached avatar 2025-03-02 13:33:40 +01:00
kolaente e518fb1191
chore: remove year from copyright headers
Resolves https://kolaente.dev/vikunja/api/pulls/1483
2023-09-01 08:32:28 +02:00
kolaente 4d5ad8f50e
chore(deps): update golangci-lint to 1.52.1 2023-03-24 19:17:45 +01:00
renovate c5bd09702a chore(deps): update dependency golang to v1.19 (#1228)
Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/1228
Co-authored-by: renovate <renovatebot@kolaente.de>
Co-committed-by: renovate <renovatebot@kolaente.de>
2022-10-01 15:05:12 +00:00
konrad 73ee696fc3 feat: add marble avatar (#1060)
This adds the marble avatar from [boring avatars](https://github.com/boringdesigners/boring-avatars) as an option for user avatars. Each user gets a different one (based on their id).

Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/1060
Co-authored-by: konrad <k@knt.li>
Co-committed-by: konrad <k@knt.li>
2021-12-07 21:11:23 +00:00
Joseph Kavanagh 36bf3d216a
feat: gravatar - Lowercase emails before MD5 hash (#10) 2021-11-16 22:10:22 +01:00
kolaente d48aa101cf
Refactor & fix storing struct-values in redis keyvalue 2021-05-28 10:52:51 +02:00
kolaente c4a71016b8
Update copyright year 2021-02-02 20:19:13 +01:00
kolaente 2e88600c93
Change keyvalue.Get to return if a value exists or not instead of an error 2021-01-31 12:32:46 +01:00
kolaente 456af4d4a9
Fix go header lint 2020-12-29 02:04:20 +01:00
kolaente 9baf6d39bd
Change license to AGPLv3 2020-12-23 16:41:52 +01:00
konrad 699d3d6060 Add Golangci Lint (#676)
Increase golangci timeout

Fix installing golangci-lint in ci

Remove mage targets replaced by golangci

Run golint in ci

Add goheader linter

Enable & fix more linters

Fix lint issues

Add mage target to automagically fix issues found by golangci

golangci-lint run --fix

Add golangci config

Add golangci mage target

Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/676
Co-Authored-By: konrad <konrad@kola-entertainments.de>
Co-Committed-By: konrad <konrad@kola-entertainments.de>
2020-10-11 20:10:03 +00:00
konrad d56a611be7 Key-Value Storages (#674)
Fix lint

Add docs for keyvalue config options

Use keyvalue store to cache unsplash photo results

Cleanup

Use keyvalue store for upload avatar

Use keyvalue store for initials avatar

Fix initializing metrics

Use keyvalue for metrics

Add IncryBy and DecrBy methods to increase or decrease a value

Fix lint

Return custom error if a key does not exist

Init keyvalue storage

Follow the keyvalue storage setting for things like cache and other

Add docs

Add configuration of the storage backend

Add redis keyvalue storage implementation

Add doc comments

Add methods to use storage through the package itself

Add memory implementation for keyvalue store

Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/674
Co-Authored-By: konrad <konrad@kola-entertainments.de>
Co-Committed-By: konrad <konrad@kola-entertainments.de>
2020-10-10 16:53:59 +00:00
konrad dfb7730b63 More avatar providers (#622)
Don't fail if the last avatar file does not exist when deleting it

Fix lint

Remove old global avatar setting and update docs

Generate docs

Invalidate the avatar cache when uploading a new one

Add debug logs

Add caching for upload avatars

Add cache locks

Fix encoding

Resize the uploaded image to a max of 1024 pixels

Remove the old uploaded avatar if one already exists

Add mimetype check for images

Set avatar provider to upload when uploading an avatar

Add upload avatar provider

Make font size smaller to let the initials still look good in smaller sizes

Add debug log

Add cache and resizing of initials avatars

Make font size depend on avatar size

Add drawing initials avatar

Add initials provider

Make the initials avatar provider the default

Add routes

Add user avatar settings handler methods

Add user avatar provider field

Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/622
2020-08-02 17:16:58 +00:00
konrad cdd068cdb6 Add empty avatar provider (#149)
Fix lint

Add docs for avatar configuration

Add default avatar provider

Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/149
2020-03-01 21:10:25 +00:00
konrad 584e3af237 Add proxying gravatar requests for user avatars (#148)
Fix getting avatar based on email

Remove avatarUrl from user struct

Fix staticcheck

Add default avatar size

Add config option for caching avatars

go mod vendor

Add swagger docs

Add proxying gravatar requests for user avatars

Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/148
2020-03-01 20:30:37 +00:00