website

History

Noah Petherbridge cbdabe791e Improve Signed Photo URLs * The photo signing JWT tokens carry more fields to validate against: * The username the token is assigned to (or '@' for anyone) * An 'anyone' boolean for widely public images, such as for the chat room and public profile pages. * A short filename hash of the image in question (whether a Photo or a CommentPhoto) - so that the user can't borrow a JWT token from the chat room and reveal a different picture. * Refactored where the VisibleAvatarURL function lives, to avoid a cyclic dependency error. * Originally: (models.User).VisibleAvatarURL(other models.User) * Now: (pkg/photo).VisibleAvatarURL(user, currentUser *models.User)	2024-10-03 20:14:34 -07:00
..
router.go	Improve Signed Photo URLs	2024-10-03 20:14:34 -07:00
template.go	Rename the module	2022-08-25 21:21:46 -07:00

Noah Petherbridge cbdabe791e Improve Signed Photo URLs

* The photo signing JWT tokens carry more fields to validate against:
  * The username the token is assigned to (or '@' for anyone)
  * An 'anyone' boolean for widely public images, such as for the chat room
    and public profile pages.
  * A short filename hash of the image in question (whether a Photo or a
    CommentPhoto) - so that the user can't borrow a JWT token from the chat
    room and reveal a different picture.
* Refactored where the VisibleAvatarURL function lives, to avoid a cyclic
  dependency error.
  * Originally: (*models.User).VisibleAvatarURL(other *models.User)
  * Now: (pkg/photo).VisibleAvatarURL(user, currentUser *models.User)

2024-10-03 20:14:34 -07:00

router.go

Improve Signed Photo URLs

2024-10-03 20:14:34 -07:00

template.go

Rename the module

2022-08-25 21:21:46 -07:00