website/web
Noah Petherbridge cbdabe791e Improve Signed Photo URLs
* The photo signing JWT tokens carry more fields to validate against:
  * The username the token is assigned to (or '@' for anyone)
  * An 'anyone' boolean for widely public images, such as for the chat room
    and public profile pages.
  * A short filename hash of the image in question (whether a Photo or a
    CommentPhoto) - so that the user can't borrow a JWT token from the chat
    room and reveal a different picture.
* Refactored where the VisibleAvatarURL function lives, to avoid a cyclic
  dependency error.
  * Originally: (*models.User).VisibleAvatarURL(other *models.User)
  * Now: (pkg/photo).VisibleAvatarURL(user, currentUser *models.User)
2024-10-03 20:14:34 -07:00
..
static Improvements on community flagged explicit photos 2024-10-01 20:44:11 -07:00
templates Improve Signed Photo URLs 2024-10-03 20:14:34 -07:00