implement profile photo component

2026-04-03 18:32:11 -04:00
parent 1c1ba99080
commit a2602f74f0
1 changed files with 146 additions and 0 deletions
--- a/src/components/profile_photo.go
+++ b/src/components/profile_photo.go
@@ -0,0 +1,146 @@
 package components
 import (
 	"fmt"
 	"io"
 	"net/http"
 	"os"
 	"path/filepath"
 	"strings"
 	"sync"
 	"time"
 	"astraltech.xyz/accountmanager/src/helpers"
 	"astraltech.xyz/accountmanager/src/ldap"
 	"astraltech.xyz/accountmanager/src/logging"
 	"astraltech.xyz/accountmanager/src/session"
 )
 var (
 	photoCreatedTimestamp = make(map[string]time.Time)
 	photoCreatedMutex     sync.Mutex
 	blankPhotoData        []byte
 )
 var (
 	sessionManager = session.GetSessionManager()
 	ldapServer     *ldap.LDAPServer
 	baseDN string
 	serviceUserBindDN   string
 	serviceUserPassword string
 )
 func ReadBlankPhoto() {
 	blank, err := helpers.ReadFile("static/blank_profile.jpg")
 	if err != nil {
 		logging.Fatal("Could not load blank profile image")
 	}
 	blankPhotoData = blank
 }
 func CreateUserPhoto(username string, photoData []byte) error {
 	helpers.Mkdir("./avatars", os.ModePerm)
 	path := fmt.Sprintf("./avatars/%s.jpeg", username)
 	cleaned := filepath.Clean(path)
 	dst, err := helpers.CreateFile(cleaned)
 	if err != nil {
 		return fmt.Errorf("Could not save file")
 	}
 	photoCreatedMutex.Lock()
 	photoCreatedTimestamp[username] = time.Now()
 	photoCreatedMutex.Unlock()
 	defer dst.Close()
 	logging.Info("Writing to avarar file")
 	_, err = dst.Write(photoData)
 	if err != nil {
 		return err
 	}
 	return nil
 }
 func UploadPhotoHandler(w http.ResponseWriter, r *http.Request) {
 	sessionData, err := sessionManager.GetSession(r)
 	if err != nil {
 		logging.Error(err.Error())
 		http.Redirect(w, r, "/login", http.StatusSeeOther)
 		return
 	}
 	err = r.ParseMultipartForm(10 << 20) // 10MB limit
 	if err != nil {
 		http.Error(w, "Bad request", http.StatusBadRequest)
 		return
 	}
 	if r.FormValue("csrf_token") != sessionData.CSRFToken {
 		http.Error(w, "CSRF Forbidden", http.StatusForbidden)
 		return
 	}
 	file, header, err := r.FormFile("photo")
 	if err != nil {
 		http.Error(w, "File not found", http.StatusBadRequest)
 		return
 	}
 	defer file.Close()
 	if header.Size > (10 * 1024 * 1024) {
 		http.Error(w, "File is to large (limit is 10 MB)", http.StatusBadRequest)
 		return
 	}
 	// 3. Read file into memory
 	data, err := io.ReadAll(file)
 	if err != nil {
 		http.Error(w, "Failed to read file", http.StatusInternalServerError)
 		return
 	}
 	userDN := fmt.Sprintf("uid=%s,cn=users,cn=accounts,%s", sessionData.UserID, baseDN)
 	ldapServer.ModifyAttribute(serviceUserBindDN, serviceUserPassword, userDN, "jpegphoto", []string{string(data)})
 	CreateUserPhoto(sessionData.UserID, data)
 }
 func AvatarHandler(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "image/jpeg")
 	username := r.URL.Query().Get("user")
 	if strings.Contains(username, "/") {
 		w.Write(blankPhotoData)
 		return
 	}
 	filePath := fmt.Sprintf("./avatars/%s.jpeg", username)
 	cleaned := filepath.Clean(filePath)
 	value, err := helpers.ReadFile(cleaned)
 	if err == nil {
 		photoCreatedMutex.Lock()
 		if time.Since(photoCreatedTimestamp[username]) <= 5*time.Minute {
 			photoCreatedMutex.Unlock()
 			w.Write(value)
 			return
 		}
 		photoCreatedMutex.Unlock()
 	}
 	userSearch, err := ldapServer.SerchServer(
 		serviceUserBindDN, serviceUserPassword,
 		baseDN,
 		fmt.Sprintf("(&(objectClass=inetOrgPerson)(uid=%s))", ldap.LDAPEscapeFilter(username)),
 		[]string{"jpegphoto"},
 	)
 	if err == nil || userSearch.EntryCount() == 0 {
 		w.Write(blankPhotoData)
 		return
 	}
 	entry := userSearch.GetEntry(0)
 	bytes := entry.GetRawAttributeValue("jpegphoto")
 	if len(bytes) == 0 {
 		w.Write(blankPhotoData)
 		return
 	} else {
 		w.Write(bytes)
 		CreateUserPhoto(username, bytes)
 	}
 }