t/tetratto
1
0
Fork 0
Code Issues Pull requests Projects Releases 3 Packages Wiki Activity Actions

fix: use image/avif as default avatar mime

Browse source 
fix: disable cross-origin iframes
This commit is contained in:
trisua 2025-06-15 23:35:19 -04:00
parent a43e586e4c
commit 83c6df6f6e
3 changed files with 61 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

2
crates/app/Cargo.toml
View file

@ -9,7 +9,7 @@ serde = { version = "1.0.219", features = ["derive"] }
tera = "1.20.0" tera = "1.20.0"
tracing = "0.1.41" tracing = "0.1.41"
tracing-subscriber = { version = "0.3.19", features = ["env-filter"] } tracing-subscriber = { version = "0.3.19", features = ["env-filter"] }
tower-http = { version = "0.6.6", features = ["trace", "fs", "catch-panic"] } tower-http = { version = "0.6.6", features = ["trace", "fs", "catch-panic", "set-header"] }
axum = { version = "0.8.4", features = ["macros", "ws"] } axum = { version = "0.8.4", features = ["macros", "ws"] }
tokio = { version = "1.45.1", features = ["macros", "rt-multi-thread"] } tokio = { version = "1.45.1", features = ["macros", "rt-multi-thread"] }
axum-extra = { version = "0.10.1", features = ["cookie", "multipart"] } axum-extra = { version = "0.10.1", features = ["cookie", "multipart"] }

12
crates/app/src/main.rs
View file

@ -11,12 +11,16 @@ use assets::{init_dirs, write_assets};
use tetratto_core::model::{permissions::FinePermission, uploads::CustomEmoji}; use tetratto_core::model::{permissions::FinePermission, uploads::CustomEmoji};
pub use tetratto_core::*; pub use tetratto_core::*;
use axum::{Extension, Router}; use axum::{
http::{HeaderName, HeaderValue},
Extension, Router,
};
use reqwest::Client; use reqwest::Client;
use tera::{Tera, Value}; use tera::{Tera, Value};
use tower_http::{ use tower_http::{
trace::{self, TraceLayer},
catch_panic::CatchPanicLayer, catch_panic::CatchPanicLayer,
set_header::SetResponseHeaderLayer,
trace::{self, TraceLayer},
}; };
use tracing::{Level, info}; use tracing::{Level, info};
@ -115,6 +119,10 @@ async fn main() {
.make_span_with(trace::DefaultMakeSpan::new().level(Level::INFO)) .make_span_with(trace::DefaultMakeSpan::new().level(Level::INFO))
.on_response(trace::DefaultOnResponse::new().level(Level::INFO)), .on_response(trace::DefaultOnResponse::new().level(Level::INFO)),
) )
.layer(SetResponseHeaderLayer::if_not_present(
HeaderName::from_static("X-Frame-Options"),
HeaderValue::from_static("SAMEORIGIN"),
))
.layer(CatchPanicLayer::new()); .layer(CatchPanicLayer::new());
let listener = tokio::net::TcpListener::bind(format!("0.0.0.0:{}", config.port)) let listener = tokio::net::TcpListener::bind(format!("0.0.0.0:{}", config.port))

96
crates/app/src/routes/api/v1/auth/images.rs
View file

@ -82,14 +82,16 @@ pub async fn avatar_request(
} }
}; };
let mime = if user.settings.avatar_mime.is_empty() {
"image/avif"
} else {
&user.settings.avatar_mime
};
let path = PathBufD::current().extend(&[ let path = PathBufD::current().extend(&[
data.0.0.dirs.media.as_str(), data.0.0.dirs.media.as_str(),
"avatars", "avatars",
&format!( &format!("{}.{}", &(user.id as i64), mime.replace("image/", "")),
"{}.{}",
&(user.id as i64),
user.settings.avatar_mime.replace("image/", "")
),
]); ]);
if !exists(&path).unwrap() { if !exists(&path).unwrap() {
@ -104,10 +106,7 @@ pub async fn avatar_request(
} }
Ok(( Ok((
[( [("Content-Type".to_string(), mime.to_owned())],
"Content-Type".to_string(),
user.settings.avatar_mime.clone(),
)],
Body::from(read_image(path)), Body::from(read_image(path)),
)) ))
} }
@ -134,14 +133,16 @@ pub async fn banner_request(
} }
}; };
let mime = if user.settings.banner_mime.is_empty() {
"image/avif"
} else {
&user.settings.banner_mime
};
let path = PathBufD::current().extend(&[ let path = PathBufD::current().extend(&[
data.0.0.dirs.media.as_str(), data.0.0.dirs.media.as_str(),
"banners", "banners",
&format!( &format!("{}.{}", &(user.id as i64), mime.replace("image/", "")),
"{}.{}",
&(user.id as i64),
user.settings.banner_mime.replace("image/", "")
),
]); ]);
if !exists(&path).unwrap() { if !exists(&path).unwrap() {
@ -156,10 +157,7 @@ pub async fn banner_request(
} }
Ok(( Ok((
[( [("Content-Type".to_string(), mime.to_owned())],
"Content-Type".to_string(),
user.settings.banner_mime.clone(),
)],
Body::from(read_image(path)), Body::from(read_image(path)),
)) ))
} }
@ -211,15 +209,6 @@ pub async fn upload_avatar_request(
mime.replace("image/", "") mime.replace("image/", "")
); );
// update user settings
auth_user.settings.avatar_mime = mime.to_string();
if let Err(e) = data
.update_user_settings(auth_user.id, auth_user.settings)
.await
{
return Json(e.into());
}
// upload image (gif) // upload image (gif)
if mime == "image/gif" { if mime == "image/gif" {
// gif image, don't encode // gif image, don't encode
@ -256,11 +245,23 @@ pub async fn upload_avatar_request(
image::ImageFormat::Avif image::ImageFormat::Avif
}, },
) { ) {
Ok(_) => Json(ApiReturn { Ok(_) => {
ok: true, // update user settings
message: "Avatar uploaded. It might take a bit to update".to_string(), auth_user.settings.avatar_mime = mime.to_string();
payload: (), if let Err(e) = data
}), .update_user_settings(auth_user.id, auth_user.settings)
.await
{
return Json(e.into());
}
// ...
Json(ApiReturn {
ok: true,
message: "Avatar uploaded. It might take a bit to update".to_string(),
payload: (),
})
}
Err(e) => Json(Error::MiscError(e.to_string()).into()), Err(e) => Json(Error::MiscError(e.to_string()).into()),
} }
} }
@ -309,15 +310,6 @@ pub async fn upload_banner_request(
mime.replace("image/", "") mime.replace("image/", "")
); );
// update user settings
auth_user.settings.banner_mime = mime.to_string();
if let Err(e) = data
.update_user_settings(auth_user.id, auth_user.settings)
.await
{
return Json(e.into());
}
// upload image (gif) // upload image (gif)
if mime == "image/gif" { if mime == "image/gif" {
// gif image, don't encode // gif image, don't encode
@ -354,11 +346,23 @@ pub async fn upload_banner_request(
image::ImageFormat::Avif image::ImageFormat::Avif
}, },
) { ) {
Ok(_) => Json(ApiReturn { Ok(_) => {
ok: true, // update user settings
message: "Banner uploaded. It might take a bit to update".to_string(), auth_user.settings.banner_mime = mime.to_string();
payload: (), if let Err(e) = data
}), .update_user_settings(auth_user.id, auth_user.settings)
.await
{
return Json(e.into());
}
// ...
Json(ApiReturn {
ok: true,
message: "Banner uploaded. It might take a bit to update".to_string(),
payload: (),
})
}
Err(e) => Json(Error::MiscError(e.to_string()).into()), Err(e) => Json(Error::MiscError(e.to_string()).into()),
} }
} }