avatars: Encode version into the filename.

Hash the salt, user-id, and now avatar version into the filename. This allows the URL contents to be immutable, and thus to be marked as immutable and cacheable. Since avatars are served unauthenticated, hashing with a server-side salt makes the current and past avatars not enumerable. This requires plumbing the current (or future) avatar version through various parts of the upload process. Since this already requires a full migration of current avatars, also take the opportunity to fix the missing `.png` on S3 uploads (#12852). We switch from SHA-1 to SHA-256, but truncate it such that avatar URL data does not substantially increase in size. Fixes: #12852.
2025-11-05 22:43:42 +00:00 · 2024-06-13 12:57:18 +00:00
parent feca9939bb
commit e29a455b2d
21 changed files with 288 additions and 107 deletions
--- a/zerver/lib/test_helpers.py
+++ b/zerver/lib/test_helpers.py
@@ -246,7 +246,7 @@ def avatar_disk_path(
    avatar_disk_path = os.path.join(
        settings.LOCAL_AVATARS_DIR,
        avatar_url_path.split("/")[-2],
-        avatar_url_path.split("/")[-1].split("?")[0],
+        avatar_url_path.split("/")[-1],
    )
    if original:
        return avatar_disk_path.replace(".png", ".original")