avatars: Serve /user_avatars/ through Django, which offloads to nginx.

Moving `/user_avatars/` to being served partially through Django removes the need for the `no_serve_uploads` nginx reconfiguring when switching between S3 and local backends. This is important because a subsequent commit will move S3 attachments to being served through nginx, which would make `no_serve_uploads` entirely nonsensical of a name. Serve the files through Django, with an offload for the actual image response to an internal nginx route. In development, serve the files directly in Django. We do _not_ mark the contents as immutable for caching purposes, since the path for avatar images is hashed only by their user-id and a salt, and as such are reused when a user's avatar is updated.
2025-11-03 05:23:35 +00:00 · 2022-12-06 21:24:43 +00:00
parent f0f4aa66e0
commit ed6d62a9e7
9 changed files with 114 additions and 77 deletions
--- a/zproject/dev_urls.py
+++ b/zproject/dev_urls.py
@@ -123,12 +123,3 @@ i18n_urls = [
    path("confirmation_key/", confirmation_key),
 ]
 urls += i18n_urls
-
-# On a production instance, these files would be served by nginx.
-if settings.LOCAL_AVATARS_DIR is not None:
-    avatars_url = path(
-        "user_avatars/<path:path>",
-        serve,
-        {"document_root": os.path.join(settings.LOCAL_AVATARS_DIR)},
-    )
-    urls += [avatars_url]
--- a/zproject/urls.py
+++ b/zproject/urls.py
@@ -166,6 +166,7 @@ from zerver.views.upload import (
    serve_file_backend,
    serve_file_download_backend,
    serve_file_url_backend,
+    serve_local_avatar_unauthed,
    serve_local_file_unauthed,
    upload_file_backend,
 )
@@ -668,6 +669,11 @@ urls += [
            {"override_api_url_scheme", "allow_anonymous_user_web"},
        ),
    ),
+    path(
+        "user_avatars/<path:path>",
+        serve_local_avatar_unauthed,
+        name="local_avatar_unauthed",
+    ),
 ]

 # This URL serves as a way to receive CSP violation reports from the users.