fix: Prevent possible reason behind avatar infinite redirect (#12143)

pull/12118/head^2
Hariom Balhara 2023-10-30 14:49:06 +05:30 committed by GitHub
parent 9a80bb6194
commit f81f0a26ec
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 6 deletions

View File

@ -22,6 +22,7 @@ import { TRPCError } from "@trpc/server";
import { getDefaultScheduleId } from "../viewer/availability/util"; import { getDefaultScheduleId } from "../viewer/availability/util";
import { updateUserMetadataAllowedKeys, type TUpdateProfileInputSchema } from "./updateProfile.schema"; import { updateUserMetadataAllowedKeys, type TUpdateProfileInputSchema } from "./updateProfile.schema";
const log = logger.getSubLogger({ prefix: ["updateProfile"] });
type UpdateProfileOptions = { type UpdateProfileOptions = {
ctx: { ctx: {
user: NonNullable<TrpcSessionUser>; user: NonNullable<TrpcSessionUser>;
@ -35,6 +36,7 @@ export const updateProfileHandler = async ({ ctx, input }: UpdateProfileOptions)
const userMetadata = handleUserMetadata({ ctx, input }); const userMetadata = handleUserMetadata({ ctx, input });
const data: Prisma.UserUpdateInput = { const data: Prisma.UserUpdateInput = {
...input, ...input,
avatar: await getAvatarToSet(input.avatar),
metadata: userMetadata, metadata: userMetadata,
}; };
@ -61,12 +63,6 @@ export const updateProfileHandler = async ({ ctx, input }: UpdateProfileOptions)
} }
} }
} }
if (input.avatar) {
data.avatar = await resizeBase64Image(input.avatar);
}
if (input.avatar === null) {
data.avatar = null;
}
if (isPremiumUsername) { if (isPremiumUsername) {
const stripeCustomerId = userMetadata?.stripeCustomerId; const stripeCustomerId = userMetadata?.stripeCustomerId;
@ -234,3 +230,17 @@ const handleUserMetadata = ({ ctx, input }: UpdateProfileOptions) => {
// Required so we don't override and delete saved values // Required so we don't override and delete saved values
return { ...userMetadata, ...cleanMetadata }; return { ...userMetadata, ...cleanMetadata };
}; };
async function getAvatarToSet(avatar: string | null | undefined) {
if (avatar === null || avatar === undefined) {
return avatar;
}
if (!avatar.startsWith("data:image")) {
// Non Base64 avatar currently could only be the dynamic avatar URL(i.e. /{USER}/avatar.png). If we allow setting that URL, we would get infinite redirects on /user/avatar.ts endpoint
log.warn("Non Base64 avatar, ignored it", { avatar });
// `undefined` would not ignore the avatar, but `null` would remove it. So, we return `undefined` here.
return undefined;
}
return await resizeBase64Image(avatar);
}