From d7259aa825d9308e3d3bbb7acce0e14363912d4f Mon Sep 17 00:00:00 2001 From: Andrea Scarpino Date: Wed, 5 May 2021 13:49:56 +0200 Subject: [PATCH] Use Libravatar instead --- content/faq.md | 2 +- package.json | 1 + server/index.js | 8 +++----- yarn.lock | 5 +++++ 4 files changed, 10 insertions(+), 6 deletions(-) diff --git a/content/faq.md b/content/faq.md index 9037d09..885dce3 100644 --- a/content/faq.md +++ b/content/faq.md @@ -46,7 +46,7 @@ That, we can help you with! Just append the fingerprint of your keypair to the d There are currently two methods of getting an avatar displayed on your profile page: -1. automatically fetched from Gravatar using your primary email address; +1. automatically fetched from [Libravatar](https://www.libravatar.org/) using your primary email address; 2. extracted from the public key. While the first method is the simplest, the slightly-more-complicated second method provides an additional layer of privacy protection by not having to upload your profile picture to a 3rd party. diff --git a/package.json b/package.json index 5617516..c9f5e89 100644 --- a/package.json +++ b/package.json @@ -13,6 +13,7 @@ "express-validator": "^6.8.0", "got": "^11.8.2", "jstransformer-markdown-it": "^2.1.0", + "libravatar": "^3.0.0", "markdown-it-anchor": "^5.3.0", "markdown-it-table-of-contents": "^0.4.4", "markdown-it-title": "^3.0.0", diff --git a/server/index.js b/server/index.js index a4b80f2..259b9cc 100644 --- a/server/index.js +++ b/server/index.js @@ -28,8 +28,8 @@ if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU AGPL, see . */ const doip = require('doipjs') -const openpgp = require('openpgp') const keys = require('./keys') +const libravatar = require('libravatar') const generateWKDProfile = async (id) => { return keys.fetchWKD(id) @@ -168,11 +168,9 @@ const computeExtraData = async (key, keyData) => { // Get the primary user const primaryUser = await key.publicKey.getPrimaryUser() - // Compute hash needed for avatar services - const profileHash = openpgp.util.str_to_hex(openpgp.util.Uint8Array_to_str(await openpgp.crypto.hash.md5(openpgp.util.str_to_Uint8Array(primaryUser.user.userId.email)))) - + // Query libravatar to get the avatar url return { - avatarURL: `https://www.gravatar.com/avatar/${profileHash}?s=128&d=mm` + avatarURL: await libravatar.get_avatar_url({ email: primaryUser.user.userId.email, size: 128, default: 'mm', https: true }) } } diff --git a/yarn.lock b/yarn.lock index 5247cbc..4851de5 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2765,6 +2765,11 @@ levn@~0.3.0: prelude-ls "~1.1.2" type-check "~0.3.2" +libravatar@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/libravatar/-/libravatar-3.0.0.tgz#db82913fb7f07ff98f17f63a61832049220a0287" + integrity sha512-GAr2zj0toWHLMrVOkmn+TyudU9QX2kvHIxLZwmz7mT6Q6IrhVCAnN+3MFLAULf2w9XZe0NKOr5V5XRKgLRm5Eg== + license-check-and-add@^3.0.4: version "3.0.5" resolved "https://registry.yarnpkg.com/license-check-and-add/-/license-check-and-add-3.0.5.tgz#ae627cdaa8ae1faf914eb000e3369d46c8708b37"