Serve own avatar from its own endpoint

This allows us to have different cache controls depending on whether
you're viewing your own avatar, or someone else's. Your own avatar will
always be fresh, while other folks' avatars can be pulled from the CDN.

Author: kevinmcconnell

app/controllers/users/avatars_controller.rb

@@ -7,17 +7,20 @@ class Users::AvatarsController < ApplicationController
   before_action :ensure_permission_to_administer_user, only: :destroy
 
   def show
+    expires_in 30.minutes, public: true, stale_while_revalidate: 1.week
+
     if @user.system?
       redirect_to view_context.image_path("system_user.png")
     elsif @user.avatar.attached?
       redirect_to rails_blob_url(@user.avatar.variant(:thumb), disposition: "inline")
-    elsif stale? @user, cache_control: cache_control
+    else
       render_initials
     end
   end
 
   def destroy
     @user.avatar.destroy
+    @user.touch
     redirect_to @user
   end
 
@@ -30,14 +33,6 @@ def ensure_permission_to_administer_user
       head :forbidden unless Current.user.can_change?(@user)
     end
 
-    def cache_control
-      if @user == Current.user
-        {}
-      else
-        { max_age: 30.minutes, stale_while_revalidate: 1.week }
-      end
-    end
-
     def render_initials
       render formats: :svg
     end

app/controllers/users/my_avatar_controller.rb

@@ -0,0 +1,18 @@
+class Users::MyAvatarController < ApplicationController
+  include ActiveStorage::Streaming
+
+  def show
+    if stale? Current.user
+      if Current.user.avatar.attached?
+        redirect_to rails_blob_url(Current.user.avatar.variant(:thumb), disposition: "inline")
+      else
+        render_initials
+      end
+    end
+  end
+
+  private
+    def render_initials
+      render formats: :svg
+    end
+end

app/helpers/avatars_helper.rb

@@ -11,7 +11,8 @@ def avatar_background_color(user)
   end
 
   def avatar_tag(user, hidden_for_screen_reader: false, **options)
-    link_to user_path(user), class: class_names("avatar btn btn--circle", options.delete(:class)), data: { turbo_frame: "_top" },
+    link_to user_path(user), class: class_names("avatar btn btn--circle", options.delete(:class)),
+      data: { turbo_frame: "_top", creator_id: user.id },
       aria: { hidden: hidden_for_screen_reader, label: user.name },
       tabindex: hidden_for_screen_reader ? -1 : nil,
       **options do
@@ -31,13 +32,19 @@ def mail_avatar_tag(user, size: 48, **options)
 
   def avatar_preview_tag(user, hidden_for_screen_reader: false, **options)
     tag.span class: class_names("avatar", options.delete(:class)),
+      data: { creator_id: user.id },
       aria: { hidden: hidden_for_screen_reader, label: user.name },
       tabindex: hidden_for_screen_reader ? -1 : nil do
       avatar_image_tag(user, **options)
     end
   end
 
   def avatar_image_tag(user, **options)
-    image_tag user_avatar_url(user, script_name: user.account.slug), aria: { hidden: "true" }, size: 48, title: user.name, **options
+    tag.span data: { creator_id: user.id } do
+      safe_join [
+        image_tag(user_avatar_url(user, script_name: user.account.slug), aria: { hidden: "true" }, size: 48, title: user.name, data: { only_visible_to_others: true }, **options),
+        image_tag(my_avatar_url(script_name: user.account.slug), aria: { hidden: "true" }, size: 48, title: user.name, data: { only_visible_to_you: true }, **options)
+      ]
+    end
   end
 end

app/views/users/_initials.svg.erb

@@ -0,0 +1,22 @@
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"
+  viewBox="0 0 512 512" class="avatar" aria-hidden="true">
+  <defs>
+    <clipPath id="porthole">
+      <circle cx="50%" cy="50%" r="50%" />
+    </clipPath>
+  </defs>
+
+  <g>
+    <rect width="100%" height="100%" rx="50" fill="<%= avatar_background_color(user) %>" />
+
+    <text x="50%" y="50%" fill="#FFFFFF"
+      text-anchor="middle" dy="0.35em"
+      <%=raw 'textLength="85%" lengthAdjust="spacingAndGlyphs"' if user.initials.size >= 3 %>
+      font-family="-apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Helvetica, Arial, sans-serif"
+      font-size="230"
+      font-weight="800"
+      letter-spacing="-5">
+      <%= user.initials %>
+    </text>
+  </g>
+</svg>

app/views/users/avatars/show.svg.erb

@@ -1,22 +1 @@
-<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"
-  viewBox="0 0 512 512" class="avatar" aria-hidden="true">
-  <defs>
-    <clipPath id="porthole">
-      <circle cx="50%" cy="50%" r="50%" />
-    </clipPath>
-  </defs>
-
-  <g>
-    <rect width="100%" height="100%" rx="50" fill="<%= avatar_background_color(@user) %>" />
-
-    <text x="50%" y="50%" fill="#FFFFFF"
-      text-anchor="middle" dy="0.35em"
-      <%=raw 'textLength="85%" lengthAdjust="spacingAndGlyphs"' if @user.initials.size >= 3 %>
-      font-family="-apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Helvetica, Arial, sans-serif"
-      font-size="230"
-      font-weight="800"
-      letter-spacing="-5">
-      <%= @user.initials %>
-    </text>
-  </g>
-</svg>
+<%= render "users/initials", user: @user %>

app/views/users/my_avatar/show.svg.erb

@@ -0,0 +1 @@
+<%= render "users/initials", user: Current.user %>

config/routes.rb

@@ -8,6 +8,8 @@
     resources :exports, only: [ :create, :show ]
   end
 
+  get "users/mine/avatar", to: "users/my_avatar#show", as: :my_avatar
+
   resources :users do
     scope module: :users do
       resource :avatar

test/controllers/users/avatars_controller_test.rb

@@ -12,17 +12,10 @@ class Users::AvatarsControllerTest < ActionDispatch::IntegrationTest
     assert_redirected_to ActionController::Base.helpers.image_path("system_user.png")
   end
 
-  test "show own initials without caching" do
+  test "show initials with public caching" do
     get user_avatar_path(users(:david))
     assert_match "image/svg+xml", @response.content_type
-    assert @response.cache_control[:private]
-    assert_equal "0", @response.cache_control[:max_age]
-  end
-
-  test "show other initials with caching" do
-    get user_avatar_path(users(:kevin))
-    assert_match "image/svg+xml", @response.content_type
-    assert @response.cache_control[:private]
+    assert @response.cache_control[:public]
     assert_equal 30.minutes.to_s, @response.cache_control[:max_age]
   end
 

test/controllers/users/my_avatar_controller_test.rb

@@ -0,0 +1,33 @@
+require "test_helper"
+
+class Users::MyAvatarControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    sign_in_as :david
+  end
+
+  test "show own initials" do
+    get my_avatar_path
+    assert_match "image/svg+xml", @response.content_type
+    assert_match "private", @response.headers["Cache-Control"]
+    assert_match "must-revalidate", @response.headers["Cache-Control"]
+  end
+
+  test "show own image redirects to the blob url" do
+    users(:david).avatar.attach(io: File.open(file_fixture("moon.jpg")), filename: "moon.jpg", content_type: "image/jpeg")
+    assert users(:david).avatar.attached?
+
+    get my_avatar_path
+
+    assert_redirected_to rails_blob_url(users(:david).avatar.variant(:thumb), disposition: "inline")
+    assert_match "private", @response.headers["Cache-Control"]
+    assert_match "must-revalidate", @response.headers["Cache-Control"]
+  end
+
+  test "requires authentication" do
+    sign_out
+
+    get my_avatar_path
+
+    assert_response :redirect
+  end
+end