Serve own avatar from its own endpoint

kevinmcconnell · kevinmcconnell · commit c9bc8184fa2b · 2025-12-04T11:11:56.000Z
This allows us to have different cache controls depending on whether
you're viewing your own avatar, or someone else's. Your own avatar will
always be fresh, while other folks' avatars can be pulled from the CDN.
diff --git a/app/controllers/users/avatars_controller.rb b/app/controllers/users/avatars_controller.rb
@@ -7,17 +7,20 @@ class Users::AvatarsController < ApplicationController
   before_action :ensure_permission_to_administer_user, only: :destroy
 
   def show
+    expires_in 30.minutes, public: true, stale_while_revalidate: 1.week
+
     if @user.system?
       redirect_to view_context.image_path("system_user.png")
     elsif @user.avatar.attached?
       redirect_to rails_blob_url(@user.avatar.variant(:thumb), disposition: "inline")
-    elsif stale? @user, cache_control: cache_control
+    else
       render_initials
     end
   end
 
   def destroy
     @user.avatar.destroy
+    @user.touch
     redirect_to @user
   end
 
@@ -30,14 +33,6 @@ def ensure_permission_to_administer_user
       head :forbidden unless Current.user.can_change?(@user)
     end
 
-    def cache_control
-      if @user == Current.user
-        {}
-      else
-        { max_age: 30.minutes, stale_while_revalidate: 1.week }
-      end
-    end
-
     def render_initials
       render formats: :svg
     end
diff --git a/app/controllers/users/my_avatar_controller.rb b/app/controllers/users/my_avatar_controller.rb
@@ -0,0 +1,18 @@
+class Users::MyAvatarController < ApplicationController
+  include ActiveStorage::Streaming
+
+  def show
+    if stale? Current.user
+      if Current.user.avatar.attached?
+        redirect_to rails_blob_url(Current.user.avatar.variant(:thumb), disposition: "inline")
+      else
+        render_initials
+      end
+    end
+  end
+
+  private
+    def render_initials
+      render formats: :svg
+    end
+end
diff --git a/app/helpers/avatars_helper.rb b/app/helpers/avatars_helper.rb
@@ -38,6 +38,11 @@ def avatar_preview_tag(user, hidden_for_screen_reader: false, **options)
   end
 
   def avatar_image_tag(user, **options)
-    image_tag user_avatar_url(user, script_name: user.account.slug), aria: { hidden: "true" }, size: 48, title: user.name, **options
+    tag.span data: { creator_id: user.id } do
+      safe_join [
+        image_tag(user_avatar_url(user, script_name: user.account.slug), aria: { hidden: "true" }, size: 48, title: user.name, data: { only_visible_to_others: true }, **options),
+        image_tag(my_avatar_url(script_name: user.account.slug), aria: { hidden: "true" }, size: 48, title: user.name, data: { only_visible_to_you: true }, **options)
+      ]
+    end
   end
 end
diff --git a/app/views/users/_initials.svg.erb b/app/views/users/_initials.svg.erb
@@ -0,0 +1,22 @@
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"
+  viewBox="0 0 512 512" class="avatar" aria-hidden="true">
+  <defs>
+    <clipPath id="porthole">
+      <circle cx="50%" cy="50%" r="50%" />
+    </clipPath>
+  </defs>
+
+  <g>
+    <rect width="100%" height="100%" rx="50" fill="<%= avatar_background_color(user) %>" />
+
+    <text x="50%" y="50%" fill="#FFFFFF"
+      text-anchor="middle" dy="0.35em"
+      <%=raw 'textLength="85%" lengthAdjust="spacingAndGlyphs"' if user.initials.size >= 3 %>
+      font-family="-apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Helvetica, Arial, sans-serif"
+      font-size="230"
+      font-weight="800"
+      letter-spacing="-5">
+      <%= user.initials %>
+    </text>
+  </g>
+</svg>
diff --git a/app/views/users/avatars/show.svg.erb b/app/views/users/avatars/show.svg.erb
@@ -1,22 +1 @@
-<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"
-  viewBox="0 0 512 512" class="avatar" aria-hidden="true">
-  <defs>
-    <clipPath id="porthole">
-      <circle cx="50%" cy="50%" r="50%" />
-    </clipPath>
-  </defs>
-
-  <g>
-    <rect width="100%" height="100%" rx="50" fill="<%= avatar_background_color(@user) %>" />
-
-    <text x="50%" y="50%" fill="#FFFFFF"
-      text-anchor="middle" dy="0.35em"
-      <%=raw 'textLength="85%" lengthAdjust="spacingAndGlyphs"' if @user.initials.size >= 3 %>
-      font-family="-apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Helvetica, Arial, sans-serif"
-      font-size="230"
-      font-weight="800"
-      letter-spacing="-5">
-      <%= @user.initials %>
-    </text>
-  </g>
-</svg>
+<%= render "users/initials", user: @user %>
diff --git a/app/views/users/my_avatar/show.svg.erb b/app/views/users/my_avatar/show.svg.erb
@@ -0,0 +1 @@
+<%= render "users/initials", user: Current.user %>
diff --git a/config/routes.rb b/config/routes.rb
@@ -8,6 +8,8 @@
     resources :exports, only: [ :create, :show ]
   end
 
+  get "users/mine/avatar", to: "users/my_avatar#show", as: :my_avatar
+
   resources :users do
     scope module: :users do
       resource :avatar
diff --git a/test/controllers/users/avatars_controller_test.rb b/test/controllers/users/avatars_controller_test.rb
@@ -12,17 +12,10 @@ class Users::AvatarsControllerTest < ActionDispatch::IntegrationTest
     assert_redirected_to ActionController::Base.helpers.image_path("system_user.png")
   end
 
-  test "show own initials without caching" do
+  test "show initials with public caching" do
     get user_avatar_path(users(:david))
     assert_match "image/svg+xml", @response.content_type
-    assert @response.cache_control[:private]
-    assert_equal "0", @response.cache_control[:max_age]
-  end
-
-  test "show other initials with caching" do
-    get user_avatar_path(users(:kevin))
-    assert_match "image/svg+xml", @response.content_type
-    assert @response.cache_control[:private]
+    assert @response.cache_control[:public]
     assert_equal 30.minutes.to_s, @response.cache_control[:max_age]
   end
 
diff --git a/test/controllers/users/my_avatar_controller_test.rb b/test/controllers/users/my_avatar_controller_test.rb
@@ -0,0 +1,33 @@
+require "test_helper"
+
+class Users::MyAvatarControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    sign_in_as :david
+  end
+
+  test "show own initials" do
+    get my_avatar_path
+    assert_match "image/svg+xml", @response.content_type
+    assert_match "private", @response.headers["Cache-Control"]
+    assert_match "must-revalidate", @response.headers["Cache-Control"]
+  end
+
+  test "show own image redirects to the blob url" do
+    users(:david).avatar.attach(io: File.open(file_fixture("moon.jpg")), filename: "moon.jpg", content_type: "image/jpeg")
+    assert users(:david).avatar.attached?
+
+    get my_avatar_path
+
+    assert_redirected_to rails_blob_url(users(:david).avatar.variant(:thumb), disposition: "inline")
+    assert_match "private", @response.headers["Cache-Control"]
+    assert_match "must-revalidate", @response.headers["Cache-Control"]
+  end
+
+  test "requires authentication" do
+    sign_out
+
+    get my_avatar_path
+
+    assert_response :redirect
+  end
+end

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+<%= render "users/initials", user: Current.user %>`