avatarURL returned in user_info is expired in 1 week

2025-02-24 15:53:22 +08:00 · 2019-08-22 18:14:32 +02:00 · 2019-08-22 18:14:32 +02:00 · 9a8282107f
commit 9a8282107f
parent 63183b7104
3 changed files with 20 additions and 10 deletions
--- a/app/config.py
+++ b/app/config.py
@ -83,3 +83,6 @@ GOOGLE_CLIENT_SECRET = os.environ["GOOGLE_CLIENT_SECRET"]

 FACEBOOK_CLIENT_ID = os.environ["FACEBOOK_CLIENT_ID"]
 FACEBOOK_CLIENT_SECRET = os.environ["FACEBOOK_CLIENT_SECRET"]
+
+# in seconds
+AVATAR_URL_EXPIRATION = 3600 * 24 * 7  # 1h*24h/d*7d=1week
--- a/app/models.py
+++ b/app/models.py
@ -11,7 +11,7 @@ from sqlalchemy import text
 from sqlalchemy_utils import ArrowType

 from app import s3
-from app.config import EMAIL_DOMAIN, MAX_NB_EMAIL_FREE_PLAN, URL
+from app.config import EMAIL_DOMAIN, MAX_NB_EMAIL_FREE_PLAN, URL, AVATAR_URL_EXPIRATION
 from app.extensions import db
 from app.log import LOG
 from app.oauth_models import Scope
@ -75,8 +75,8 @@ class ModelMixin(object):
 class File(db.Model, ModelMixin):
    path = db.Column(db.String(128), unique=True, nullable=False)

-    def get_url(self):
-        return s3.get_url(self.path)
+    def get_url(self, expires_in=3600):
+        return s3.get_url(self.path, expires_in)


 class PlanEnum(enum.Enum):
@ -500,9 +500,9 @@ class ClientUser(db.Model, ModelMixin):
                    if self.default_avatar:
                        res[Scope.AVATAR_URL.value] = URL + "/static/default-avatar.png"
                    else:
-                        res[
-                            Scope.AVATAR_URL.value
-                        ] = self.user.profile_picture.get_url()
+                        res[Scope.AVATAR_URL.value] = self.user.profile_picture.get_url(
+                            AVATAR_URL_EXPIRATION
+                        )
                else:
                    res[Scope.AVATAR_URL.value] = None
            elif scope == Scope.EMAIL:
--- a/app/s3.py
+++ b/app/s3.py
@ -3,7 +3,13 @@ from io import BytesIO
 import boto3
 import requests

-from app.config import AWS_REGION, BUCKET, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
+from app.config import (
+    AWS_REGION,
+    BUCKET,
+    AWS_ACCESS_KEY_ID,
+    AWS_SECRET_ACCESS_KEY,
+    AVATAR_URL_EXPIRATION,
+)

 session = boto3.Session(
    aws_access_key_id=AWS_ACCESS_KEY_ID,
@ -29,11 +35,12 @@ def delete_file(key: str) -> None:
    o.delete()


-def get_url(key: str) -> str:
-    """by default the link will expire in 1h (3600 seconds)"""
+def get_url(key: str, expires_in=3600) -> str:
    s3_client = session.client("s3")
    return s3_client.generate_presigned_url(
-        ClientMethod="get_object", Params={"Bucket": BUCKET, "Key": key}
+        ExpiresIn=expires_in,
+        ClientMethod="get_object",
+        Params={"Bucket": BUCKET, "Key": key},
    )