Dont inline profile image, instead add endpoint to serve it

2024-12-25 00:40:16 +11:00
parent 16e31963cc
commit 806e5105e7
4 changed files with 31 additions and 3 deletions
--- a/app/routes.py
+++ b/app/routes.py
@@ -1,7 +1,7 @@
 import csv
 from io import StringIO
 import io
-from flask import Blueprint, render_template, redirect, request, send_file, url_for, flash
+from flask import Blueprint, Response, make_response, render_template, redirect, request, send_file, url_for, flash
 from werkzeug.security import generate_password_hash, check_password_hash
 from app.models import Profile, Reading, db, User
 from app.forms import DeleteForm, LoginForm, ProfileForm, ReadingForm, SignupForm
@@ -233,6 +233,29 @@ def profile():

    return render_template('profile.html', form=form, profile=profile)

+@user.route('/profile/image/<int:user_id>')
+def profile_image(user_id):
+    # Ensure the reading belongs to the logged-in user
+    if user_id != current_user.id:
+        flash('You are not authorized to delete this reading.', 'danger')
+        return redirect(url_for('main.dashboard'))
+
+    profile = Profile.query.filter_by(user_id=user_id).first()
+    if profile and profile.profile_pic:
+        image_data = base64.b64decode(profile.profile_pic)
+        response = make_response(image_data)
+        response.headers.set('Content-Type', 'image/jpeg')
+        # Cache for 1 day
+        response.headers.set('Cache-Control', 'public, max-age=86400')
+        return response
+    else:
+        # Serve the default SVG if no profile picture is found
+        with open('app/static/images/default-profile.svg', 'r') as f:
+            default_image = f.read()
+
+        response = make_response(default_image)
+        response.headers.set('Content-Type', 'image/svg+xml')
+
@main.route('/data', methods=['GET', 'POST'])
@login_required
 def manage_data():