From da1d93146400d886d918465bd8a3a5cfb0a79de7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Tron=C3=AD=C4=8Dek?= Date: Tue, 17 Dec 2024 10:20:02 +0100 Subject: [PATCH] [server] fix private GitHub avatars (#20461) * [server] fix private GitHub avatars * Improve comment and don't delete all search params --- components/server/src/github/github-auth-provider.ts | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/components/server/src/github/github-auth-provider.ts b/components/server/src/github/github-auth-provider.ts index 03eaa82eb620d6..4475b21f3be37d 100644 --- a/components/server/src/github/github-auth-provider.ts +++ b/components/server/src/github/github-auth-provider.ts @@ -99,6 +99,13 @@ export class GitHubAuthProvider extends GenericAuthProvider { data: { id, login, avatar_url, name, company, created_at }, headers, } = currentUser; + const publicAvatarURL = new URL(avatar_url); + if (publicAvatarURL.host === "private-avatars.githubusercontent.com") { + // github has recently been rolling out private JWT-signed avatar URLs which expire after a short time + // we need to use the public avatar URL instead so that the avatar is displayed correctly and fits into our database column (which is capped at 255 chars) + publicAvatarURL.host = "avatars.githubusercontent.com"; + publicAvatarURL.searchParams.delete("jwt"); + } // https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/ // e.g. X-OAuth-Scopes: repo, user @@ -125,7 +132,7 @@ export class GitHubAuthProvider extends GenericAuthProvider { authUser: { authId: String(id), authName: login, - avatarUrl: avatar_url, + avatarUrl: publicAvatarURL.toString(), name, primaryEmail: filterPrimaryEmail(userEmails), company,