docs/content/doc/advanced/config-cheat-sheet.en-us.md

@@ -782,9 +782,9 @@ and
 
 - `GRAVATAR_SOURCE`: **gravatar**: Can be `gravatar`, `duoshuo` or anything like
    `http://cn.gravatar.com/avatar/`.
-- `DISABLE_GRAVATAR`: **false**: Enable this to use local avatars only. **DEPRECATED [v1.18+]** moved to database. Use admin panel to configure.
+- `DISABLE_GRAVATAR`: **false**: Enable this to use local avatars only.
 - `ENABLE_FEDERATED_AVATAR`: **false**: Enable support for federated avatars (see
-   [http://www.libravatar.org](http://www.libravatar.org)). **DEPRECATED [v1.18+]** moved to database. Use admin panel to configure.
+   [http://www.libravatar.org](http://www.libravatar.org)).
 
 - `AVATAR_STORAGE_TYPE`: **default**: Storage type defined in `[storage.xxx]`. Default is `default` which will read `[storage]` if no section `[storage]` will be a type `local`.
 - `AVATAR_UPLOAD_PATH`: **data/avatars**: Path to store user avatar image files.

modules/avatar/hash.go

@@ -1,28 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package avatar
-
-import (
-	"crypto/sha256"
-	"encoding/hex"
-	"strconv"
-)
-
-// HashAvatar will generate a unique string, which ensures that when there's a
-// different unique ID while the data is the same, it will generate a different
-// output. It will generate the output according to:
-// HEX(HASH(uniqueID || - || data))
-// The hash being used is SHA256.
-// The sole purpose of the unique ID is to generate a distinct hash Such that
-// two unique IDs with the same data will have a different hash output.
-// The "-" byte is important to ensure that data cannot be modified such that
-// the first byte is a number, which could lead to a "collision" with the hash
-// of another unique ID.
-func HashAvatar(uniqueID int64, data []byte) string {
-	h := sha256.New()
-	h.Write([]byte(strconv.FormatInt(uniqueID, 10)))
-	h.Write([]byte{'-'})
-	h.Write(data)
-	return hex.EncodeToString(h.Sum(nil))
-}

routers/web/user/code.go

@@ -26,7 +26,7 @@ func CodeSearch(ctx *context.Context) {
 
 	ctx.Data["IsPackageEnabled"] = setting.Packages.Enabled
 	ctx.Data["IsRepoIndexerEnabled"] = setting.Indexer.RepoIndexerEnabled
-	ctx.Data["Title"] = ctx.Tr("explore.code")
+	ctx.Data["Title"] = ctx.Tr("code.title")
 	ctx.Data["ContextUser"] = ctx.ContextUser
 
 	language := ctx.FormTrim("l")

services/repository/avatar.go

@@ -5,6 +5,7 @@ package repository
 
 import (
 	"context"
+	"crypto/md5"
 	"fmt"
 	"image/png"
 	"io"
@@ -26,7 +27,7 @@ func UploadAvatar(repo *repo_model.Repository, data []byte) error {
 		return err
 	}
 
-	newAvatar := avatar.HashAvatar(repo.ID, data)
+	newAvatar := fmt.Sprintf("%d-%x", repo.ID, md5.Sum(data))
 	if repo.Avatar == newAvatar { // upload the same picture
 		return nil
 	}

services/repository/avatar_test.go

@@ -5,13 +5,14 @@ package repository
 
 import (
 	"bytes"
+	"crypto/md5"
+	"fmt"
 	"image"
 	"image/png"
 	"testing"
 
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
-	"code.gitea.io/gitea/modules/avatar"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -27,7 +28,7 @@ func TestUploadAvatar(t *testing.T) {
 
 	err := UploadAvatar(repo, buff.Bytes())
 	assert.NoError(t, err)
-	assert.Equal(t, avatar.HashAvatar(10, buff.Bytes()), repo.Avatar)
+	assert.Equal(t, fmt.Sprintf("%d-%x", 10, md5.Sum(buff.Bytes())), repo.Avatar)
 }
 
 func TestUploadBigAvatar(t *testing.T) {

services/user/user.go

@@ -5,6 +5,7 @@ package user
 
 import (
 	"context"
+	"crypto/md5"
 	"fmt"
 	"image/png"
 	"io"
@@ -240,7 +241,11 @@ func UploadAvatar(u *user_model.User, data []byte) error {
 	defer committer.Close()
 
 	u.UseCustomAvatar = true
-	u.Avatar = avatar.HashAvatar(u.ID, data)
+	// Different users can upload same image as avatar
+	// If we prefix it with u.ID, it will be separated
+	// Otherwise, if any of the users delete his avatar
+	// Other users will lose their avatars too.
+	u.Avatar = fmt.Sprintf("%x", md5.Sum([]byte(fmt.Sprintf("%d-%x", u.ID, md5.Sum(data)))))
 	if err = user_model.UpdateUserCols(ctx, u, "use_custom_avatar", "avatar"); err != nil {
 		return fmt.Errorf("updateUser: %w", err)
 	}