كيف أحذف ملف صورة المستخدم الرمزية؟

Hi team,

My website is hosted in China and as you know all Chinese websites need to register for a license from the government, hence all Chinese websites are under supervision.

Someone recently reported to my CDN service provider, Qiniu, which is also a CN company, that some images on my website are illegal. My CDN provider informed me that I should delete these images and ‘refresh URL caches’, or they can suspend my account according to law. But I found these images were user avatars, which I don’t know how to delete.

According to How to Delete Uploaded Files? - #3 by codinghorror and How to Delete Uploaded Files? - #25 by Falco uploaded images w/o references will be auto deleted in 48 hours. I have replaced these user avatars with the default letter ones, but nothing seems to be happening to the old user avatars after 72 hours, maybe it’s because user avatars are not considered uploaded images?

Any ideas on how can I delete the user avatar files completely on my server?

Thanks in advance,
Yinglu

I think it still works like this.

From the URL of the file you want to delete, get the filename.

cd /var/discourse/shared/uploads
find . -name =FILENAME= | xargs exec rm

And then you’d do whatever to purge it from your CDN.

Thanks for helping me, I tried but didn’t work

The file is https://iosre.com/user_avatar/iosre.com/lincwee/135/5414_2.png so I guess the filename is 5414_2.png, correct?

And the /uploads is under /shared/standalone rather than /shared
And there’s no such a file under /uploads, as you can see in the shell:

root@iosre:/var/discourse/shared# ls
standalone
root@iosre:/var/discourse/shared# cd standalone/
root@iosre:/var/discourse/shared/standalone# ls
backups  postgres_backup  postgres_run  state  uploads
log      postgres_data    redis_data    tmp
root@iosre:/var/discourse/shared/standalone# find . -name 5414_2.png
root@iosre:/var/discourse/shared/standalone# cd uploads/
root@iosre:/var/discourse/shared/standalone/uploads# find . -name 5414_2.png
root@iosre:/var/discourse/shared/standalone/uploads#

Any more ideas?

Oh sorry. Avatars work differently. I would have to look at the code to understand where to look. If this is an emergency and you have a budget please contact me directly. I likely won’t have free time to investigate otherwise. Perhaps someone else knows.

Sorry this is a personal website and I don’t have any budget for now. Thanks for your reply anyway!

To prevent users from uploading future avatars, you can disable allow uploaded avatars and enable the selectable avatars site setting with a large selection.

I think you may need to upload a replacement placeholder in order for automatic deletion - the user record is still keeping the uploaded avatar image alive even though it’s not in use.

Upload files are named based on the SHA1 of the image content - that may help you to find the backing file?

Something like

a=UserAvatar.where(user_id: 1234)
u=Upload.find(a.custom_upload_id)
upload_url=u.url

Then

cd /var/discourse/shared/standalone
rm UPLOAD_URL_FROM_ABOVE

I have over 7k registered users and only less than 5 users use illegal avatars w/o knowing it, so I don’t want to make it a 0 or 1 problem; I want to solve it case by case rather than stopping all users from using custom avatars.

How do I do this? I have no idea at all

For example this image https://iosre.com/user_avatar/iosre.com/lincwee/135/5414_2.png

snakeninny@bogon ~ % shasum /Users/snakeninny/Desktop/5414_2.png.jpeg 
c8d561c5484a1f197abd32995411caaa25e53bd6  /Users/snakeninny/Desktop/5414_2.png.jpeg

root@iosre:~# cd /var/discourse/shared/standalone
root@iosre:/var/discourse/shared/standalone# find ./ -name *c8d561c5484a1f197abd32995411caaa25e53bd6*
root@iosre:/var/discourse/shared/standalone# 

No luck. Is this what you mean? And any ideas?

Is this a piece of code? Where and how do I execute it? I used to be an iOS developer and am not familiar with front-end programming

It’s for the rails console. You’d get there with

cd /var/discourse 
./launcher enter app 
rails c

You can use exit to quit. And inside the container you cd to /shared rather than the full path above.

For user lincwee in https://iosre.com/user_avatar/iosre.com/lincwee/135/5414_2.png
UserAvatar.where(user_id: 'lincwee') returns an empty array. Any ideas?

root@iosre:~# cd /var/discourse/shared/
root@iosre:/var/discourse/shared# /var/discourse/launcher enter app 
WARNING: Docker version 17.05.0-ce deprecated, recommend upgrade to 17.06.2 or newer.
root@iosre-app:/var/www/discourse# rails c
[1] pry(main)> a=UserAvatar.where(user_id: 1234)
=> []
[2] pry(main)> a=UserAvatar.where(user_id: lincwee)
NameError: undefined local variable or method `lincwee' for main:Object
from (pry):2:in `__pry__'
[3] pry(main)> a=UserAvatar.where(user_id: 'lincwee')
=> []
[4] pry(main)> 

You’ll need the ID, not username.

u=User.find_by(username: "lincwee")

You can then see the id or access it with u.id

Thanks it worked to some extent. I’ve run

cd /var/discourse/shared/
/var/discourse/launcher enter app
rails c

In the terminal and then executed the code

uid = User.find_by(username: "user_name").id
user_avatars = UserAvatar.where(user_id: uid)
user_avatar = user_avatars[0]
upload_url = Upload.find(user_avatar.custom_upload_id).url

to list all avatar URLs and deleted them from my server.
But I guess I still need to further refresh the system/cache? How should I do this?

تلقّيتُ بريدًا إلكترونيًا آخر من مزوّد شبكة توصيل المحتوى (CDN) الخاص بي، وقد قام بتجميد حسابي على الشبكة. لذا، يجب أن أقوم بتحديث هذا الموضوع للحصول على مساعدة إضافية.

أشار البريد الإلكتروني الجديد إلى أن الروابط التالية غير قانونية:

https://cdn.iosre.com/user_avatar/iosre.com/baal998/135/2210_2.png
https://cdn.iosre.com/user_avatar/iosre.com/baal998/64/2210_2.png
https://cdn.iosre.com/user_avatar/iosre.com/baal998/75/2210_2.png
https://cdn.iosre.com/user_avatar/iosre.com/baal998/75/2210_2.png
https://cdn.iosre.com/user_avatar/iosre.com/baal998/75/2210_2.png
https://cdn.iosre.com/user_avatar/iosre.com/lincwee/135/5414_2.png
https://cdn.iosre.com/user_avatar/iosre.com/baal998/75/2210_2.png
https://cdn.iosre.com/user_avatar/iosre.com/lincwee/75/5414_2.png
https://cdn.iosre.com/user_avatar/iosre.com/baal998/96/2210_2.png
https://cdn.iosre.com/user_avatar/iosre.com/lincwee/90/5414_2.png

كما تلاحظون، فهذه صورتا رمزين تعبيريين (أفاتار) لمستخدمين، وهما ميمز (memes) متعلقة برئيس صيني سابق. مرة أخرى، طلب مني مزوّد شبكة توصيل المحتوى حذف هذه الملفات من الخادم وتحديث شبكة توصيل المحتوى (CDN).

من خلال الروابط، لاحظت أن المستخدمين هما “baal998” و"lincwee". وفقًا لمقطع الكود في منشوري السابق، كان عنوان URL للصورة المرفوعة لـ “lincwee” هو /uploads/default/original/2X/5/55512211b1c8969c8038b79840464952cd3eb089.jpeg، بينما كان لـ “baal998” هو /uploads/default/original/2X/c/cb2188eaeecc3a648f021fa00da4734bd60ca183.jpg. ثم قمت بتشغيل الأمر find /var/discourse/shared/ -name *55512211b1c8969c8038b79840464952cd3eb089* وحذفت جميع الملفات التي تم العثور عليها، وقد نجح الأمر مع “lincwee”. لكن لم أكن محظوظًا مع “baal998”، إذ ما زلتُ أستطيع الوصول إلى https://iosre.com/user_avatar/iosre.com/baal998/135/2210_2.png رغم عدم وجود أي ملفات تحمل الاسم *cb2188eaeecc3a648f021fa00da4734bd60ca183*.

إذن، أين يُخزّن الرابط https://iosre.com/user_avatar/iosre.com/baal998/135/2210_2.png بالضبط على خادمي؟

همم، هذه موقف صعب. ربما @falco أو شخص آخر عمل على الصور الرمزية مؤخرًا يمكنه أن ينصحك؟

أو لتبسيط الأمر: كيف يقوم Discourse بتحليل زيارة الرابط https://iosre.com/user_avatar/iosre.com/baal998/135/2210_2.png؟ إذا كان هناك شخص ملم بشفرة المصدر يمكنه إخباري باسم ملف المصدر أو الفئة/الدالة، فسيكون ذلك مفيدًا جدًا. شكرًا!

انظر في نموذج الرفع، أعتقد.

أيضًا، ابدأ بجلب البيانات من خادمك وليس من شبكة توصيل المحتوى (CDN). تريد التأكد من أنك تحل المشكلة في المكان الصحيح. بمجرد التأكد من أن الخادم لا يرسل الصور، يمكنك العمل مع شبكة توصيل المحتوى (CDN).

بما أن https://cdn.iosre.com/user_avatar/iosre.com/baal998/135/2210_2.png مُستقى من شبكة توزيع المحتوى (CDN)،
فإن https://iosre.com/user_avatar/iosre.com/baal998/135/2210_2.png يجب أن يكون مُستقى من خادمي، أليس كذلك؟

نعم، ويمكنك رؤية أن الصور تُرسَل من خادمك. لذا، فإن الرابط الذي يجب محاولة إصلاحه هو هذا. بعد أن تمنع إرسال الصور، يمكنك مسح شبكة توصيل المحتوى (CDN).