Avatars and Repo avatars support storing in minio (#12516)

* Avatar support minio * Support repo avatar minio storage * Add missing migration * Fix bug * Fix test * Add test for minio store type on avatars and repo avatars; Add documents * Fix bug * Fix bug * Add back missed avatar link method * refactor codes * Simplify the codes * Code improvements * Fix lint * Fix test mysql * Fix test mysql * Fix test mysql * Fix settings * Fix test * fix test * Fix bug
2020-10-14 21:07:51 +08:00 · 2020-10-14 21:07:51 +08:00 · 80a6b0f5bc
commit 80a6b0f5bc
parent 93f7525061
21 changed files with 705 additions and 477 deletions
--- a/models/migrations/v115.go
+++ b/models/migrations/v115.go
@ -61,7 +61,7 @@ func renameExistingUserAvatarName(x *xorm.Engine) error {
 		for _, user := range users {
 			oldAvatar := user.Avatar

-			if stat, err := os.Stat(filepath.Join(setting.AvatarUploadPath, oldAvatar)); err != nil || !stat.Mode().IsRegular() {
+			if stat, err := os.Stat(filepath.Join(setting.Avatar.Path, oldAvatar)); err != nil || !stat.Mode().IsRegular() {
 				if err == nil {
 					err = fmt.Errorf("Error: \"%s\" is not a regular file", oldAvatar)
 				}
@ -86,7 +86,7 @@ func renameExistingUserAvatarName(x *xorm.Engine) error {
 				return fmt.Errorf("[user: %s] user table update: %v", user.LowerName, err)
 			}

-			deleteList[filepath.Join(setting.AvatarUploadPath, oldAvatar)] = struct{}{}
+			deleteList[filepath.Join(setting.Avatar.Path, oldAvatar)] = struct{}{}
 			migrated++
 			select {
 			case <-ticker.C:
@ -135,7 +135,7 @@ func renameExistingUserAvatarName(x *xorm.Engine) error {
 // copyOldAvatarToNewLocation copies oldAvatar to newAvatarLocation
 // and returns newAvatar location
 func copyOldAvatarToNewLocation(userID int64, oldAvatar string) (string, error) {
-	fr, err := os.Open(filepath.Join(setting.AvatarUploadPath, oldAvatar))
+	fr, err := os.Open(filepath.Join(setting.Avatar.Path, oldAvatar))
 	if err != nil {
 		return "", fmt.Errorf("os.Open: %v", err)
 	}
@ -151,7 +151,7 @@ func copyOldAvatarToNewLocation(userID int64, oldAvatar string) (string, error)
 		return newAvatar, nil
 	}

-	if err := ioutil.WriteFile(filepath.Join(setting.AvatarUploadPath, newAvatar), data, 0666); err != nil {
+	if err := ioutil.WriteFile(filepath.Join(setting.Avatar.Path, newAvatar), data, 0666); err != nil {
 		return "", fmt.Errorf("ioutil.WriteFile: %v", err)
 	}

--- a/models/org.go
+++ b/models/org.go
@ -11,10 +11,10 @@ import (

 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/storage"
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/util"

-	"github.com/unknwon/com"
 	"xorm.io/builder"
 	"xorm.io/xorm"
 )
@ -310,11 +310,9 @@ func deleteOrg(e *xorm.Session, u *User) error {
 	}

 	if len(u.Avatar) > 0 {
-		avatarPath := u.CustomAvatarPath()
-		if com.IsExist(avatarPath) {
-			if err := util.Remove(avatarPath); err != nil {
-				return fmt.Errorf("Failed to remove %s: %v", avatarPath, err)
-			}
+		avatarPath := u.CustomAvatarRelativePath()
+		if err := storage.Avatars.Delete(avatarPath); err != nil {
+			return fmt.Errorf("Failed to remove %s: %v", avatarPath, err)
 		}
 	}

--- a/models/repo.go
+++ b/models/repo.go
@ -7,7 +7,6 @@ package models

 import (
 	"context"
-	"crypto/md5"
 	"errors"
 	"fmt"
 	"html/template"
@ -15,7 +14,6 @@ import (

 	// Needed for jpeg support
 	_ "image/jpeg"
-	"image/png"
 	"io/ioutil"
 	"net"
 	"net/url"
@ -27,7 +25,6 @@ import (
 	"strings"
 	"time"

-	"code.gitea.io/gitea/modules/avatar"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/markup"
 	"code.gitea.io/gitea/modules/options"
@ -1796,11 +1793,8 @@ func DeleteRepository(doer *User, uid, repoID int64) error {
 	}

 	if len(repo.Avatar) > 0 {
-		avatarPath := repo.CustomAvatarPath()
-		if com.IsExist(avatarPath) {
-			if err := util.Remove(avatarPath); err != nil {
-				return fmt.Errorf("Failed to remove %s: %v", avatarPath, err)
-			}
+		if err := storage.RepoAvatars.Delete(repo.CustomAvatarRelativePath()); err != nil {
+			return fmt.Errorf("Failed to remove %s: %v", repo.Avatar, err)
 		}
 	}

@ -2239,187 +2233,6 @@ func (repo *Repository) GetUserFork(userID int64) (*Repository, error) {
 	return &forkedRepo, nil
 }

-// CustomAvatarPath returns repository custom avatar file path.
-func (repo *Repository) CustomAvatarPath() string {
-	// Avatar empty by default
-	if len(repo.Avatar) == 0 {
-		return ""
-	}
-	return filepath.Join(setting.RepositoryAvatarUploadPath, repo.Avatar)
-}
-
-// generateRandomAvatar generates a random avatar for repository.
-func (repo *Repository) generateRandomAvatar(e Engine) error {
-	idToString := fmt.Sprintf("%d", repo.ID)
-
-	seed := idToString
-	img, err := avatar.RandomImage([]byte(seed))
-	if err != nil {
-		return fmt.Errorf("RandomImage: %v", err)
-	}
-
-	repo.Avatar = idToString
-	if err = os.MkdirAll(filepath.Dir(repo.CustomAvatarPath()), os.ModePerm); err != nil {
-		return fmt.Errorf("MkdirAll: %v", err)
-	}
-	fw, err := os.Create(repo.CustomAvatarPath())
-	if err != nil {
-		return fmt.Errorf("Create: %v", err)
-	}
-	defer fw.Close()
-
-	if err = png.Encode(fw, img); err != nil {
-		return fmt.Errorf("Encode: %v", err)
-	}
-	log.Info("New random avatar created for repository: %d", repo.ID)
-
-	if _, err := e.ID(repo.ID).Cols("avatar").NoAutoTime().Update(repo); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// RemoveRandomAvatars removes the randomly generated avatars that were created for repositories
-func RemoveRandomAvatars(ctx context.Context) error {
-	return x.
-		Where("id > 0").BufferSize(setting.Database.IterateBufferSize).
-		Iterate(new(Repository),
-			func(idx int, bean interface{}) error {
-				repository := bean.(*Repository)
-				select {
-				case <-ctx.Done():
-					return ErrCancelledf("before random avatars removed for %s", repository.FullName())
-				default:
-				}
-				stringifiedID := strconv.FormatInt(repository.ID, 10)
-				if repository.Avatar == stringifiedID {
-					return repository.DeleteAvatar()
-				}
-				return nil
-			})
-}
-
-// RelAvatarLink returns a relative link to the repository's avatar.
-func (repo *Repository) RelAvatarLink() string {
-	return repo.relAvatarLink(x)
-}
-
-func (repo *Repository) relAvatarLink(e Engine) string {
-	// If no avatar - path is empty
-	avatarPath := repo.CustomAvatarPath()
-	if len(avatarPath) == 0 || !com.IsFile(avatarPath) {
-		switch mode := setting.RepositoryAvatarFallback; mode {
-		case "image":
-			return setting.RepositoryAvatarFallbackImage
-		case "random":
-			if err := repo.generateRandomAvatar(e); err != nil {
-				log.Error("generateRandomAvatar: %v", err)
-			}
-		default:
-			// default behaviour: do not display avatar
-			return ""
-		}
-	}
-	return setting.AppSubURL + "/repo-avatars/" + repo.Avatar
-}
-
-// AvatarLink returns a link to the repository's avatar.
-func (repo *Repository) AvatarLink() string {
-	return repo.avatarLink(x)
-}
-
-// avatarLink returns user avatar absolute link.
-func (repo *Repository) avatarLink(e Engine) string {
-	link := repo.relAvatarLink(e)
-	// link may be empty!
-	if len(link) > 0 {
-		if link[0] == '/' && link[1] != '/' {
-			return setting.AppURL + strings.TrimPrefix(link, setting.AppSubURL)[1:]
-		}
-	}
-	return link
-}
-
-// UploadAvatar saves custom avatar for repository.
-// FIXME: split uploads to different subdirs in case we have massive number of repos.
-func (repo *Repository) UploadAvatar(data []byte) error {
-	m, err := avatar.Prepare(data)
-	if err != nil {
-		return err
-	}
-
-	sess := x.NewSession()
-	defer sess.Close()
-	if err = sess.Begin(); err != nil {
-		return err
-	}
-
-	oldAvatarPath := repo.CustomAvatarPath()
-
-	// Users can upload the same image to other repo - prefix it with ID
-	// Then repo will be removed - only it avatar file will be removed
-	repo.Avatar = fmt.Sprintf("%d-%x", repo.ID, md5.Sum(data))
-	if _, err := sess.ID(repo.ID).Cols("avatar").Update(repo); err != nil {
-		return fmt.Errorf("UploadAvatar: Update repository avatar: %v", err)
-	}
-
-	if err := os.MkdirAll(setting.RepositoryAvatarUploadPath, os.ModePerm); err != nil {
-		return fmt.Errorf("UploadAvatar: Failed to create dir %s: %v", setting.RepositoryAvatarUploadPath, err)
-	}
-
-	fw, err := os.Create(repo.CustomAvatarPath())
-	if err != nil {
-		return fmt.Errorf("UploadAvatar: Create file: %v", err)
-	}
-	defer fw.Close()
-
-	if err = png.Encode(fw, *m); err != nil {
-		return fmt.Errorf("UploadAvatar: Encode png: %v", err)
-	}
-
-	if len(oldAvatarPath) > 0 && oldAvatarPath != repo.CustomAvatarPath() {
-		if err := util.Remove(oldAvatarPath); err != nil {
-			return fmt.Errorf("UploadAvatar: Failed to remove old repo avatar %s: %v", oldAvatarPath, err)
-		}
-	}
-
-	return sess.Commit()
-}
-
-// DeleteAvatar deletes the repos's custom avatar.
-func (repo *Repository) DeleteAvatar() error {
-
-	// Avatar not exists
-	if len(repo.Avatar) == 0 {
-		return nil
-	}
-
-	avatarPath := repo.CustomAvatarPath()
-	log.Trace("DeleteAvatar[%d]: %s", repo.ID, avatarPath)
-
-	sess := x.NewSession()
-	defer sess.Close()
-	if err := sess.Begin(); err != nil {
-		return err
-	}
-
-	repo.Avatar = ""
-	if _, err := sess.ID(repo.ID).Cols("avatar").Update(repo); err != nil {
-		return fmt.Errorf("DeleteAvatar: Update repository avatar: %v", err)
-	}
-
-	if _, err := os.Stat(avatarPath); err == nil {
-		if err := util.Remove(avatarPath); err != nil {
-			return fmt.Errorf("DeleteAvatar: Failed to remove %s: %v", avatarPath, err)
-		}
-	} else {
-		// // Schrodinger: file may or may not exist. See err for details.
-		log.Trace("DeleteAvatar[%d]: %v", err)
-	}
-	return sess.Commit()
-}
-
 // GetOriginalURLHostname returns the hostname of a URL or the URL
 func (repo *Repository) GetOriginalURLHostname() string {
 	u, err := url.Parse(repo.OriginalURL)
@ -2502,3 +2315,25 @@ func DoctorUserStarNum() (err error) {

 	return
 }
+
+// IterateRepository iterate repositories
+func IterateRepository(f func(repo *Repository) error) error {
+	var start int
+	var batchSize = setting.Database.IterateBufferSize
+	for {
+		var repos = make([]*Repository, 0, batchSize)
+		if err := x.Limit(batchSize, start).Find(&repos); err != nil {
+			return err
+		}
+		if len(repos) == 0 {
+			return nil
+		}
+		start += len(repos)
+
+		for _, repo := range repos {
+			if err := f(repo); err != nil {
+				return err
+			}
+		}
+	}
+}
--- a/models/repo_avatar.go
+++ b/models/repo_avatar.go
@ -0,0 +1,190 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package models
+
+import (
+	"context"
+	"crypto/md5"
+	"fmt"
+	"image/png"
+	"io"
+	"strconv"
+	"strings"
+
+	"code.gitea.io/gitea/modules/avatar"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/storage"
+)
+
+// CustomAvatarRelativePath returns repository custom avatar file path.
+func (repo *Repository) CustomAvatarRelativePath() string {
+	return repo.Avatar
+}
+
+// generateRandomAvatar generates a random avatar for repository.
+func (repo *Repository) generateRandomAvatar(e Engine) error {
+	idToString := fmt.Sprintf("%d", repo.ID)
+
+	seed := idToString
+	img, err := avatar.RandomImage([]byte(seed))
+	if err != nil {
+		return fmt.Errorf("RandomImage: %v", err)
+	}
+
+	repo.Avatar = idToString
+
+	if err := storage.SaveFrom(storage.RepoAvatars, repo.CustomAvatarRelativePath(), func(w io.Writer) error {
+		if err := png.Encode(w, img); err != nil {
+			log.Error("Encode: %v", err)
+		}
+		return err
+	}); err != nil {
+		return fmt.Errorf("Failed to create dir %s: %v", repo.CustomAvatarRelativePath(), err)
+	}
+
+	log.Info("New random avatar created for repository: %d", repo.ID)
+
+	if _, err := e.ID(repo.ID).Cols("avatar").NoAutoTime().Update(repo); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// RemoveRandomAvatars removes the randomly generated avatars that were created for repositories
+func RemoveRandomAvatars(ctx context.Context) error {
+	return x.
+		Where("id > 0").BufferSize(setting.Database.IterateBufferSize).
+		Iterate(new(Repository),
+			func(idx int, bean interface{}) error {
+				repository := bean.(*Repository)
+				select {
+				case <-ctx.Done():
+					return ErrCancelledf("before random avatars removed for %s", repository.FullName())
+				default:
+				}
+				stringifiedID := strconv.FormatInt(repository.ID, 10)
+				if repository.Avatar == stringifiedID {
+					return repository.DeleteAvatar()
+				}
+				return nil
+			})
+}
+
+// RelAvatarLink returns a relative link to the repository's avatar.
+func (repo *Repository) RelAvatarLink() string {
+	return repo.relAvatarLink(x)
+}
+
+func (repo *Repository) relAvatarLink(e Engine) string {
+	// If no avatar - path is empty
+	avatarPath := repo.CustomAvatarRelativePath()
+	if len(avatarPath) == 0 {
+		switch mode := setting.RepoAvatar.Fallback; mode {
+		case "image":
+			return setting.RepoAvatar.FallbackImage
+		case "random":
+			if err := repo.generateRandomAvatar(e); err != nil {
+				log.Error("generateRandomAvatar: %v", err)
+			}
+		default:
+			// default behaviour: do not display avatar
+			return ""
+		}
+	}
+	return setting.AppSubURL + "/repo-avatars/" + repo.Avatar
+}
+
+// AvatarLink returns a link to the repository's avatar.
+func (repo *Repository) AvatarLink() string {
+	return repo.avatarLink(x)
+}
+
+// avatarLink returns user avatar absolute link.
+func (repo *Repository) avatarLink(e Engine) string {
+	link := repo.relAvatarLink(e)
+	// link may be empty!
+	if len(link) > 0 {
+		if link[0] == '/' && link[1] != '/' {
+			return setting.AppURL + strings.TrimPrefix(link, setting.AppSubURL)[1:]
+		}
+	}
+	return link
+}
+
+// UploadAvatar saves custom avatar for repository.
+// FIXME: split uploads to different subdirs in case we have massive number of repos.
+func (repo *Repository) UploadAvatar(data []byte) error {
+	m, err := avatar.Prepare(data)
+	if err != nil {
+		return err
+	}
+
+	newAvatar := fmt.Sprintf("%d-%x", repo.ID, md5.Sum(data))
+	if repo.Avatar == newAvatar { // upload the same picture
+		return nil
+	}
+
+	sess := x.NewSession()
+	defer sess.Close()
+	if err = sess.Begin(); err != nil {
+		return err
+	}
+
+	oldAvatarPath := repo.CustomAvatarRelativePath()
+
+	// Users can upload the same image to other repo - prefix it with ID
+	// Then repo will be removed - only it avatar file will be removed
+	repo.Avatar = newAvatar
+	if _, err := sess.ID(repo.ID).Cols("avatar").Update(repo); err != nil {
+		return fmt.Errorf("UploadAvatar: Update repository avatar: %v", err)
+	}
+
+	if err := storage.SaveFrom(storage.RepoAvatars, repo.CustomAvatarRelativePath(), func(w io.Writer) error {
+		if err := png.Encode(w, *m); err != nil {
+			log.Error("Encode: %v", err)
+		}
+		return err
+	}); err != nil {
+		return fmt.Errorf("UploadAvatar %s failed: Failed to remove old repo avatar %s: %v", repo.RepoPath(), newAvatar, err)
+	}
+
+	if len(oldAvatarPath) > 0 {
+		if err := storage.RepoAvatars.Delete(oldAvatarPath); err != nil {
+			return fmt.Errorf("UploadAvatar: Failed to remove old repo avatar %s: %v", oldAvatarPath, err)
+		}
+	}
+
+	return sess.Commit()
+}
+
+// DeleteAvatar deletes the repos's custom avatar.
+func (repo *Repository) DeleteAvatar() error {
+	// Avatar not exists
+	if len(repo.Avatar) == 0 {
+		return nil
+	}
+
+	avatarPath := repo.CustomAvatarRelativePath()
+	log.Trace("DeleteAvatar[%d]: %s", repo.ID, avatarPath)
+
+	sess := x.NewSession()
+	defer sess.Close()
+	if err := sess.Begin(); err != nil {
+		return err
+	}
+
+	repo.Avatar = ""
+	if _, err := sess.ID(repo.ID).Cols("avatar").Update(repo); err != nil {
+		return fmt.Errorf("DeleteAvatar: Update repository avatar: %v", err)
+	}
+
+	if err := storage.RepoAvatars.Delete(avatarPath); err != nil {
+		return fmt.Errorf("DeleteAvatar: Failed to remove %s: %v", avatarPath, err)
+	}
+
+	return sess.Commit()
+}
--- a/models/repo_generate.go
+++ b/models/repo_generate.go
@ -10,10 +10,10 @@ import (

 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/storage"
 	"code.gitea.io/gitea/modules/util"

 	"github.com/gobwas/glob"
-	"github.com/unknwon/com"
 )

 // GenerateRepoOptions contains the template units to generate
@ -139,7 +139,7 @@ func GenerateWebhooks(ctx DBContext, templateRepo, generateRepo *Repository) err
 // GenerateAvatar generates the avatar from a template repository
 func GenerateAvatar(ctx DBContext, templateRepo, generateRepo *Repository) error {
 	generateRepo.Avatar = strings.Replace(templateRepo.Avatar, strconv.FormatInt(templateRepo.ID, 10), strconv.FormatInt(generateRepo.ID, 10), 1)
-	if err := com.Copy(templateRepo.CustomAvatarPath(), generateRepo.CustomAvatarPath()); err != nil {
+	if _, err := storage.Copy(storage.RepoAvatars, generateRepo.CustomAvatarRelativePath(), storage.RepoAvatars, templateRepo.CustomAvatarRelativePath()); err != nil {
 		return err
 	}

--- a/models/unit_tests.go
+++ b/models/unit_tests.go
@ -70,6 +70,11 @@ func MainTest(m *testing.M, pathToGiteaRoot string) {
 	setting.Attachment.Storage.Path = filepath.Join(setting.AppDataPath, "attachments")

 	setting.LFS.Storage.Path = filepath.Join(setting.AppDataPath, "lfs")
+
+	setting.Avatar.Storage.Path = filepath.Join(setting.AppDataPath, "avatars")
+
+	setting.RepoAvatar.Storage.Path = filepath.Join(setting.AppDataPath, "repo-avatars")
+
 	if err = storage.Init(); err != nil {
 		fatalTestError("storage.Init: %v\n", err)
 	}
--- a/models/user.go
+++ b/models/user.go
@ -8,29 +8,26 @@ package models
 import (
 	"container/list"
 	"context"
-	"crypto/md5"
 	"crypto/sha256"
 	"crypto/subtle"
 	"encoding/hex"
 	"errors"
 	"fmt"
 	_ "image/jpeg" // Needed for jpeg support
-	"image/png"
 	"os"
 	"path/filepath"
 	"regexp"
-	"strconv"
 	"strings"
 	"time"
 	"unicode/utf8"

-	"code.gitea.io/gitea/modules/avatar"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/generate"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/public"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/storage"
 	"code.gitea.io/gitea/modules/structs"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/timeutil"
@ -347,104 +344,6 @@ func (u *User) GenerateActivateCode() string {
 	return u.GenerateEmailActivateCode(u.Email)
 }

-// CustomAvatarPath returns user custom avatar file path.
-func (u *User) CustomAvatarPath() string {
-	return filepath.Join(setting.AvatarUploadPath, u.Avatar)
-}
-
-// GenerateRandomAvatar generates a random avatar for user.
-func (u *User) GenerateRandomAvatar() error {
-	return u.generateRandomAvatar(x)
-}
-
-func (u *User) generateRandomAvatar(e Engine) error {
-	seed := u.Email
-	if len(seed) == 0 {
-		seed = u.Name
-	}
-
-	img, err := avatar.RandomImage([]byte(seed))
-	if err != nil {
-		return fmt.Errorf("RandomImage: %v", err)
-	}
-	// NOTICE for random avatar, it still uses id as avatar name, but custom avatar use md5
-	// since random image is not a user's photo, there is no security for enumable
-	if u.Avatar == "" {
-		u.Avatar = fmt.Sprintf("%d", u.ID)
-	}
-	if err = os.MkdirAll(filepath.Dir(u.CustomAvatarPath()), os.ModePerm); err != nil {
-		return fmt.Errorf("MkdirAll: %v", err)
-	}
-	fw, err := os.Create(u.CustomAvatarPath())
-	if err != nil {
-		return fmt.Errorf("Create: %v", err)
-	}
-	defer fw.Close()
-
-	if _, err := e.ID(u.ID).Cols("avatar").Update(u); err != nil {
-		return err
-	}
-
-	if err = png.Encode(fw, img); err != nil {
-		return fmt.Errorf("Encode: %v", err)
-	}
-
-	log.Info("New random avatar created: %d", u.ID)
-	return nil
-}
-
-// SizedRelAvatarLink returns a link to the user's avatar via
-// the local explore page. Function returns immediately.
-// When applicable, the link is for an avatar of the indicated size (in pixels).
-func (u *User) SizedRelAvatarLink(size int) string {
-	return strings.TrimSuffix(setting.AppSubURL, "/") + "/user/avatar/" + u.Name + "/" + strconv.Itoa(size)
-}
-
-// RealSizedAvatarLink returns a link to the user's avatar. When
-// applicable, the link is for an avatar of the indicated size (in pixels).
-//
-// This function make take time to return when federated avatars
-// are in use, due to a DNS lookup need
-//
-func (u *User) RealSizedAvatarLink(size int) string {
-	if u.ID == -1 {
-		return base.DefaultAvatarLink()
-	}
-
-	switch {
-	case u.UseCustomAvatar:
-		if !com.IsFile(u.CustomAvatarPath()) {
-			return base.DefaultAvatarLink()
-		}
-		return setting.AppSubURL + "/avatars/" + u.Avatar
-	case setting.DisableGravatar, setting.OfflineMode:
-		if !com.IsFile(u.CustomAvatarPath()) {
-			if err := u.GenerateRandomAvatar(); err != nil {
-				log.Error("GenerateRandomAvatar: %v", err)
-			}
-		}
-
-		return setting.AppSubURL + "/avatars/" + u.Avatar
-	}
-	return base.SizedAvatarLink(u.AvatarEmail, size)
-}
-
-// RelAvatarLink returns a relative link to the user's avatar. The link
-// may either be a sub-URL to this site, or a full URL to an external avatar
-// service.
-func (u *User) RelAvatarLink() string {
-	return u.SizedRelAvatarLink(base.DefaultAvatarSize)
-}
-
-// AvatarLink returns user avatar absolute link.
-func (u *User) AvatarLink() string {
-	link := u.RelAvatarLink()
-	if link[0] == '/' && link[1] != '/' {
-		return setting.AppURL + strings.TrimPrefix(link, setting.AppSubURL)[1:]
-	}
-	return link
-}
-
 // GetFollowers returns range of user's followers.
 func (u *User) GetFollowers(listOptions ListOptions) ([]*User, error) {
 	sess := x.
@ -537,64 +436,6 @@ func (u *User) IsPasswordSet() bool {
 	return !u.ValidatePassword("")
 }

-// UploadAvatar saves custom avatar for user.
-// FIXME: split uploads to different subdirs in case we have massive users.
-func (u *User) UploadAvatar(data []byte) error {
-	m, err := avatar.Prepare(data)
-	if err != nil {
-		return err
-	}
-
-	sess := x.NewSession()
-	defer sess.Close()
-	if err = sess.Begin(); err != nil {
-		return err
-	}
-
-	u.UseCustomAvatar = true
-	// Different users can upload same image as avatar
-	// If we prefix it with u.ID, it will be separated
-	// Otherwise, if any of the users delete his avatar
-	// Other users will lose their avatars too.
-	u.Avatar = fmt.Sprintf("%x", md5.Sum([]byte(fmt.Sprintf("%d-%x", u.ID, md5.Sum(data)))))
-	if err = updateUser(sess, u); err != nil {
-		return fmt.Errorf("updateUser: %v", err)
-	}
-
-	if err := os.MkdirAll(setting.AvatarUploadPath, os.ModePerm); err != nil {
-		return fmt.Errorf("Failed to create dir %s: %v", setting.AvatarUploadPath, err)
-	}
-
-	fw, err := os.Create(u.CustomAvatarPath())
-	if err != nil {
-		return fmt.Errorf("Create: %v", err)
-	}
-	defer fw.Close()
-
-	if err = png.Encode(fw, *m); err != nil {
-		return fmt.Errorf("Encode: %v", err)
-	}
-
-	return sess.Commit()
-}
-
-// DeleteAvatar deletes the user's custom avatar.
-func (u *User) DeleteAvatar() error {
-	log.Trace("DeleteAvatar[%d]: %s", u.ID, u.CustomAvatarPath())
-	if len(u.Avatar) > 0 {
-		if err := util.Remove(u.CustomAvatarPath()); err != nil {
-			return fmt.Errorf("Failed to remove %s: %v", u.CustomAvatarPath(), err)
-		}
-	}
-
-	u.UseCustomAvatar = false
-	u.Avatar = ""
-	if _, err := x.ID(u.ID).Cols("avatar, use_custom_avatar").Update(u); err != nil {
-		return fmt.Errorf("UpdateUser: %v", err)
-	}
-	return nil
-}
-
 // IsOrganization returns true if user is actually a organization.
 func (u *User) IsOrganization() bool {
 	return u.Type == UserTypeOrganization
@ -1285,17 +1126,14 @@ func deleteUser(e *xorm.Session, u *User) error {
 	// Note: There are something just cannot be roll back,
 	//	so just keep error logs of those operations.
 	path := UserPath(u.Name)
-
 	if err := util.RemoveAll(path); err != nil {
 		return fmt.Errorf("Failed to RemoveAll %s: %v", path, err)
 	}

 	if len(u.Avatar) > 0 {
-		avatarPath := u.CustomAvatarPath()
-		if com.IsExist(avatarPath) {
-			if err := util.Remove(avatarPath); err != nil {
-				return fmt.Errorf("Failed to remove %s: %v", avatarPath, err)
-			}
+		avatarPath := u.CustomAvatarRelativePath()
+		if err := storage.Avatars.Delete(avatarPath); err != nil {
+			return fmt.Errorf("Failed to remove %s: %v", avatarPath, err)
 		}
 	}

@ -2034,3 +1872,25 @@ func SyncExternalUsers(ctx context.Context, updateExisting bool) error {
 	}
 	return nil
 }
+
+// IterateUser iterate users
+func IterateUser(f func(user *User) error) error {
+	var start int
+	var batchSize = setting.Database.IterateBufferSize
+	for {
+		var users = make([]*User, 0, batchSize)
+		if err := x.Limit(batchSize, start).Find(&users); err != nil {
+			return err
+		}
+		if len(users) == 0 {
+			return nil
+		}
+		start += len(users)
+
+		for _, user := range users {
+			if err := f(user); err != nil {
+				return err
+			}
+		}
+	}
+}
--- a/models/user_avatar.go
+++ b/models/user_avatar.go
@ -0,0 +1,169 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package models
+
+import (
+	"crypto/md5"
+	"fmt"
+	"image/png"
+	"io"
+	"strconv"
+	"strings"
+
+	"code.gitea.io/gitea/modules/avatar"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/storage"
+)
+
+// CustomAvatarRelativePath returns user custom avatar relative path.
+func (u *User) CustomAvatarRelativePath() string {
+	return u.Avatar
+}
+
+// GenerateRandomAvatar generates a random avatar for user.
+func (u *User) GenerateRandomAvatar() error {
+	return u.generateRandomAvatar(x)
+}
+
+func (u *User) generateRandomAvatar(e Engine) error {
+	seed := u.Email
+	if len(seed) == 0 {
+		seed = u.Name
+	}
+
+	img, err := avatar.RandomImage([]byte(seed))
+	if err != nil {
+		return fmt.Errorf("RandomImage: %v", err)
+	}
+	// NOTICE for random avatar, it still uses id as avatar name, but custom avatar use md5
+	// since random image is not a user's photo, there is no security for enumable
+	if u.Avatar == "" {
+		u.Avatar = fmt.Sprintf("%d", u.ID)
+	}
+
+	if err := storage.SaveFrom(storage.Avatars, u.CustomAvatarRelativePath(), func(w io.Writer) error {
+		if err := png.Encode(w, img); err != nil {
+			log.Error("Encode: %v", err)
+		}
+		return err
+	}); err != nil {
+		return fmt.Errorf("Failed to create dir %s: %v", u.CustomAvatarRelativePath(), err)
+	}
+
+	if _, err := e.ID(u.ID).Cols("avatar").Update(u); err != nil {
+		return err
+	}
+
+	log.Info("New random avatar created: %d", u.ID)
+	return nil
+}
+
+// SizedRelAvatarLink returns a link to the user's avatar via
+// the local explore page. Function returns immediately.
+// When applicable, the link is for an avatar of the indicated size (in pixels).
+func (u *User) SizedRelAvatarLink(size int) string {
+	return strings.TrimSuffix(setting.AppSubURL, "/") + "/user/avatar/" + u.Name + "/" + strconv.Itoa(size)
+}
+
+// RealSizedAvatarLink returns a link to the user's avatar. When
+// applicable, the link is for an avatar of the indicated size (in pixels).
+//
+// This function make take time to return when federated avatars
+// are in use, due to a DNS lookup need
+//
+func (u *User) RealSizedAvatarLink(size int) string {
+	if u.ID == -1 {
+		return base.DefaultAvatarLink()
+	}
+
+	switch {
+	case u.UseCustomAvatar:
+		if u.Avatar == "" {
+			return base.DefaultAvatarLink()
+		}
+		return setting.AppSubURL + "/avatars/" + u.Avatar
+	case setting.DisableGravatar, setting.OfflineMode:
+		if u.Avatar == "" {
+			if err := u.GenerateRandomAvatar(); err != nil {
+				log.Error("GenerateRandomAvatar: %v", err)
+			}
+		}
+
+		return setting.AppSubURL + "/avatars/" + u.Avatar
+	}
+	return base.SizedAvatarLink(u.AvatarEmail, size)
+}
+
+// RelAvatarLink returns a relative link to the user's avatar. The link
+// may either be a sub-URL to this site, or a full URL to an external avatar
+// service.
+func (u *User) RelAvatarLink() string {
+	return u.SizedRelAvatarLink(base.DefaultAvatarSize)
+}
+
+// AvatarLink returns user avatar absolute link.
+func (u *User) AvatarLink() string {
+	link := u.RelAvatarLink()
+	if link[0] == '/' && link[1] != '/' {
+		return setting.AppURL + strings.TrimPrefix(link, setting.AppSubURL)[1:]
+	}
+	return link
+}
+
+// UploadAvatar saves custom avatar for user.
+// FIXME: split uploads to different subdirs in case we have massive users.
+func (u *User) UploadAvatar(data []byte) error {
+	m, err := avatar.Prepare(data)
+	if err != nil {
+		return err
+	}
+
+	sess := x.NewSession()
+	defer sess.Close()
+	if err = sess.Begin(); err != nil {
+		return err
+	}
+
+	u.UseCustomAvatar = true
+	// Different users can upload same image as avatar
+	// If we prefix it with u.ID, it will be separated
+	// Otherwise, if any of the users delete his avatar
+	// Other users will lose their avatars too.
+	u.Avatar = fmt.Sprintf("%x", md5.Sum([]byte(fmt.Sprintf("%d-%x", u.ID, md5.Sum(data)))))
+	if err = updateUser(sess, u); err != nil {
+		return fmt.Errorf("updateUser: %v", err)
+	}
+
+	if err := storage.SaveFrom(storage.Avatars, u.CustomAvatarRelativePath(), func(w io.Writer) error {
+		if err := png.Encode(w, *m); err != nil {
+			log.Error("Encode: %v", err)
+		}
+		return err
+	}); err != nil {
+		return fmt.Errorf("Failed to create dir %s: %v", u.CustomAvatarRelativePath(), err)
+	}
+
+	return sess.Commit()
+}
+
+// DeleteAvatar deletes the user's custom avatar.
+func (u *User) DeleteAvatar() error {
+	aPath := u.CustomAvatarRelativePath()
+	log.Trace("DeleteAvatar[%d]: %s", u.ID, aPath)
+	if len(u.Avatar) > 0 {
+		if err := storage.Avatars.Delete(aPath); err != nil {
+			return fmt.Errorf("Failed to remove %s: %v", aPath, err)
+		}
+	}
+
+	u.UseCustomAvatar = false
+	u.Avatar = ""
+	if _, err := x.ID(u.ID).Cols("avatar, use_custom_avatar").Update(u); err != nil {
+		return fmt.Errorf("UpdateUser: %v", err)
+	}
+	return nil
+}