This PR introduces signed urls on profile pictures. This means that only we (wannabe) can generate valid and viewable links to profile pictures. In other words, if you don't see a profile picture in any of the views wannabe provides you, you don't have access to it. And if you try to share link it will work for a short time (1 day) before expiring.
The idea of doing it this way versus introducing controller to do access checks based on VCL, etc;
It's much simpler to reason about; You sign the url, then use it
If you have access to a view containing a profile picture, you also have access to the picture. Allowing us to do regular access control on pages and features, and profile pictures will just appear when needed as part of that.
For older profile pictures (and profile data) we likely have to actually delete/clean them anyway
This PR introduces signed urls on profile pictures. This means that only we (wannabe) can generate valid and viewable links to profile pictures. In other words, if you don't see a profile picture in any of the views wannabe provides you, you don't have access to it. And if you try to share link it will work for a short time (1 day) before expiring.
The idea of doing it this way versus introducing controller to do access checks based on VCL, etc;
Relates to: https://github.com/gathering/wannabe/issues/20