From 58ce0238eb078b9a9463c3da180fbeb0e6459ce5 Mon Sep 17 00:00:00 2001
From: "Julio A." <52619625+julio-cfa@users.noreply.github.com>
Date: Tue, 13 Aug 2024 18:32:10 +0200
Subject: [PATCH 1/2] update accounts.ts to change default value

---
 apps/meteor/server/settings/accounts.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/meteor/server/settings/accounts.ts b/apps/meteor/server/settings/accounts.ts
index 39e4183dbf5f..a744c47b2a41 100644
--- a/apps/meteor/server/settings/accounts.ts
+++ b/apps/meteor/server/settings/accounts.ts
@@ -760,7 +760,7 @@ export const createAccountSettings = () =>
 				i18nDescription: 'Accounts_AvatarCacheTime_description',
 			});
 
-			await this.add('Accounts_AvatarBlockUnauthenticatedAccess', false, {
+			await this.add('Accounts_AvatarBlockUnauthenticatedAccess', true, {
 				type: 'boolean',
 				public: true,
 			});

From cd7d8a4de5451d263ec2f059daef74bacc4108bd Mon Sep 17 00:00:00 2001
From: "Julio A." <52619625+julio-cfa@users.noreply.github.com>
Date: Wed, 14 Aug 2024 01:25:50 +0200
Subject: [PATCH 2/2] Generate initial avatars for anonymous access

---
 .../server/routes/avatar/middlewares/auth.js      | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/apps/meteor/server/routes/avatar/middlewares/auth.js b/apps/meteor/server/routes/avatar/middlewares/auth.js
index 40eb072d405c..5a4ead7ed048 100644
--- a/apps/meteor/server/routes/avatar/middlewares/auth.js
+++ b/apps/meteor/server/routes/avatar/middlewares/auth.js
@@ -1,11 +1,20 @@
-import { userCanAccessAvatar } from '../utils';
+import { userCanAccessAvatar, renderSVGLetters } from '../utils';
 
 // protect all avatar endpoints
 export const protectAvatars = async (req, res, next) => {
 	if (!(await userCanAccessAvatar(req))) {
-		res.writeHead(403);
-		res.write('Forbidden');
+		let roomOrUsername;
+
+		if (req.url.startsWith('/room')) {
+			roomOrUsername = req.url.split('/')[2] || 'Room';
+		} else {
+			roomOrUsername = req.url.split('/')[1] || 'Anonymous';
+		}
+
+		res.writeHead(200, { 'Content-Type': 'image/svg+xml' });
+		res.write(renderSVGLetters(roomOrUsername, 200));
 		res.end();
+
 		return;
 	}