Fix avatar URL token handling and improve user avatar download timeout management

go_cloud/internal/http/routes.go

@@ -6,6 +6,7 @@ import (
 	"context"
 	"database/sql"
 	"encoding/json"
+	stderrors "errors"
 	"fmt"
 	"io"
 	"log"
@@ -4185,18 +4186,33 @@ func getUserAvatarHandler(w http.ResponseWriter, r *http.Request, db *database.D
 		return
 	}
 	remotePath := strings.TrimPrefix(*avatarURL, client.BaseURL+"/")
-	resp, err := client.Download(r.Context(), remotePath, "")
+
+	// Use a short timeout to avoid hanging behind proxies; return 404 if WebDAV is slow or times out
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	resp, err := client.Download(ctx, remotePath, "")
 	if err != nil {
+		// If download timed out or gateway returned 504, treat as "no avatar" so frontend shows default icon
+		if strings.Contains(err.Error(), "504") || stderrors.Is(err, context.DeadlineExceeded) {
+			fmt.Printf("[ERROR] Avatar download timeout for remotePath=%s: %v\n", remotePath, err)
+			w.WriteHeader(http.StatusNotFound)
+			return
+		}
+
 		errors.LogError(r, err, "Failed to download avatar")
 		errors.WriteError(w, errors.CodeInternal, "Server error", http.StatusInternalServerError)
 		return
 	}
 	defer resp.Body.Close()
 
-	// Copy headers
+	// Copy headers but ensure sensible caching
 	for k, v := range resp.Header {
 		w.Header()[k] = v
 	}
+	// Opt into short caching; client-side cache is also versioned via v=
+	w.Header().Set("Cache-Control", "public, max-age=300")
+
 	w.WriteHeader(resp.StatusCode)
 	io.Copy(w, resp.Body)
 }