Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

added validuntil option #222

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,5 @@ vendor/**/CONTRIBUTORS
vendor/**/Makefile
vendor/**/*_ZH.md
vendor/**/*.sh

cmd/imageproxy*/imageproxy*
3 changes: 3 additions & 0 deletions cmd/imageproxy-sign/main_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,9 @@ func TestParseURL(t *testing.T) {
// ensure signature values are stripped
{"http://localhost:8080/sc0ffee/http://example.com/", "http://example.com/#0x0"},
{"http://example.com/#sc0ffee", "http://example.com/#0x0"},

// validuntil
{"http://localhost:8080/vu20200304/http://example.com/", "http://example.com/#0x0,vu20200304"},
}

for _, tt := range tests {
Expand Down
17 changes: 17 additions & 0 deletions data.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ const (
optCropWidth = "cw"
optCropHeight = "ch"
optSmartCrop = "sc"
optValidUntil = "vu"
)

// URLError reports a malformed URL error.
Expand Down Expand Up @@ -91,6 +92,9 @@ type Options struct {

// Automatically find good crop points based on image content.
SmartCrop bool

// Check if the URL is still valid in conjunction with a signature you can not change validity of a request.
ValidUntil int
}

func (o Options) String() string {
Expand Down Expand Up @@ -134,7 +138,12 @@ func (o Options) String() string {
if o.SmartCrop {
opts = append(opts, optSmartCrop)
}
if o.ValidUntil > 0 {
opts = append(opts, fmt.Sprintf("%s%d", optValidUntil, o.ValidUntil))
}

sort.Strings(opts)

return strings.Join(opts, ",")
}

Expand Down Expand Up @@ -230,6 +239,11 @@ func (o Options) transform() bool {
// See https://github.com/willnorris/imageproxy/blob/master/docs/url-signing.md
// for examples of generating signatures.
//
// Validity
//
// The "vu{date}" option specifies a date until the request is valid. Please keep in mind
// to not harm your browser caching TTL settings.
//
// Examples
//
// 0x0 - no resizing
Expand Down Expand Up @@ -283,6 +297,9 @@ func ParseOptions(str string) Options {
case strings.HasPrefix(opt, optCropHeight):
value := strings.TrimPrefix(opt, optCropHeight)
options.CropHeight, _ = strconv.ParseFloat(value, 64)
case strings.HasPrefix(opt, optValidUntil):
value := strings.TrimPrefix(opt, optValidUntil)
options.ValidUntil, _ = strconv.Atoi(value)
case strings.Contains(opt, optSizeDelimiter):
size := strings.SplitN(opt, optSizeDelimiter, 2)
if w := size[0]; w != "" {
Expand Down
13 changes: 10 additions & 3 deletions imageproxy.go
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,6 @@ func (p *Proxy) serveImage(w http.ResponseWriter, r *http.Request) {
copyHeader(actualReq.Header, r.Header, "referer")
}
resp, err := p.Client.Do(actualReq)

if err != nil {
msg := fmt.Sprintf("error fetching remote image: %v", err)
p.log(msg)
Expand Down Expand Up @@ -229,7 +228,7 @@ func (p *Proxy) serveImage(w http.ResponseWriter, r *http.Request) {

copyHeader(w.Header(), resp.Header, "Content-Length")

//Enable CORS for 3rd party applications
// Enable CORS for 3rd party applications
w.Header().Set("Access-Control-Allow-Origin", "*")

w.WriteHeader(resp.StatusCode)
Expand Down Expand Up @@ -267,14 +266,22 @@ var (
errReferrer = errors.New("request does not contain an allowed referrer")
errDeniedHost = errors.New("request contains a denied host")
errNotAllowed = errors.New("request does not contain an allowed host or valid signature")
errNotValid = errors.New("request is no longer valid")

msgNotAllowed = "requested URL is not allowed"
)

// allowed determines whether the specified request contains an allowed
// referrer, host, and signature. It returns an error if the request is not
// allowed.
// allowed or not valid any longer.
func (p *Proxy) allowed(r *Request) error {
if r.Options.ValidUntil > 0 {
y, m, d := time.Now().Date()
if r.Options.ValidUntil < y*10000+int(m)*100+d {
return errNotValid
}
}

if len(p.Referrers) > 0 && !referrerMatches(p.Referrers, r.Original) {
return errReferrer
}
Expand Down