Update TODO.md: standard structure and Workflow section (#44)
All checks were successful
check / check (push) Successful in 5s
All checks were successful
check / check (push) Successful in 5s
Reviewed-on: #44 Co-authored-by: sneak <sneak@sneak.berlin> Co-committed-by: sneak <sneak@sneak.berlin>
This commit was merged in pull request #44.
This commit is contained in:
132
TODO.md
132
TODO.md
@@ -1,65 +1,85 @@
|
||||
# Pixa 1.0 TODO
|
||||
# Workflow
|
||||
|
||||
Remaining tasks sorted by priority for a working 1.0 release.
|
||||
* branch (from `main`)
|
||||
* do the work in Next Step
|
||||
* move Next Step to the top of Completed Steps
|
||||
* move the top item of Future Steps into Next Step
|
||||
* commit (`TODO.md` changes in the same commit as the work)
|
||||
* merge to `main` if the branch is not protected, otherwise open a PR
|
||||
* push
|
||||
|
||||
## P0: Critical for 1.0
|
||||
# Status
|
||||
|
||||
### Image Processing
|
||||
- [x] Add WebP encoding support (currently returns error)
|
||||
- [x] Add AVIF encoding support (implemented via govips)
|
||||
pre-1.0. No git tags exist. main (6b4a1d7, 2026-04-07) is current with
|
||||
origin; recent work extracted the internal/magic and internal/allowlist
|
||||
packages. The 10 gosec findings from the 2026-07-06 morning survey are
|
||||
NOT fixed on main: the newest gosec/lint fix commits are from
|
||||
2026-02-25 (85729d9, ce6db76) and nothing since touches gosec, so those
|
||||
findings remain open.
|
||||
|
||||
### Manual Testing (verify auth/encrypted URLs work)
|
||||
- [ ] Manual test: visit `/`, see login form
|
||||
- [ ] Manual test: enter wrong key, see error
|
||||
- [ ] Manual test: enter correct signing key, see generator form
|
||||
- [ ] Manual test: generate encrypted URL, verify it works
|
||||
- [ ] Manual test: wait for expiration or use short TTL, verify expired URL returns 410
|
||||
- [ ] Manual test: logout, verify redirected to login
|
||||
# Next Step
|
||||
|
||||
### Cache Management
|
||||
- [ ] Implement cache size management/eviction (prevent disk from filling up)
|
||||
Fix the 10 open gosec lint findings so make check passes on main again
|
||||
(main must always be green; no gosec fix commits have landed since
|
||||
2026-02-25). No blanket suppressions; fix or justify each finding
|
||||
individually.
|
||||
|
||||
### Configuration
|
||||
- [ ] Validate configuration on startup (fail fast on bad config)
|
||||
# Completed Steps
|
||||
|
||||
## P1: Important for Production
|
||||
- 2026-04-07 extract magic byte detection into internal/magic (#42)
|
||||
- 2026-03-25 extract allowlist package from internal/imgcache (#41)
|
||||
- 2026-03-25 move schema_migrations table creation into 000.sql (#36)
|
||||
- 2026-03-20 enforce and document exact-match-only signature
|
||||
verification (#40)
|
||||
- 2026-03-20 bound imageprocessor.Process input read to prevent
|
||||
unbounded memory use (#37); consolidate appname into an
|
||||
internal/globals constant (#34)
|
||||
- 2026-03-18 parse version prefix from migration filenames (#33)
|
||||
- 2026-03-15 QA audit fixes for 1.0/MVP readiness (#25)
|
||||
- 2026-03-02 split Dockerfile with pre-built golangci-lint stage for
|
||||
faster CI (#23)
|
||||
- 2026-02-25 repo policy compliance: CI workflow, hash-pinned images,
|
||||
golangci-lint and gosec fixes of that date (#14); arm64 Docker build
|
||||
fix (#16)
|
||||
- 2026-01-08 WebP and AVIF encoding support via govips (both former P0
|
||||
image processing items, now done)
|
||||
|
||||
### Security
|
||||
- [ ] Implement blocked networks configuration (extend SSRF protection)
|
||||
- [ ] Add rate limiting global concurrent fetches (prevent resource exhaustion)
|
||||
# Future Steps
|
||||
|
||||
### Image Processing
|
||||
- [ ] Implement EXIF/metadata stripping (privacy)
|
||||
|
||||
## P2: Nice to Have
|
||||
|
||||
### Security
|
||||
- [ ] Implement referer blacklist
|
||||
- [ ] Add rate limiting per-IP
|
||||
- [ ] Add rate limiting per-origin
|
||||
|
||||
### HTTP Response Handling
|
||||
- [ ] Implement Last-Modified headers
|
||||
- [ ] Implement Vary header for content negotiation
|
||||
- [ ] Implement X-Request-ID propagation
|
||||
|
||||
### Additional Endpoints
|
||||
- [ ] Implement auto-format selection (format=auto based on Accept header)
|
||||
|
||||
### Configuration
|
||||
- [ ] Add all configuration options from README
|
||||
- [ ] Implement environment variable overrides
|
||||
- [ ] Implement YAML config file support
|
||||
|
||||
### Operational
|
||||
- [ ] Implement Sentry error reporting (optional)
|
||||
- [ ] Add comprehensive request logging
|
||||
- [ ] Add performance metrics (Prometheus)
|
||||
- [ ] Write integration tests for image proxy flow
|
||||
- [ ] Write load tests to verify 1-5k req/s target
|
||||
|
||||
### Documentation
|
||||
- [ ] Document configuration options
|
||||
- [ ] Document API endpoints
|
||||
- [ ] Document deployment guide
|
||||
- [ ] Add example nginx/caddy reverse proxy config
|
||||
- P0: manual test pass of the auth and encrypted URL flows, then
|
||||
commit the checked-off results to TODO.md: visit / and see the login
|
||||
form; wrong key shows an error; correct signing key shows the
|
||||
generator form; a generated encrypted URL serves the image; an
|
||||
expired URL (short TTL) returns 410; logout redirects back to login
|
||||
- P0: implement cache size management and eviction so the disk cannot
|
||||
fill up
|
||||
- P0: validate configuration on startup, fail fast on bad config
|
||||
- P1: implement blocked networks configuration to extend SSRF
|
||||
protection
|
||||
- P1: rate limit global concurrent upstream fetches to prevent
|
||||
resource exhaustion
|
||||
- P1: strip EXIF and other metadata from processed images (privacy)
|
||||
- P2: security
|
||||
- referer blacklist
|
||||
- per-IP rate limiting
|
||||
- per-origin rate limiting
|
||||
- P2: HTTP response handling
|
||||
- Last-Modified headers
|
||||
- Vary header for content negotiation
|
||||
- X-Request-ID propagation
|
||||
- P2: auto format selection (format=auto based on Accept header)
|
||||
- P2: configuration
|
||||
- add all configuration options from README
|
||||
- environment variable overrides
|
||||
- YAML config file support
|
||||
- P2: operational
|
||||
- optional Sentry error reporting
|
||||
- comprehensive request logging
|
||||
- Prometheus performance metrics
|
||||
- integration tests for the image proxy flow
|
||||
- load tests to verify the 1k to 5k req/s target
|
||||
- P2: documentation
|
||||
- configuration options
|
||||
- API endpoints
|
||||
- deployment guide
|
||||
- example nginx or caddy reverse proxy config
|
||||
|
||||
Reference in New Issue
Block a user