This commit is contained in:
101
TODO.md
101
TODO.md
@@ -1,65 +1,64 @@
|
||||
# Pixa 1.0 TODO
|
||||
# Status
|
||||
|
||||
Remaining tasks sorted by priority for a working 1.0 release.
|
||||
pre-1.0. No git tags. Full policy file set is present, but make check
|
||||
fails on main with 10 gosec lint findings, so main is not green.
|
||||
|
||||
## P0: Critical for 1.0
|
||||
# Next Step
|
||||
|
||||
### Image Processing
|
||||
- [x] Add WebP encoding support (currently returns error)
|
||||
- [ ] Add AVIF encoding support (currently returns error)
|
||||
Fix the 10 gosec findings so make check passes on main. Fix each issue
|
||||
properly (no blanket nolint suppressions) and confirm lint, tests, and
|
||||
CI are green. This restores the main-always-green policy.
|
||||
|
||||
### Manual Testing (verify auth/encrypted URLs work)
|
||||
- [ ] Manual test: visit `/`, see login form
|
||||
- [ ] Manual test: enter wrong key, see error
|
||||
- [ ] Manual test: enter correct signing key, see generator form
|
||||
- [ ] Manual test: generate encrypted URL, verify it works
|
||||
- [ ] Manual test: wait for expiration or use short TTL, verify expired URL returns 410
|
||||
- [ ] Manual test: logout, verify redirected to login
|
||||
# Completed Steps
|
||||
|
||||
### Cache Management
|
||||
- [ ] Implement cache size management/eviction (prevent disk from filling up)
|
||||
- 2026-02-25: Docker arm64 build fixed via architecture detection for
|
||||
golangci-lint download (#16)
|
||||
- 2026-02-25: full repo policy compliance pass (#14): LICENSE,
|
||||
REPO_POLICIES.md, .editorconfig, Gitea Actions CI workflow, Docker
|
||||
images pinned by hash, README restructured to policy sections, hooks
|
||||
Makefile target, golangci-lint errors resolved
|
||||
- 2026-02-20: stale local dev config files removed (#12)
|
||||
- 2026-02-09: correctness fixes: negative cache checked in Service.Get()
|
||||
before upstream fetch (#8); Stats() column scanning and HitRate
|
||||
computation corrected (#9)
|
||||
- 2026-02-08: AllowHTTP propagated to SourceURL() scheme selection (#6)
|
||||
- WebP encoding support added (P0 item, checked off in TODO)
|
||||
- 2026-01-08: initial implementation with Makefile and TODO checklist
|
||||
|
||||
### Configuration
|
||||
- [ ] Validate configuration on startup (fail fast on bad config)
|
||||
# Future Steps
|
||||
|
||||
## P1: Important for Production
|
||||
Compliance:
|
||||
|
||||
### Security
|
||||
- [ ] Implement blocked networks configuration (extend SSRF protection)
|
||||
- [ ] Add rate limiting global concurrent fetches (prevent resource exhaustion)
|
||||
- After the gosec fix lands, verify CI runs make check green on main
|
||||
|
||||
### Image Processing
|
||||
- [ ] Implement EXIF/metadata stripping (privacy)
|
||||
P0, critical for 1.0 (from existing TODO.md):
|
||||
|
||||
## P2: Nice to Have
|
||||
- Add AVIF encoding support (currently returns error)
|
||||
- Manual test pass for auth and encrypted URLs:
|
||||
- visit /, see login form
|
||||
- wrong key shows error; correct signing key shows generator form
|
||||
- generated encrypted URL works
|
||||
- expired URL (short TTL) returns 410
|
||||
- logout redirects to login
|
||||
- Implement cache size management and eviction (prevent disk fill)
|
||||
- Validate configuration on startup (fail fast on bad config)
|
||||
|
||||
### Security
|
||||
- [ ] Implement referer blacklist
|
||||
- [ ] Add rate limiting per-IP
|
||||
- [ ] Add rate limiting per-origin
|
||||
P1, important for production:
|
||||
|
||||
### HTTP Response Handling
|
||||
- [ ] Implement Last-Modified headers
|
||||
- [ ] Implement Vary header for content negotiation
|
||||
- [ ] Implement X-Request-ID propagation
|
||||
- Blocked networks configuration (extend SSRF protection)
|
||||
- Rate limit global concurrent fetches (resource exhaustion)
|
||||
- EXIF/metadata stripping (privacy)
|
||||
|
||||
### Additional Endpoints
|
||||
- [ ] Implement auto-format selection (format=auto based on Accept header)
|
||||
P2, nice to have:
|
||||
|
||||
### Configuration
|
||||
- [ ] Add all configuration options from README
|
||||
- [ ] Implement environment variable overrides
|
||||
- [ ] Implement YAML config file support
|
||||
|
||||
### Operational
|
||||
- [ ] Implement Sentry error reporting (optional)
|
||||
- [ ] Add comprehensive request logging
|
||||
- [ ] Add performance metrics (Prometheus)
|
||||
- [ ] Write integration tests for image proxy flow
|
||||
- [ ] Write load tests to verify 1-5k req/s target
|
||||
|
||||
### Documentation
|
||||
- [ ] Document configuration options
|
||||
- [ ] Document API endpoints
|
||||
- [ ] Document deployment guide
|
||||
- [ ] Add example nginx/caddy reverse proxy config
|
||||
- Referer blacklist; per-IP and per-origin rate limiting
|
||||
- Last-Modified headers; Vary header; X-Request-ID propagation
|
||||
- Auto-format selection (format=auto based on Accept header)
|
||||
- All configuration options from README; env var overrides; YAML config
|
||||
file support
|
||||
- Sentry error reporting (optional); comprehensive request logging;
|
||||
Prometheus metrics
|
||||
- Integration tests for the image proxy flow; load tests for the
|
||||
1-5k req/s target
|
||||
- Docs: configuration options, API endpoints, deployment guide, example
|
||||
nginx/caddy reverse proxy config
|
||||
|
||||
Reference in New Issue
Block a user