Wire up image handler endpoint with service orchestration

- Add image proxy config options (signing_key, whitelist_hosts, allow_http) - Create Service to orchestrate cache, fetcher, and processor - Initialize image service in handlers OnStart hook - Implement HandleImage with URL parsing, signature validation, cache - Implement HandleRobotsTxt for search engine prevention - Parse query params for signature, quality, and fit mode
2026-01-08 04:01:53 -08:00
parent 5462c9222c
commit fd2d108f9c
5 changed files with 487 additions and 17 deletions
--- a/internal/handlers/handlers.go
+++ b/internal/handlers/handlers.go
@@ -6,9 +6,13 @@ import (
 	"encoding/json"
 	"log/slog"
 	"net/http"
+	"time"

 	"go.uber.org/fx"
+	"sneak.berlin/go/pixa/internal/config"
+	"sneak.berlin/go/pixa/internal/database"
 	"sneak.berlin/go/pixa/internal/healthcheck"
+	"sneak.berlin/go/pixa/internal/imgcache"
 	"sneak.berlin/go/pixa/internal/logger"
 )

@@ -17,30 +21,76 @@ type Params struct {
 	fx.In
 	Logger      *logger.Logger
 	Healthcheck *healthcheck.Healthcheck
+	Database    *database.Database
+	Config      *config.Config
 }

 // Handlers provides HTTP request handlers.
 type Handlers struct {
-	log *slog.Logger
-	hc  *healthcheck.Healthcheck
+	log      *slog.Logger
+	hc       *healthcheck.Healthcheck
+	db       *database.Database
+	config   *config.Config
+	imgSvc   *imgcache.Service
+	imgCache *imgcache.Cache
 }

 // New creates a new Handlers instance.
 func New(lc fx.Lifecycle, params Params) (*Handlers, error) {
 	s := &Handlers{
-		log: params.Logger.Get(),
-		hc:  params.Healthcheck,
+		log:    params.Logger.Get(),
+		hc:     params.Healthcheck,
+		db:     params.Database,
+		config: params.Config,
 	}

 	lc.Append(fx.Hook{
 		OnStart: func(_ context.Context) error {
-			return nil
+			return s.initImageService()
 		},
 	})

 	return s, nil
 }

+// initImageService initializes the image cache and service.
+func (s *Handlers) initImageService() error {
+	// Create the cache
+	cache, err := imgcache.NewCache(s.db.DB(), imgcache.CacheConfig{
+		StateDir:        s.config.StateDir,
+		CacheTTL:        imgcache.DefaultCacheTTL,
+		NegativeTTL:     imgcache.DefaultNegativeTTL,
+		HotCacheSize:    imgcache.DefaultHotCacheSize,
+		HotCacheEnabled: true,
+	})
+	if err != nil {
+		return err
+	}
+
+	s.imgCache = cache
+
+	// Create the fetcher config
+	fetcherCfg := imgcache.DefaultFetcherConfig()
+	fetcherCfg.AllowHTTP = s.config.AllowHTTP
+
+	// Create the service
+	svc, err := imgcache.NewService(&imgcache.ServiceConfig{
+		Cache:         cache,
+		FetcherConfig: fetcherCfg,
+		SigningKey:    s.config.SigningKey,
+		Whitelist:     s.config.WhitelistHosts,
+		Logger:        s.log,
+	})
+	if err != nil {
+		return err
+	}
+
+	s.imgSvc = svc
+	s.log.Info("image service initialized")
+
+	return nil
+}
+
 func (s *Handlers) respondJSON(w http.ResponseWriter, data interface{}, status int) {
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(status)
@@ -51,3 +101,11 @@ func (s *Handlers) respondJSON(w http.ResponseWriter, data interface{}, status i
 		}
 	}
 }
+
+func (s *Handlers) respondError(w http.ResponseWriter, message string, status int) {
+	s.respondJSON(w, map[string]interface{}{
+		"error":     message,
+		"status":    status,
+		"timestamp": time.Now().UTC().Format(time.RFC3339),
+	}, status)
+}
--- a/internal/handlers/image.go
+++ b/internal/handlers/image.go
@@ -1,28 +1,145 @@
 package handlers

 import (
+	"errors"
+	"io"
 	"net/http"
+	"strconv"
+	"time"
+
+	"github.com/go-chi/chi/v5"
+	"sneak.berlin/go/pixa/internal/imgcache"
 )

 // HandleImage handles the main image proxy route:
 // /v1/image/<host>/<path>/<width>x<height>.<format>
 func (s *Handlers) HandleImage() http.HandlerFunc {
-	return func(_ http.ResponseWriter, _ *http.Request) {
-		// FIXME: Implement image proxy handler
-		// - Parse URL to extract host, path, size, format
-		// - Validate signature and expiration
-		// - Check source host whitelist
-		// - Fetch from upstream (with SSRF protection)
-		// - Process image (resize, convert format)
-		// - Cache and serve result
-		panic("unimplemented")
+	return func(w http.ResponseWriter, r *http.Request) {
+		ctx := r.Context()
+
+		// Get the wildcard path from chi
+		pathParam := chi.URLParam(r, "*")
+
+		// Parse the URL path
+		parsed, err := imgcache.ParseImagePath(pathParam)
+		if err != nil {
+			s.log.Warn("failed to parse image URL",
+				"path", pathParam,
+				"error", err,
+			)
+			s.respondError(w, "invalid image URL: "+err.Error(), http.StatusBadRequest)
+
+			return
+		}
+
+		// Convert to ImageRequest
+		req := parsed.ToImageRequest()
+
+		// Parse signature params from query string
+		query := r.URL.Query()
+		req.Signature = query.Get("sig")
+
+		if expStr := query.Get("exp"); expStr != "" {
+			if exp, err := strconv.ParseInt(expStr, 10, 64); err == nil {
+				req.Expires = time.Unix(exp, 0)
+			}
+		}
+
+		// Parse optional quality and fit params
+		if qStr := query.Get("q"); qStr != "" {
+			if q, err := strconv.Atoi(qStr); err == nil && q > 0 && q <= 100 {
+				req.Quality = q
+			}
+		}
+
+		if fit := query.Get("fit"); fit != "" {
+			req.FitMode = imgcache.FitMode(fit)
+		}
+
+		// Default quality if not set
+		if req.Quality == 0 {
+			req.Quality = 85
+		}
+
+		// Default fit mode if not set
+		if req.FitMode == "" {
+			req.FitMode = imgcache.FitCover
+		}
+
+		// Validate signature if required
+		if err := s.imgSvc.ValidateRequest(req); err != nil {
+			s.log.Warn("signature validation failed",
+				"host", req.SourceHost,
+				"path", req.SourcePath,
+				"error", err,
+			)
+			s.respondError(w, "unauthorized", http.StatusUnauthorized)
+
+			return
+		}
+
+		// Get the image (from cache or fetch/process)
+		resp, err := s.imgSvc.Get(ctx, req)
+		if err != nil {
+			s.log.Error("failed to get image",
+				"host", req.SourceHost,
+				"path", req.SourcePath,
+				"error", err,
+			)
+
+			// Check for specific error types
+			if errors.Is(err, imgcache.ErrSSRFBlocked) {
+				s.respondError(w, "forbidden", http.StatusForbidden)
+
+				return
+			}
+
+			if errors.Is(err, imgcache.ErrUpstreamError) {
+				s.respondError(w, "upstream error", http.StatusBadGateway)
+
+				return
+			}
+
+			s.respondError(w, "internal error", http.StatusInternalServerError)
+
+			return
+		}
+		defer func() { _ = resp.Content.Close() }()
+
+		// Set response headers
+		w.Header().Set("Content-Type", resp.ContentType)
+		if resp.ContentLength > 0 {
+			w.Header().Set("Content-Length", strconv.FormatInt(resp.ContentLength, 10))
+		}
+
+		// Cache control headers
+		w.Header().Set("Cache-Control", "public, max-age=31536000, immutable")
+		w.Header().Set("X-Pixa-Cache", string(resp.CacheStatus))
+
+		if resp.ETag != "" {
+			w.Header().Set("ETag", resp.ETag)
+		}
+
+		// Stream the response
+		w.WriteHeader(http.StatusOK)
+
+		_, err = io.Copy(w, resp.Content)
+		if err != nil {
+			s.log.Error("failed to write response",
+				"error", err,
+			)
+		}
 	}
 }

 // HandleRobotsTxt serves robots.txt to prevent search engine crawling.
 func (s *Handlers) HandleRobotsTxt() http.HandlerFunc {
-	return func(_ http.ResponseWriter, _ *http.Request) {
-		// FIXME: Implement robots.txt handler
-		panic("unimplemented")
+	robotsTxt := []byte("User-agent: *\nDisallow: /\n")
+
+	return func(w http.ResponseWriter, _ *http.Request) {
+		w.Header().Set("Content-Type", "text/plain")
+		w.Header().Set("Content-Length", strconv.Itoa(len(robotsTxt)))
+		w.WriteHeader(http.StatusOK)
+		_, _ = w.Write(robotsTxt)
 	}
 }