2e349a8b83
Implement security headers middleware
...
Adds X-Content-Type-Options, X-Frame-Options, Referrer-Policy,
and X-XSS-Protection headers to all responses.
2026-01-08 10:02:17 -08:00
5de7a26735
Add failing tests for security headers middleware
...
Tests for X-Content-Type-Options, X-Frame-Options, Referrer-Policy,
X-XSS-Protection headers on responses.
2026-01-08 10:01:36 -08:00
95408e68d4
Implement max input dimensions and path traversal validation
...
- Reject input images exceeding MaxInputDimension (8192px) to prevent DoS
- Detect path traversal: ../, encoded variants, backslashes, null bytes
2026-01-08 08:50:18 -08:00
c964feac7e
Add failing tests for input dimension and path traversal validation
...
Tests for:
- ErrInputTooLarge when input image exceeds MaxInputDimension
- ErrPathTraversal for ../, encoded traversal, backslashes, null bytes
2026-01-08 08:48:11 -08:00
2cbafe374c
Add mock fetcher and service tests for imgcache
...
Introduces Fetcher interface, mock implementation for testing,
and ApplyMigrations helper for test database setup.
2026-01-08 07:39:18 -08:00
1f0ec59eb5
Wire up auth routes and encrypted URL endpoint
...
Add session manager and encurl generator to handlers.
Register /, /logout, /generate, /v1/e/{token}, /static/* routes.
2026-01-08 07:38:44 -08:00
08d6e264ed
Add auth and encrypted image handlers
...
Login page, logout, URL generator form, and /v1/e/{token}
endpoint for serving images from encrypted URLs.
2026-01-08 07:38:15 -08:00
aad5e59d23
Add static files and HTML templates for web UI
...
Embedded Tailwind CSS and login/generator templates.
Self-contained with no external dependencies.
2026-01-08 07:38:09 -08:00
c033e918f0
Add encurl package for encrypted URL tokens
...
CBOR-encoded payloads with NaCl secretbox encryption.
Supports expiration, image parameters with omitempty defaults.
2026-01-08 07:38:05 -08:00
041b18f651
Add session package for encrypted cookie management
...
Uses gorilla/securecookie with keys derived via HKDF.
30-day TTL, HttpOnly, Secure, SameSiteStrict cookies.
2026-01-08 07:37:58 -08:00
3f4f345d1c
Add seal package for authenticated encryption
...
Provides HKDF-SHA256 key derivation and NaCl secretbox
(XSalsa20-Poly1305) encryption/decryption utilities.
2026-01-08 07:37:53 -08:00
f244d9c7e0
Add per-host connection limits for upstream fetching
...
- Add upstream_connections_per_host config option (default: 20)
- Implement per-host semaphores to limit concurrent connections
- Semaphore released when response body is closed
- Prevents overwhelming origin servers with parallel requests
2026-01-08 05:19:20 -08:00
6304556837
Refactor to serve all responses from cached files on disk
...
- StoreOutput now returns output hash for immediate retrieval
- Cache misses now serve from disk file after storing (same as hits)
- Log served_bytes from actual io.Copy result (avoids stat calls)
- Remove ContentLength field usage for cache hits (stream from file)
- Fix tests to properly check all return values
2026-01-08 05:11:55 -08:00
1a97f42cd8
Add detailed logging for image requests with cache status and timing
2026-01-08 05:04:08 -08:00
6a20406b0f
Add -config flag using cobra to specify config file path
2026-01-08 04:58:05 -08:00
9647829ac9
Support YAML list format for whitelist_hosts config
2026-01-08 04:08:51 -08:00
3fcf9d9146
Add failing test for YAML list format in whitelist_hosts config
2026-01-08 04:08:11 -08:00
fd2d108f9c
Wire up image handler endpoint with service orchestration
...
- Add image proxy config options (signing_key, whitelist_hosts, allow_http)
- Create Service to orchestrate cache, fetcher, and processor
- Initialize image service in handlers OnStart hook
- Implement HandleImage with URL parsing, signature validation, cache
- Implement HandleRobotsTxt for search engine prevention
- Parse query params for signature, quality, and fit mode
2026-01-08 04:01:53 -08:00
5462c9222c
Add pure Go image processor with resize and format conversion
...
Implements the Processor interface using disintegration/imaging library.
Supports JPEG, PNG, GIF, WebP decoding and JPEG, PNG, GIF encoding.
Includes all fit modes: cover, contain, fill, inside, outside.
2026-01-08 03:54:50 -08:00
9629139989
Add tests for cache service
...
Tests cover: lookup miss/hit, store source/output, negative caching,
negative cache expiry, hot cache, output retrieval, stats, and cleanup.
2026-01-08 03:39:23 -08:00
6d32b7ee23
Fix formatting in fetcher and signature tests
2026-01-08 03:36:00 -08:00
30c5c077e5
Add cache service with hot cache and negative caching
...
Implements cache lookup with in-memory hot path, source/output storage,
negative caching for failed fetches, TTL expiration, and statistics tracking.
2026-01-08 03:35:55 -08:00
2f20c71da0
Add content-addressable storage and cache key generation
...
ContentStorage stores blobs at <dir>/<ab>/<cd>/<sha256> paths.
MetadataStorage stores JSON at <dir>/<host>/<path_hash>.json.
CacheKey generates unique keys from request parameters.
2026-01-08 03:35:50 -08:00
4595929275
Add embedded SQL migrations system
...
Migrations are stored in schema/*.sql and embedded via go:embed.
Applied migrations are tracked in schema_migrations table.
Initial schema includes source_content, source_metadata, output_content,
request_cache, negative_cache, and cache_stats tables.
2026-01-08 03:35:43 -08:00
30d63e80dc
Add magic byte detection for image format validation
...
Implements format detection by checking file magic bytes for JPEG, PNG,
GIF, WebP, AVIF, and SVG. Includes validation against declared Content-Type.
2026-01-08 03:35:29 -08:00
cc2c40bfbf
Implement HMAC-SHA256 signature generation and verification
2026-01-08 03:02:09 -08:00
2b0ccd6052
Implement host whitelist for source domains
2026-01-08 03:00:53 -08:00
018c280267
Add ParseImagePath for chi wildcard and upstream fetcher with SSRF protection
2026-01-08 02:59:48 -08:00
c69ddf6f61
Implement URL parser for image proxy routes
2026-01-08 02:55:05 -08:00
09a0e6f039
Fix formatting alignment in server constants
2026-01-08 02:31:01 -08:00
1ac16bcfb4
Remove unused respondError function
2026-01-08 02:30:13 -08:00
837c91e0dd
Rename unused ctx parameters in server hooks
2026-01-08 02:29:48 -08:00
827f9743b8
Add package and const block comments to imgcache
2026-01-08 02:29:25 -08:00
453fd22ce2
Add doc comment to HandleHealthCheck method
2026-01-08 02:28:30 -08:00
eb2ba92745
Add comment to SQLite blank import
2026-01-08 02:28:05 -08:00
29adb6ee47
Rename unused parameters to _ to satisfy linter
2026-01-08 02:27:45 -08:00
146eeee070
Use bit shift for HTTPMaxHeaderBytes constant
2026-01-08 02:26:47 -08:00
31df1a4a03
Rename LoggerParams to Params to avoid stuttering
2026-01-08 02:26:15 -08:00
1824d99f55
Rename ServerParams to Params to avoid stuttering
2026-01-08 02:25:56 -08:00
3f6328766c
Rename MiddlewareParams to Params to avoid stuttering
2026-01-08 02:25:42 -08:00
ad89bd9232
Rename HealthcheckParams and HealthcheckResponse to avoid stuttering
2026-01-08 02:25:28 -08:00
43e4172fb3
Rename HandlersParams to Params to avoid stuttering
2026-01-08 02:25:00 -08:00
c68c8909f7
Rename DatabaseParams to Params to avoid stuttering
2026-01-08 02:24:40 -08:00
d95d31df25
Rename ConfigParams to Params to avoid stuttering
2026-01-08 02:24:20 -08:00
ef6e67e786
Add blank line before return in SourceURL
2026-01-08 02:23:23 -08:00
751e557884
Define ShutdownTimeout and SentryFlushTimeout constants
2026-01-08 02:22:58 -08:00
0eb6193431
Use HTTPWriteTimeout constant for request timeout
2026-01-08 02:22:25 -08:00
bf24a310bc
Define HTTP server timeout and header size constants
2026-01-08 02:21:54 -08:00
115f92660d
Define CORSMaxAgeSeconds constant
2026-01-08 02:21:30 -08:00
ce25ea8f6f
Define DefaultPort and DefaultStateDir constants
2026-01-08 02:21:00 -08:00
