From 744f20861ae6c8622c3f9e848f99d3bf52945b87 Mon Sep 17 00:00:00 2001 From: sneak Date: Mon, 6 Jul 2026 21:09:14 +0200 Subject: [PATCH] Update TODO.md: standard structure and Workflow section --- TODO.md | 132 ++++++++++++++++++++++++++++++++------------------------ 1 file changed, 76 insertions(+), 56 deletions(-) diff --git a/TODO.md b/TODO.md index 4c8042f..3a31058 100644 --- a/TODO.md +++ b/TODO.md @@ -1,65 +1,85 @@ -# Pixa 1.0 TODO +# Workflow -Remaining tasks sorted by priority for a working 1.0 release. +* branch (from `main`) +* do the work in Next Step +* move Next Step to the top of Completed Steps +* move the top item of Future Steps into Next Step +* commit (`TODO.md` changes in the same commit as the work) +* merge to `main` if the branch is not protected, otherwise open a PR +* push -## P0: Critical for 1.0 +# Status -### Image Processing -- [x] Add WebP encoding support (currently returns error) -- [x] Add AVIF encoding support (implemented via govips) +pre-1.0. No git tags exist. main (6b4a1d7, 2026-04-07) is current with +origin; recent work extracted the internal/magic and internal/allowlist +packages. The 10 gosec findings from the 2026-07-06 morning survey are +NOT fixed on main: the newest gosec/lint fix commits are from +2026-02-25 (85729d9, ce6db76) and nothing since touches gosec, so those +findings remain open. -### Manual Testing (verify auth/encrypted URLs work) -- [ ] Manual test: visit `/`, see login form -- [ ] Manual test: enter wrong key, see error -- [ ] Manual test: enter correct signing key, see generator form -- [ ] Manual test: generate encrypted URL, verify it works -- [ ] Manual test: wait for expiration or use short TTL, verify expired URL returns 410 -- [ ] Manual test: logout, verify redirected to login +# Next Step -### Cache Management -- [ ] Implement cache size management/eviction (prevent disk from filling up) +Fix the 10 open gosec lint findings so make check passes on main again +(main must always be green; no gosec fix commits have landed since +2026-02-25). No blanket suppressions; fix or justify each finding +individually. -### Configuration -- [ ] Validate configuration on startup (fail fast on bad config) +# Completed Steps -## P1: Important for Production +- 2026-04-07 extract magic byte detection into internal/magic (#42) +- 2026-03-25 extract allowlist package from internal/imgcache (#41) +- 2026-03-25 move schema_migrations table creation into 000.sql (#36) +- 2026-03-20 enforce and document exact-match-only signature + verification (#40) +- 2026-03-20 bound imageprocessor.Process input read to prevent + unbounded memory use (#37); consolidate appname into an + internal/globals constant (#34) +- 2026-03-18 parse version prefix from migration filenames (#33) +- 2026-03-15 QA audit fixes for 1.0/MVP readiness (#25) +- 2026-03-02 split Dockerfile with pre-built golangci-lint stage for + faster CI (#23) +- 2026-02-25 repo policy compliance: CI workflow, hash-pinned images, + golangci-lint and gosec fixes of that date (#14); arm64 Docker build + fix (#16) +- 2026-01-08 WebP and AVIF encoding support via govips (both former P0 + image processing items, now done) -### Security -- [ ] Implement blocked networks configuration (extend SSRF protection) -- [ ] Add rate limiting global concurrent fetches (prevent resource exhaustion) +# Future Steps -### Image Processing -- [ ] Implement EXIF/metadata stripping (privacy) - -## P2: Nice to Have - -### Security -- [ ] Implement referer blacklist -- [ ] Add rate limiting per-IP -- [ ] Add rate limiting per-origin - -### HTTP Response Handling -- [ ] Implement Last-Modified headers -- [ ] Implement Vary header for content negotiation -- [ ] Implement X-Request-ID propagation - -### Additional Endpoints -- [ ] Implement auto-format selection (format=auto based on Accept header) - -### Configuration -- [ ] Add all configuration options from README -- [ ] Implement environment variable overrides -- [ ] Implement YAML config file support - -### Operational -- [ ] Implement Sentry error reporting (optional) -- [ ] Add comprehensive request logging -- [ ] Add performance metrics (Prometheus) -- [ ] Write integration tests for image proxy flow -- [ ] Write load tests to verify 1-5k req/s target - -### Documentation -- [ ] Document configuration options -- [ ] Document API endpoints -- [ ] Document deployment guide -- [ ] Add example nginx/caddy reverse proxy config +- P0: manual test pass of the auth and encrypted URL flows, then + commit the checked-off results to TODO.md: visit / and see the login + form; wrong key shows an error; correct signing key shows the + generator form; a generated encrypted URL serves the image; an + expired URL (short TTL) returns 410; logout redirects back to login +- P0: implement cache size management and eviction so the disk cannot + fill up +- P0: validate configuration on startup, fail fast on bad config +- P1: implement blocked networks configuration to extend SSRF + protection +- P1: rate limit global concurrent upstream fetches to prevent + resource exhaustion +- P1: strip EXIF and other metadata from processed images (privacy) +- P2: security + - referer blacklist + - per-IP rate limiting + - per-origin rate limiting +- P2: HTTP response handling + - Last-Modified headers + - Vary header for content negotiation + - X-Request-ID propagation +- P2: auto format selection (format=auto based on Accept header) +- P2: configuration + - add all configuration options from README + - environment variable overrides + - YAML config file support +- P2: operational + - optional Sentry error reporting + - comprehensive request logging + - Prometheus performance metrics + - integration tests for the image proxy flow + - load tests to verify the 1k to 5k req/s target +- P2: documentation + - configuration options + - API endpoints + - deployment guide + - example nginx or caddy reverse proxy config -- 2.49.1