Update TODO.md: standard structure and Workflow section #44

Merged
sneak merged 1 commits from TODO into main 2026-07-06 21:20:56 +02:00

132
TODO.md
View File

@@ -1,65 +1,85 @@
# Pixa 1.0 TODO # Workflow
Remaining tasks sorted by priority for a working 1.0 release. * branch (from `main`)
* do the work in Next Step
* move Next Step to the top of Completed Steps
* move the top item of Future Steps into Next Step
* commit (`TODO.md` changes in the same commit as the work)
* merge to `main` if the branch is not protected, otherwise open a PR
* push
## P0: Critical for 1.0 # Status
### Image Processing pre-1.0. No git tags exist. main (6b4a1d7, 2026-04-07) is current with
- [x] Add WebP encoding support (currently returns error) origin; recent work extracted the internal/magic and internal/allowlist
- [x] Add AVIF encoding support (implemented via govips) packages. The 10 gosec findings from the 2026-07-06 morning survey are
NOT fixed on main: the newest gosec/lint fix commits are from
2026-02-25 (85729d9, ce6db76) and nothing since touches gosec, so those
findings remain open.
### Manual Testing (verify auth/encrypted URLs work) # Next Step
- [ ] Manual test: visit `/`, see login form
- [ ] Manual test: enter wrong key, see error
- [ ] Manual test: enter correct signing key, see generator form
- [ ] Manual test: generate encrypted URL, verify it works
- [ ] Manual test: wait for expiration or use short TTL, verify expired URL returns 410
- [ ] Manual test: logout, verify redirected to login
### Cache Management Fix the 10 open gosec lint findings so make check passes on main again
- [ ] Implement cache size management/eviction (prevent disk from filling up) (main must always be green; no gosec fix commits have landed since
2026-02-25). No blanket suppressions; fix or justify each finding
individually.
### Configuration # Completed Steps
- [ ] Validate configuration on startup (fail fast on bad config)
## P1: Important for Production - 2026-04-07 extract magic byte detection into internal/magic (#42)
- 2026-03-25 extract allowlist package from internal/imgcache (#41)
- 2026-03-25 move schema_migrations table creation into 000.sql (#36)
- 2026-03-20 enforce and document exact-match-only signature
verification (#40)
- 2026-03-20 bound imageprocessor.Process input read to prevent
unbounded memory use (#37); consolidate appname into an
internal/globals constant (#34)
- 2026-03-18 parse version prefix from migration filenames (#33)
- 2026-03-15 QA audit fixes for 1.0/MVP readiness (#25)
- 2026-03-02 split Dockerfile with pre-built golangci-lint stage for
faster CI (#23)
- 2026-02-25 repo policy compliance: CI workflow, hash-pinned images,
golangci-lint and gosec fixes of that date (#14); arm64 Docker build
fix (#16)
- 2026-01-08 WebP and AVIF encoding support via govips (both former P0
image processing items, now done)
### Security # Future Steps
- [ ] Implement blocked networks configuration (extend SSRF protection)
- [ ] Add rate limiting global concurrent fetches (prevent resource exhaustion)
### Image Processing - P0: manual test pass of the auth and encrypted URL flows, then
- [ ] Implement EXIF/metadata stripping (privacy) commit the checked-off results to TODO.md: visit / and see the login
form; wrong key shows an error; correct signing key shows the
## P2: Nice to Have generator form; a generated encrypted URL serves the image; an
expired URL (short TTL) returns 410; logout redirects back to login
### Security - P0: implement cache size management and eviction so the disk cannot
- [ ] Implement referer blacklist fill up
- [ ] Add rate limiting per-IP - P0: validate configuration on startup, fail fast on bad config
- [ ] Add rate limiting per-origin - P1: implement blocked networks configuration to extend SSRF
protection
### HTTP Response Handling - P1: rate limit global concurrent upstream fetches to prevent
- [ ] Implement Last-Modified headers resource exhaustion
- [ ] Implement Vary header for content negotiation - P1: strip EXIF and other metadata from processed images (privacy)
- [ ] Implement X-Request-ID propagation - P2: security
- referer blacklist
### Additional Endpoints - per-IP rate limiting
- [ ] Implement auto-format selection (format=auto based on Accept header) - per-origin rate limiting
- P2: HTTP response handling
### Configuration - Last-Modified headers
- [ ] Add all configuration options from README - Vary header for content negotiation
- [ ] Implement environment variable overrides - X-Request-ID propagation
- [ ] Implement YAML config file support - P2: auto format selection (format=auto based on Accept header)
- P2: configuration
### Operational - add all configuration options from README
- [ ] Implement Sentry error reporting (optional) - environment variable overrides
- [ ] Add comprehensive request logging - YAML config file support
- [ ] Add performance metrics (Prometheus) - P2: operational
- [ ] Write integration tests for image proxy flow - optional Sentry error reporting
- [ ] Write load tests to verify 1-5k req/s target - comprehensive request logging
- Prometheus performance metrics
### Documentation - integration tests for the image proxy flow
- [ ] Document configuration options - load tests to verify the 1k to 5k req/s target
- [ ] Document API endpoints - P2: documentation
- [ ] Document deployment guide - configuration options
- [ ] Add example nginx/caddy reverse proxy config - API endpoints
- deployment guide
- example nginx or caddy reverse proxy config