clawbot
2e934c8894
Všechny kontroly byly úspěšné
check / check (push) Successful in 5s
closes #24 ## QA Audit Fixes This PR addresses issues found during the 1.0/MVP QA audit. ### Changes 1. **TODO.md: Mark AVIF encoding as done** — AVIF encoding is fully implemented via govips in `processor.go` but was still listed as a TODO item. 2. **scripts/manual-test.sh: Fix form field names** — The manual test script was using wrong field names: - Login form: was sending `password=...`, should be `key=...` (matching the HTML form's `name="key"`) - Generator form: was sending `source_url`, `fit_mode` — should be `url`, `fit` (matching the handler's `r.FormValue()` calls) - This means **the manual test script never actually worked** — login always failed silently because the `key` field was empty. ### Full QA Audit Results The comprehensive QA audit report has been posted as a comment on [issue #24](#24). Co-authored-by: user <user@Mac.lan guest wan> Reviewed-on: #25 Co-authored-by: clawbot <clawbot@noreply.example.org> Co-committed-by: clawbot <clawbot@noreply.example.org>
2.0 KiB
2.0 KiB
Pixa 1.0 TODO
Remaining tasks sorted by priority for a working 1.0 release.
P0: Critical for 1.0
Image Processing
- Add WebP encoding support (currently returns error)
- Add AVIF encoding support (implemented via govips)
Manual Testing (verify auth/encrypted URLs work)
- Manual test: visit
/, see login form - Manual test: enter wrong key, see error
- Manual test: enter correct signing key, see generator form
- Manual test: generate encrypted URL, verify it works
- Manual test: wait for expiration or use short TTL, verify expired URL returns 410
- Manual test: logout, verify redirected to login
Cache Management
- Implement cache size management/eviction (prevent disk from filling up)
Configuration
- Validate configuration on startup (fail fast on bad config)
P1: Important for Production
Security
- Implement blocked networks configuration (extend SSRF protection)
- Add rate limiting global concurrent fetches (prevent resource exhaustion)
Image Processing
- Implement EXIF/metadata stripping (privacy)
P2: Nice to Have
Security
- Implement referer blacklist
- Add rate limiting per-IP
- Add rate limiting per-origin
HTTP Response Handling
- Implement Last-Modified headers
- Implement Vary header for content negotiation
- Implement X-Request-ID propagation
Additional Endpoints
- Implement auto-format selection (format=auto based on Accept header)
Configuration
- Add all configuration options from README
- Implement environment variable overrides
- Implement YAML config file support
Operational
- Implement Sentry error reporting (optional)
- Add comprehensive request logging
- Add performance metrics (Prometheus)
- Write integration tests for image proxy flow
- Write load tests to verify 1-5k req/s target
Documentation
- Document configuration options
- Document API endpoints
- Document deployment guide
- Add example nginx/caddy reverse proxy config