2.0 KiB
2.0 KiB
Pixa 1.0 TODO
Remaining tasks sorted by priority for a working 1.0 release.
P0: Critical for 1.0
Image Processing
- Add WebP encoding support (currently returns error)
- Add AVIF encoding support (currently returns error)
Manual Testing (verify auth/encrypted URLs work)
- Manual test: visit
/, see login form - Manual test: enter wrong key, see error
- Manual test: enter correct signing key, see generator form
- Manual test: generate encrypted URL, verify it works
- Manual test: wait for expiration or use short TTL, verify expired URL returns 410
- Manual test: logout, verify redirected to login
Cache Management
- Implement cache size management/eviction (prevent disk from filling up)
Configuration
- Validate configuration on startup (fail fast on bad config)
P1: Important for Production
Security
- Implement blocked networks configuration (extend SSRF protection)
- Add rate limiting global concurrent fetches (prevent resource exhaustion)
Image Processing
- Implement EXIF/metadata stripping (privacy)
P2: Nice to Have
Security
- Implement referer blacklist
- Add rate limiting per-IP
- Add rate limiting per-origin
HTTP Response Handling
- Implement Last-Modified headers
- Implement Vary header for content negotiation
- Implement X-Request-ID propagation
Additional Endpoints
- Implement auto-format selection (format=auto based on Accept header)
Configuration
- Add all configuration options from README
- Implement environment variable overrides
- Implement YAML config file support
Operational
- Implement Sentry error reporting (optional)
- Add comprehensive request logging
- Add performance metrics (Prometheus)
- Write integration tests for image proxy flow
- Write load tests to verify 1-5k req/s target
Documentation
- Document configuration options
- Document API endpoints
- Document deployment guide
- Add example nginx/caddy reverse proxy config