sneak/pixa
1
0
Fork 0
Code Issues 3 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
88f19b4f350bd083c31c624ec41d484f3a56bb2f
pixa/TODO.md
user 88f19b4f35
All checks were successful
check / check (push) Successful in 2m40s
Details
fix: stale TODO items and manual test script field names 
- Mark AVIF encoding as done (already implemented via govips)
- Fix manual-test.sh: use correct form field name 'key' (not 'password')
- Fix manual-test.sh: use correct form field names for generator
  (url/quality/fit/ttl instead of source_url/fit_mode)
2026-03-11 19:30:47 -07:00

2.0 KiB
Raw Blame History

Pixa 1.0 TODO

Remaining tasks sorted by priority for a working 1.0 release.

P0: Critical for 1.0

Image Processing

  • Add WebP encoding support (currently returns error)
  • Add AVIF encoding support (implemented via govips)

Manual Testing (verify auth/encrypted URLs work)

  • Manual test: visit /, see login form
  • Manual test: enter wrong key, see error
  • Manual test: enter correct signing key, see generator form
  • Manual test: generate encrypted URL, verify it works
  • Manual test: wait for expiration or use short TTL, verify expired URL returns 410
  • Manual test: logout, verify redirected to login

Cache Management

  • Implement cache size management/eviction (prevent disk from filling up)

Configuration

  • Validate configuration on startup (fail fast on bad config)

P1: Important for Production

Security

  • Implement blocked networks configuration (extend SSRF protection)
  • Add rate limiting global concurrent fetches (prevent resource exhaustion)

Image Processing

  • Implement EXIF/metadata stripping (privacy)

P2: Nice to Have

Security

  • Implement referer blacklist
  • Add rate limiting per-IP
  • Add rate limiting per-origin

HTTP Response Handling

  • Implement Last-Modified headers
  • Implement Vary header for content negotiation
  • Implement X-Request-ID propagation

Additional Endpoints

  • Implement auto-format selection (format=auto based on Accept header)

Configuration

  • Add all configuration options from README
  • Implement environment variable overrides
  • Implement YAML config file support

Operational

  • Implement Sentry error reporting (optional)
  • Add comprehensive request logging
  • Add performance metrics (Prometheus)
  • Write integration tests for image proxy flow
  • Write load tests to verify 1-5k req/s target

Documentation

  • Document configuration options
  • Document API endpoints
  • Document deployment guide
  • Add example nginx/caddy reverse proxy config
Reference in New Issue View Git Blame Copy Permalink