2.4 KiB
2.4 KiB
Status
pre-1.0. No git tags. Full policy file set is present, but make check fails on main with 10 gosec lint findings, so main is not green.
Next Step
Fix the 10 gosec findings so make check passes on main. Fix each issue properly (no blanket nolint suppressions) and confirm lint, tests, and CI are green. This restores the main-always-green policy.
Completed Steps
- 2026-02-25: Docker arm64 build fixed via architecture detection for golangci-lint download (#16)
- 2026-02-25: full repo policy compliance pass (#14): LICENSE, REPO_POLICIES.md, .editorconfig, Gitea Actions CI workflow, Docker images pinned by hash, README restructured to policy sections, hooks Makefile target, golangci-lint errors resolved
- 2026-02-20: stale local dev config files removed (#12)
- 2026-02-09: correctness fixes: negative cache checked in Service.Get() before upstream fetch (#8); Stats() column scanning and HitRate computation corrected (#9)
- 2026-02-08: AllowHTTP propagated to SourceURL() scheme selection (#6)
- WebP encoding support added (P0 item, checked off in TODO)
- 2026-01-08: initial implementation with Makefile and TODO checklist
Future Steps
Compliance:
- After the gosec fix lands, verify CI runs make check green on main
P0, critical for 1.0 (from existing TODO.md):
- Add AVIF encoding support (currently returns error)
- Manual test pass for auth and encrypted URLs:
- visit /, see login form
- wrong key shows error; correct signing key shows generator form
- generated encrypted URL works
- expired URL (short TTL) returns 410
- logout redirects to login
- Implement cache size management and eviction (prevent disk fill)
- Validate configuration on startup (fail fast on bad config)
P1, important for production:
- Blocked networks configuration (extend SSRF protection)
- Rate limit global concurrent fetches (resource exhaustion)
- EXIF/metadata stripping (privacy)
P2, nice to have:
- Referer blacklist; per-IP and per-origin rate limiting
- Last-Modified headers; Vary header; X-Request-ID propagation
- Auto-format selection (format=auto based on Accept header)
- All configuration options from README; env var overrides; YAML config file support
- Sentry error reporting (optional); comprehensive request logging; Prometheus metrics
- Integration tests for the image proxy flow; load tests for the 1-5k req/s target
- Docs: configuration options, API endpoints, deployment guide, example nginx/caddy reverse proxy config