Files
pixa/TODO.md
sneak c7d90314fd
All checks were successful
check / check (push) Successful in 1m58s
Update TODO.md
2026-07-06 20:35:48 +02:00

65 lines
2.4 KiB
Markdown

# Status
pre-1.0. No git tags. Full policy file set is present, but make check
fails on main with 10 gosec lint findings, so main is not green.
# Next Step
Fix the 10 gosec findings so make check passes on main. Fix each issue
properly (no blanket nolint suppressions) and confirm lint, tests, and
CI are green. This restores the main-always-green policy.
# Completed Steps
- 2026-02-25: Docker arm64 build fixed via architecture detection for
golangci-lint download (#16)
- 2026-02-25: full repo policy compliance pass (#14): LICENSE,
REPO_POLICIES.md, .editorconfig, Gitea Actions CI workflow, Docker
images pinned by hash, README restructured to policy sections, hooks
Makefile target, golangci-lint errors resolved
- 2026-02-20: stale local dev config files removed (#12)
- 2026-02-09: correctness fixes: negative cache checked in Service.Get()
before upstream fetch (#8); Stats() column scanning and HitRate
computation corrected (#9)
- 2026-02-08: AllowHTTP propagated to SourceURL() scheme selection (#6)
- WebP encoding support added (P0 item, checked off in TODO)
- 2026-01-08: initial implementation with Makefile and TODO checklist
# Future Steps
Compliance:
- After the gosec fix lands, verify CI runs make check green on main
P0, critical for 1.0 (from existing TODO.md):
- Add AVIF encoding support (currently returns error)
- Manual test pass for auth and encrypted URLs:
- visit /, see login form
- wrong key shows error; correct signing key shows generator form
- generated encrypted URL works
- expired URL (short TTL) returns 410
- logout redirects to login
- Implement cache size management and eviction (prevent disk fill)
- Validate configuration on startup (fail fast on bad config)
P1, important for production:
- Blocked networks configuration (extend SSRF protection)
- Rate limit global concurrent fetches (resource exhaustion)
- EXIF/metadata stripping (privacy)
P2, nice to have:
- Referer blacklist; per-IP and per-origin rate limiting
- Last-Modified headers; Vary header; X-Request-ID propagation
- Auto-format selection (format=auto based on Accept header)
- All configuration options from README; env var overrides; YAML config
file support
- Sentry error reporting (optional); comprehensive request logging;
Prometheus metrics
- Integration tests for the image proxy flow; load tests for the
1-5k req/s target
- Docs: configuration options, API endpoints, deployment guide, example
nginx/caddy reverse proxy config