65 lines
2.4 KiB
Markdown
65 lines
2.4 KiB
Markdown
# Status
|
|
|
|
pre-1.0. No git tags. Full policy file set is present, but make check
|
|
fails on main with 10 gosec lint findings, so main is not green.
|
|
|
|
# Next Step
|
|
|
|
Fix the 10 gosec findings so make check passes on main. Fix each issue
|
|
properly (no blanket nolint suppressions) and confirm lint, tests, and
|
|
CI are green. This restores the main-always-green policy.
|
|
|
|
# Completed Steps
|
|
|
|
- 2026-02-25: Docker arm64 build fixed via architecture detection for
|
|
golangci-lint download (#16)
|
|
- 2026-02-25: full repo policy compliance pass (#14): LICENSE,
|
|
REPO_POLICIES.md, .editorconfig, Gitea Actions CI workflow, Docker
|
|
images pinned by hash, README restructured to policy sections, hooks
|
|
Makefile target, golangci-lint errors resolved
|
|
- 2026-02-20: stale local dev config files removed (#12)
|
|
- 2026-02-09: correctness fixes: negative cache checked in Service.Get()
|
|
before upstream fetch (#8); Stats() column scanning and HitRate
|
|
computation corrected (#9)
|
|
- 2026-02-08: AllowHTTP propagated to SourceURL() scheme selection (#6)
|
|
- WebP encoding support added (P0 item, checked off in TODO)
|
|
- 2026-01-08: initial implementation with Makefile and TODO checklist
|
|
|
|
# Future Steps
|
|
|
|
Compliance:
|
|
|
|
- After the gosec fix lands, verify CI runs make check green on main
|
|
|
|
P0, critical for 1.0 (from existing TODO.md):
|
|
|
|
- Add AVIF encoding support (currently returns error)
|
|
- Manual test pass for auth and encrypted URLs:
|
|
- visit /, see login form
|
|
- wrong key shows error; correct signing key shows generator form
|
|
- generated encrypted URL works
|
|
- expired URL (short TTL) returns 410
|
|
- logout redirects to login
|
|
- Implement cache size management and eviction (prevent disk fill)
|
|
- Validate configuration on startup (fail fast on bad config)
|
|
|
|
P1, important for production:
|
|
|
|
- Blocked networks configuration (extend SSRF protection)
|
|
- Rate limit global concurrent fetches (resource exhaustion)
|
|
- EXIF/metadata stripping (privacy)
|
|
|
|
P2, nice to have:
|
|
|
|
- Referer blacklist; per-IP and per-origin rate limiting
|
|
- Last-Modified headers; Vary header; X-Request-ID propagation
|
|
- Auto-format selection (format=auto based on Accept header)
|
|
- All configuration options from README; env var overrides; YAML config
|
|
file support
|
|
- Sentry error reporting (optional); comprehensive request logging;
|
|
Prometheus metrics
|
|
- Integration tests for the image proxy flow; load tests for the
|
|
1-5k req/s target
|
|
- Docs: configuration options, API endpoints, deployment guide, example
|
|
nginx/caddy reverse proxy config
|