imgproxy/server.go

package main

import (
	"compress/gzip"
	"crypto/subtle"
	"encoding/base64"
	"errors"
	"fmt"
	"log"
	"net/http"
	"net/url"
	"strconv"
	"strings"
	"time"
)

var mimes = map[imageType]string{
	JPEG: "image/jpeg",
	PNG:  "image/png",
	WEBP: "image/webp",
}

type httpHandler struct {
	sem chan struct{}
}

func newHTTPHandler() *httpHandler {
	return &httpHandler{make(chan struct{}, conf.Concurrency)}
}

func parsePath(r *http.Request) (string, processingOptions, error) {
	var po processingOptions
	var err error

	path := r.URL.Path
	parts := strings.Split(strings.TrimPrefix(path, "/"), "/")

	if len(parts) < 7 {
		return "", po, errors.New("Invalid path")
	}

	token := parts[0]

	if err = validatePath(token, strings.TrimPrefix(path, fmt.Sprintf("/%s", token))); err != nil {
		return "", po, err
	}

	if r, ok := resizeTypes[parts[1]]; ok {
		po.Resize = r
	} else {
		return "", po, fmt.Errorf("Invalid resize type: %s", parts[1])
	}

	if po.Width, err = strconv.Atoi(parts[2]); err != nil {
		return "", po, fmt.Errorf("Invalid width: %s", parts[2])
	}

	if po.Height, err = strconv.Atoi(parts[3]); err != nil {
		return "", po, fmt.Errorf("Invalid height: %s", parts[3])
	}

	if g, ok := gravityTypes[parts[4]]; ok {
		po.Gravity = g
	} else {
		return "", po, fmt.Errorf("Invalid gravity: %s", parts[4])
	}

	po.Enlarge = parts[5] != "0"

	filenameParts := strings.Split(strings.Join(parts[6:], ""), ".")

	if len(filenameParts) < 2 {
		po.Format = imageTypes["jpg"]
	} else if f, ok := imageTypes[filenameParts[1]]; ok {
		po.Format = f
	} else {
		return "", po, fmt.Errorf("Invalid image format: %s", filenameParts[1])
	}

	if !vipsTypeSupportSave[po.Format] {
		return "", po, errors.New("Resulting image type not supported")
	}

	filename, err := base64.RawURLEncoding.DecodeString(filenameParts[0])
	if err != nil {
		return "", po, errors.New("Invalid filename encoding")
	}

	return string(filename), po, nil
}

func logResponse(status int, msg string) {
	var color int

	if status >= 500 {
		color = 31
	} else if status >= 400 {
		color = 33
	} else {
		color = 32
	}

	log.Printf("|\033[7;%dm %d \033[0m| %s\n", color, status, msg)
}

func respondWithImage(r *http.Request, rw http.ResponseWriter, data []byte, imgURL string, po processingOptions, duration time.Duration) {
	gzipped := strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") && conf.GZipCompression > 0

	rw.Header().Set("Expires", time.Now().Add(time.Second*time.Duration(conf.TTL)).Format(http.TimeFormat))
	rw.Header().Set("Cache-Control", fmt.Sprintf("max-age=%d, public", conf.TTL))
	rw.Header().Set("Content-Type", mimes[po.Format])

	if gzipped {
		rw.Header().Set("Content-Encoding", "gzip")
	}

	rw.WriteHeader(200)

	if gzipped {
		gz, _ := gzip.NewWriterLevel(rw, conf.GZipCompression)
		gz.Write(data)
		gz.Close()
	} else {
		rw.Write(data)
	}

	logResponse(200, fmt.Sprintf("Processed in %s: %s; %+v", duration, imgURL, po))
}

func respondWithError(rw http.ResponseWriter, err imgproxyError) {
	logResponse(err.StatusCode, err.Message)

	rw.WriteHeader(err.StatusCode)
	rw.Write([]byte(err.PublicMessage))
}

func checkSecret(s string) bool {
	if len(conf.Secret) == 0 {
		return true
	}
	return strings.HasPrefix(s, "Bearer ") && subtle.ConstantTimeCompare([]byte(strings.TrimPrefix(s, "Bearer ")), []byte(conf.Secret)) == 1
}

func (h *httpHandler) lock() {
	t := startTimer(time.Duration(conf.WaitTimeout) * time.Second)

	select {
	case h.sem <- struct{}{}:
		// Go ahead
	case <-t.Timer:
		panic(t.TimeoutErr())
	}
}

func (h *httpHandler) unlock() {
	<-h.sem
}

func (h *httpHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
	log.Printf("GET: %s\n", r.URL.RequestURI())

	defer func() {
		if r := recover(); r != nil {
			if err, ok := r.(imgproxyError); ok {
				respondWithError(rw, err)
			} else {
				respondWithError(rw, newUnexpectedError(r.(error), 4))
			}
		}
	}()

	t := startTimer(time.Duration(conf.WriteTimeout) * time.Second)

	h.lock()
	defer h.unlock()

	if !checkSecret(r.Header.Get("Authorization")) {
		panic(invalidSecretErr)
	}

	if r.URL.Path == "/health" {
		rw.WriteHeader(200)
		rw.Write([]byte("imgproxy is running"))
		return
	}

	imgURL, procOpt, err := parsePath(r)
	if err != nil {
		panic(newError(404, err.Error(), "Invalid image url"))
	}

	if _, err = url.ParseRequestURI(imgURL); err != nil {
		panic(newError(404, err.Error(), "Invalid image url"))
	}

	b, imgtype, err := downloadImage(imgURL)
	if err != nil {
		panic(newError(404, err.Error(), "Image is unreachable"))
	}

	t.Check()

	if conf.ETagEnabled {
		eTag := calcETag(b, &procOpt)
		rw.Header().Set("ETag", eTag)

		if eTag == r.Header.Get("If-None-Match") {
			panic(notModifiedErr)
		}
	}

	t.Check()

	b, err = processImage(b, imgtype, procOpt, t)
	if err != nil {
		panic(newError(500, err.Error(), "Error occurred while processing image"))
	}

	t.Check()

	respondWithImage(r, rw, b, imgURL, procOpt, t.Since())
}
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`package main`

			`import (`
			`"compress/gzip"`
Prevent direct requests with X-Imgproxy-Secret header 2017-07-01 23:25:08 +02:00			`"crypto/subtle"`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`"encoding/base64"`
			`"errors"`
			`"fmt"`
			`"log"`
			`"net/http"`
			`"net/url"`
			`"strconv"`
			`"strings"`
Log processing time 2017-07-03 06:08:47 +02:00			`"time"`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`)`

Drop bimb dependency 2017-09-27 10:42:49 +02:00			`var mimes = map[imageType]string{`
			`JPEG: "image/jpeg",`
			`PNG: "image/png",`
			`WEBP: "image/webp",`
Content type based on processiong options 2017-07-05 23:09:41 +02:00			`}`

Add concurrency 2017-07-04 16:05:53 +02:00			`type httpHandler struct {`
			`sem chan struct{}`
			`}`

Use httpHandler pointer 2017-10-06 23:57:41 +02:00			`func newHTTPHandler() *httpHandler {`
			`return &httpHandler{make(chan struct{}, conf.Concurrency)}`
Add concurrency 2017-07-04 16:05:53 +02:00			`}`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00
			`func parsePath(r *http.Request) (string, processingOptions, error) {`
			`var po processingOptions`
			`var err error`

			`path := r.URL.Path`
			`parts := strings.Split(strings.TrimPrefix(path, "/"), "/")`

			`if len(parts) < 7 {`
			`return "", po, errors.New("Invalid path")`
			`}`

			`token := parts[0]`

			`if err = validatePath(token, strings.TrimPrefix(path, fmt.Sprintf("/%s", token))); err != nil {`
			`return "", po, err`
			`}`

Drop bimb dependency 2017-09-27 10:42:49 +02:00			`if r, ok := resizeTypes[parts[1]]; ok {`
Add support of ETag caching (#47) * Add ETag caching support * Update the readme file * Typo * Calculate ETag before image processing, rename Env Var * Make PO struct field public * Generate random value on server startup to be used in ETag calculation * Minor refactoring * Adjust boolean value parsing as discussed in GitHub PR page * Move random value generation to the config * Update README * Revert changes * Use footprint to calculate the hash of an image 2018-02-26 10:45:52 +02:00			`po.Resize = r`
Drop bimb dependency 2017-09-27 10:42:49 +02:00			`} else {`
			`return "", po, fmt.Errorf("Invalid resize type: %s", parts[1])`
			`}`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00
Add support of ETag caching (#47) * Add ETag caching support * Update the readme file * Typo * Calculate ETag before image processing, rename Env Var * Make PO struct field public * Generate random value on server startup to be used in ETag calculation * Minor refactoring * Adjust boolean value parsing as discussed in GitHub PR page * Move random value generation to the config * Update README * Revert changes * Use footprint to calculate the hash of an image 2018-02-26 10:45:52 +02:00			`if po.Width, err = strconv.Atoi(parts[2]); err != nil {`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`return "", po, fmt.Errorf("Invalid width: %s", parts[2])`
			`}`

Add support of ETag caching (#47) * Add ETag caching support * Update the readme file * Typo * Calculate ETag before image processing, rename Env Var * Make PO struct field public * Generate random value on server startup to be used in ETag calculation * Minor refactoring * Adjust boolean value parsing as discussed in GitHub PR page * Move random value generation to the config * Update README * Revert changes * Use footprint to calculate the hash of an image 2018-02-26 10:45:52 +02:00			`if po.Height, err = strconv.Atoi(parts[3]); err != nil {`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`return "", po, fmt.Errorf("Invalid height: %s", parts[3])`
			`}`

			`if g, ok := gravityTypes[parts[4]]; ok {`
Add support of ETag caching (#47) * Add ETag caching support * Update the readme file * Typo * Calculate ETag before image processing, rename Env Var * Make PO struct field public * Generate random value on server startup to be used in ETag calculation * Minor refactoring * Adjust boolean value parsing as discussed in GitHub PR page * Move random value generation to the config * Update README * Revert changes * Use footprint to calculate the hash of an image 2018-02-26 10:45:52 +02:00			`po.Gravity = g`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`} else {`
			`return "", po, fmt.Errorf("Invalid gravity: %s", parts[4])`
			`}`

Add support of ETag caching (#47) * Add ETag caching support * Update the readme file * Typo * Calculate ETag before image processing, rename Env Var * Make PO struct field public * Generate random value on server startup to be used in ETag calculation * Minor refactoring * Adjust boolean value parsing as discussed in GitHub PR page * Move random value generation to the config * Update README * Revert changes * Use footprint to calculate the hash of an image 2018-02-26 10:45:52 +02:00			`po.Enlarge = parts[5] != "0"`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00
			`filenameParts := strings.Split(strings.Join(parts[6:], ""), ".")`

			`if len(filenameParts) < 2 {`
Add support of ETag caching (#47) * Add ETag caching support * Update the readme file * Typo * Calculate ETag before image processing, rename Env Var * Make PO struct field public * Generate random value on server startup to be used in ETag calculation * Minor refactoring * Adjust boolean value parsing as discussed in GitHub PR page * Move random value generation to the config * Update README * Revert changes * Use footprint to calculate the hash of an image 2018-02-26 10:45:52 +02:00			`po.Format = imageTypes["jpg"]`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`} else if f, ok := imageTypes[filenameParts[1]]; ok {`
Add support of ETag caching (#47) * Add ETag caching support * Update the readme file * Typo * Calculate ETag before image processing, rename Env Var * Make PO struct field public * Generate random value on server startup to be used in ETag calculation * Minor refactoring * Adjust boolean value parsing as discussed in GitHub PR page * Move random value generation to the config * Update README * Revert changes * Use footprint to calculate the hash of an image 2018-02-26 10:45:52 +02:00			`po.Format = f`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`} else {`
			`return "", po, fmt.Errorf("Invalid image format: %s", filenameParts[1])`
			`}`

Add support of ETag caching (#47) * Add ETag caching support * Update the readme file * Typo * Calculate ETag before image processing, rename Env Var * Make PO struct field public * Generate random value on server startup to be used in ETag calculation * Minor refactoring * Adjust boolean value parsing as discussed in GitHub PR page * Move random value generation to the config * Update README * Revert changes * Use footprint to calculate the hash of an image 2018-02-26 10:45:52 +02:00			`if !vipsTypeSupportSave[po.Format] {`
Drop bimb dependency 2017-09-27 10:42:49 +02:00			`return "", po, errors.New("Resulting image type not supported")`
			`}`

Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`filename, err := base64.RawURLEncoding.DecodeString(filenameParts[0])`
			`if err != nil {`
			`return "", po, errors.New("Invalid filename encoding")`
			`}`

			`return string(filename), po, nil`
			`}`

			`func logResponse(status int, msg string) {`
			`var color int`

Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`if status >= 500 {`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`color = 31`
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`} else if status >= 400 {`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`color = 33`
			`} else {`
			`color = 32`
			`}`

			`log.Printf("\|\033[7;%dm %d \033[0m\| %s\n", color, status, msg)`
			`}`

Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`func respondWithImage(r *http.Request, rw http.ResponseWriter, data []byte, imgURL string, po processingOptions, duration time.Duration) {`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`gzipped := strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") && conf.GZipCompression > 0`

Add cache control 2017-07-03 12:10:44 +02:00			`rw.Header().Set("Expires", time.Now().Add(time.Second*time.Duration(conf.TTL)).Format(http.TimeFormat))`
correct Cache-contol header missusage. 2017-10-30 11:53:51 +02:00			`rw.Header().Set("Cache-Control", fmt.Sprintf("max-age=%d, public", conf.TTL))`
Add support of ETag caching (#47) * Add ETag caching support * Update the readme file * Typo * Calculate ETag before image processing, rename Env Var * Make PO struct field public * Generate random value on server startup to be used in ETag calculation * Minor refactoring * Adjust boolean value parsing as discussed in GitHub PR page * Move random value generation to the config * Update README * Revert changes * Use footprint to calculate the hash of an image 2018-02-26 10:45:52 +02:00			`rw.Header().Set("Content-Type", mimes[po.Format])`

Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`if gzipped {`
			`rw.Header().Set("Content-Encoding", "gzip")`
			`}`

			`rw.WriteHeader(200)`

			`if gzipped {`
			`gz, _ := gzip.NewWriterLevel(rw, conf.GZipCompression)`
			`gz.Write(data)`
			`gz.Close()`
			`} else {`
			`rw.Write(data)`
			`}`
Log processing time 2017-07-03 06:08:47 +02:00
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`logResponse(200, fmt.Sprintf("Processed in %s: %s; %+v", duration, imgURL, po))`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`}`

Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`func respondWithError(rw http.ResponseWriter, err imgproxyError) {`
			`logResponse(err.StatusCode, err.Message)`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`rw.WriteHeader(err.StatusCode)`
			`rw.Write([]byte(err.PublicMessage))`
Prevent direct requests with X-Imgproxy-Secret header 2017-07-01 23:25:08 +02:00			`}`

			`func checkSecret(s string) bool {`
Use Authorization header for secret 2017-07-03 11:36:37 +02:00			`if len(conf.Secret) == 0 {`
			`return true`
			`}`
			`return strings.HasPrefix(s, "Bearer ") && subtle.ConstantTimeCompare([]byte(strings.TrimPrefix(s, "Bearer ")), []byte(conf.Secret)) == 1`
Prevent direct requests with X-Imgproxy-Secret header 2017-07-01 23:25:08 +02:00			`}`

Ass wait timeout 2018-03-15 16:53:39 +02:00			`func (h *httpHandler) lock() {`
			`t := startTimer(time.Duration(conf.WaitTimeout) * time.Second)`

Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`select {`
			`case h.sem <- struct{}{}:`
			`// Go ahead`
			`case <-t.Timer:`
			`panic(t.TimeoutErr())`
			`}`
Add concurrency 2017-07-04 16:05:53 +02:00			`}`

			`func (h *httpHandler) unlock() {`
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`<-h.sem`
Add concurrency 2017-07-04 16:05:53 +02:00			`}`

Use httpHandler pointer 2017-10-06 23:57:41 +02:00			`func (h httpHandler) ServeHTTP(rw http.ResponseWriter, r http.Request) {`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`log.Printf("GET: %s\n", r.URL.RequestURI())`

Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`defer func() {`
			`if r := recover(); r != nil {`
			`if err, ok := r.(imgproxyError); ok {`
			`respondWithError(rw, err)`
			`} else {`
			`respondWithError(rw, newUnexpectedError(r.(error), 4))`
			`}`
			`}`
			`}()`
Add concurrency 2017-07-04 16:05:53 +02:00
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`t := startTimer(time.Duration(conf.WriteTimeout) * time.Second)`

Ass wait timeout 2018-03-15 16:53:39 +02:00			`h.lock()`
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`defer h.unlock()`
Log processing time 2017-07-03 06:08:47 +02:00
Use Authorization header for secret 2017-07-03 11:36:37 +02:00			`if !checkSecret(r.Header.Get("Authorization")) {`
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`panic(invalidSecretErr)`
Prevent direct requests with X-Imgproxy-Secret header 2017-07-01 23:25:08 +02:00			`}`

add /health endpoint Returns 200 OK after server starts. This greatly simplifies container deployment. For example, Kubernetes can be configured to not route traffic to imgproxy Pods that did not pass Readiness check against /health. 2017-10-25 11:57:19 +02:00			`if r.URL.Path == "/health" {`
Add support of ETag caching (#47) * Add ETag caching support * Update the readme file * Typo * Calculate ETag before image processing, rename Env Var * Make PO struct field public * Generate random value on server startup to be used in ETag calculation * Minor refactoring * Adjust boolean value parsing as discussed in GitHub PR page * Move random value generation to the config * Update README * Revert changes * Use footprint to calculate the hash of an image 2018-02-26 10:45:52 +02:00			`rw.WriteHeader(200)`
			`rw.Write([]byte("imgproxy is running"))`
add /health endpoint Returns 200 OK after server starts. This greatly simplifies container deployment. For example, Kubernetes can be configured to not route traffic to imgproxy Pods that did not pass Readiness check against /health. 2017-10-25 11:57:19 +02:00			`return`
			`}`

Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`imgURL, procOpt, err := parsePath(r)`
			`if err != nil {`
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`panic(newError(404, err.Error(), "Invalid image url"))`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`}`

			`if _, err = url.ParseRequestURI(imgURL); err != nil {`
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`panic(newError(404, err.Error(), "Invalid image url"))`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`}`

Drop bimb dependency 2017-09-27 10:42:49 +02:00			`b, imgtype, err := downloadImage(imgURL)`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`if err != nil {`
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`panic(newError(404, err.Error(), "Image is unreachable"))`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`}`

Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`t.Check()`

Refactor ETag support 2018-02-26 11:41:37 +02:00			`if conf.ETagEnabled {`
			`eTag := calcETag(b, &procOpt)`
			`rw.Header().Set("ETag", eTag)`

			`if eTag == r.Header.Get("If-None-Match") {`
			`panic(notModifiedErr)`
			`}`
Add support of ETag caching (#47) * Add ETag caching support * Update the readme file * Typo * Calculate ETag before image processing, rename Env Var * Make PO struct field public * Generate random value on server startup to be used in ETag calculation * Minor refactoring * Adjust boolean value parsing as discussed in GitHub PR page * Move random value generation to the config * Update README * Revert changes * Use footprint to calculate the hash of an image 2018-02-26 10:45:52 +02:00			`}`

Refactor ETag support 2018-02-26 11:41:37 +02:00			`t.Check()`

Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`b, err = processImage(b, imgtype, procOpt, t)`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`if err != nil {`
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`panic(newError(500, err.Error(), "Error occurred while processing image"))`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`}`

Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`t.Check()`

			`respondWithImage(r, rw, b, imgURL, procOpt, t.Since())`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`}`