imgproxy/server.go

package main

import (
	"bytes"
	"compress/gzip"
	"context"
	"crypto/subtle"
	"fmt"
	"log"
	"net"
	"net/http"
	"net/url"
	"strconv"
	"strings"
	"time"

	nanoid "github.com/matoous/go-nanoid"
	"golang.org/x/net/netutil"
)

var mimes = map[imageType]string{
	imageTypeJPEG: "image/jpeg",
	imageTypePNG:  "image/png",
	imageTypeWEBP: "image/webp",
}

type httpHandler struct {
	sem chan struct{}
}

func newHTTPHandler() *httpHandler {
	return &httpHandler{make(chan struct{}, conf.Concurrency)}
}

func startServer() *http.Server {
	l, err := net.Listen("tcp", conf.Bind)
	if err != nil {
		log.Fatal(err)
	}

	s := &http.Server{
		Handler:        newHTTPHandler(),
		ReadTimeout:    time.Duration(conf.ReadTimeout) * time.Second,
		MaxHeaderBytes: 1 << 20,
	}

	go func() {
		log.Printf("Starting server at %s\n", conf.Bind)
		log.Fatal(s.Serve(netutil.LimitListener(l, conf.MaxClients)))
	}()

	return s
}

func shutdownServer(s *http.Server) {
	log.Println("Shutting down the server...")

	ctx, close := context.WithTimeout(context.Background(), 5*time.Second)
	defer close()

	s.Shutdown(ctx)
}

func logResponse(status int, msg string) {
	var color int

	if status >= 500 {
		color = 31
	} else if status >= 400 {
		color = 33
	} else {
		color = 32
	}

	log.Printf("|\033[7;%dm %d \033[0m| %s\n", color, status, msg)
}

func writeCORS(rw http.ResponseWriter) {
	if len(conf.AllowOrigin) > 0 {
		rw.Header().Set("Access-Control-Allow-Origin", conf.AllowOrigin)
		rw.Header().Set("Access-Control-Allow-Methods", "GET, OPTIONs")
	}
}

func respondWithImage(reqID string, r *http.Request, rw http.ResponseWriter, data []byte, imgURL string, po processingOptions, duration time.Duration) {
	gzipped := strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") && conf.GZipCompression > 0

	rw.Header().Set("Expires", time.Now().Add(time.Second*time.Duration(conf.TTL)).Format(http.TimeFormat))
	rw.Header().Set("Cache-Control", fmt.Sprintf("max-age=%d, public", conf.TTL))
	rw.Header().Set("Content-Type", mimes[po.Format])

	dataToRespond := data

	if gzipped {
		var buf bytes.Buffer

		gz, _ := gzip.NewWriterLevel(&buf, conf.GZipCompression)
		gz.Write(data)
		gz.Close()

		dataToRespond = buf.Bytes()

		rw.Header().Set("Content-Encoding", "gzip")
	}

	rw.Header().Set("Content-Length", strconv.Itoa(len(dataToRespond)))

	rw.WriteHeader(200)
	rw.Write(dataToRespond)

	logResponse(200, fmt.Sprintf("[%s] Processed in %s: %s; %+v", reqID, duration, imgURL, po))
}

func respondWithError(reqID string, rw http.ResponseWriter, err imgproxyError) {
	logResponse(err.StatusCode, fmt.Sprintf("[%s] %s", reqID, err.Message))

	rw.WriteHeader(err.StatusCode)
	rw.Write([]byte(err.PublicMessage))
}

func respondWithOptions(reqID string, rw http.ResponseWriter) {
	logResponse(200, fmt.Sprintf("[%s] Respond with options", reqID))
	rw.WriteHeader(200)
}

func checkSecret(s string) bool {
	if len(conf.Secret) == 0 {
		return true
	}
	return strings.HasPrefix(s, "Bearer ") && subtle.ConstantTimeCompare([]byte(strings.TrimPrefix(s, "Bearer ")), []byte(conf.Secret)) == 1
}

func (h *httpHandler) lock() {
	h.sem <- struct{}{}
}

func (h *httpHandler) unlock() {
	<-h.sem
}

func (h *httpHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
	reqID, _ := nanoid.Nanoid()

	defer func() {
		if r := recover(); r != nil {
			if err, ok := r.(imgproxyError); ok {
				respondWithError(reqID, rw, err)
			} else {
				respondWithError(reqID, rw, newUnexpectedError(r.(error), 4))
			}
		}
	}()

	log.Printf("[%s] %s: %s\n", reqID, r.Method, r.URL.RequestURI())

	writeCORS(rw)

	if r.Method == http.MethodOptions {
		respondWithOptions(reqID, rw)
		return
	}

	if r.Method != http.MethodGet {
		panic(invalidMethodErr)
	}

	if !checkSecret(r.Header.Get("Authorization")) {
		panic(invalidSecretErr)
	}

	h.lock()
	defer h.unlock()

	if r.URL.Path == "/health" {
		rw.WriteHeader(200)
		rw.Write([]byte("imgproxy is running"))
		return
	}

	t := startTimer(time.Duration(conf.WriteTimeout)*time.Second, "Processing")

	imgURL, procOpt, err := parsePath(r)
	if err != nil {
		panic(newError(404, err.Error(), "Invalid image url"))
	}

	if _, err = url.ParseRequestURI(imgURL); err != nil {
		panic(newError(404, err.Error(), "Invalid image url"))
	}

	b, imgtype, err := downloadImage(imgURL)
	if err != nil {
		panic(newError(404, err.Error(), "Image is unreachable"))
	}

	t.Check()

	if conf.ETagEnabled {
		eTag := calcETag(b, &procOpt)
		rw.Header().Set("ETag", eTag)

		if eTag == r.Header.Get("If-None-Match") {
			panic(notModifiedErr)
		}
	}

	t.Check()

	b, err = processImage(b, imgtype, procOpt, t)
	if err != nil {
		panic(newError(500, err.Error(), "Error occurred while processing image"))
	}

	t.Check()

	respondWithImage(reqID, r, rw, b, imgURL, procOpt, t.Since())
}
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`package main`

			`import (`
Add Content-Length header 2018-04-26 14:17:08 +02:00			`"bytes"`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`"compress/gzip"`
Drop Go <1.8 support 2018-09-10 08:17:00 +02:00			`"context"`
Prevent direct requests with X-Imgproxy-Secret header 2017-07-01 23:25:08 +02:00			`"crypto/subtle"`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`"fmt"`
			`"log"`
Drop Go <1.8 support 2018-09-10 08:17:00 +02:00			`"net"`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`"net/http"`
			`"net/url"`
			`"strconv"`
			`"strings"`
Log processing time 2017-07-03 06:08:47 +02:00			`"time"`
Add request ID 2018-03-15 18:58:11 +02:00
			`nanoid "github.com/matoous/go-nanoid"`
Drop Go <1.8 support 2018-09-10 08:17:00 +02:00			`"golang.org/x/net/netutil"`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`)`

Drop bimb dependency 2017-09-27 10:42:49 +02:00			`var mimes = map[imageType]string{`
Rename processing options constants and move them to processing_options.go 2018-09-07 16:45:57 +02:00			`imageTypeJPEG: "image/jpeg",`
			`imageTypePNG: "image/png",`
			`imageTypeWEBP: "image/webp",`
Content type based on processiong options 2017-07-05 23:09:41 +02:00			`}`

Add concurrency 2017-07-04 16:05:53 +02:00			`type httpHandler struct {`
			`sem chan struct{}`
			`}`

Use httpHandler pointer 2017-10-06 23:57:41 +02:00			`func newHTTPHandler() *httpHandler {`
			`return &httpHandler{make(chan struct{}, conf.Concurrency)}`
Add concurrency 2017-07-04 16:05:53 +02:00			`}`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00
Drop Go <1.8 support 2018-09-10 08:17:00 +02:00			`func startServer() *http.Server {`
			`l, err := net.Listen("tcp", conf.Bind)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`s := &http.Server{`
			`Handler: newHTTPHandler(),`
			`ReadTimeout: time.Duration(conf.ReadTimeout) * time.Second,`
			`MaxHeaderBytes: 1 << 20,`
			`}`

			`go func() {`
			`log.Printf("Starting server at %s\n", conf.Bind)`
			`log.Fatal(s.Serve(netutil.LimitListener(l, conf.MaxClients)))`
			`}()`

			`return s`
			`}`

			`func shutdownServer(s *http.Server) {`
			`log.Println("Shutting down the server...")`

			`ctx, close := context.WithTimeout(context.Background(), 5*time.Second)`
			`defer close()`

			`s.Shutdown(ctx)`
			`}`

Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`func logResponse(status int, msg string) {`
			`var color int`

Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`if status >= 500 {`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`color = 31`
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`} else if status >= 400 {`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`color = 33`
			`} else {`
			`color = 32`
			`}`

			`log.Printf("\|\033[7;%dm %d \033[0m\| %s\n", color, status, msg)`
			`}`

Add CORS headers 2018-04-26 13:22:31 +02:00			`func writeCORS(rw http.ResponseWriter) {`
			`if len(conf.AllowOrigin) > 0 {`
			`rw.Header().Set("Access-Control-Allow-Origin", conf.AllowOrigin)`
			`rw.Header().Set("Access-Control-Allow-Methods", "GET, OPTIONs")`
			`}`
			`}`

Add request ID 2018-03-15 18:58:11 +02:00			`func respondWithImage(reqID string, r *http.Request, rw http.ResponseWriter, data []byte, imgURL string, po processingOptions, duration time.Duration) {`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`gzipped := strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") && conf.GZipCompression > 0`

Add cache control 2017-07-03 12:10:44 +02:00			`rw.Header().Set("Expires", time.Now().Add(time.Second*time.Duration(conf.TTL)).Format(http.TimeFormat))`
correct Cache-contol header missusage. 2017-10-30 11:53:51 +02:00			`rw.Header().Set("Cache-Control", fmt.Sprintf("max-age=%d, public", conf.TTL))`
Add support of ETag caching (#47) * Add ETag caching support * Update the readme file * Typo * Calculate ETag before image processing, rename Env Var * Make PO struct field public * Generate random value on server startup to be used in ETag calculation * Minor refactoring * Adjust boolean value parsing as discussed in GitHub PR page * Move random value generation to the config * Update README * Revert changes * Use footprint to calculate the hash of an image 2018-02-26 10:45:52 +02:00			`rw.Header().Set("Content-Type", mimes[po.Format])`

Add Content-Length header 2018-04-26 14:17:08 +02:00			`dataToRespond := data`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00
			`if gzipped {`
Add Content-Length header 2018-04-26 14:17:08 +02:00			`var buf bytes.Buffer`

			`gz, _ := gzip.NewWriterLevel(&buf, conf.GZipCompression)`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`gz.Write(data)`
			`gz.Close()`
Add Content-Length header 2018-04-26 14:17:08 +02:00
			`dataToRespond = buf.Bytes()`

			`rw.Header().Set("Content-Encoding", "gzip")`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`}`
Log processing time 2017-07-03 06:08:47 +02:00
Add Content-Length header 2018-04-26 14:17:08 +02:00			`rw.Header().Set("Content-Length", strconv.Itoa(len(dataToRespond)))`

			`rw.WriteHeader(200)`
			`rw.Write(dataToRespond)`

Add request ID 2018-03-15 18:58:11 +02:00			`logResponse(200, fmt.Sprintf("[%s] Processed in %s: %s; %+v", reqID, duration, imgURL, po))`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`}`

Add request ID 2018-03-15 18:58:11 +02:00			`func respondWithError(reqID string, rw http.ResponseWriter, err imgproxyError) {`
			`logResponse(err.StatusCode, fmt.Sprintf("[%s] %s", reqID, err.Message))`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`rw.WriteHeader(err.StatusCode)`
			`rw.Write([]byte(err.PublicMessage))`
Prevent direct requests with X-Imgproxy-Secret header 2017-07-01 23:25:08 +02:00			`}`

Add CORS headers 2018-04-26 13:22:31 +02:00			`func respondWithOptions(reqID string, rw http.ResponseWriter) {`
			`logResponse(200, fmt.Sprintf("[%s] Respond with options", reqID))`
			`rw.WriteHeader(200)`
			`}`

Prevent direct requests with X-Imgproxy-Secret header 2017-07-01 23:25:08 +02:00			`func checkSecret(s string) bool {`
Use Authorization header for secret 2017-07-03 11:36:37 +02:00			`if len(conf.Secret) == 0 {`
			`return true`
			`}`
			`return strings.HasPrefix(s, "Bearer ") && subtle.ConstantTimeCompare([]byte(strings.TrimPrefix(s, "Bearer ")), []byte(conf.Secret)) == 1`
Prevent direct requests with X-Imgproxy-Secret header 2017-07-01 23:25:08 +02:00			`}`

Ass wait timeout 2018-03-15 16:53:39 +02:00			`func (h *httpHandler) lock() {`
Remove wait timeout 2018-03-19 10:58:52 +02:00			`h.sem <- struct{}{}`
Add concurrency 2017-07-04 16:05:53 +02:00			`}`

			`func (h *httpHandler) unlock() {`
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`<-h.sem`
Add concurrency 2017-07-04 16:05:53 +02:00			`}`

Use httpHandler pointer 2017-10-06 23:57:41 +02:00			`func (h httpHandler) ServeHTTP(rw http.ResponseWriter, r http.Request) {`
Add request ID 2018-03-15 18:58:11 +02:00			`reqID, _ := nanoid.Nanoid()`

Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`defer func() {`
			`if r := recover(); r != nil {`
			`if err, ok := r.(imgproxyError); ok {`
Add request ID 2018-03-15 18:58:11 +02:00			`respondWithError(reqID, rw, err)`
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`} else {`
Add request ID 2018-03-15 18:58:11 +02:00			`respondWithError(reqID, rw, newUnexpectedError(r.(error), 4))`
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`}`
			`}`
			`}()`
Add concurrency 2017-07-04 16:05:53 +02:00
Add CORS headers 2018-04-26 13:22:31 +02:00			`log.Printf("[%s] %s: %s\n", reqID, r.Method, r.URL.RequestURI())`

			`writeCORS(rw)`

			`if r.Method == http.MethodOptions {`
			`respondWithOptions(reqID, rw)`
			`return`
			`}`

			`if r.Method != http.MethodGet {`
			`panic(invalidMethodErr)`
			`}`

Check authorization before semaphore 2018-03-15 17:12:06 +02:00			`if !checkSecret(r.Header.Get("Authorization")) {`
			`panic(invalidSecretErr)`
			`}`

Ass wait timeout 2018-03-15 16:53:39 +02:00			`h.lock()`
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`defer h.unlock()`
Log processing time 2017-07-03 06:08:47 +02:00
add /health endpoint Returns 200 OK after server starts. This greatly simplifies container deployment. For example, Kubernetes can be configured to not route traffic to imgproxy Pods that did not pass Readiness check against /health. 2017-10-25 11:57:19 +02:00			`if r.URL.Path == "/health" {`
Add support of ETag caching (#47) * Add ETag caching support * Update the readme file * Typo * Calculate ETag before image processing, rename Env Var * Make PO struct field public * Generate random value on server startup to be used in ETag calculation * Minor refactoring * Adjust boolean value parsing as discussed in GitHub PR page * Move random value generation to the config * Update README * Revert changes * Use footprint to calculate the hash of an image 2018-02-26 10:45:52 +02:00			`rw.WriteHeader(200)`
			`rw.Write([]byte("imgproxy is running"))`
add /health endpoint Returns 200 OK after server starts. This greatly simplifies container deployment. For example, Kubernetes can be configured to not route traffic to imgproxy Pods that did not pass Readiness check against /health. 2017-10-25 11:57:19 +02:00			`return`
			`}`

Remove wait timeout 2018-03-19 10:58:52 +02:00			`t := startTimer(time.Duration(conf.WriteTimeout)*time.Second, "Processing")`

Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`imgURL, procOpt, err := parsePath(r)`
			`if err != nil {`
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`panic(newError(404, err.Error(), "Invalid image url"))`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`}`

			`if _, err = url.ParseRequestURI(imgURL); err != nil {`
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`panic(newError(404, err.Error(), "Invalid image url"))`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`}`

Drop bimb dependency 2017-09-27 10:42:49 +02:00			`b, imgtype, err := downloadImage(imgURL)`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`if err != nil {`
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`panic(newError(404, err.Error(), "Image is unreachable"))`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`}`

Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`t.Check()`

Refactor ETag support 2018-02-26 11:41:37 +02:00			`if conf.ETagEnabled {`
			`eTag := calcETag(b, &procOpt)`
			`rw.Header().Set("ETag", eTag)`

			`if eTag == r.Header.Get("If-None-Match") {`
			`panic(notModifiedErr)`
			`}`
Add support of ETag caching (#47) * Add ETag caching support * Update the readme file * Typo * Calculate ETag before image processing, rename Env Var * Make PO struct field public * Generate random value on server startup to be used in ETag calculation * Minor refactoring * Adjust boolean value parsing as discussed in GitHub PR page * Move random value generation to the config * Update README * Revert changes * Use footprint to calculate the hash of an image 2018-02-26 10:45:52 +02:00			`}`

Refactor ETag support 2018-02-26 11:41:37 +02:00			`t.Check()`

Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`b, err = processImage(b, imgtype, procOpt, t)`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`if err != nil {`
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`panic(newError(500, err.Error(), "Error occurred while processing image"))`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`}`

Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`t.Check()`

Add request ID 2018-03-15 18:58:11 +02:00			`respondWithImage(reqID, r, rw, b, imgURL, procOpt, t.Since())`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`}`