1
0
mirror of https://github.com/imgproxy/imgproxy.git synced 2024-12-09 09:56:01 +02:00
imgproxy/processing_handler.go

431 lines
12 KiB
Go
Raw Normal View History

package main
import (
2022-07-20 11:49:05 +02:00
"context"
"fmt"
"net/http"
"strconv"
"strings"
"time"
2021-04-26 13:52:50 +02:00
log "github.com/sirupsen/logrus"
2021-09-30 16:23:30 +02:00
"github.com/imgproxy/imgproxy/v3/config"
2021-11-11 11:30:16 +02:00
"github.com/imgproxy/imgproxy/v3/cookies"
2021-09-30 16:23:30 +02:00
"github.com/imgproxy/imgproxy/v3/errorreport"
"github.com/imgproxy/imgproxy/v3/etag"
"github.com/imgproxy/imgproxy/v3/ierrors"
"github.com/imgproxy/imgproxy/v3/imagedata"
"github.com/imgproxy/imgproxy/v3/imagetype"
"github.com/imgproxy/imgproxy/v3/metrics"
"github.com/imgproxy/imgproxy/v3/metrics/stats"
2021-09-30 16:23:30 +02:00
"github.com/imgproxy/imgproxy/v3/options"
"github.com/imgproxy/imgproxy/v3/processing"
"github.com/imgproxy/imgproxy/v3/router"
"github.com/imgproxy/imgproxy/v3/security"
2022-07-20 14:06:26 +02:00
"github.com/imgproxy/imgproxy/v3/semaphore"
2022-06-10 14:07:09 +02:00
"github.com/imgproxy/imgproxy/v3/svg"
2021-09-30 16:23:30 +02:00
"github.com/imgproxy/imgproxy/v3/vips"
)
var (
2022-07-20 15:46:21 +02:00
queueSem *semaphore.Semaphore
2022-07-20 14:06:26 +02:00
processingSem *semaphore.Semaphore
headerVaryValue string
2021-03-19 11:28:23 +02:00
)
2021-04-26 13:52:50 +02:00
func initProcessingHandler() {
2022-07-20 15:46:21 +02:00
if config.RequestsQueueSize > 0 {
queueSem = semaphore.New(config.RequestsQueueSize + config.Concurrency)
}
2022-07-20 14:06:26 +02:00
processingSem = semaphore.New(config.Concurrency)
vary := make([]string, 0)
if config.EnableWebpDetection || config.EnforceWebp || config.EnableAvifDetection || config.EnforceAvif {
vary = append(vary, "Accept")
}
2021-04-26 13:52:50 +02:00
if config.EnableClientHints {
vary = append(vary, "Sec-CH-DPR", "DPR", "Sec-CH-Width", "Width")
}
headerVaryValue = strings.Join(vary, ", ")
}
func setCacheControl(rw http.ResponseWriter, force *time.Time, originHeaders map[string]string) {
var cacheControl, expires string
var ttl int
if force != nil {
rw.Header().Set("Cache-Control", fmt.Sprintf("max-age=%d, public", int(time.Until(*force).Seconds())))
rw.Header().Set("Expires", force.Format(http.TimeFormat))
return
}
if config.CacheControlPassthrough && originHeaders != nil {
2022-09-07 12:50:21 +02:00
if val, ok := originHeaders["Cache-Control"]; ok && len(val) > 0 {
2021-03-17 15:29:58 +02:00
cacheControl = val
}
2022-09-07 12:50:21 +02:00
if val, ok := originHeaders["Expires"]; ok && len(val) > 0 {
2021-03-17 15:29:58 +02:00
expires = val
}
}
if len(cacheControl) == 0 && len(expires) == 0 {
ttl = config.TTL
if _, ok := originHeaders["Fallback-Image"]; ok && config.FallbackImageTTL > 0 {
ttl = config.FallbackImageTTL
}
cacheControl = fmt.Sprintf("max-age=%d, public", ttl)
expires = time.Now().Add(time.Second * time.Duration(ttl)).Format(http.TimeFormat)
}
if len(cacheControl) > 0 {
rw.Header().Set("Cache-Control", cacheControl)
}
if len(expires) > 0 {
rw.Header().Set("Expires", expires)
}
}
func setLastModified(rw http.ResponseWriter, originHeaders map[string]string) {
if config.LastModifiedEnabled {
if val, ok := originHeaders["Last-Modified"]; ok && len(val) != 0 {
rw.Header().Set("Last-Modified", val)
}
}
}
func setVary(rw http.ResponseWriter) {
if len(headerVaryValue) > 0 {
rw.Header().Set("Vary", headerVaryValue)
}
}
2022-09-07 12:50:21 +02:00
func setCanonical(rw http.ResponseWriter, originURL string) {
if config.SetCanonicalHeader {
if strings.HasPrefix(originURL, "https://") || strings.HasPrefix(originURL, "http://") {
linkHeader := fmt.Sprintf(`<%s>; rel="canonical"`, originURL)
rw.Header().Set("Link", linkHeader)
}
}
}
func respondWithImage(reqID string, r *http.Request, rw http.ResponseWriter, statusCode int, resultData *imagedata.ImageData, po *options.ProcessingOptions, originURL string, originData *imagedata.ImageData) {
var contentDisposition string
if len(po.Filename) > 0 {
contentDisposition = resultData.Type.ContentDisposition(po.Filename, po.ReturnAttachment)
} else {
contentDisposition = resultData.Type.ContentDispositionFromURL(originURL, po.ReturnAttachment)
}
rw.Header().Set("Content-Type", resultData.Type.Mime())
rw.Header().Set("Content-Disposition", contentDisposition)
setCacheControl(rw, po.Expires, originData.Headers)
setLastModified(rw, originData.Headers)
setVary(rw)
2022-09-07 12:50:21 +02:00
setCanonical(rw, originURL)
2021-04-26 13:52:50 +02:00
if config.EnableDebugHeaders {
rw.Header().Set("X-Origin-Content-Length", strconv.Itoa(len(originData.Data)))
rw.Header().Set("X-Origin-Width", resultData.Headers["X-Origin-Width"])
rw.Header().Set("X-Origin-Height", resultData.Headers["X-Origin-Height"])
rw.Header().Set("X-Result-Width", resultData.Headers["X-Result-Width"])
rw.Header().Set("X-Result-Height", resultData.Headers["X-Result-Height"])
}
rw.Header().Set("Content-Security-Policy", "script-src 'none'")
2021-04-26 13:52:50 +02:00
rw.Header().Set("Content-Length", strconv.Itoa(len(resultData.Data)))
2021-03-19 11:28:23 +02:00
rw.WriteHeader(statusCode)
2021-04-26 13:52:50 +02:00
rw.Write(resultData.Data)
router.LogResponse(
reqID, r, statusCode, nil,
log.Fields{
"image_url": originURL,
"processing_options": po,
},
)
}
func respondWithNotModified(reqID string, r *http.Request, rw http.ResponseWriter, po *options.ProcessingOptions, originURL string, originHeaders map[string]string) {
setCacheControl(rw, po.Expires, originHeaders)
setVary(rw)
2021-09-29 12:23:54 +02:00
rw.WriteHeader(304)
router.LogResponse(
reqID, r, 304, nil,
log.Fields{
"image_url": originURL,
"processing_options": po,
},
)
}
2022-07-20 11:49:05 +02:00
func sendErrAndPanic(ctx context.Context, errType string, err error) {
send := true
if ierr, ok := err.(*ierrors.Error); ok {
switch ierr.StatusCode {
case http.StatusServiceUnavailable:
errType = "timeout"
case 499:
// Don't need to send a "request cancelled" error
send = false
}
}
if send {
metrics.SendError(ctx, errType, err)
}
panic(err)
}
func checkErr(ctx context.Context, errType string, err error) {
if err == nil {
return
}
sendErrAndPanic(ctx, errType, err)
}
2021-04-26 13:52:50 +02:00
func handleProcessing(reqID string, rw http.ResponseWriter, r *http.Request) {
stats.IncRequestsInProgress()
defer stats.DecRequestsInProgress()
ctx := r.Context()
2022-07-20 15:46:21 +02:00
if queueSem != nil {
token, aquired := queueSem.TryAquire()
if !aquired {
panic(ierrors.New(429, "Too many requests", "Too many requests"))
}
defer token.Release()
}
2021-04-26 13:52:50 +02:00
path := r.RequestURI
if queryStart := strings.IndexByte(path, '?'); queryStart >= 0 {
path = path[:queryStart]
}
2021-04-26 13:52:50 +02:00
if len(config.PathPrefix) > 0 {
path = strings.TrimPrefix(path, config.PathPrefix)
}
2021-04-26 13:52:50 +02:00
path = strings.TrimPrefix(path, "/")
signature := ""
2021-04-26 13:52:50 +02:00
if signatureEnd := strings.IndexByte(path, '/'); signatureEnd > 0 {
signature = path[:signatureEnd]
path = path[signatureEnd:]
} else {
2022-07-20 11:49:05 +02:00
sendErrAndPanic(ctx, "path_parsing", ierrors.New(
404, fmt.Sprintf("Invalid path: %s", path), "Invalid URL",
))
2021-04-26 13:52:50 +02:00
}
2022-09-15 18:36:47 +02:00
path = fixPath(path)
2022-09-15 18:36:47 +02:00
if err := security.VerifySignature(signature, path); err != nil {
sendErrAndPanic(ctx, "security", ierrors.New(403, err.Error(), "Forbidden"))
2021-04-26 13:52:50 +02:00
}
2021-04-26 13:52:50 +02:00
po, imageURL, err := options.ParsePath(path, r.Header)
2022-07-20 11:49:05 +02:00
checkErr(ctx, "path_parsing", err)
2021-03-23 11:37:25 +02:00
err = security.VerifySourceURL(imageURL)
checkErr(ctx, "security", err)
2022-09-07 12:50:21 +02:00
if po.Raw {
streamOriginImage(ctx, reqID, r, rw, po, imageURL)
return
}
2021-04-26 13:52:50 +02:00
// SVG is a special case. Though saving to svg is not supported, SVG->SVG is.
if !vips.SupportsSave(po.Format) && po.Format != imagetype.Unknown && po.Format != imagetype.SVG {
2022-07-20 11:49:05 +02:00
sendErrAndPanic(ctx, "path_parsing", ierrors.New(
2021-04-26 13:52:50 +02:00
422,
fmt.Sprintf("Resulting image format is not supported: %s", po.Format),
"Invalid URL",
))
}
2021-09-29 12:23:54 +02:00
imgRequestHeader := make(http.Header)
var etagHandler etag.Handler
if config.ETagEnabled {
etagHandler.ParseExpectedETag(r.Header.Get("If-None-Match"))
if etagHandler.SetActualProcessingOptions(po) {
if imgEtag := etagHandler.ImageEtagExpected(); len(imgEtag) != 0 {
imgRequestHeader.Set("If-None-Match", imgEtag)
}
}
}
if config.LastModifiedEnabled {
if modifiedSince := r.Header.Get("If-Modified-Since"); len(modifiedSince) != 0 {
imgRequestHeader.Set("If-Modified-Since", modifiedSince)
}
}
2021-04-26 13:52:50 +02:00
// The heavy part start here, so we need to restrict concurrency
var processingSemToken *semaphore.Token
func() {
defer metrics.StartQueueSegment(ctx)()
var aquired bool
processingSemToken, aquired = processingSem.Aquire(ctx)
if !aquired {
// We don't actually need to check timeout here,
// but it's an easy way to check if this is an actual timeout
// or the request was cancelled
checkErr(ctx, "queue", router.CheckTimeout(ctx))
}
}()
2022-07-20 14:06:26 +02:00
defer processingSemToken.Release()
stats.IncImagesInProgress()
defer stats.DecImagesInProgress()
statusCode := http.StatusOK
2021-04-26 13:52:50 +02:00
originData, err := func() (*imagedata.ImageData, error) {
defer metrics.StartDownloadingSegment(ctx)()
2021-11-11 11:30:16 +02:00
downloadOpts := imagedata.DownloadOptions{
Header: imgRequestHeader,
CookieJar: nil,
}
2021-11-11 11:30:16 +02:00
if config.CookiePassthrough {
downloadOpts.CookieJar, err = cookies.JarFromRequest(r)
2022-07-20 11:49:05 +02:00
checkErr(ctx, "download", err)
2021-11-11 11:30:16 +02:00
}
return imagedata.Download(ctx, imageURL, "source image", downloadOpts, po.SecurityOptions)
2021-04-26 13:52:50 +02:00
}()
if err == nil {
2021-04-26 13:52:50 +02:00
defer originData.Close()
} else if nmErr, ok := err.(*imagedata.ErrorNotModified); ok {
if config.ETagEnabled && len(etagHandler.ImageEtagExpected()) != 0 {
rw.Header().Set("ETag", etagHandler.GenerateExpectedETag())
}
respondWithNotModified(reqID, r, rw, po, imageURL, nmErr.Headers)
2021-09-29 12:23:54 +02:00
return
} else {
ierr, ierrok := err.(*ierrors.Error)
if ierrok {
statusCode = ierr.StatusCode
}
if config.ReportDownloadingErrors && (!ierrok || ierr.Unexpected) {
2021-09-29 12:23:54 +02:00
errorreport.Report(err, r)
}
2021-04-26 13:52:50 +02:00
metrics.SendError(ctx, "download", err)
2021-04-26 13:52:50 +02:00
if imagedata.FallbackImage == nil {
panic(err)
}
log.Warningf("Could not load image %s. Using fallback image. %s", imageURL, err.Error())
if config.FallbackImageHTTPCode > 0 {
statusCode = config.FallbackImageHTTPCode
}
2021-04-26 13:52:50 +02:00
originData = imagedata.FallbackImage
}
2022-07-20 11:49:05 +02:00
checkErr(ctx, "timeout", router.CheckTimeout(ctx))
if config.ETagEnabled && statusCode == http.StatusOK {
2021-09-29 12:23:54 +02:00
imgDataMatch := etagHandler.SetActualImageData(originData)
rw.Header().Set("ETag", etagHandler.GenerateActualETag())
2021-09-29 12:23:54 +02:00
if imgDataMatch && etagHandler.ProcessingOptionsMatch() {
respondWithNotModified(reqID, r, rw, po, imageURL, originData.Headers)
return
}
}
2022-07-20 11:49:05 +02:00
checkErr(ctx, "timeout", router.CheckTimeout(ctx))
2021-04-26 13:52:50 +02:00
if originData.Type == po.Format || po.Format == imagetype.Unknown {
// Don't process SVG
if originData.Type == imagetype.SVG {
2022-06-10 14:07:09 +02:00
if config.SanitizeSvg {
sanitized, svgErr := svg.Satitize(originData)
2022-07-20 11:49:05 +02:00
checkErr(ctx, "svg_processing", svgErr)
2022-06-10 14:07:09 +02:00
// Since we'll replace origin data, it's better to close it to return
// it's buffer to the pool
originData.Close()
originData = sanitized
2022-06-10 14:07:09 +02:00
}
respondWithImage(reqID, r, rw, statusCode, originData, po, imageURL, originData)
2021-04-26 13:52:50 +02:00
return
}
2021-04-26 13:52:50 +02:00
if len(po.SkipProcessingFormats) > 0 {
for _, f := range po.SkipProcessingFormats {
2021-04-26 13:52:50 +02:00
if f == originData.Type {
respondWithImage(reqID, r, rw, statusCode, originData, po, imageURL, originData)
return
}
}
}
}
2021-04-26 13:52:50 +02:00
if !vips.SupportsLoad(originData.Type) {
2022-07-20 11:49:05 +02:00
sendErrAndPanic(ctx, "processing", ierrors.New(
2021-04-26 13:52:50 +02:00
422,
fmt.Sprintf("Source image format is not supported: %s", originData.Type),
"Invalid URL",
))
}
// At this point we can't allow requested format to be SVG as we can't save SVGs
if po.Format == imagetype.SVG {
2022-07-20 11:49:05 +02:00
sendErrAndPanic(ctx, "processing", ierrors.New(
422, "Resulting image format is not supported: svg", "Invalid URL",
))
2021-04-26 13:52:50 +02:00
}
// We're going to rasterize SVG. Since librsvg lacks the support of some SVG
// features, we're going to replace them to minimize rendering error
if originData.Type == imagetype.SVG && config.SvgFixUnsupported {
fixed, changed, svgErr := svg.FixUnsupported(originData)
checkErr(ctx, "svg_processing", svgErr)
if changed {
// Since we'll replace origin data, it's better to close it to return
// it's buffer to the pool
originData.Close()
originData = fixed
}
}
2021-04-26 13:52:50 +02:00
resultData, err := func() (*imagedata.ImageData, error) {
defer metrics.StartProcessingSegment(ctx)()
return processing.ProcessImage(ctx, originData, po)
}()
2022-07-20 11:49:05 +02:00
checkErr(ctx, "processing", err)
2021-04-26 13:52:50 +02:00
defer resultData.Close()
2022-07-20 11:49:05 +02:00
checkErr(ctx, "timeout", router.CheckTimeout(ctx))
respondWithImage(reqID, r, rw, statusCode, resultData, po, imageURL, originData)
2021-03-19 11:28:23 +02:00
}