imgproxy/examples/encrypted_source_url.js

const crypto = require('crypto');

const KEY = Buffer.from(
  '1eb5b0e971ad7f45324c1bb15c947cb207c43152fa5c6c7f35c4f36e0c18e0f1',
  'hex',
)

const encrypt = (target, key) => {
  const data = Buffer.from(target).toString('binary');

	// We use a random iv generation, but you'll probably want to use some
	// deterministic method
  const iv = crypto.randomBytes(16)

  const cipher = crypto.createCipheriv('aes-256-cbc', key, iv);

  let encrypted = Buffer.from(
    cipher.update(data, 'utf8', 'binary') + cipher.final('binary'),
    'binary',
  );

  return Buffer.concat([iv, encrypted]).toString('base64').replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_')
}

const url = 'http://img.example.com/pretty/image.jpg'
const encrypted_url = encrypt(url, KEY)

// We don't sign the URL in this example but it is highly recommended to sign
// imgproxy URLs when imgproxy is being used in production.
// Signing URLs is especially important when using encrypted source URLs to
// prevent a padding oracle attack
const path = `/unsafe/rs:fit:300:300/enc/${encrypted_url}.jpg`

console.log(path)
Encrypted source URLs docs (#962) * Encrypted source URLs docs * Apply suggestions from code review Co-authored-by: Travis-Turner <32389151+Travis-Turner@users.noreply.github.com> Co-authored-by: Travis-Turner <32389151+Travis-Turner@users.noreply.github.com> 2022-09-02 14:17:43 +06:00			`const crypto = require('crypto');`

			`const KEY = Buffer.from(`
			`'1eb5b0e971ad7f45324c1bb15c947cb207c43152fa5c6c7f35c4f36e0c18e0f1',`
			`'hex',`
			`)`

			`const encrypt = (target, key) => {`
			`const data = Buffer.from(target).toString('binary');`

			`// We use a random iv generation, but you'll probably want to use some`
			`// deterministic method`
			`const iv = crypto.randomBytes(16)`

			`const cipher = crypto.createCipheriv('aes-256-cbc', key, iv);`

			`let encrypted = Buffer.from(`
			`cipher.update(data, 'utf8', 'binary') + cipher.final('binary'),`
			`'binary',`
			`);`

			`return Buffer.concat([iv, encrypted]).toString('base64').replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_')`
			`}`

			`const url = 'http://img.example.com/pretty/image.jpg'`
			`const encrypted_url = encrypt(url, KEY)`

			`// We don't sign the URL in this example but it is highly recommended to sign`
			`// imgproxy URLs when imgproxy is being used in production.`
			`// Signing URLs is especially important when using encrypted source URLs to`
			`// prevent a padding oracle attack`
			const path = `/unsafe/rs:fit:300:300/enc/${encrypted_url}.jpg`

			`console.log(path)`