imgproxy/server.go

package main

import (
	"bytes"
	"context"
	"crypto/subtle"
	"fmt"
	"log"
	"net/http"
	"time"

	nanoid "github.com/matoous/go-nanoid"
	"github.com/valyala/fasthttp"
)

var (
	mimes = map[imageType]string{
		imageTypeJPEG: "image/jpeg",
		imageTypePNG:  "image/png",
		imageTypeWEBP: "image/webp",
	}

	authHeaderMust []byte

	healthPath = []byte("/health")

	serverMutex mutex

	errInvalidMethod = newError(422, "Invalid request method", "Method doesn't allowed")
	errInvalidSecret = newError(403, "Invalid secret", "Forbidden")
)

func startServer() *fasthttp.Server {
	serverMutex = newMutex(conf.Concurrency)

	s := &fasthttp.Server{
		Name:        "imgproxy",
		Handler:     serveHTTP,
		Concurrency: conf.MaxClients,
		ReadTimeout: time.Duration(conf.ReadTimeout) * time.Second,
	}

	go func() {
		log.Printf("Starting server at %s\n", conf.Bind)
		if err := s.ListenAndServe(conf.Bind); err != nil {
			log.Fatalln(err)
		}
	}()

	return s
}

func shutdownServer(s *fasthttp.Server) {
	log.Println("Shutting down the server...")
	s.Shutdown()
}

func logResponse(status int, msg string) {
	var color int

	if status >= 500 {
		color = 31
	} else if status >= 400 {
		color = 33
	} else {
		color = 32
	}

	log.Printf("|\033[7;%dm %d \033[0m| %s\n", color, status, msg)
}

func writeCORS(rctx *fasthttp.RequestCtx) {
	if len(conf.AllowOrigin) > 0 {
		rctx.Request.Header.Set("Access-Control-Allow-Origin", conf.AllowOrigin)
		rctx.Request.Header.Set("Access-Control-Allow-Methods", "GET, OPTIONs")
	}
}

func respondWithImage(ctx context.Context, reqID string, rctx *fasthttp.RequestCtx, data []byte) {
	rctx.SetStatusCode(200)

	po := getProcessingOptions(ctx)

	rctx.SetContentType(mimes[po.Format])
	rctx.Response.Header.Set("Cache-Control", fmt.Sprintf("max-age=%d, public", conf.TTL))
	rctx.Response.Header.Set("Expires", time.Now().Add(time.Second*time.Duration(conf.TTL)).Format(http.TimeFormat))

	if conf.GZipCompression > 0 && rctx.Request.Header.HasAcceptEncodingBytes([]byte("gzip")) {
		rctx.Response.Header.Set("Content-Encoding", "gzip")
		gzipData(data, rctx)
	} else {
		rctx.SetBody(data)
	}

	logResponse(200, fmt.Sprintf("[%s] Processed in %s: %s; %+v", reqID, getTimerSince(ctx), getImageURL(ctx), po))
}

func respondWithError(reqID string, rctx *fasthttp.RequestCtx, err imgproxyError) {
	logResponse(err.StatusCode, fmt.Sprintf("[%s] %s", reqID, err.Message))

	rctx.SetStatusCode(err.StatusCode)
	rctx.SetBodyString(err.PublicMessage)
}

func respondWithOptions(reqID string, rctx *fasthttp.RequestCtx) {
	logResponse(200, fmt.Sprintf("[%s] Respond with options", reqID))
	rctx.SetStatusCode(200)
}

func prepareAuthHeaderMust() []byte {
	if len(authHeaderMust) == 0 {
		authHeaderMust = []byte(fmt.Sprintf("Bearer %s", conf.Secret))
	}

	return authHeaderMust
}

func checkSecret(rctx *fasthttp.RequestCtx) bool {
	if len(conf.Secret) == 0 {
		return true
	}

	return subtle.ConstantTimeCompare(
		rctx.Request.Header.Peek("Authorization"),
		prepareAuthHeaderMust(),
	) == 1
}

func serveHTTP(rctx *fasthttp.RequestCtx) {
	reqID, _ := nanoid.Nanoid()

	defer func() {
		if r := recover(); r != nil {
			if err, ok := r.(imgproxyError); ok {
				respondWithError(reqID, rctx, err)
			} else {
				respondWithError(reqID, rctx, newUnexpectedError(r.(error), 4))
			}
		}
	}()

	log.Printf("[%s] %s: %s\n", reqID, rctx.Method(), rctx.Path())

	writeCORS(rctx)

	if rctx.Request.Header.IsOptions() {
		respondWithOptions(reqID, rctx)
		return
	}

	if !rctx.IsGet() {
		panic(errInvalidMethod)
	}

	if !checkSecret(rctx) {
		panic(errInvalidSecret)
	}

	serverMutex.Lock()
	defer serverMutex.Unock()

	if bytes.Equal(rctx.Path(), healthPath) {
		rctx.SetStatusCode(200)
		rctx.SetBodyString("imgproxy is running")
		return
	}

	ctx, timeoutCancel := startTimer(time.Duration(conf.WriteTimeout) * time.Second)
	defer timeoutCancel()

	ctx, err := parsePath(ctx, rctx)
	if err != nil {
		panic(newError(404, err.Error(), "Invalid image url"))
	}

	ctx, downloadcancel, err := downloadImage(ctx)
	defer downloadcancel()
	if err != nil {
		panic(newError(404, err.Error(), "Image is unreachable"))
	}

	checkTimeout(ctx)

	if conf.ETagEnabled {
		eTag := calcETag(ctx)
		rctx.Response.Header.SetBytesV("ETag", eTag)

		if bytes.Equal(eTag, rctx.Request.Header.Peek("If-None-Match")) {
			panic(errNotModified)
		}
	}

	checkTimeout(ctx)

	imageData, err := processImage(ctx)
	if err != nil {
		panic(newError(500, err.Error(), "Error occurred while processing image"))
	}

	checkTimeout(ctx)

	respondWithImage(ctx, reqID, rctx, imageData)
}
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`package main`

			`import (`
Add Content-Length header 2018-04-26 14:17:08 +02:00			`"bytes"`
Drop Go <1.8 support 2018-09-10 08:17:00 +02:00			`"context"`
Prevent direct requests with X-Imgproxy-Secret header 2017-07-01 23:25:08 +02:00			`"crypto/subtle"`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`"fmt"`
			`"log"`
			`"net/http"`
Log processing time 2017-07-03 06:08:47 +02:00			`"time"`
Add request ID 2018-03-15 18:58:11 +02:00
			`nanoid "github.com/matoous/go-nanoid"`
fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`"github.com/valyala/fasthttp"`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`)`

fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`var (`
			`mimes = map[imageType]string{`
			`imageTypeJPEG: "image/jpeg",`
			`imageTypePNG: "image/png",`
			`imageTypeWEBP: "image/webp",`
			`}`
Content type based on processiong options 2017-07-05 23:09:41 +02:00
fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`authHeaderMust []byte`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00
Fix path parsing 2018-10-08 09:42:08 +02:00			`healthPath = []byte("/health")`
fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00
			`serverMutex mutex`
Predefine static errors 2018-10-05 22:29:55 +02:00
			`errInvalidMethod = newError(422, "Invalid request method", "Method doesn't allowed")`
			`errInvalidSecret = newError(403, "Invalid secret", "Forbidden")`
fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`)`

			`func startServer() *fasthttp.Server {`
			`serverMutex = newMutex(conf.Concurrency)`
Drop Go <1.8 support 2018-09-10 08:17:00 +02:00
fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`s := &fasthttp.Server{`
			`Name: "imgproxy",`
			`Handler: serveHTTP,`
			`Concurrency: conf.MaxClients,`
			`ReadTimeout: time.Duration(conf.ReadTimeout) * time.Second,`
Drop Go <1.8 support 2018-09-10 08:17:00 +02:00			`}`

			`go func() {`
			`log.Printf("Starting server at %s\n", conf.Bind)`
fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`if err := s.ListenAndServe(conf.Bind); err != nil {`
			`log.Fatalln(err)`
			`}`
Drop Go <1.8 support 2018-09-10 08:17:00 +02:00			`}()`

			`return s`
			`}`

fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`func shutdownServer(s *fasthttp.Server) {`
Drop Go <1.8 support 2018-09-10 08:17:00 +02:00			`log.Println("Shutting down the server...")`
fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`s.Shutdown()`
Drop Go <1.8 support 2018-09-10 08:17:00 +02:00			`}`

Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`func logResponse(status int, msg string) {`
			`var color int`

Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`if status >= 500 {`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`color = 31`
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`} else if status >= 400 {`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`color = 33`
			`} else {`
			`color = 32`
			`}`

			`log.Printf("\|\033[7;%dm %d \033[0m\| %s\n", color, status, msg)`
			`}`

fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`func writeCORS(rctx *fasthttp.RequestCtx) {`
Add CORS headers 2018-04-26 13:22:31 +02:00			`if len(conf.AllowOrigin) > 0 {`
fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`rctx.Request.Header.Set("Access-Control-Allow-Origin", conf.AllowOrigin)`
			`rctx.Request.Header.Set("Access-Control-Allow-Methods", "GET, OPTIONs")`
Add CORS headers 2018-04-26 13:22:31 +02:00			`}`
			`}`

fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`func respondWithImage(ctx context.Context, reqID string, rctx *fasthttp.RequestCtx, data []byte) {`
			`rctx.SetStatusCode(200)`
Add Content-Length header 2018-04-26 14:17:08 +02:00
return ETag support 2018-10-05 18:20:29 +02:00			`po := getProcessingOptions(ctx)`
Add Content-Length header 2018-04-26 14:17:08 +02:00
fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`rctx.SetContentType(mimes[po.Format])`
			`rctx.Response.Header.Set("Cache-Control", fmt.Sprintf("max-age=%d, public", conf.TTL))`
			`rctx.Response.Header.Set("Expires", time.Now().Add(time.Second*time.Duration(conf.TTL)).Format(http.TimeFormat))`
Add Content-Length header 2018-04-26 14:17:08 +02:00
fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`if conf.GZipCompression > 0 && rctx.Request.Header.HasAcceptEncodingBytes([]byte("gzip")) {`
			`rctx.Response.Header.Set("Content-Encoding", "gzip")`
			`gzipData(data, rctx)`
			`} else {`
			`rctx.SetBody(data)`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`}`
Log processing time 2017-07-03 06:08:47 +02:00
fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`logResponse(200, fmt.Sprintf("[%s] Processed in %s: %s; %+v", reqID, getTimerSince(ctx), getImageURL(ctx), po))`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`}`

fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`func respondWithError(reqID string, rctx *fasthttp.RequestCtx, err imgproxyError) {`
Add request ID 2018-03-15 18:58:11 +02:00			`logResponse(err.StatusCode, fmt.Sprintf("[%s] %s", reqID, err.Message))`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00
fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`rctx.SetStatusCode(err.StatusCode)`
			`rctx.SetBodyString(err.PublicMessage)`
Prevent direct requests with X-Imgproxy-Secret header 2017-07-01 23:25:08 +02:00			`}`

fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`func respondWithOptions(reqID string, rctx *fasthttp.RequestCtx) {`
Add CORS headers 2018-04-26 13:22:31 +02:00			`logResponse(200, fmt.Sprintf("[%s] Respond with options", reqID))`
fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`rctx.SetStatusCode(200)`
Add CORS headers 2018-04-26 13:22:31 +02:00			`}`

fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`func prepareAuthHeaderMust() []byte {`
			`if len(authHeaderMust) == 0 {`
Fix secret checking 2018-10-05 18:10:17 +02:00			`authHeaderMust = []byte(fmt.Sprintf("Bearer %s", conf.Secret))`
Use Authorization header for secret 2017-07-03 11:36:37 +02:00			`}`
Prevent direct requests with X-Imgproxy-Secret header 2017-07-01 23:25:08 +02:00
fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`return authHeaderMust`
Add concurrency 2017-07-04 16:05:53 +02:00			`}`

fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`func checkSecret(rctx *fasthttp.RequestCtx) bool {`
			`if len(conf.Secret) == 0 {`
			`return true`
			`}`

			`return subtle.ConstantTimeCompare(`
			`rctx.Request.Header.Peek("Authorization"),`
			`prepareAuthHeaderMust(),`
			`) == 1`
Add concurrency 2017-07-04 16:05:53 +02:00			`}`

fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`func serveHTTP(rctx *fasthttp.RequestCtx) {`
Add request ID 2018-03-15 18:58:11 +02:00			`reqID, _ := nanoid.Nanoid()`

Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`defer func() {`
			`if r := recover(); r != nil {`
			`if err, ok := r.(imgproxyError); ok {`
fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`respondWithError(reqID, rctx, err)`
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`} else {`
fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`respondWithError(reqID, rctx, newUnexpectedError(r.(error), 4))`
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`}`
			`}`
			`}()`
Add concurrency 2017-07-04 16:05:53 +02:00
Fix path parsing 2018-10-08 09:42:08 +02:00			`log.Printf("[%s] %s: %s\n", reqID, rctx.Method(), rctx.Path())`
Add CORS headers 2018-04-26 13:22:31 +02:00
fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`writeCORS(rctx)`
Add CORS headers 2018-04-26 13:22:31 +02:00
fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`if rctx.Request.Header.IsOptions() {`
			`respondWithOptions(reqID, rctx)`
Add CORS headers 2018-04-26 13:22:31 +02:00			`return`
			`}`

fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`if !rctx.IsGet() {`
Predefine static errors 2018-10-05 22:29:55 +02:00			`panic(errInvalidMethod)`
Add CORS headers 2018-04-26 13:22:31 +02:00			`}`

fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`if !checkSecret(rctx) {`
Predefine static errors 2018-10-05 22:29:55 +02:00			`panic(errInvalidSecret)`
Check authorization before semaphore 2018-03-15 17:12:06 +02:00			`}`

fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`serverMutex.Lock()`
			`defer serverMutex.Unock()`
Log processing time 2017-07-03 06:08:47 +02:00
Fix path parsing 2018-10-08 09:42:08 +02:00			`if bytes.Equal(rctx.Path(), healthPath) {`
fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`rctx.SetStatusCode(200)`
			`rctx.SetBodyString("imgproxy is running")`
add /health endpoint Returns 200 OK after server starts. This greatly simplifies container deployment. For example, Kubernetes can be configured to not route traffic to imgproxy Pods that did not pass Readiness check against /health. 2017-10-25 11:57:19 +02:00			`return`
			`}`

fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`ctx, timeoutCancel := startTimer(time.Duration(conf.WriteTimeout) * time.Second)`
			`defer timeoutCancel()`
Remove wait timeout 2018-03-19 10:58:52 +02:00
fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`ctx, err := parsePath(ctx, rctx)`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`if err != nil {`
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`panic(newError(404, err.Error(), "Invalid image url"))`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`}`

fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`ctx, downloadcancel, err := downloadImage(ctx)`
			`defer downloadcancel()`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`if err != nil {`
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`panic(newError(404, err.Error(), "Image is unreachable"))`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`}`

fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`checkTimeout(ctx)`
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00
return ETag support 2018-10-05 18:20:29 +02:00			`if conf.ETagEnabled {`
			`eTag := calcETag(ctx)`
			`rctx.Response.Header.SetBytesV("ETag", eTag)`
Refactor ETag support 2018-02-26 11:41:37 +02:00
return ETag support 2018-10-05 18:20:29 +02:00			`if bytes.Equal(eTag, rctx.Request.Header.Peek("If-None-Match")) {`
Predefine static errors 2018-10-05 22:29:55 +02:00			`panic(errNotModified)`
return ETag support 2018-10-05 18:20:29 +02:00			`}`
			`}`
Add support of ETag caching (#47) * Add ETag caching support * Update the readme file * Typo * Calculate ETag before image processing, rename Env Var * Make PO struct field public * Generate random value on server startup to be used in ETag calculation * Minor refactoring * Adjust boolean value parsing as discussed in GitHub PR page * Move random value generation to the config * Update README * Revert changes * Use footprint to calculate the hash of an image 2018-02-26 10:45:52 +02:00
fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`checkTimeout(ctx)`
Refactor ETag support 2018-02-26 11:41:37 +02:00
fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`imageData, err := processImage(ctx)`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`if err != nil {`
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00			`panic(newError(500, err.Error(), "Error occurred while processing image"))`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`}`

fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`checkTimeout(ctx)`
Fair timeout; Better errors handling 2017-10-04 21:44:58 +02:00
fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`respondWithImage(ctx, reqID, rctx, imageData)`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`}`