diff --git a/README.md b/README.md index 556bdb91..8d14547e 100644 --- a/README.md +++ b/README.md @@ -1,23 +1,43 @@ # Imgproxy -Tiny, fast and secure server for processing remote images. +Fast and secure micro-service for resizing and converting remote images. -Full README is on the way. +Imgproxy does one thing, and it does it well: resizing of remote images. It works great when you need to resize some images on the fly to make them look good on your web page. The main principles of Imgproxy are simplicity, speed, and security. + +#### Simlicity + +One of the things I believe in is: "The best feature is the one you don't need to implement." That's why I implemented only features that most of us need. Rotation, flip, flop, etc. are cool, but I don't think that you want to process your web page images that ways, especially when you can do this with CSS. + +#### Speed + +Imgproxy uses probably the most efficient image processing library - libvips. It's fast and requires low memory footprint. Thus it allows processing a massive amount of images on the fly. + +Also, imgproxy uses native Go's net/http routing for an absolute speed. + +#### Security + +Processing of remote images is a quite vulnerable thing. There are many ways to attack you, so it's a good idea to take measures to prevent attacks. There is what imgproxy does: + +* It checks image type and dimensions while downloading, so the image won't be fully downloaded if it has an unknown format or too big dimensions. Thus imgproxy protects you from image bombs like https://www.bamsoftware.com/hacks/deflate.html + +* Imgproxy protects its URL path with a signature, so it can't be easily compromised by an attacker. Thus imgproxy doesn't allow to use itself by third-party applications. + +* Imgproxy supports authorization by HTTP header. This prevents using imgproxy directly by an attacker but allows to use it through CDN or a caching server. ### How to install 1. Install [vips](https://github.com/jcupitt/libvips). On macOS you can do: -``` -$ brew tap homebrew/science -$ brew install vips -``` + ``` + $ brew tap homebrew/science + $ brew install vips + ``` 2. Install imgproxy itself -``` -$ go get github.com/DarthSim/imgproxy -``` + ``` + $ go get github.com/DarthSim/imgproxy + ``` ### How to configure diff --git a/server.go b/server.go index 75996647..4a803d6c 100644 --- a/server.go +++ b/server.go @@ -13,6 +13,7 @@ import ( "net/url" "strconv" "strings" + "time" ) type httpHandler struct{} @@ -89,9 +90,7 @@ func logResponse(status int, msg string) { log.Printf("|\033[7;%dm %d \033[0m| %s\n", color, status, msg) } -func respondWithImage(r *http.Request, rw http.ResponseWriter, data []byte, imgURL string, po processingOptions) { - logResponse(200, fmt.Sprintf("Processed: %s; %+v", imgURL, po)) - +func respondWithImage(r *http.Request, rw http.ResponseWriter, data []byte, imgURL string, po processingOptions, startTime time.Time) { gzipped := strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") && conf.GZipCompression > 0 rw.Header().Set("Content-Type", imageContentType(data)) @@ -108,6 +107,8 @@ func respondWithImage(r *http.Request, rw http.ResponseWriter, data []byte, imgU } else { rw.Write(data) } + + logResponse(200, fmt.Sprintf("Processed in %s: %s; %+v", time.Since(startTime), imgURL, po)) } func respondWithError(rw http.ResponseWriter, status int, err error, msg string) { @@ -131,6 +132,8 @@ func checkSecret(s string) bool { func (h httpHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { log.Printf("GET: %s\n", r.URL.RequestURI()) + t := time.Now() + if !checkSecret(r.Header.Get("X-Imgproxy-Secret")) { repondWithForbidden(rw) return @@ -159,5 +162,5 @@ func (h httpHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) { return } - respondWithImage(r, rw, b, imgURL, procOpt) + respondWithImage(r, rw, b, imgURL, procOpt, t) }