go/imgproxy
1
0
Fork 0
mirror of https://github.com/imgproxy/imgproxy.git synced 2025-01-18 11:12:10 +02:00
Code Releases Activity
imgproxy/server.go
DarthSim 67bbf14ba4 Back to fasthttp
2019-03-22 21:07:31 +06:00

343 lines
7.6 KiB
Go
Raw Blame History

package main
import (
"bytes"
"context"
"crypto/subtle"
"fmt"
"net/http"
"net/url"
"path/filepath"
"strings"
"time"
nanoid "github.com/matoous/go-nanoid"
"github.com/valyala/fasthttp"
)
const (
contextDispositionFilenameFallback = "image"
)
var (
mimes = map[imageType]string{
imageTypeJPEG: "image/jpeg",
imageTypePNG: "image/png",
imageTypeWEBP: "image/webp",
imageTypeGIF: "image/gif",
imageTypeICO: "image/x-icon",
}
contentDispositionsFmt = map[imageType]string{
imageTypeJPEG: "inline; filename=\"%s.jpg\"",
imageTypePNG: "inline; filename=\"%s.png\"",
imageTypeWEBP: "inline; filename=\"%s.webp\"",
imageTypeGIF: "inline; filename=\"%s.gif\"",
imageTypeICO: "inline; filename=\"%s.ico\"",
}
authHeaderMust []byte
healthPath = []byte("/health")
imgproxyIsRunningMsg = []byte("imgproxy is running")
errInvalidMethod = newError(422, "Invalid request method", "Method doesn't allowed")
errInvalidSecret = newError(403, "Invalid secret", "Forbidden")
responseGzipPool *gzipPool
)
type httpHandler struct {
sem chan struct{}
}
func newHTTPHandler() *httpHandler {
return &httpHandler{make(chan struct{}, conf.Concurrency)}
}
func startServer() *fasthttp.Server {
handler := newHTTPHandler()
server := &fasthttp.Server{
Name: "imgproxy",
Handler: handler.ServeHTTP,
Concurrency: conf.MaxClients,
ReadTimeout: time.Duration(conf.ReadTimeout) * time.Second,
}
if conf.GZipCompression > 0 {
responseGzipPool = newGzipPool(conf.Concurrency)
}
if conf.ETagEnabled {
eTagCalcPool = newEtagPool(conf.Concurrency)
}
go func() {
logNotice("Starting server at %s", conf.Bind)
if err := server.ListenAndServe(conf.Bind); err != nil {
logFatal(err.Error())
}
}()
return server
}
func shutdownServer(s *fasthttp.Server) {
logNotice("Shutting down the server...")
s.Shutdown()
}
func writeCORS(rctx *fasthttp.RequestCtx) {
if len(conf.AllowOrigin) > 0 {
rctx.Response.Header.Set("Access-Control-Allow-Origin", conf.AllowOrigin)
rctx.Response.Header.Set("Access-Control-Allow-Methods", "GET, OPTIONs")
}
}
func contentDisposition(imageURL string, imgtype imageType) string {
url, err := url.Parse(imageURL)
if err != nil {
return fmt.Sprintf(contentDispositionsFmt[imgtype], contextDispositionFilenameFallback)
}
_, filename := filepath.Split(url.Path)
if len(filename) == 0 {
return fmt.Sprintf(contentDispositionsFmt[imgtype], contextDispositionFilenameFallback)
}
return fmt.Sprintf(contentDispositionsFmt[imgtype], strings.TrimSuffix(filename, filepath.Ext(filename)))
}
func respondWithImage(ctx context.Context, reqID string, rctx *fasthttp.RequestCtx, data []byte) {
po := getProcessingOptions(ctx)
rctx.SetStatusCode(200)
rctx.Response.Header.Set("Expires", time.Now().Add(time.Second*time.Duration(conf.TTL)).Format(http.TimeFormat))
rctx.Response.Header.Set("Cache-Control", fmt.Sprintf("max-age=%d, public", conf.TTL))
rctx.Response.Header.Set("Content-Type", mimes[po.Format])
rctx.Response.Header.Set("Content-Disposition", contentDisposition(getImageURL(ctx), po.Format))
addVaryHeader(rctx)
if conf.GZipCompression > 0 && rctx.Request.Header.HasAcceptEncoding("gzip") {
gz := responseGzipPool.Get(rctx)
defer responseGzipPool.Put(gz)
gz.Write(data)
gz.Close()
rctx.Response.Header.Set("Content-Encoding", "gzip")
} else {
rctx.SetBody(data)
}
logResponse(reqID, 200, fmt.Sprintf("Processed in %s: %s; %+v", getTimerSince(ctx), getImageURL(ctx), po))
}
func addVaryHeader(rctx *fasthttp.RequestCtx) {
vary := make([]string, 0, 5)
if conf.EnableWebpDetection || conf.EnforceWebp {
vary = append(vary, "Accept")
}
if conf.GZipCompression > 0 {
vary = append(vary, "Accept-Encoding")
}
if conf.EnableClientHints {
vary = append(vary, "DPR", "Viewport-Width", "Width")
}
if len(vary) > 0 {
rctx.Response.Header.Set("Vary", strings.Join(vary, ", "))
}
}
func respondWithError(reqID string, rctx *fasthttp.RequestCtx, err *imgproxyError) {
logResponse(reqID, err.StatusCode, err.Message)
rctx.SetStatusCode(err.StatusCode)
rctx.SetBodyString(err.PublicMessage)
}
func respondWithOptions(reqID string, rctx *fasthttp.RequestCtx) {
logResponse(reqID, 200, "Respond with options")
rctx.SetStatusCode(200)
}
func respondWithNotModified(reqID string, rctx *fasthttp.RequestCtx) {
logResponse(reqID, 304, "Not modified")
rctx.SetStatusCode(304)
}
func prepareAuthHeaderMust() []byte {
if len(authHeaderMust) == 0 {
authHeaderMust = []byte(fmt.Sprintf("Bearer %s", conf.Secret))
}
return authHeaderMust
}
func checkSecret(rctx *fasthttp.RequestCtx) bool {
if len(conf.Secret) == 0 {
return true
}
return subtle.ConstantTimeCompare(
rctx.Request.Header.Peek("Authorization"),
prepareAuthHeaderMust(),
) == 1
}
func requestCtxToRequest(rctx *fasthttp.RequestCtx) *http.Request {
if r, ok := rctx.UserValue("httpRequest").(*http.Request); ok {
return r
}
reqURL, _ := url.Parse(rctx.Request.URI().String())
r := &http.Request{
Method: http.MethodGet, // Only GET is supported
URL: reqURL,
Proto: "HTTP/1.0",
ProtoMajor: 1,
ProtoMinor: 0,
Header: make(http.Header),
Body: http.NoBody,
Host: reqURL.Host,
RequestURI: reqURL.RequestURI(),
RemoteAddr: rctx.RemoteAddr().String(),
}
rctx.Request.Header.VisitAll(func(key, value []byte) {
r.Header.Add(string(key), string(value))
})
rctx.SetUserValue("httpRequest", r)
return r
}
func (h *httpHandler) lock() {
h.sem <- struct{}{}
}
func (h *httpHandler) unlock() {
<-h.sem
}
func (h *httpHandler) ServeHTTP(rctx *fasthttp.RequestCtx) {
reqID, _ := nanoid.Nanoid()
defer func() {
if rerr := recover(); rerr != nil {
if err, ok := rerr.(error); ok {
reportError(err, requestCtxToRequest(rctx))
if ierr, ok := err.(*imgproxyError); ok {
respondWithError(reqID, rctx, ierr)
} else {
respondWithError(reqID, rctx, newUnexpectedError(err, 4))
}
} else {
panic(rerr)
}
}
}()
logRequest(reqID, rctx)
writeCORS(rctx)
if rctx.Request.Header.IsOptions() {
respondWithOptions(reqID, rctx)
return
}
if !rctx.Request.Header.IsGet() {
panic(errInvalidMethod)
}
if bytes.Compare(rctx.RequestURI(), healthPath) == 0 {
rctx.SetStatusCode(200)
rctx.SetBody(imgproxyIsRunningMsg)
return
}
if !checkSecret(rctx) {
panic(errInvalidSecret)
}
ctx := context.Background()
if newRelicEnabled {
var newRelicCancel context.CancelFunc
ctx, newRelicCancel = startNewRelicTransaction(ctx, requestCtxToRequest(rctx))
defer newRelicCancel()
}
if prometheusEnabled {
prometheusRequestsTotal.Inc()
defer startPrometheusDuration(prometheusRequestDuration)()
}
h.lock()
defer h.unlock()
ctx, timeoutCancel := startTimer(ctx, time.Duration(conf.WriteTimeout)*time.Second)
defer timeoutCancel()
ctx, err := parsePath(ctx, rctx)
if err != nil {
panic(err)
}
ctx, downloadcancel, err := downloadImage(ctx)
defer downloadcancel()
if err != nil {
if newRelicEnabled {
sendErrorToNewRelic(ctx, err)
}
if prometheusEnabled {
incrementPrometheusErrorsTotal("download")
}
panic(err)
}
checkTimeout(ctx)
if conf.ETagEnabled {
eTag, etagcancel := calcETag(ctx)
defer etagcancel()
rctx.Response.Header.SetBytesV("ETag", eTag)
if bytes.Compare(eTag, rctx.Request.Header.Peek("If-None-Match")) == 0 {
respondWithNotModified(reqID, rctx)
return
}
}
checkTimeout(ctx)
imageData, processcancel, err := processImage(ctx)
defer processcancel()
if err != nil {
if newRelicEnabled {
sendErrorToNewRelic(ctx, err)
}
if prometheusEnabled {
incrementPrometheusErrorsTotal("processing")
}
panic(err)
}
checkTimeout(ctx)
respondWithImage(ctx, reqID, rctx, imageData)
}
View Git Blame Copy Permalink