mirror of
https://github.com/imgproxy/imgproxy.git
synced 2024-11-29 08:22:11 +02:00
4bd9c37884
* Encrypted source URLs docs * Apply suggestions from code review Co-authored-by: Travis-Turner <32389151+Travis-Turner@users.noreply.github.com> Co-authored-by: Travis-Turner <32389151+Travis-Turner@users.noreply.github.com>
26 lines
827 B
Ruby
26 lines
827 B
Ruby
require "openssl"
|
|
require "base64"
|
|
|
|
key = ["1eb5b0e971ad7f45324c1bb15c947cb207c43152fa5c6c7f35c4f36e0c18e0f1"].pack("H*")
|
|
|
|
url = "http://img.example.com/pretty/image.jpg"
|
|
|
|
# The key is 32 bytes long, so we use AES-256-CBC
|
|
cipher = OpenSSL::Cipher::AES.new(256, :CBC)
|
|
cipher.encrypt
|
|
|
|
# We use a random iv generation, but you'll probably want to use some
|
|
# deterministic method
|
|
iv = cipher.random_iv
|
|
|
|
cipher.key = key
|
|
cipher.iv = iv
|
|
|
|
encrypted_url = Base64.urlsafe_encode64(iv + cipher.update(url) + cipher.final).tr("=", "")
|
|
|
|
# We don't sign the URL in this example but it is highly recommended to sign
|
|
# imgproxy URLs when imgproxy is being used in production.
|
|
# Signing URLs is especially important when using encrypted source URLs to
|
|
# prevent a padding oracle attack
|
|
path = "/unsafe/rs:fit:300:300/enc/#{encrypted_url}.jpg"
|