1
0
mirror of https://github.com/imgproxy/imgproxy.git synced 2025-01-18 11:12:10 +02:00
imgproxy/examples/encrypted_source_url.rb
Sergey Alexandrovich 4bd9c37884
Encrypted source URLs docs (#962)
* Encrypted source URLs docs

* Apply suggestions from code review

Co-authored-by: Travis-Turner <32389151+Travis-Turner@users.noreply.github.com>

Co-authored-by: Travis-Turner <32389151+Travis-Turner@users.noreply.github.com>
2022-09-02 14:17:43 +06:00

26 lines
827 B
Ruby

require "openssl"
require "base64"
key = ["1eb5b0e971ad7f45324c1bb15c947cb207c43152fa5c6c7f35c4f36e0c18e0f1"].pack("H*")
url = "http://img.example.com/pretty/image.jpg"
# The key is 32 bytes long, so we use AES-256-CBC
cipher = OpenSSL::Cipher::AES.new(256, :CBC)
cipher.encrypt
# We use a random iv generation, but you'll probably want to use some
# deterministic method
iv = cipher.random_iv
cipher.key = key
cipher.iv = iv
encrypted_url = Base64.urlsafe_encode64(iv + cipher.update(url) + cipher.final).tr("=", "")
# We don't sign the URL in this example but it is highly recommended to sign
# imgproxy URLs when imgproxy is being used in production.
# Signing URLs is especially important when using encrypted source URLs to
# prevent a padding oracle attack
path = "/unsafe/rs:fit:300:300/enc/#{encrypted_url}.jpg"