highperfocused/imgproxy
1
0
Fork 0
mirror of https://github.com/imgproxy/imgproxy.git synced 2025-10-09 11:42:48 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add IMGPROXY_TRUSTED_SIGNATURES config

Browse Source
This commit is contained in:
DarthSim
2024-02-22 17:33:52 +03:00
parent 33506eba4d
commit 73c54abd4e
4 changed files with 26 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -2,6 +2,7 @@
## [Unreleased] ## [Unreleased]
### Add ### Add
- Add the [IMGPROXY_TRUSTED_SIGNATURES](https://docs.imgproxy.net/latest/configuration/options#IMGPROXY_TRUSTED_SIGNATURES) config.
- (pro) Add the [hashsum](https://docs.imgproxy.net/latest/usage/processing#hashsum) processing and info options. - (pro) Add the [hashsum](https://docs.imgproxy.net/latest/usage/processing#hashsum) processing and info options.
- (pro) Add the [calc_hashsums](https://docs.imgproxy.net/latest/usage/getting_info#calc-hashsums) info option. - (pro) Add the [calc_hashsums](https://docs.imgproxy.net/latest/usage/getting_info#calc-hashsums) info option.
- (pro) Add the [IMGPROXY_VIDEO_THUMBNAIL_TILE_AUTO_KEYFRAMES](https://docs.imgproxy.net/latest/configuration/options#IMGPROXY_VIDEO_THUMBNAIL_TILE_AUTO_KEYFRAMES) config. - (pro) Add the [IMGPROXY_VIDEO_THUMBNAIL_TILE_AUTO_KEYFRAMES](https://docs.imgproxy.net/latest/configuration/options#IMGPROXY_VIDEO_THUMBNAIL_TILE_AUTO_KEYFRAMES) config.

9
config/config.go
View File

@@ -74,9 +74,10 @@ var (
UseLinearColorspace bool UseLinearColorspace bool
DisableShrinkOnLoad bool DisableShrinkOnLoad bool
Keys [][]byte Keys [][]byte
Salts [][]byte Salts [][]byte
SignatureSize int SignatureSize int
TrustedSignatures []string
Secret string Secret string
@@ -275,6 +276,7 @@ func Reset() {
Keys = make([][]byte, 0) Keys = make([][]byte, 0)
Salts = make([][]byte, 0) Salts = make([][]byte, 0)
SignatureSize = 32 SignatureSize = 32
TrustedSignatures = make([]string, 0)
Secret = "" Secret = ""
@@ -483,6 +485,7 @@ func Configure() error {
return err return err
} }
configurators.Int(&SignatureSize, "IMGPROXY_SIGNATURE_SIZE") configurators.Int(&SignatureSize, "IMGPROXY_SIGNATURE_SIZE")
configurators.StringSlice(&TrustedSignatures, "IMGPROXY_TRUSTED_SIGNATURES")
if err := configurators.HexSliceFile(&Keys, keyPath); err != nil { if err := configurators.HexSliceFile(&Keys, keyPath); err != nil {
return err return err

6
security/signature.go
View File

@@ -19,6 +19,12 @@ func VerifySignature(signature, path string) error {
return nil return nil
} }
for _, s := range config.TrustedSignatures {
if s == signature {
return nil
}
}
messageMAC, err := base64.RawURLEncoding.DecodeString(signature) messageMAC, err := base64.RawURLEncoding.DecodeString(signature)
if err != nil { if err != nil {
return ErrInvalidSignatureEncoding return ErrInvalidSignatureEncoding

13
security/signature_test.go
View File

@@ -51,6 +51,19 @@ func (s *SignatureTestSuite) TestVerifySignatureMultiplePairs() {
require.Error(s.T(), err) require.Error(s.T(), err)
} }
func (s *SignatureTestSuite) TestVerifySignatureTrusted() {
config.TrustedSignatures = []string{"truested"}
defer func() {
config.TrustedSignatures = []string{}
}()
err := VerifySignature("truested", "asd")
require.Nil(s.T(), err)
err = VerifySignature("untrusted", "asd")
require.Error(s.T(), err)
}
func TestSignature(t *testing.T) { func TestSignature(t *testing.T) {
suite.Run(t, new(SignatureTestSuite)) suite.Run(t, new(SignatureTestSuite))
} }