mirror of
https://github.com/imgproxy/imgproxy.git
synced 2025-10-10 20:22:31 +02:00
c6a95facbb
* headerwriter in processing_handler.go * Remove not required etag tests * ETagEnabled, LastModifiedEnabled true by default * Changed Passthrough signature * Removed etag package * Merge writeDebugHeaders*
426 lines
12 KiB
Go
426 lines
12 KiB
Go
package main
|
|
|
|
import (
|
|
"errors"
|
|
"io"
|
|
"net/http"
|
|
"net/url"
|
|
"strconv"
|
|
"strings"
|
|
|
|
log "github.com/sirupsen/logrus"
|
|
"golang.org/x/sync/semaphore"
|
|
|
|
"github.com/imgproxy/imgproxy/v3/config"
|
|
"github.com/imgproxy/imgproxy/v3/cookies"
|
|
"github.com/imgproxy/imgproxy/v3/errorreport"
|
|
"github.com/imgproxy/imgproxy/v3/handlers/stream"
|
|
"github.com/imgproxy/imgproxy/v3/headerwriter"
|
|
"github.com/imgproxy/imgproxy/v3/httpheaders"
|
|
"github.com/imgproxy/imgproxy/v3/ierrors"
|
|
"github.com/imgproxy/imgproxy/v3/imagedata"
|
|
"github.com/imgproxy/imgproxy/v3/imagefetcher"
|
|
"github.com/imgproxy/imgproxy/v3/imagetype"
|
|
"github.com/imgproxy/imgproxy/v3/monitoring"
|
|
"github.com/imgproxy/imgproxy/v3/monitoring/stats"
|
|
"github.com/imgproxy/imgproxy/v3/options"
|
|
"github.com/imgproxy/imgproxy/v3/processing"
|
|
"github.com/imgproxy/imgproxy/v3/security"
|
|
"github.com/imgproxy/imgproxy/v3/server"
|
|
"github.com/imgproxy/imgproxy/v3/vips"
|
|
)
|
|
|
|
var (
|
|
queueSem *semaphore.Weighted
|
|
processingSem *semaphore.Weighted
|
|
)
|
|
|
|
func initProcessingHandler() {
|
|
if config.RequestsQueueSize > 0 {
|
|
queueSem = semaphore.NewWeighted(int64(config.RequestsQueueSize + config.Workers))
|
|
}
|
|
|
|
processingSem = semaphore.NewWeighted(int64(config.Workers))
|
|
}
|
|
|
|
// writeDebugHeaders writes debug headers (X-Origin-*, X-Result-*) to the response
|
|
func writeDebugHeaders(rw http.ResponseWriter, result *processing.Result, originData imagedata.ImageData) error {
|
|
if !config.EnableDebugHeaders {
|
|
return nil
|
|
}
|
|
|
|
if result != nil {
|
|
rw.Header().Set(httpheaders.XOriginWidth, strconv.Itoa(result.OriginWidth))
|
|
rw.Header().Set(httpheaders.XOriginHeight, strconv.Itoa(result.OriginHeight))
|
|
rw.Header().Set(httpheaders.XResultWidth, strconv.Itoa(result.ResultWidth))
|
|
rw.Header().Set(httpheaders.XResultHeight, strconv.Itoa(result.ResultHeight))
|
|
}
|
|
|
|
// Try to read origin image size
|
|
size, err := originData.Size()
|
|
if err != nil {
|
|
return ierrors.Wrap(err, 0, ierrors.WithCategory(categoryImageDataSize))
|
|
}
|
|
|
|
rw.Header().Set(httpheaders.XOriginContentLength, strconv.Itoa(size))
|
|
|
|
return nil
|
|
}
|
|
|
|
func respondWithImage(
|
|
reqID string,
|
|
r *http.Request,
|
|
rw http.ResponseWriter,
|
|
statusCode int,
|
|
resultData imagedata.ImageData,
|
|
po *options.ProcessingOptions,
|
|
originURL string,
|
|
hw *headerwriter.Request,
|
|
) error {
|
|
// We read the size of the image data here, so we can set Content-Length header.
|
|
// This indireclty ensures that the image data is fully read from the source, no
|
|
// errors happened.
|
|
resultSize, err := resultData.Size()
|
|
if err != nil {
|
|
return ierrors.Wrap(err, 0, ierrors.WithCategory(categoryImageDataSize))
|
|
}
|
|
|
|
hw.SetContentType(resultData.Format().Mime())
|
|
hw.SetContentLength(resultSize)
|
|
hw.SetContentDisposition(
|
|
originURL,
|
|
po.Filename,
|
|
resultData.Format().Ext(),
|
|
"",
|
|
po.ReturnAttachment,
|
|
)
|
|
hw.SetExpires(po.Expires)
|
|
hw.SetVary()
|
|
hw.SetCanonical()
|
|
|
|
if config.LastModifiedEnabled {
|
|
hw.Passthrough(httpheaders.LastModified)
|
|
}
|
|
|
|
if config.ETagEnabled {
|
|
hw.Passthrough(httpheaders.Etag)
|
|
}
|
|
|
|
hw.Write(rw)
|
|
|
|
rw.WriteHeader(statusCode)
|
|
|
|
_, err = io.Copy(rw, resultData.Reader())
|
|
|
|
var ierr *ierrors.Error
|
|
if err != nil {
|
|
ierr = newResponseWriteError(err)
|
|
|
|
if config.ReportIOErrors {
|
|
return ierrors.Wrap(ierr, 0, ierrors.WithCategory(categoryIO), ierrors.WithShouldReport(true))
|
|
}
|
|
}
|
|
|
|
server.LogResponse(
|
|
reqID, r, statusCode, ierr,
|
|
log.Fields{
|
|
"image_url": originURL,
|
|
"processing_options": po,
|
|
},
|
|
)
|
|
|
|
return nil
|
|
}
|
|
|
|
func respondWithNotModified(reqID string, r *http.Request, rw http.ResponseWriter, po *options.ProcessingOptions, originURL string, hw *headerwriter.Request) {
|
|
hw.SetExpires(po.Expires)
|
|
hw.SetVary()
|
|
|
|
if config.ETagEnabled {
|
|
hw.Passthrough(httpheaders.Etag)
|
|
}
|
|
|
|
hw.Write(rw)
|
|
|
|
rw.WriteHeader(http.StatusNotModified)
|
|
|
|
server.LogResponse(
|
|
reqID, r, http.StatusNotModified, nil,
|
|
log.Fields{
|
|
"image_url": originURL,
|
|
"processing_options": po,
|
|
},
|
|
)
|
|
}
|
|
|
|
func callHandleProcessing(reqID string, rw http.ResponseWriter, r *http.Request) error {
|
|
// NOTE: This is temporary, will be moved level up at once
|
|
hwc, err := headerwriter.NewDefaultConfig().LoadFromEnv()
|
|
if err != nil {
|
|
return ierrors.Wrap(err, 0, ierrors.WithCategory(categoryConfig))
|
|
}
|
|
|
|
hw, err := headerwriter.New(hwc)
|
|
if err != nil {
|
|
return ierrors.Wrap(err, 0, ierrors.WithCategory(categoryConfig))
|
|
}
|
|
|
|
sc, err := stream.NewDefaultConfig().LoadFromEnv()
|
|
if err != nil {
|
|
return ierrors.Wrap(err, 0, ierrors.WithCategory(categoryConfig))
|
|
}
|
|
|
|
stream, err := stream.New(sc, hw, imagedata.Fetcher)
|
|
if err != nil {
|
|
return ierrors.Wrap(err, 0, ierrors.WithCategory(categoryConfig))
|
|
}
|
|
|
|
return handleProcessing(reqID, rw, r, hw, stream)
|
|
}
|
|
|
|
func handleProcessing(reqID string, rw http.ResponseWriter, r *http.Request, hw *headerwriter.Writer, stream *stream.Handler) error {
|
|
stats.IncRequestsInProgress()
|
|
defer stats.DecRequestsInProgress()
|
|
|
|
ctx := r.Context()
|
|
|
|
path := r.RequestURI
|
|
if queryStart := strings.IndexByte(path, '?'); queryStart >= 0 {
|
|
path = path[:queryStart]
|
|
}
|
|
|
|
if len(config.PathPrefix) > 0 {
|
|
path = strings.TrimPrefix(path, config.PathPrefix)
|
|
}
|
|
|
|
path = strings.TrimPrefix(path, "/")
|
|
signature := ""
|
|
|
|
if signatureEnd := strings.IndexByte(path, '/'); signatureEnd > 0 {
|
|
signature = path[:signatureEnd]
|
|
path = path[signatureEnd:]
|
|
} else {
|
|
return ierrors.Wrap(
|
|
newInvalidURLErrorf(http.StatusNotFound, "Invalid path: %s", path), 0,
|
|
ierrors.WithCategory(categoryPathParsing),
|
|
)
|
|
}
|
|
|
|
path = fixPath(path)
|
|
|
|
if err := security.VerifySignature(signature, path); err != nil {
|
|
return ierrors.Wrap(err, 0, ierrors.WithCategory(categorySecurity))
|
|
}
|
|
|
|
po, imageURL, err := options.ParsePath(path, r.Header)
|
|
if err != nil {
|
|
return ierrors.Wrap(err, 0, ierrors.WithCategory(categoryPathParsing))
|
|
}
|
|
|
|
var imageOrigin any
|
|
if u, uerr := url.Parse(imageURL); uerr == nil {
|
|
imageOrigin = u.Scheme + "://" + u.Host
|
|
}
|
|
|
|
errorreport.SetMetadata(r, "Source Image URL", imageURL)
|
|
errorreport.SetMetadata(r, "Source Image Origin", imageOrigin)
|
|
errorreport.SetMetadata(r, "Processing Options", po)
|
|
|
|
monitoringMeta := monitoring.Meta{
|
|
monitoring.MetaSourceImageURL: imageURL,
|
|
monitoring.MetaSourceImageOrigin: imageOrigin,
|
|
monitoring.MetaProcessingOptions: po.Diff().Flatten(),
|
|
}
|
|
|
|
monitoring.SetMetadata(ctx, monitoringMeta)
|
|
|
|
err = security.VerifySourceURL(imageURL)
|
|
if err != nil {
|
|
return ierrors.Wrap(err, 0, ierrors.WithCategory(categorySecurity))
|
|
}
|
|
|
|
if po.Raw {
|
|
return stream.Execute(ctx, r, imageURL, reqID, po, rw)
|
|
}
|
|
|
|
// SVG is a special case. Though saving to svg is not supported, SVG->SVG is.
|
|
if !vips.SupportsSave(po.Format) && po.Format != imagetype.Unknown && po.Format != imagetype.SVG {
|
|
return ierrors.Wrap(newInvalidURLErrorf(
|
|
http.StatusUnprocessableEntity,
|
|
"Resulting image format is not supported: %s", po.Format,
|
|
), 0, ierrors.WithCategory(categoryPathParsing))
|
|
}
|
|
|
|
imgRequestHeader := make(http.Header)
|
|
|
|
// If ETag is enabled, we forward If-None-Match header
|
|
if config.ETagEnabled {
|
|
imgRequestHeader.Set(httpheaders.IfNoneMatch, r.Header.Get(httpheaders.IfNoneMatch))
|
|
}
|
|
|
|
// If LastModified is enabled, we forward If-Modified-Since header
|
|
if config.LastModifiedEnabled {
|
|
imgRequestHeader.Set(httpheaders.IfModifiedSince, r.Header.Get(httpheaders.IfModifiedSince))
|
|
}
|
|
|
|
if queueSem != nil {
|
|
acquired := queueSem.TryAcquire(1)
|
|
if !acquired {
|
|
panic(newTooManyRequestsError())
|
|
}
|
|
defer queueSem.Release(1)
|
|
}
|
|
|
|
// The heavy part starts here, so we need to restrict worker number
|
|
err = func() error {
|
|
defer monitoring.StartQueueSegment(ctx)()
|
|
|
|
err = processingSem.Acquire(ctx, 1)
|
|
if err != nil {
|
|
// We don't actually need to check timeout here,
|
|
// but it's an easy way to check if this is an actual timeout
|
|
// or the request was canceled
|
|
if terr := server.CheckTimeout(ctx); terr != nil {
|
|
return ierrors.Wrap(terr, 0, ierrors.WithCategory(categoryTimeout))
|
|
}
|
|
|
|
// We should never reach this line as err could be only ctx.Err()
|
|
// and we've already checked for it. But beter safe than sorry
|
|
|
|
return ierrors.Wrap(err, 0, ierrors.WithCategory(categoryQueue))
|
|
}
|
|
|
|
return nil
|
|
}()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer processingSem.Release(1)
|
|
|
|
stats.IncImagesInProgress()
|
|
defer stats.DecImagesInProgress()
|
|
|
|
statusCode := http.StatusOK
|
|
|
|
originData, originHeaders, err := func() (imagedata.ImageData, http.Header, error) {
|
|
downloadFinished := monitoring.StartDownloadingSegment(ctx, monitoringMeta.Filter(
|
|
monitoring.MetaSourceImageURL,
|
|
monitoring.MetaSourceImageOrigin,
|
|
))
|
|
|
|
downloadOpts := imagedata.DownloadOptions{
|
|
Header: imgRequestHeader,
|
|
CookieJar: nil,
|
|
MaxSrcFileSize: po.SecurityOptions.MaxSrcFileSize,
|
|
DownloadFinished: downloadFinished,
|
|
}
|
|
|
|
if config.CookiePassthrough {
|
|
downloadOpts.CookieJar, err = cookies.JarFromRequest(r)
|
|
if err != nil {
|
|
return nil, nil, ierrors.Wrap(err, 0, ierrors.WithCategory(categoryDownload))
|
|
}
|
|
}
|
|
|
|
return imagedata.DownloadAsync(ctx, imageURL, "source image", downloadOpts)
|
|
}()
|
|
|
|
// Close originData if no error occurred
|
|
if err == nil {
|
|
defer originData.Close()
|
|
}
|
|
|
|
// Check that image detection didn't take too long
|
|
if terr := server.CheckTimeout(ctx); terr != nil {
|
|
return ierrors.Wrap(terr, 0, ierrors.WithCategory(categoryTimeout))
|
|
}
|
|
|
|
var nmErr imagefetcher.NotModifiedError
|
|
|
|
// Respond with NotModified if image was not modified
|
|
if errors.As(err, &nmErr) {
|
|
hwr := hw.NewRequest(nmErr.Headers(), imageURL)
|
|
|
|
respondWithNotModified(reqID, r, rw, po, imageURL, hwr)
|
|
return nil
|
|
}
|
|
|
|
// If error is not related to NotModified, respond with fallback image
|
|
if err != nil {
|
|
ierr := ierrors.Wrap(err, 0, ierrors.WithCategory(categoryDownload))
|
|
if config.ReportDownloadingErrors {
|
|
ierr = ierrors.Wrap(ierr, 0, ierrors.WithShouldReport(true))
|
|
}
|
|
|
|
if imagedata.FallbackImage == nil {
|
|
return ierr
|
|
}
|
|
|
|
// Just send error
|
|
monitoring.SendError(ctx, categoryDownload, ierr)
|
|
|
|
// We didn't return, so we have to report error
|
|
if ierr.ShouldReport() {
|
|
errorreport.Report(ierr, r)
|
|
}
|
|
|
|
log.WithField("request_id", reqID).Warningf("Could not load image %s. Using fallback image. %s", imageURL, ierr.Error())
|
|
|
|
if config.FallbackImageHTTPCode > 0 {
|
|
statusCode = config.FallbackImageHTTPCode
|
|
} else {
|
|
statusCode = ierr.StatusCode()
|
|
}
|
|
|
|
originData = imagedata.FallbackImage
|
|
originHeaders = imagedata.FallbackImageHeaders.Clone()
|
|
|
|
if config.FallbackImageTTL > 0 {
|
|
originHeaders.Set("Fallback-Image", "1")
|
|
}
|
|
}
|
|
|
|
if !vips.SupportsLoad(originData.Format()) {
|
|
return ierrors.Wrap(newInvalidURLErrorf(
|
|
http.StatusUnprocessableEntity,
|
|
"Source image format is not supported: %s", originData.Format(),
|
|
), 0, ierrors.WithCategory(categoryProcessing))
|
|
}
|
|
|
|
result, err := func() (*processing.Result, error) {
|
|
defer monitoring.StartProcessingSegment(ctx, monitoringMeta.Filter(monitoring.MetaProcessingOptions))()
|
|
return processing.ProcessImage(ctx, originData, po)
|
|
}()
|
|
|
|
// Let's close resulting image data only if it differs from the source image data
|
|
if result != nil && result.OutData != nil && result.OutData != originData {
|
|
defer result.OutData.Close()
|
|
}
|
|
|
|
// First, check if the processing error wasn't caused by an image data error
|
|
if derr := originData.Error(); derr != nil {
|
|
return ierrors.Wrap(derr, 0, ierrors.WithCategory(categoryDownload))
|
|
}
|
|
|
|
// If it wasn't, than it was a processing error
|
|
if err != nil {
|
|
return ierrors.Wrap(err, 0, ierrors.WithCategory(categoryProcessing))
|
|
}
|
|
|
|
hwr := hw.NewRequest(originHeaders, imageURL)
|
|
|
|
// Write debug headers. It seems unlogical to move they to headerwriter since they're
|
|
// not used anywhere else.
|
|
err = writeDebugHeaders(rw, result, originData)
|
|
if err != nil {
|
|
return ierrors.Wrap(err, 0, ierrors.WithCategory(categoryImageDataSize))
|
|
}
|
|
|
|
err = respondWithImage(reqID, r, rw, statusCode, result.OutData, po, imageURL, hwr)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|