feat: add imgproxy #1337
feat: add imgproxy #1337
Conversation
| @@ -33,6 +33,7 @@ | |||
| "consola": "^3.2.3", | |||
| "defu": "^6.1.4", | |||
| "h3": "^1.11.1", | |||
| "hash.js": "^1.1.7", | |||
There was a problem hiding this comment.
as you've suggested, let's switch to ohash 🙏
There was a problem hiding this comment.
I'm not so experienced in hash or ohash, but I think that ohash misses the hmac function to generate the signature.
const hmac = hash.hmac(hash.sha256, hexDecode(secret));More in general, I'm open to suggestions on this topic.
There was a problem hiding this comment.
@casualmatt I have a implement at #963, using uncrypto, but need async getImage support
There was a problem hiding this comment.
Ty for the hint, I will work on it tomorrow or later today👍🏻
There was a problem hiding this comment.
@everyx
I see, .. so to properly support imgproxy, and to do it safely or imgproxy will allow us to optimize any URL provided; we are waiting for:
#276 --> To securely sign the URLs with uncrypto.
#963 --> To support getImage and not just the NuxtImg component.
I hope to get it right,
For now, as an alternative, @danielroe, we could remove the signing of the URL and add big, pretty big, I would say, disclaimer to use the EnvVar IMGPROXY_ALLOWED_SOURCES to secure the install of imgproxy.
WIP.
To start somewhere, I just imported my custom provider for imgproxy.
I used
hash.jsbut that could probably be switch for ohash.And I'm open to suggestions on how to secure the
imgProxySaltandimgProxyKey.--> Add support provider "imgproxy"