New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add imgproxy #1337
base: main
Are you sure you want to change the base?
feat: add imgproxy #1337
Conversation
@@ -33,6 +33,7 @@ | |||
"consola": "^3.2.3", | |||
"defu": "^6.1.4", | |||
"h3": "^1.11.1", | |||
"hash.js": "^1.1.7", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as you've suggested, let's switch to ohash
🙏
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not so experienced in hash or ohash, but I think that ohash misses the hmac
function to generate the signature.
const hmac = hash.hmac(hash.sha256, hexDecode(secret));
More in general, I'm open to suggestions on this topic.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@casualmatt I have a implement at #963, using uncrypto
, but need async getImage
support
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ty for the hint, I will work on it tomorrow or later today👍🏻
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@everyx
I see, .. so to properly support imgproxy, and to do it safely or imgproxy will allow us to optimize any URL provided; we are waiting for:
#276 --> To securely sign the URLs with uncrypto.
#963 --> To support getImage and not just the NuxtImg component.
I hope to get it right,
For now, as an alternative, @danielroe, we could remove the signing of the URL and add big, pretty big, I would say, disclaimer to use the EnvVar IMGPROXY_ALLOWED_SOURCES
to secure the install of imgproxy.
WIP.
To start somewhere, I just imported my custom provider for imgproxy.
I used
hash.js
but that could probably be switch for ohash.And I'm open to suggestions on how to secure the
imgProxySalt
andimgProxyKey
.--> Add support provider "imgproxy"