check on allowed sizes, parameter -f
continuous-integration/drone/push Build is failing Details

This commit is contained in:
an 2019-07-31 07:06:38 +02:00
parent 826eebf097
commit 2ee55b2f7b
2 changed files with 20 additions and 3 deletions

View File

@ -2,7 +2,7 @@ FROM golang:latest
RUN apt -y update && \ RUN apt -y update && \
apt -y upgrade && \ apt -y upgrade && \
apt -y install libglib2.0-dev libexpat1-dev libjpeg-dev libpng-dev libgif-dev apt -y install libglib2.0-dev libexpat1-dev libjpeg-dev libpng-dev libgif-dev
WORKDIR /go/src/image-resizer WORKDIR /go/src/image-transformer
COPY . . COPY . .
RUN wget https://github.com/libvips/libvips/releases/download/v8.7.3/vips-8.7.3.tar.gz && \ RUN wget https://github.com/libvips/libvips/releases/download/v8.7.3/vips-8.7.3.tar.gz && \
tar xvzf vips-8.7.3.tar.gz && \ tar xvzf vips-8.7.3.tar.gz && \

21
main.go
View File

@ -14,8 +14,9 @@ import (
) )
var ( var (
imgServer = flag.String("s", "https://images.example.com/", "URL prefix") imgServer = flag.String("s", "https://images.example.com/", "URL prefix")
listenAddr = flag.String("l", "0.0.0.0:8080", "Listen address") listenAddr = flag.String("l", "0.0.0.0:8080", "Listen address")
sizesFilter = flag.String("f", "", "Allowed sizes")
) )
func init() { func init() {
@ -45,6 +46,22 @@ func resizeHandler(w http.ResponseWriter, r *http.Request) {
switch method { switch method {
case "resize": case "resize":
allowed := strings.Split(*sizesFilter, ",")
forbidden := true
if allowed[0] == "*" {
forbidden = false
} else {
for _, v := range allowed {
if size == v {
forbidden = false
break
}
}
}
if forbidden {
writeError(w, imgPath, method, "size is not allowed", http.StatusForbidden)
}
size := strings.Split(args, "x") size := strings.Split(args, "x")
if len(size) < 2 { if len(size) < 2 {
writeError(w, imgPath, method, "url, width, and height are required", http.StatusBadRequest) writeError(w, imgPath, method, "url, width, and height are required", http.StatusBadRequest)