More planning
parent
a9a55c3ef9
commit
660a688748
77
README.md
77
README.md
|
@ -3,17 +3,88 @@
|
||||||
|
|
||||||
A photo bucket management suite.
|
A photo bucket management suite.
|
||||||
|
|
||||||
|
## `admin`
|
||||||
|
|
||||||
|
Create new buckets. Standalone tool.
|
||||||
|
|
||||||
## `control`
|
## `control`
|
||||||
|
|
||||||
Implement access controls by signing or proxying requests.
|
Implement access controls by signing or proxying requests.
|
||||||
|
|
||||||
|
### Operations
|
||||||
|
|
||||||
|
#### `GET /list?bucket=BUCKET&auth=TOKEN`
|
||||||
|
|
||||||
|
1. Consult the bucket for metadata.json
|
||||||
|
2. Get read access method for the bucket
|
||||||
|
3. Validate the token against the access method
|
||||||
|
4. Return ListObjectsV2 for prefix `photo/`
|
||||||
|
- Can also 307 redirect to the bucket read URL, if is public readable
|
||||||
|
|
||||||
|
#### `GET /read?bucket=BUCKET&auth=TOKEN&object=OBJECTNAME`
|
||||||
|
|
||||||
|
1. Consult the bucket for metadata.json
|
||||||
|
2. Get read access method for the bucket
|
||||||
|
3. Validate the token against the access method
|
||||||
|
4. Validate that OBJECTNAME starts with `photo/`
|
||||||
|
5. If necessary, presign an object URL for 4 days
|
||||||
|
- Cache presigned URLs for 2 days in memory/Redis
|
||||||
|
6. 307 redirect to presigned URL
|
||||||
|
|
||||||
|
#### `PUT /write?bucket=BUCKET&auth=TOKEN&object=OBJECTNAME`
|
||||||
|
|
||||||
|
1. Consult the bucket for metadata.json
|
||||||
|
2. Get write access method for the bucket
|
||||||
|
3. Validate the token against the access method
|
||||||
|
4. Validate that OBJECTNAME starts with `photo/`
|
||||||
|
5. If necessary, presign an object URL for 1 day
|
||||||
|
6. 307 redirect to presigned URL
|
||||||
|
|
||||||
|
### Authentication
|
||||||
|
|
||||||
|
#### Token
|
||||||
|
|
||||||
|
The read/write token is checked against a simple string defined in the bucket.
|
||||||
|
|
||||||
|
#### OpenID Connect
|
||||||
|
|
||||||
|
Recommended IDP: [dex](https://github.com/dexidp/dex)
|
||||||
|
|
||||||
|
The read/write operation is gated by a signed key corresponding to allowed
|
||||||
|
users defined in the bucket.
|
||||||
|
|
||||||
## `web`
|
## `web`
|
||||||
|
|
||||||
Generates web interfaces from photo buckets.
|
Generates the web interface for a photo bucket. Also updates the shared asset bucket on start.
|
||||||
|
|
||||||
|
### Operations
|
||||||
|
|
||||||
|
#### `POST /webhook`
|
||||||
|
#### `POST /update?bucket=BUCKET`
|
||||||
|
|
||||||
|
Regenerate and upload `index.html` and `manage/index.html` to bucket.
|
||||||
|
|
||||||
|
## `indexer`
|
||||||
|
|
||||||
|
Pointed to by a reverse proxy to handle the following paths on all buckets:
|
||||||
|
|
||||||
|
- `/`
|
||||||
|
- `/manage/`
|
||||||
|
|
||||||
|
#### `GET /*`
|
||||||
|
|
||||||
|
A proxy for all buckets, treats the URL as a directory and serves up directory + `index.html`.
|
||||||
|
|
||||||
## `thumbnails`
|
## `thumbnails`
|
||||||
|
|
||||||
Generate thumbnails from photo buckets.
|
Generate thumbnails from photo buckets. Registers webhooks.
|
||||||
|
|
||||||
|
### Operations
|
||||||
|
|
||||||
|
#### `POST /webhook`
|
||||||
|
#### `POST /update?bucket=BUCKET&object=OBJECT`
|
||||||
|
|
||||||
|
1. Perform thumbnail generation using libvips in a pool queue.
|
||||||
|
2. Block until done
|
||||||
|
|
||||||
<!-- vim: set conceallevel=2 et ts=2 sw=2: -->
|
<!-- vim: set conceallevel=2 et ts=2 sw=2: -->
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue