# photos A photo bucket management suite. ## `admin` Create new buckets. Standalone tool. ## `control` Implement access controls by signing or proxying requests. ### Operations #### `GET /list?bucket=BUCKET&auth=TOKEN` 1. Consult the bucket for metadata.json 2. Get read access method for the bucket 3. Validate the token against the access method 4. Return ListObjectsV2 for prefix `photo/` - Can also 307 redirect to the bucket read URL, if is public readable #### `GET /read?bucket=BUCKET&auth=TOKEN&object=OBJECTNAME` 1. Consult the bucket for metadata.json 2. Get read access method for the bucket 3. Validate the token against the access method 4. Validate that OBJECTNAME starts with `photo/` 5. If necessary, presign an object URL for 4 days - Cache presigned URLs for 2 days in memory/Redis 6. 307 redirect to presigned URL #### `PUT /write?bucket=BUCKET&auth=TOKEN&object=OBJECTNAME` 1. Consult the bucket for metadata.json 2. Get write access method for the bucket 3. Validate the token against the access method 4. Validate that OBJECTNAME starts with `photo/` 5. If necessary, presign an object URL for 1 day 6. 307 redirect to presigned URL ### Authentication #### Token The read/write token is checked against a simple string defined in the bucket. #### OpenID Connect Recommended IDP: [dex](https://github.com/dexidp/dex) The read/write operation is gated by a signed key corresponding to allowed users defined in the bucket. ## `web` Generates the web interface for a photo bucket. Also updates the shared asset bucket on start. ### Operations #### `POST /webhook` #### `POST /update?bucket=BUCKET` Regenerate and upload `index.html` and `manage/index.html` to bucket. ## `indexer` Pointed to by a reverse proxy to handle the following paths on all buckets: - `/` - `/manage/` #### `GET /*` A proxy for all buckets, treats the URL as a directory and serves up directory + `index.html`. ## `thumbnails` Generate thumbnails from photo buckets. Registers webhooks. ### Operations #### `POST /webhook` #### `POST /update?bucket=BUCKET&object=OBJECT` 1. Perform thumbnail generation using libvips in a pool queue. 2. Block until done