Ambrose Chua 660a688748 | ||
---|---|---|
web | ||
README.md | ||
main.go |
README.md
photos
A photo bucket management suite.
admin
Create new buckets. Standalone tool.
control
Implement access controls by signing or proxying requests.
Operations
GET /list?bucket=BUCKET&auth=TOKEN
- Consult the bucket for metadata.json
- Get read access method for the bucket
- Validate the token against the access method
- Return ListObjectsV2 for prefix
photo/
- Can also 307 redirect to the bucket read URL, if is public readable
GET /read?bucket=BUCKET&auth=TOKEN&object=OBJECTNAME
- Consult the bucket for metadata.json
- Get read access method for the bucket
- Validate the token against the access method
- Validate that OBJECTNAME starts with
photo/
- If necessary, presign an object URL for 4 days
- Cache presigned URLs for 2 days in memory/Redis
- 307 redirect to presigned URL
PUT /write?bucket=BUCKET&auth=TOKEN&object=OBJECTNAME
- Consult the bucket for metadata.json
- Get write access method for the bucket
- Validate the token against the access method
- Validate that OBJECTNAME starts with
photo/
- If necessary, presign an object URL for 1 day
- 307 redirect to presigned URL
Authentication
Token
The read/write token is checked against a simple string defined in the bucket.
OpenID Connect
Recommended IDP: dex
The read/write operation is gated by a signed key corresponding to allowed users defined in the bucket.
web
Generates the web interface for a photo bucket. Also updates the shared asset bucket on start.
Operations
POST /webhook
POST /update?bucket=BUCKET
Regenerate and upload index.html
and manage/index.html
to bucket.
indexer
Pointed to by a reverse proxy to handle the following paths on all buckets:
/
/manage/
GET /*
A proxy for all buckets, treats the URL as a directory and serves up directory + index.html
.
thumbnails
Generate thumbnails from photo buckets. Registers webhooks.
Operations
POST /webhook
POST /update?bucket=BUCKET&object=OBJECT
- Perform thumbnail generation using libvips in a pool queue.
- Block until done