photos
/
photos
1
0
Fork 0
Code Issues 7 Releases Activity
11 Commits
1 Branch
0 Tags
599 KiB
Go 56.9%
JavaScript 21.1%
Svelte 7.7%
CSS 4%
HTML 3.1%
Other 7.2%
 
 
 
 
 
 
Go to file
Ambrose Chua e64eeecd5d
Reimplement proxy using ReverseProxy 		2020-05-31 14:15:24 +08:00
cmd Reimplement proxy using ReverseProxy 2020-05-31 14:15:24 +08:00
internal/httphelpers Build out thumbnail generation API 2020-05-31 02:22:25 +08:00
pkg/bucket Build out thumbnail generation API 2020-05-31 02:22:25 +08:00
web Add enlarged photo view 2020-05-25 23:17:29 +08:00
.gitignore Initial insecure and fake webhost proxy for minio 2020-05-31 03:13:22 +08:00
README.md Build out thumbnail generation API 2020-05-31 02:22:25 +08:00
go.mod Initial insecure and fake webhost proxy for minio 2020-05-31 03:13:22 +08:00
go.sum Initial insecure and fake webhost proxy for minio 2020-05-31 03:13:22 +08:00
main.go More planning 2020-05-26 12:45:55 +08:00

README.md

photos

A photo bucket management suite.

admin

Create new buckets. Standalone tool.

control

Implement access controls by signing or proxying requests.

Operations

GET /list?bucket=BUCKET&auth=TOKEN

  1. Consult the bucket for metadata.json
  2. Get list access method for the bucket
  3. Validate the token against the access method
  4. Return ListObjectsV2 for prefix photo/
    • Can also 307 redirect to the bucket read URL, if is public readable

GET /read?bucket=BUCKET&auth=TOKEN&object=OBJECTNAME

  1. Consult the bucket for metadata.json
  2. Get read access method for the bucket
  3. Validate the token against the access method
  4. Validate that OBJECTNAME starts with photo/
  5. If necessary, presign an object URL for 4 days
    • Cache presigned URLs for 2 days in memory/Redis
  6. 307 redirect to presigned URL

PUT /write?bucket=BUCKET&auth=TOKEN&object=OBJECTNAME

  1. Consult the bucket for metadata.json
  2. Get write access method for the bucket
  3. Validate the token against the access method
  4. Validate that OBJECTNAME starts with photo/
  5. If necessary, presign an object URL for 30 minutes
  6. 307 redirect to presigned URL

Authentication

Token

The read/write token is checked against a simple string defined in the bucket.

OpenID Connect

Recommended IDP: dex

The read/write operation is gated by a signed key corresponding to allowed users defined in the bucket.

web

Generates the web interface for a photo bucket. Also updates the shared asset bucket on start.

Operations

POST /webhook

POST /update?bucket=BUCKET

Regenerate and upload index.html and manage/index.html to bucket.

indexer

Pointed to by a reverse proxy to handle the following paths on all buckets:

  • /
  • /manage/

GET /*

A proxy for all buckets, treats the URL as a directory and serves up directory + index.html.

thumbnail

Generate thumbnails from photo buckets. Registers webhooks.

Operations

POST /webhook

POST /update?bucket=BUCKET&photo=OBJECT

  1. Perform thumbnail generation using libvips (maybe limit?)
  2. Block until done