From 37bd06e14271aa3ff69389939f27d7814479234d Mon Sep 17 00:00:00 2001 From: TomatoCake <60300461+DEVTomatoCake@users.noreply.github.com> Date: Sat, 22 Jun 2024 20:41:43 +0200 Subject: [PATCH] Add local image proxy using sharp/jimp pkgs --- package-lock.json | Bin 300713 -> 326795 bytes package.json | 1 + src/api/Server.ts | 4 +- src/api/middlewares/ImageProxy.ts | 143 ++++++++++++++++++++++++++++++ src/api/middlewares/index.ts | 1 + 5 files changed, 148 insertions(+), 1 deletion(-) create mode 100644 src/api/middlewares/ImageProxy.ts diff --git a/package-lock.json b/package-lock.json index 875aba1b5a898e35da28cc0a36d5a6278844ed5b..32582d06dfdf1235d7dd44174db10c86f3f94aad 100644 GIT binary patch delta 14842 zcmc(Gd8{kvbstDxNwzFmlC?a^vgP+A%dX4ZH!Ej`c4~{mZ8+RHoQ+Lw4`(N5<18Ew zTU$}mC5c_f%5^+{G^nGZEo#I~V>`u5iWab&7C{iei3&RbTC}!XplE`&h|r>oQM;WX z@4e)eL%{~e$DpAY|9|K#jrC&5?0d-BI84=zmG zd-{XdpZ+L#6NYa>@K=B9t(_O|&L)Amoz~igYeg77d*Dm(!#QC#=K-hr|I?g2E&NvD zX;xA@7)muj$MaoJDc2@A*00O!^+b}&V|j^LZhgprNPW57w5dS_@DT)CP5TvU#41#` z-x#*HtECfhqZ(0OcA*eNwh)}w{!XcK`rPhIqtLX1V;-OWv3uW|{XL!YvA9@)&c2>J zb@t$=?!C5ummCG5Yv*tK@Sg*3A~!2%&@Vl8k_(a6e*EO|lU#sYut#^_A-lesNtQnj zqHz{DnSjc0lx+K5ZNc(Tq|UdI+G;k!`fyRz2AG#jMV=q_0ggdQ*%ZbQ$N6+Xctd2F z$Zc`9apXzYsJn?iANYjYoQ-R#^z9=0zB|Y!Imzi<3ep$#lZT(5N1CSkI~7!J!Z*PS z1*jWSJM|<#I9~*BLfIBxtZJsEo`#91?%oJtH!C;Mi#0QFZP)hoR@&7Ypw%Rc_*GpFPBa#_OGc5&@Vd?fPV*x+sxU{V~#) z*ex$0UCtsUl*Rjr0K$~QEx;~bM|g=u77^aM_44V-`wHowc!hVRPyI^a11Fg#kbKME zl5cr#4C$|x3XffG`xE z1u^QZS}O!;y1p(_96+rSo6>}&+FqD-8XtDbxW#WUM{EtZ8P}+J zI}M(nzMSEEa)xzNOQG(`wZhTi%jPmpv;RkICK%b8(z>7rUjMH0nuEZCwGc>ruAXEo-Ljm26(fYzBD;`|6@n`&XOeH+rExcz0~Ko-)Ti~0V1yzF4QQ1dl$G(ik_<#u8Gt5kicwh;n(idf zB%0XFwhOm5poqW;aGx8Y?Ix}Ohs^=+Ao`A*OUHxWMDHZw+w(2;tVlPV)464yN#8rj z`OHo+hs7`x_h@t^^(L^k@XT$^hNGTHG-s$%hpRS(5oFldR4WavOMug@&YFb2n&LeX zs|V78AA+sgrV&$H%m7u_rutga7Qi43JkpL-s~Q4Tx;AImlGKRIwU_Ww$8L57Zd)0# zvlt%Cy@;U}aS+U>-f%{=AjG5vG)h1I?PBFmE7k)?dnTK{oI=>i6Z_-%{^Kpn*Q`8t zoNwBGd@LHz2^%OeqeW#g3;X6`#cFGANR#o<)LIT$g$Or7wa}$>RhKIg#q$+qHWx>W zb-k+fy!94$8OsX?7R+pXXdAoQV!At`e_GM*J&2aR0G_<_^2|MZMX=nzAIX&u4`Okf zj%`ev71Cpfja0U418ji?{RuCzI@{>EQkybp!>gBloauI(zSx+6{Fp z+XmP|x)Ri58L2P$4nFJbVeRq}gQxNN9k2VCb>vJh9PnO!M^5BUG`<>`+Z{|ecgwH) zNr5a`d!oA!i0at2$?p2>%m4ZiV_#)XYxRmbWy6Cyxh)t2(1rrmz|xs5z3E_6ZW0o% zIZ`l&W2#-*s#sESd$3|q5F2TONFwy!Sg_Uvz*n#`>d?^KHy8y*5Q?PhE(npr-kffG zOx}zt)`vLj>(a^sD^UCjp|mUJu>n{w*HNNR?>s_4D#%4X`++LB4`M{=ac=T0#L z&yv!w|Ao@QO3KFvZ%-f}`O}M;gN)qDoAe2KV#*t>i%Fx=synM;<@T10*^U{Slr)RM zu}@>Ds4Gah7EEQF6#O!RFX0V7mXrG0?g}DmNUYCv0y5H32C2URTe%H}IgS>J85&p4 z!IgNCuO1(S{rDgqyAbuZ!YEAFf>^dGIRa55Dr>YnX6^E*Nvx?>Y)Q7%T@uxxJQBt# zu5wL89jMGqKuxE)XAhfcCVco)Dc*Fd4=!yAIeMws!uzCjnM4|5356) z?=ZlE_C}H_Wqd5G&05|r^iC&z<&TQkZO{2__U_n)X_omz&t0~5bnf!eK`PdUE6~LC z@b-YLR<*}3vE@Lv96ecd=m6jZYU;MfShKxWhs=~2O9I>p%&Jzk>W$teESnD5 znd6Qn^?Dm;O$o#s3hqN29Y>*2m!cprr7N-V$`L&$I0}vzGe_zO zNNv7#hc=D1W;HDdHh?wH7;EE40zLN~$!Ml8f2;7sCG5F!K20YJOh+JmKRyy|P{#atqmX5M zSf5}c(OgJ1z%;jl;40o`*j`V8z*YcjqYA+cP;HO0Tdfuiv?M_m4X8S`K~!lsveBRg zD1(Y)W97{o-09m`@!O8%OTT-wbf|D#2_Ci-EDymWA00&F&>BC}%MI5KJ+=l`tBVOo zbec0(bD+4l#>$Rrqk{=u$9n()uQ%IXT^G93&3dpV<$+BvrqzUjdbOHu(rtzB3T+Gl z20xl(J&qoZ>)Vo*e(fv8YnOX>dK^9W1R0b$NO(DQBqqqXps#Mm=Gx(P$B<+Jm9=Fb zhG9fhnj43nP7_Q4F@C<(X3L6XQS653_mQNTf$#bNZ2CjoO;$~Q;xw1-dKO`zR`{cd zdF+EcKeNxLPYx0C3XaNFog?$y4G*%hGCp+-%G%fj-k?>+iG4sA_7*e?#D;5jMG^O5 zh?z%p#fhjgF5yIzheCBIEh>7`hhwp+;Nx)FTD2`ZOB6*wl&$1oo#-8)x#ddA>D<;b ze4Qhuk3u)mo6s(U{NS5#Qdy3?d;3w5;Qk}?_SN+3A1NFR{L1;=W7&fN?8iqMLI%ln zWR2!ir`>II<`Suo5o+GVVqsphTH1!80AK=v@FTgVpc&%isMgY^Rsgr! zT9@SXIPS4gca>z2dfsTao565Jh4aXm2L{*P3}C)LlNzXQR5}fQJt?cUZI4ELTbIOv z7()6RFzq)3qhGbVubXSUS*U&2Wr_D#nOVkil(t_vM!RI@pvc|uphs5Gji3sz`dHtf z79izw@TwMfNByNW4i^K@74;ffMUz1E0wJ)B$jn*{Ddtb8baO{FoA$i0pzDRK?@g#F;pArZ-|UMKP*4LM(peMdK|U>ZVCBZu`*c%od(T}7EuR=M1@mVvyGUk{ot zce}WCyU&uJ&r4xqtvP)Cp;Q+{mk98VlshbSM=D=^{-RoT zTWdOGTDK*;tg79fYUiELd28-&YG2m?F5S}Wi4mIi?m{#}W!O0?yG=rI*Um?tz4VU{ zKy-fz>^b?BO!oiiu=jlrQ+$M-I%TQXCBg*A3K-4awmb}#Ewo0Zny}?6s|vz48n8bn zD+{;F(Lmi05eOv9>SR0EblmlvZ9!emXM+rf6Vwh=ePC~Auep}E5I^JN{3<5>I#Md1 z7Xe;V8_m7`PNFa^yyXa9?XQ_aQ_Jtx^2d=-O{f?44Rn&wfm^R>wIw;>7%`bOreSYY z^{PGAG{q6P9)&`(5m3?;NmewCX^$bT`dF_xEm%c|-dM+(k>68j42$r^PN)YmaWr_h zNBO<#9wFamFZTD=&;5Mi$@A;@YdiOwU+(74clSIn&c$(8+)k9H)r9(_(3&*Y_0X*Z zShZ?yThxGC*Lv(4ueOE3JQ#8-E4GFki>HZ3lnmP)!R?Jung?tI6q9HgYAmhyC;dGN zJomlX)%)vN*nY1rZvS4_iRPDQKm4uPZvODae0%nn(XaaCH)q&;Wxo7i@lXNSt8-^# znL2mRgF4xSuE;#QblQ$-k*g{`6NX9F(m)vjHB4&Bf{I0r+O+3P(x1A9KJH)vmo$m) zNYC!w2#VqXr{5Kp#MEcvS`&x1Ar4`Ooa*eZPd-^fZtiZY@68Y0o{#hg|Ez=;ko1MW zTYysSpO;QE8tClC^Viv>2-Rks4^O0WSoTa#qEUS#wWNtU<0urYbq6la)&-0&E6td6 z0oa|<+m#j#pjB@LxjnSvRxo)aO@(GJ_NNBX@^n3Y;R^-etp7{*ef6=wapOBFyevI_ z_T1-A(ruJ17#_#mQ|#&UT{5a-jq9p zodhVmh{#0vD!bO}Ge!6t?)~|h` z@K4{C{?xSiNcum1yNJAd--~got|H0GIoY*l?1!gd`pTyY&u|l+;joUwjjO}PNa^u( zg{`f~6-^Fx1P2FOY&H%jTQAIReikyZ2AQymM>IMT>)2o$t~!kD*91xH_7QtF>L)s* zLi#=ldn$eI?I%yB-(D1Mq+j^e!acX_Unw+ZXTSVAK>D4#icg*W)o)*C=Wzn|+kB-m zZ=(>m+H4YU7-R+I_No^PqYj|Ca;#6qdaFNISd*-6dV00q+O|O=*uv6kyL4hxz^SDL z&d1HcLMO}~nWTkp7M@MPZRy>&{^8xl@85mbX)IaGRB9Bio&Dwez(*C=-pynhxpV8X5!m(NPmiQ2Gm@Z~9ijb9dS8U)7Dm}h|v(tqMw^nh5 zgT>y0^r)uGRs{=CS$^O()Y;lihHLnIbN<2o#r21ZrgnDyzdV^fxH>sGd+=VPrmnD@86k-Z&9L!ZzRP!19T3MTCYC$rOg+;ne)c1G?b;)DwdCyhuD()$9zE}v z$XGgmwP)u`Sq~MAW8fTGdo(q$d)pZh&8OkOX>KZf%^LtCk*C+fT4%~(4^s8%G&H27 zC3eQ+fe9g4tJiE~%^RJhDZ)*;?R7fS2BwPa4lBRkv?X0VU0ueS%jTi0Z5n6a{hRN( z^_8C~{*}_s*3W+CXOR^AO!4G_ot5jBJD04}tkvOc9Nb{zHPEZMlrm`|q&jVHD@dy* z*+$zM^$aTrx@aW|>~?EvbWBuOIi$Vljv*{6PX_Z5&aX{=Jbx%9n;YY3BYjL7 z@JRZvh=gxBGwhHZzJ`VuyKhk69&DSg%h9^x}xhs{JP6>ZF1Z#L#F2Ad-wU9Unzd=?I&8~ z$muKpzVLYZ`*#;l(*N|0BJhM6oaWP^>E=cJqfvU}tHozoE5;kF2THsk>g76FAC&3t zQf`9dEZ`(Fhgmx_(u(yBMUIVCSn*~9Eq8L$o22aJ z;SRX9{(A9aZ@Kr-e3m{Bm)?2y%Qui`4s-j4v>jttd(=MvtEFeT)tU`s8d+egIA|e@ z-ex(&;Z1rlcZ3*HHyxnG&ZKF<2 zS2|FM_t54n{N;z=ec8nn8&VkSSGwcSd~Zt`@;bUAf_5F08MiqgJHiZ;tl2{n8;-Wz zbm;_A;-0qvaCx09Hl}QCSfqtc{SH8*3)p8s$6R4zgYCN`r(y&|yWtJX!&%$Ky9rpq z>ywaIgT&Bw*m1T8SqFrByTsw*q`XeXumg=(!PeRT{=|(P5|JKw*Ihe=`Tqli-1^q< z6yZWC!-;w1FJ?jhPqK+e@)oc~j&{%6uQFw$XR9yXVENfrZ48^?bVzp5z7j}2*jY8% zO3?R_HN(M^)w0&vvP}*qDTmd%?Iei#)~FSCD^0cGR*^2!at(%>_iBp;7(o11DJ%Ok zbocKTAHR0bc}aU$lu!TUKNe2X|NN~Y@Z?dgJLBqTbPAn8zwiu4u*ujJZDrC(2#EBz znAEGWhBnJES7pnAJtUN-W7NpH7j0~AMzP6fT}z9RLDHK!JEm*I$X~8$0B<@gJ6^&; zA3_6nZ>s6n{-Ai@^ZDjw9h-;FJKMC+n?19J*UMhdU4!U(QT|j4WYgU3I+VQ=xy+*S zCejOuLa!FKqU83xU!8#|&iu{)(hPkhJz&EQ0zBb0b)R48V=9B67f1&i`*^h~j z-Fnx*E&lrTyY~)1eSt4tD`oEfOxi-%kK;h5-Q(eD9um^;{)f`jQ$B%6#6~m>n~z2| zTQQUx+L)jt5*}&|7AUtFB&m^jXY6j9NVpOtZVhLFT(=~=-)u9Jb+uCN^z31@HhRlp z7mMkzegNhVUO<_hoH=$FKUR9rt#1@dj&Rqm$uWKC7YmP{-S`Cf=suceobF$o=GukM zYW?e6uTM|IwJrlrqzem>lYKwHh`s|iARpXn7y@#Ga20wTsMQ?eYI#^~jZl3RRBN(B zN=#FAsm{oTi3nTiqY3CHO|Q+ILyZsp`O@beEiT<1AL&z%6v4N7($dY?$RB6Vf8l)` zYV=5Al%U(0tX2XvQL4h$^;R*r29ox`;2_c>22;Dff^ZC>)Gl0Z#@uvWw$!%TgOG+} zz_B)8xiL2q>YX9DMMFv4eLZmN8(wK$xbMPja??s5`fJ5U_o3!r{-YxBf!EsJj<+LY z+Zp63lz#cwi_fquI`O%HZPhKcGbDpfTO9Vg3#U4g)Rjaofh!?-@d) z5qa^{#eIRR=~A!Lb~&msW2zod5$4QF#z$H?#8f6cPwJr zG||yqZ(=MolOlkMJ9vf4m3}KTke|O+G|aP?|Le8%rH_}O2eR(?U6Vuh$XrhK?8VRB z;Og6!UjN zIlRv7r>;xkbt4SD;DZ1V$MH?avlqcl*|mZ5_gvRp|9aNpuUUE5InW1_}o&mgPpOpWbKYMcH7X9hc zZxo7qe$wy!T!y%ve^&(V-*IxmQF`MKO3$*>$#xsHCKJ2qGCbgAWzVc_VyKT~7w-6$ zWR&OaR$U!vw6NKT?U;#iF|G}3vVsdR(FN?vd_nTvAZr2dCT?G&=7}dI>5aFae6X1P zeCEMV7jLAW{cP#2x99I%7zS(>vYngzcv+JLL9zRc_a(?#dRGx@tE@Kz2WTmZY zfa3ElH&Gf89rQCcH39-bXJ(b#({duoS@ztNRi&a;CyOPzE%RZEosv;?WDL#f0$6A^ zIf_8L-xSffqtsf&4z=ux7w<~H{7UJ@ttb9gDLc|Pf-E^wnbk@39>yUhX zQ(egu!=+?hra^tp;>-ZDL>8V25u;fkI%n#Yp|@^Ot%R;GlmX@1BVn@`TXmAfaFNH* z(N@F(uG6IO7M%Y4qHrzkeXI1*TMz$X=?~>%hTgwiDm+?(&VQP6e_lMyRFOY2*Pj1E zh3hP4a<$uW!$>hV#Jn$&d{)KiM=J~^eVT6tP#NVwONjaQcotLTUe=_CD{f6RvIZGh z8aAU~GO7YPw%{6LdqxPuCFJZw_PvMZ<+GO_cr5)%;sk!|^4BywJ}!P*lRo!@;96*V}0;U|iZr9iU?J-91OXKd`AS;D_7u(4%# z>5$bH<&Dz=&u`Cx$|cmy^7*IVee0jBPk!^>^e5rc6L%rmO$D63_`(VH z&fV{nGR}?@v+QtZ>$%;s&6Q!cSWJ+RmW;%^q4ii+4RsD=k+uV+oLdOKP1gDRx0AzE)vDmKUK zP=97y2D#2|Ll<%|R3=Me;&-Bj8}bP)*;?XzWxgZtasFUmc**ti$*lNt2&zX(`$2h^ zApAIT?v``lodx7e;Qf}1*qs``UAmF}{)bPH(~BwfIGpEVzFwG5YrmCM3Yxy$jp=Et zf<~D)8}x-0EM#d{Cn1O}z19YB!&cn!I>EDk6uKOaCM=dHd^GG1`iW)_7fM2or`h#{ ziGcwqf=to@+u%;;Cpl`!oqGC#VG(&KAMITF{zX<=gq|us!zuo#yq zjPAp*?L{qW)m7#UfmF=e*k|iF(t}$SemQqL69q#g6M#h>>p+XGsf}7)3LZ?mWm(g$ z<^DGa*t45lad~3_cF=nE?eoaAGTgG;5eQ15dyC~X_x$&qucaVx@_6RezWd)x@Dm66 zy&lisoVgijbMjtJYgj=CShkuQT<@*tsw{(mYxLR`P>b}jNB9Y~?N1}Vx@IJ(O@o5S xcO4^OH@Iu6NV`gu{R)=lkR6spmqv)f6NFwLTH!Y7r|JPQT9@$61TU8dMFJj|)K>x^R#jLwb4PV; zc6M=7VOVEmOGj06XIfWrV^w)cSXwW3T2yjuQdBQ#Z(?anXh%#idQ3EAGjDT9YBP0l zY;0FbODkzBb7^=)Q!g_^PgX@wMq+hvMtOIa!JPyolMwwKx7O#*W}w{407 zjz5>$w*(iLJ^ceSx0}lXIs>;Z&;p1iw;A~Yx(>JJ2m@RQx1SXQG6A>Q7Xud;xBf5# zvLLtpQUh#Qw{WZjlNGlF!vl2zw`9o!ix;H{7Wl}H2)m*w^Z z6qj%X0R)$j$N?|4Dg@Fomog>-F_$ee1QM5zCITW=F=9hgMN?KbPibT4jVb9Y%|D|AaXSu$dDX;n;WWHc*gZgDX+P*^K& zaZyA=H&14CH&<(SW0QetAPH=8buD9IV`ycQQP38X+}sV9%`yaD1Z{R@a+mM*0r!_Y yfr=F3%8c?1oa7rL%@On diff --git a/package.json b/package.json index ac42c767..7f466e44 100644 --- a/package.json +++ b/package.json @@ -117,6 +117,7 @@ }, "optionalDependencies": { "erlpack": "^0.1.4", + "jimp": "^0.22.12", "mysql": "^2.18.1", "nodemailer-mailgun-transport": "^2.1.5", "nodemailer-mailjet-transport": "github:n0script22/nodemailer-mailjet-transport", diff --git a/src/api/Server.ts b/src/api/Server.ts index 472ab1d6..0f5df490 100644 --- a/src/api/Server.ts +++ b/src/api/Server.ts @@ -34,7 +34,7 @@ import "missing-native-js-functions"; import morgan from "morgan"; import path from "path"; import { red } from "picocolors"; -import { Authentication, CORS } from "./middlewares/"; +import { Authentication, CORS, ImageProxy } from "./middlewares/"; import { BodyParser } from "./middlewares/BodyParser"; import { ErrorHandler } from "./middlewares/ErrorHandler"; import { initRateLimits } from "./middlewares/RateLimit"; @@ -137,6 +137,8 @@ export class SpacebarServer extends Server { app.use("/api/v9", api); app.use("/api", api); // allow unversioned requests + app.use("/imageproxy/:hash/:size/:url", ImageProxy); + app.get("/", (req, res) => res.sendFile(path.join(PUBLIC_ASSETS_FOLDER, "index.html")), ); diff --git a/src/api/middlewares/ImageProxy.ts b/src/api/middlewares/ImageProxy.ts new file mode 100644 index 00000000..2fa97660 --- /dev/null +++ b/src/api/middlewares/ImageProxy.ts @@ -0,0 +1,143 @@ +/* + Spacebar: A FOSS re-implementation and extension of the Discord.com backend. + Copyright (C) 2023 Spacebar and Spacebar Contributors + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +import { Config } from "@spacebar/util"; +import { Request, Response } from "express"; +import { yellow } from "picocolors"; +import crypto from "crypto"; +import fetch from "node-fetch"; + +let sharp: undefined | false | { default: typeof import("sharp") } = undefined; +let Jimp: undefined | false | typeof import("jimp") = undefined; + +const sharpSupported = new Set([ + "image/jpeg", + "image/png", + "image/bmp", + "image/tiff", + "image/gif", + "image/webp", + "image/avif", + "image/svg+xml", +]); +const jimpSupported = new Set([ + "image/jpeg", + "image/png", + "image/bmp", + "image/tiff", + "image/gif", +]); +const resizeSupported = new Set([...sharpSupported, ...jimpSupported]); + +export async function ImageProxy(req: Request, res: Response) { + const path = req.originalUrl.split("/").slice(2); + + const secret = Config.get().security.requestSignature; + + // src/api/util/utility/EmbedHandlers.ts getProxyUrl + const hash = crypto + .createHmac("sha1", secret) + .update(path.slice(1).join("/")) + .digest("base64") + .replace(/\+/g, "-") + .replace(/\//g, "_"); + + try { + if (!crypto.timingSafeEqual(Buffer.from(hash), Buffer.from(path[0]))) throw new Error("Invalid signature"); + } catch { + console.log("Invalid signature, expected " + hash + " got " + path[0]); + res.status(403).send("Invalid signature"); + return; + } + + const abort = new AbortController(); + setTimeout(() => abort.abort(), 5000); + + const request = await fetch(path.slice(2).join("/"), { + headers: { + "User-Agent": "SpacebarImageProxy/1.0.0 (https://spacebar.chat)", + }, + signal: abort.signal, + }).catch((e) => { + if (e.name === "AbortError") res.status(504).send("Request timed out"); + else res.status(500).send("Unable to proxy origin: " + e.message); + }); + if (!request) return; + + if (request.status !== 200) { + res.status(request.status).send("Origin failed to respond: " + request.status + " " + request.statusText); + return; + } + + if (!request.headers.get("Content-Type") || !request.headers.get("Content-Length")) { + res.status(500).send("Origin did not provide a Content-Type or Content-Length header"); + return; + } + + // @ts-expect-error TS doesn't believe that the header cannot be null (it's checked for falsiness above) + if (parseInt(request.headers.get("Content-Length")) > 1024 * 1024 * 10) { + res.status(500).send("Origin provided a Content-Length header that is too large"); + return; + } + + // @ts-expect-error TS doesn't believe that the header cannot be null (it's checked for falsiness above) + let contentType: string = request.headers.get("Content-Type"); + + const arrayBuffer = await request.arrayBuffer(); + let resultBuffer = Buffer.from(arrayBuffer); + + if (/^\d+x\d+$/.test(path[1]) && resizeSupported.has(contentType)) { + if (sharp !== false) { + try { + sharp = await import("sharp"); + } catch (e) { + sharp = false; + } + } + if (sharp === false && Jimp !== false) { + try { + // @ts-expect-error Typings don't fit + Jimp = await import("jimp"); + } catch { + Jimp = false; + console.log(`[ImageProxy] ${yellow("Neither \"sharp\" or \"jimp\" NPM packages are installed, image resizing will be disabled")}`); + } + } + + const [width, height] = path[1].split("x").map((x) => parseInt(x)); + + const buffer = Buffer.from(arrayBuffer); + if (sharp && sharpSupported.has(contentType)) { + resultBuffer = await sharp.default(buffer) + // Sharp doesn't support "scaleToFit" + .resize(width) + .toBuffer(); + } else if (Jimp && jimpSupported.has(contentType)) { + resultBuffer = await Jimp.read(buffer).then((image) => { + contentType = image.getMIME(); + // @ts-expect-error Jimp is defined at this point + return image.scaleToFit(width, height).getBufferAsync(Jimp.AUTO); + }); + } + } + + res.header("Content-Type", contentType); + res.setHeader("Cache-Control", "public, max-age=" + (1000 * 60 * 60 * 24)); + + res.send(resultBuffer); +} diff --git a/src/api/middlewares/index.ts b/src/api/middlewares/index.ts index 6384e1aa..9fd617f6 100644 --- a/src/api/middlewares/index.ts +++ b/src/api/middlewares/index.ts @@ -21,3 +21,4 @@ export * from "./BodyParser"; export * from "./CORS"; export * from "./ErrorHandler"; export * from "./RateLimit"; +export * from "./ImageProxy";