artifact URL Support ala thumbor

Hi Doomspork,

I might take a look at signing and url support ala thumbor? https://github.com/thumbor/thumbor/wiki/Security

Obviously we'll just keep the predefined generation profiles and generate a signature on them and the url.

Thoughts?

Apr 06 '16 15:04 aphillipo

Heck yeah, please do @aphillipo!

Let me know if I can do anything to help :grinning:

Apr 06 '16 17:04 doomspork

[ ] match on the name if it begins with http(s):// for now
[ ] HTTPoison for making the request
[ ] Seems we should maybe use poolboy for requesting images, block until we get a return.

Apr 08 '16 18:04 aphillipo

@aphillipo I was thinking about this some more. Are you sure this is something that would impact us? One of the decision I made that deviate from Thumbor/Dragonfly was the use of pre-defined and configured formats. My reasoning for that decision was to a) avoid people requesting whatever they wanted (as outlined in your link) and b) to keep urls simple, readable, and short.

Apr 15 '16 05:04 doomspork

Okay so following that maybe the config can include a list of domains/paths that we allow you to load an image from; for example cdns or s3 etc. and obviously that'll do away with the need for signing. We'd need to make sure that query strings are filtered otherwise you might be able to make an infinite number of the same image.

Apr 15 '16 09:04 aphillipo

That makes sense @aphillipo, good thinking :+1:

Apr 15 '16 15:04 doomspork

How are things coming @aphillipo? Do you want me to jump into this?

Jun 13 '16 16:06 doomspork

Hmmm. Thanks for the heads up, it'd be good if you do it because I'm so busy right now.

I think we should have a discussion about caching the output. Are you sure you don't want it in there?

Be cool to have an on filesystem cache and s3 cache?

Jun 13 '16 16:06 aphillipo