epochtalk-image-server
v0.1.0
Published
The image-server is stand-alone server that proxies images from either an S3 instance or from hotlinks. This server only proxies resources so images must be uploaded using another service or manually. The server only exposes one route: http://host/{s3/hot
Downloads
5
Readme
image-server
The image-server is stand-alone server that proxies images from either an S3 instance or from hotlinks. This server only proxies resources so images must be uploaded using another service or manually. The server only exposes one route: http://host/{s3/hotlink}/{image_filename/encrypted_url} which will use the path parameters to determine the location of the image url. It will then proxy that image url to the requestor.
This was created as a way to host images on a separate domain or sub-domain so that any image based vulnerabilities are separated away and cannot reach the cookies/session storage of the main server.
Hotlinks
http://host/ + (sha1 hash of the word 'hotlink') + / + (aes-256-cbc encipher of the hotlinked url)
The default case for hotlinks is to try and build a S3 URL from the second path parameter and test to see if it exists on the S3 instance. If this doesn't work, then it will decipher the second path parameter to get the original hotlink url and will proxy that resource to the requestor. The encryption used on the second path parameter is AES-256-CBC.
S3 bucket resource
http://host/ + (sha1 hash of the word 's3') + / + (S3 resource filename)
If the first path parameter is set to S3, then the server will create an S3 URL using the second path parametr and proxy that resource.
Dependencies
It uses Hapi.js as a HTTP server, good for logging, and mkdirp to create the directories for the log files. Request is also used to test if files exists on S3 but the proxying is done through Hapi.
Configs
port: The port the server should be run on
logEnabled: Enbable/Disable good logging
privateKey: Do I really need to explain this?
bucketUrl: The base url of your S3 Bucket