Answer the question
In order to leave comments, you need to log in
How to build on-the-fly image creation logic in a distributed system?
Greetings, %name%.
How to correctly build the logic of a secure mechanism for creating images on the fly?
In my architecture, all images are served from a separate domain.
For example img.site.com/user/ab/cd/abcd22352435245.jpg
You need to be able to get thumbnails of dynamic sizes.
In the course of reflection, I came up with this recipe:
1. In the link to the image, you can specify what we want.
For example: img.site.com/user/ab/cd/[email protected]
2. Next, Nginx tries to find the file, and if it doesn't find it, it redirects to the php handler.
3. The handler generates an image and gives it to the client after saving it to disk so that the next time php does not start.
But there is one drawback in all this - you can fill the server with copies of the image from the client.
Alternatively, you can allow only certain sizes to be generated. But I will not specify the allowed sizes for each picture.
It was also an idea when building an html response to collect all the paths of the images required on the page and from the server, before returning the html client, send an API request to the image server with the "Create these sizes" command. But this will greatly slow down the responses to the client.
The third option I consider is encryption in the name of the picture of data about its original and the required dimensions.
For example, there is a file: http://img.site.com/cache/{base64hash}.jpg
{base64hash} is a hash that says "/path/to/origin.jpg:100x100:salt"
If Nginx sees that there is no picture, it will transfer the work to php and the name will be decrypted there, we will understand what is required, create a file and give the picture. Will there be problems with the length of the file name?
How to solve this problem competently, taking into account all the nuances?
Answer the question
In order to leave comments, you need to log in
In the end, I decided to go the third way.
The image name is a base64 string that contains the path to the original and checksums to check the correctness of the data.
The flight is normal, I like the decision)
you can set a token in the session, and pass it to the URL to generate the image. For example, like this:
img.site.com/user/ab/cd/abcd22352435245_100x100.jpg?token=qwerjwehtrklewkasldkjqw34723452 The
token is generated like this: md5( $image_name . $salt) . That is, we hash the concatenation of the file name with a secret salt so that it cannot be generated from the outside. Thus, if the token is not correct, the image will not be generated.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question