On Tue, May 15, 2012 at 2:46 PM, Alan Hoffmeister <[email protected]
> wrote:
> Hey guyz, of course I need to validate, I just don't want to expose
> the dimensions.
>
The thing is you have to expose the dimensions if the request coming from a
browser includes the dimensions.
If you want to emulate what php is doing, it's easy enough. Basically this
would be a template helper that registers a new route when found.
// load the createHash function from the crypto module
var createHash = require('crypto').createHash;
// Keep a history of registered routes
var resizes = {};
// Store an index by hash for url routing
var hashes = {};
// Register a new resize command, export this as a template helper.
function resize(path, width, height) {
var key = path + width + "x" + height; // convert args to a unique string
if (resizes[key]) return resizes[key].url; // Check cache to see if it's
already registered
var hash = createHash("md5").update(key).digest("hex"); // calculate the
md5 hash of the key to hide the params
var entry = {
url: "/images/" + hash + ".png",
path: path,
width: width,
height: height
};
// Store the object in the two tables.
resizes[key] = entry;
hashes[hash] = entry;
// return the url.
return entry.url;
}
Then later in your http request handler, add a route to handle these
requests.
app.get("/images/:hash.png", function (req, res) {
var entry = hashes[req.params.hash];
if (!entry) return doErrorHandling();
resizeImage(entry, function (err, resizedPath) {
if (err) return doErrorHandling();
});
});
And here is some untested code that does caching and batching of the async
resize requests
function resizeImage(entry, callback) {
// Check if it's been resized already
if (entry.resizedPath) {
return callback(null, entry.resizedPath);
}
// Check if there is already a pending resize operation on this object
if (entry.resizeQueue) {
return entry.resizeQueue.push(callback);
}
entry.resizeQueue = [callback];
doRealResize(entry.path, entry.width, entry.height, function (err,
resizedPath) {
if (err) return callback(err);
var callbacks = entry.resizeQueue;
delete entry.resizeQueue;
entry.resizedPath = resizedPath;
callbacks.forEach(function (callback) {
callback(null, resizedPath);
});
});
}
function doRealResize(path, width, height, callback) {
// Do actual resize and return the final filename's filepath
}
--
> Att,
> Alan Hoffmeister
>
>
> 2012/5/15 Duncan Gmail <[email protected]>:
> > You can POST the size as well as use GET. On the numbers, just validate
> the input - you should be doing this anyway for all inputted data, in all
> languages.
> >
> > - MRdNk
> >
> > On 15 May 2012, at 15:21, Alan Hoffmeister <[email protected]>
> wrote:
> >
> >> Marc, that would work, but I'm concerned about security... What if
> >> someone access the url /images/100000/100000/avatar.jpg ?
> >>
> >> --
> >> Att,
> >> Alan Hoffmeister
> >>
> >>
> >> 2012/5/15 Marc Deschamps <[email protected]>:
> >>> I've done something like this using express:
> >>>
> >>> app.get('/images/:width/:height/:filename', routes.images.resize);
> >>>
> >>> Work great, in html i can do:
> >>>
> >>> <img src="/images/70/70/avatar.jpg"/>
> >>>
> >>> --
> >>> Job Board: http://jobs.nodejs.org/
> >>> Posting guidelines:
> >>> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
> >>> You received this message because you are subscribed to the Google
> >>> Groups "nodejs" group.
> >>> To post to this group, send email to [email protected]
> >>> To unsubscribe from this group, send email to
> >>> [email protected]
> >>> For more options, visit this group at
> >>> http://groups.google.com/group/nodejs?hl=en?hl=en
> >>
> >> --
> >> Job Board: http://jobs.nodejs.org/
> >> Posting guidelines:
> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
> >> You received this message because you are subscribed to the Google
> >> Groups "nodejs" group.
> >> To post to this group, send email to [email protected]
> >> To unsubscribe from this group, send email to
> >> [email protected]
> >> For more options, visit this group at
> >> http://groups.google.com/group/nodejs?hl=en?hl=en
> >
> > --
> > Job Board: http://jobs.nodejs.org/
> > Posting guidelines:
> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
> > You received this message because you are subscribed to the Google
> > Groups "nodejs" group.
> > To post to this group, send email to [email protected]
> > To unsubscribe from this group, send email to
> > [email protected]
> > For more options, visit this group at
> > http://groups.google.com/group/nodejs?hl=en?hl=en
>
> --
> Job Board: http://jobs.nodejs.org/
> Posting guidelines:
> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
> You received this message because you are subscribed to the Google
> Groups "nodejs" group.
> To post to this group, send email to [email protected]
> To unsubscribe from this group, send email to
> [email protected]
> For more options, visit this group at
> http://groups.google.com/group/nodejs?hl=en?hl=en
>
--
Job Board: http://jobs.nodejs.org/
Posting guidelines:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
