btw, this code isn't perfect. For example, there is no reason to use the expensive md5 hash. It's not like the browser is sending you path, width, and height and you need to re-hash them. Any random unique string would be fine. Also the key variable would sufficient as well. Yes, the url contains the parameters, but they can't be modified to create a new value. Only existing keys would be served.
The important part is to create some unique key to embed in the url so that later when the request comes in, you have a way to map it to the original resize command. The caching and batching pattern is described here http://nodebits.org/distilled-patterns On Tue, May 15, 2012 at 3:47 PM, Tim Caswell <[email protected]> wrote: > > > On Tue, May 15, 2012 at 2:46 PM, Alan Hoffmeister < > [email protected]> wrote: > >> Hey guyz, of course I need to validate, I just don't want to expose >> the dimensions. >> > > The thing is you have to expose the dimensions if the request coming from > a browser includes the dimensions. > > If you want to emulate what php is doing, it's easy enough. Basically > this would be a template helper that registers a new route when found. > > // load the createHash function from the crypto module > var createHash = require('crypto').createHash; > > // Keep a history of registered routes > var resizes = {}; > // Store an index by hash for url routing > var hashes = {}; > // Register a new resize command, export this as a template helper. > function resize(path, width, height) { > var key = path + width + "x" + height; // convert args to a unique string > if (resizes[key]) return resizes[key].url; // Check cache to see if it's > already registered > var hash = createHash("md5").update(key).digest("hex"); // calculate the > md5 hash of the key to hide the params > var entry = { > url: "/images/" + hash + ".png", > path: path, > width: width, > height: height > }; > // Store the object in the two tables. > resizes[key] = entry; > hashes[hash] = entry; > // return the url. > return entry.url; > } > > > Then later in your http request handler, add a route to handle these > requests. > > app.get("/images/:hash.png", function (req, res) { > var entry = hashes[req.params.hash]; > if (!entry) return doErrorHandling(); > resizeImage(entry, function (err, resizedPath) { > if (err) return doErrorHandling(); > }); > }); > > And here is some untested code that does caching and batching of the async > resize requests > > function resizeImage(entry, callback) { > // Check if it's been resized already > if (entry.resizedPath) { > return callback(null, entry.resizedPath); > } > // Check if there is already a pending resize operation on this object > if (entry.resizeQueue) { > return entry.resizeQueue.push(callback); > } > entry.resizeQueue = [callback]; > doRealResize(entry.path, entry.width, entry.height, function (err, > resizedPath) { > if (err) return callback(err); > var callbacks = entry.resizeQueue; > delete entry.resizeQueue; > entry.resizedPath = resizedPath; > callbacks.forEach(function (callback) { > callback(null, resizedPath); > }); > }); > } > > function doRealResize(path, width, height, callback) { > // Do actual resize and return the final filename's filepath > } > > -- >> Att, >> Alan Hoffmeister >> >> >> 2012/5/15 Duncan Gmail <[email protected]>: >> > You can POST the size as well as use GET. On the numbers, just >> validate the input - you should be doing this anyway for all inputted data, >> in all languages. >> > >> > - MRdNk >> > >> > On 15 May 2012, at 15:21, Alan Hoffmeister <[email protected]> >> wrote: >> > >> >> Marc, that would work, but I'm concerned about security... What if >> >> someone access the url /images/100000/100000/avatar.jpg ? >> >> >> >> -- >> >> Att, >> >> Alan Hoffmeister >> >> >> >> >> >> 2012/5/15 Marc Deschamps <[email protected]>: >> >>> I've done something like this using express: >> >>> >> >>> app.get('/images/:width/:height/:filename', routes.images.resize); >> >>> >> >>> Work great, in html i can do: >> >>> >> >>> <img src="/images/70/70/avatar.jpg"/> >> >>> >> >>> -- >> >>> Job Board: http://jobs.nodejs.org/ >> >>> Posting guidelines: >> >>> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >> >>> You received this message because you are subscribed to the Google >> >>> Groups "nodejs" group. >> >>> To post to this group, send email to [email protected] >> >>> To unsubscribe from this group, send email to >> >>> [email protected] >> >>> For more options, visit this group at >> >>> http://groups.google.com/group/nodejs?hl=en?hl=en >> >> >> >> -- >> >> Job Board: http://jobs.nodejs.org/ >> >> Posting guidelines: >> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >> >> You received this message because you are subscribed to the Google >> >> Groups "nodejs" group. >> >> To post to this group, send email to [email protected] >> >> To unsubscribe from this group, send email to >> >> [email protected] >> >> For more options, visit this group at >> >> http://groups.google.com/group/nodejs?hl=en?hl=en >> > >> > -- >> > Job Board: http://jobs.nodejs.org/ >> > Posting guidelines: >> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >> > You received this message because you are subscribed to the Google >> > Groups "nodejs" group. >> > To post to this group, send email to [email protected] >> > To unsubscribe from this group, send email to >> > [email protected] >> > For more options, visit this group at >> > http://groups.google.com/group/nodejs?hl=en?hl=en >> >> -- >> Job Board: http://jobs.nodejs.org/ >> Posting guidelines: >> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >> You received this message because you are subscribed to the Google >> Groups "nodejs" group. >> To post to this group, send email to [email protected] >> To unsubscribe from this group, send email to >> [email protected] >> For more options, visit this group at >> http://groups.google.com/group/nodejs?hl=en?hl=en >> > > -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
