Merge pull request #152 from humanmade/add-parameter-validation

Add parameter validation and provide additional information to response header about the error
humanmade · Sep 5, 2022 · 70aa2ce · 70aa2ce
2 parents 824b7b8 + 625cf8a
commit 70aa2ce
Show file tree

Hide file tree

Showing 4 changed files with 112 additions and 24 deletions.
diff --git a/index.js b/index.js
@@ -125,6 +125,82 @@ module.exports.resizeBuffer = async function(buffer, args, callback) {
  }
  }
 
+ // validate args, remove from the object if not valid
+ var errors = [];
+
+ if (args.w) {
+ if (!/^[1-9]\d*$/.test(args.w)) {
+ delete args.w;
+ errors.push("w arg is not valid");
+ }
+ }
+ if (args.h) {
+ if (!/^[1-9]\d*$/.test(args.h)) {
+ delete args.h;
+ errors.push("h arg is not valid");
+ }
+ }
+ if (args.quality) {
+ if (!/^[0-9]{1,3}$/.test(args.quality) || args.quality < 0 || args.quality > 100) {
+ delete args.quality;
+ errors.push("quality arg is not valid");
+ }
+ }
+ if (args.resize) {
+ if (!/^\d+(px)?,\d+(px)?$/.test(args.resize)) {
+ delete args.resize;
+ errors.push("resize arg is not valid");
+ }
+ }
+ if (args.crop_strategy) {
+ if (!/^(smart|entropy|attention)$/.test(args.crop_strategy)) {
+ delete args.crop_strategy;
+ errors.push("crop_strategy arg is not valid");
+ }
+ }
+ if (args.gravity) {
+ if (!/^(north|northeast|east|southeast|south|southwest|west|northwest|center)$/.test(args.gravity)) {
+ delete args.gravity;
+ errors.push("gravity arg is not valid");
+ }
+ }
+ if (args.fit) {
+ if (!/^\d+(px)?,\d+(px)?$/.test(args.fit)) {
+ delete args.fit;
+ errors.push("fit arg is not valid");
+ }
+ }
+ if (args.crop) {
+ if (!/^\d+(px)?,\d+(px)?,\d+(px)?,\d+(px)?$/.test(args.crop)) {
+ delete args.crop;
+ errors.push("crop arg is not valid");
+ }
+ }
+ if (args.zoom) {
+ if (!/^\d+(\.\d+)?$/.test(args.zoom)) {
+ delete args.zoom;
+ errors.push("zoom arg is not valid");
+ }
+ }
+ if (args.webp) {
+ if (!/^0|1|true|false$/.test(args.webp)) {
+ delete args.webp;
+ errors.push("webp arg is not valid");
+ }
+ }
+ if (args.lb) {
+ if (!/^\d+(px)?,\d+(px)?$/.test(args.lb)) {
+ delete args.lb;
+ errors.push("lb arg is not valid");
+ }
+ }
+ if (args.background) {
+ if (!/^#[a-f0-9]{3}[a-f0-9]{3}?$/.test(args.background)) {
+ delete args.background;
+ errors.push("background arg is not valid");
+ }
+ }
+
  // crop (assumes crop data from original)
  if (args.crop) {
  var cropValues =
@@ -254,6 +330,9 @@ module.exports.resizeBuffer = async function(buffer, args, callback) {
  info.size = data.length;
  }
 
+ // add invalid args
+ info.errors = errors.join(';');
+
  callback && callback(null, data, info);
  resolve({ data, info });
  });

diff --git a/lambda-handler.js b/lambda-handler.js
@@ -55,6 +55,11 @@ exports.handler = function(event, context, callback) {
  body: Buffer.from(data).toString('base64'),
  isBase64Encoded: true,
  };
+
+ if (info.errors) {
+ resp.headers["X-Tachyon-Errors"] = info.errors;
+ }
+
  callback(null, resp);
 
  data = null;

diff --git a/server.js b/server.js
@@ -82,11 +82,15 @@ http.createServer( function( request, response ) {
  }
  return callback( err );
  }
- response.writeHead( 200, {
+ var resp = {
  'Content-Type': 'image/' + info.format,
  'Content-Length': info.size,
  'Cache-Control': 'public, max-age=31557600',
- } );
+ }
+ if (info.errors) {
+ resp["X-Tachyon-Errors"] = info.errors;
+ }
+ response.writeHead( 200, resp );
  response.write( data );
  return response.end();
  } );

diff --git a/test-filesize/fixtures.json b/test-filesize/fixtures.json
@@ -1,27 +1,27 @@
 {
- "briefing-copywriting.jpg-original.jpeg": 115390,
- "briefing-copywriting.jpg-small.jpeg": 3092,
- "briefing-copywriting.jpg-medium.jpeg": 9584,
- "briefing-copywriting.jpg-large.jpeg": 29223,
- "briefing-copywriting.jpg-webp.webp": 15660,
- "hdr.jpg-original.jpeg": 149042,
- "hdr.jpg-small.jpeg": 10589,
- "hdr.jpg-medium.jpeg": 24100,
- "hdr.jpg-large.jpeg": 87533,
- "hdr.jpg-webp.webp": 82784,
+ "hdr.jpg-original.jpeg": 148964,
+ "hdr.jpg-small.jpeg": 10632,
+ "hdr.jpg-medium.jpeg": 24387,
+ "hdr.jpg-large.jpeg": 87555,
+ "hdr.jpg-webp.webp": 82710,
  "Website.png-original.png": 34589,
- "Website.png-small.png": 3420,
- "Website.png-medium.png": 13778,
+ "Website.png-small.png": 3343,
+ "Website.png-medium.png": 13591,
  "Website.png-large.png": 34589,
  "Website.png-webp.webp": 20288,
+ "briefing-copywriting.jpg-original.jpeg": 115372,
+ "briefing-copywriting.jpg-small.jpeg": 3063,
+ "briefing-copywriting.jpg-medium.jpeg": 9541,
+ "briefing-copywriting.jpg-large.jpeg": 29281,
+ "briefing-copywriting.jpg-webp.webp": 15776,
  "icons.png-original.png": 28026,
- "icons.png-small.png": 3948,
- "icons.png-medium.png": 11212,
- "icons.png-large.png": 26372,
- "icons.png-webp.webp": 24816,
- "humans.png-original.png": 873684,
- "humans.png-small.png": 9175,
- "humans.png-medium.png": 56093,
- "humans.png-large.png": 279635,
- "humans.png-webp.webp": 141340
-}
+ "icons.png-small.png": 3987,
+ "icons.png-medium.png": 11580,
+ "icons.png-large.png": 27584,
+ "icons.png-webp.webp": 24500,
+ "humans.png-original.png": 873673,
+ "humans.png-small.png": 9162,
+ "humans.png-medium.png": 55961,
+ "humans.png-large.png": 280452,
+ "humans.png-webp.webp": 142528
+}