Merge pull request #152 from humanmade/add-parameter-validation

Add parameter validation and provide additional information to response header about the error

Author: jerico

index.js

@@ -125,6 +125,82 @@ module.exports.resizeBuffer = async function(buffer, args, callback) {
 			}
 		}
 
+		// validate args, remove from the object if not valid
+		var errors = [];
+
+		if (args.w) {
+			if (!/^[1-9]\d*$/.test(args.w)) {
+				delete args.w;
+				errors.push("w arg is not valid");
+			}
+		}
+		if (args.h) {
+			if (!/^[1-9]\d*$/.test(args.h)) {
+				delete args.h;
+				errors.push("h arg is not valid");
+			}
+		}
+		if (args.quality) {
+			if (!/^[0-9]{1,3}$/.test(args.quality) || args.quality < 0 || args.quality > 100) {
+				delete args.quality;
+				errors.push("quality arg is not valid");
+			}
+		}
+		if (args.resize) {
+			if (!/^\d+(px)?,\d+(px)?$/.test(args.resize)) {
+				delete args.resize;
+				errors.push("resize arg is not valid");
+			}
+		}
+		if (args.crop_strategy) {
+			if (!/^(smart|entropy|attention)$/.test(args.crop_strategy)) {
+				delete args.crop_strategy;
+				errors.push("crop_strategy arg is not valid");
+			}
+		}
+		if (args.gravity) {
+			if (!/^(north|northeast|east|southeast|south|southwest|west|northwest|center)$/.test(args.gravity)) {
+				delete args.gravity;
+				errors.push("gravity arg is not valid");
+			}
+		}
+		if (args.fit) {
+			if (!/^\d+(px)?,\d+(px)?$/.test(args.fit)) {
+				delete args.fit;
+				errors.push("fit arg is not valid");
+			}
+		}
+		if (args.crop) {
+			if (!/^\d+(px)?,\d+(px)?,\d+(px)?,\d+(px)?$/.test(args.crop)) {
+				delete args.crop;
+				errors.push("crop arg is not valid");
+			}
+		}
+		if (args.zoom) {
+			if (!/^\d+(\.\d+)?$/.test(args.zoom)) {
+				delete args.zoom;
+				errors.push("zoom arg is not valid");
+			}
+		}
+		if (args.webp) {
+			if (!/^0|1|true|false$/.test(args.webp)) {
+				delete args.webp;
+				errors.push("webp arg is not valid");
+			}
+		}
+		if (args.lb) {
+			if (!/^\d+(px)?,\d+(px)?$/.test(args.lb)) {
+				delete args.lb;
+				errors.push("lb arg is not valid");
+			}
+		}
+		if (args.background) {
+			if (!/^#[a-f0-9]{3}[a-f0-9]{3}?$/.test(args.background)) {
+				delete args.background;
+				errors.push("background arg is not valid");
+			}
+		}
+
 		// crop (assumes crop data from original)
 		if (args.crop) {
 			var cropValues =
@@ -254,6 +330,9 @@ module.exports.resizeBuffer = async function(buffer, args, callback) {
 					info.size = data.length;
 				}
 
+				// add invalid args
+				info.errors = errors.join(';');
+
 				callback && callback(null, data, info);
 				resolve({ data, info });
 			});

lambda-handler.js

@@ -55,6 +55,11 @@ exports.handler = function(event, context, callback) {
 			body: Buffer.from(data).toString('base64'),
 			isBase64Encoded: true,
 		};
+
+		if (info.errors) {
+			resp.headers["X-Tachyon-Errors"] = info.errors;
+		}
+
 		callback(null, resp);
 
 		data = null;

server.js

@@ -82,11 +82,15 @@ http.createServer( function( request, response ) {
 			}
 			return callback( err );
 		}
-		response.writeHead( 200, {
+		var resp = {
 			'Content-Type': 'image/' + info.format,
 			'Content-Length': info.size,
 			'Cache-Control': 'public, max-age=31557600',
-		} );
+		}
+		if (info.errors) {
+			resp["X-Tachyon-Errors"] = info.errors;
+		}
+		response.writeHead( 200, resp );
 		response.write( data );
 		return response.end();
 	} );

test-filesize/fixtures.json

@@ -1,27 +1,27 @@
 {
-    "briefing-copywriting.jpg-original.jpeg": 115390,
-    "briefing-copywriting.jpg-small.jpeg": 3092,
-    "briefing-copywriting.jpg-medium.jpeg": 9584,
-    "briefing-copywriting.jpg-large.jpeg": 29223,
-    "briefing-copywriting.jpg-webp.webp": 15660,
-    "hdr.jpg-original.jpeg": 149042,
-    "hdr.jpg-small.jpeg": 10589,
-    "hdr.jpg-medium.jpeg": 24100,
-    "hdr.jpg-large.jpeg": 87533,
-    "hdr.jpg-webp.webp": 82784,
+    "hdr.jpg-original.jpeg": 148964,
+    "hdr.jpg-small.jpeg": 10632,
+    "hdr.jpg-medium.jpeg": 24387,
+    "hdr.jpg-large.jpeg": 87555,
+    "hdr.jpg-webp.webp": 82710,
     "Website.png-original.png": 34589,
-    "Website.png-small.png": 3420,
-    "Website.png-medium.png": 13778,
+    "Website.png-small.png": 3343,
+    "Website.png-medium.png": 13591,
     "Website.png-large.png": 34589,
     "Website.png-webp.webp": 20288,
+    "briefing-copywriting.jpg-original.jpeg": 115372,
+    "briefing-copywriting.jpg-small.jpeg": 3063,
+    "briefing-copywriting.jpg-medium.jpeg": 9541,
+    "briefing-copywriting.jpg-large.jpeg": 29281,
+    "briefing-copywriting.jpg-webp.webp": 15776,
     "icons.png-original.png": 28026,
-    "icons.png-small.png": 3948,
-    "icons.png-medium.png": 11212,
-    "icons.png-large.png": 26372,
-    "icons.png-webp.webp": 24816,
-    "humans.png-original.png": 873684,
-    "humans.png-small.png": 9175,
-    "humans.png-medium.png": 56093,
-    "humans.png-large.png": 279635,
-    "humans.png-webp.webp": 141340
-}
+    "icons.png-small.png": 3987,
+    "icons.png-medium.png": 11580,
+    "icons.png-large.png": 27584,
+    "icons.png-webp.webp": 24500,
+    "humans.png-original.png": 873673,
+    "humans.png-small.png": 9162,
+    "humans.png-medium.png": 55961,
+    "humans.png-large.png": 280452,
+    "humans.png-webp.webp": 142528
+}