Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Node.js image to safely embed user content #9

Merged
merged 3 commits into from
Sep 2, 2023
Merged

Node.js image to safely embed user content #9

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8dddac2
Node.js image proxy & unified plugin to safely embed user content
Murderlon Jul 6, 2023
b592739
Update
Murderlon Sep 1, 2023
daac133
yarn format
Murderlon Sep 1, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
116 changes: 116 additions & 0 deletions text/0005-camo-image-proxy.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
* 2023-07-04
* Scope: new repository
* RFC PR: <!-- leave this empty -->
* Implementation issue(s): <!-- leave this empty -->

# Summary

A new Node.js HTTP proxy to route images through SSL, compatible with unified
plugins, to safely embed user content on the web.

Implementation would be done by me and would require funds from Open Collective.

## Motivation

Unified has put a lot of effort in providing similar markdown support as GitHub.
The latest project, [`rehype-github`][], takes this even further in order to
support processing user content for safe use on the web, just as GitHub does.

There is a missing piece in safely authoring user content: images.

> An HTTPS page that includes content fetched using cleartext HTTP is called a
> mixed content page. Pages like this are only partially encrypted, leaving the
> unencrypted content accessible to sniffers and man-in-the-middle attackers.
> — [MDN](https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content)

Developers aware of this problem, who are using Go or are willing to run a Go
server, can use the well maintained [go-camo][] to solve this. However, there
is no Node.js equivalent, nor is there a plug-and-play solution for processing
markdown which takes this problem into account.

Case in point: a new Node.js HTTP proxy to route images through SSL, to be
used together with the existing [`rehype-github-image`][] plugin.

It’s in the ecosystem’s and the web’s best interest to create awareness and
solutions for security problems when authoring user content.

## Detailed design

* A bare bones Node.js server (no framework).
The reason for this is that we can create a `handle` function which can be
integrated in any Node.js framework or even a front-end framework
like Next.js. This is what I’ve worked on for `@tus/server`,
as you can see in the [examples](https://github.com/tus/tus-node-server/tree/main/packages/server#examples).
* A client-server flow similar to this:

```text
+----------+ request +-------------+
| |----------------------------->| |
| | | |
| | | web-app |
| | img src=https://camo/url | |
| |<-----------------------------| |
| | +-------------+
| client |
| | https://camo/url +-------------+ http://some/img
| |----------------------------->| |--------------->
| | | |
| | | camo |
| | img data | | img data
| |<-----------------------------| |<---------------
| | +-------------+
+----------+
```

* Out of scope (for now): metrics endpoint for usage data, filtering rules.

## Funding

In short: between $500 and $1,000 from Open Collective (exact amount up for
debate).

* **Why take money at all?**
* I’m not really in a position to do this for free. I make my living from
maintaining open source software on freelance basis and life is also
busy. To really push this through I would put other paid work on hold.
* Since there is no
[expenses/invoices/fund policy](https://github.com/unifiedjs/collective/issues/34),
taking money from Open Collective is not clearly defined.
But here is how I ideally imagine it:
funds are used to kick start substantial work which
otherwise may not have happened. Many people maintain OSS for free
(and thanklessly) but we also shouldn’t be afraid to ask for funds.
There is at the time of writing $23,648 in Open Collective.
It’s not a lot if you want to live from it,
but it is a lot if you would divide it by the amount of
projects it could kick start.
* **Why me?** I have experience in creating Node.js servers at scale and
globally distributed. I also maintain [tus](https://tus.io/), a protocol
for resumable file uploads in multiple languages.
* **Why this amount of $**? With implementation, tests, and docs, this could
take around three full days (optimistically). Naturally, I didn’t base this
on a freelance rate I work for normally. It’s more an attempt at a fair
flat fee.

## Drawbacks

* Money out of the Open Collective.
* [go-camo][] already exists so there is some solution to this problem.
But for people with front-end frameworks or Node.js servers this would mean
hosting another server. Furthermore unified could contribute to awareness
of the problem and a streamlined plug-and-play experience.

## Alternatives

* Only keeping the [`rehype-github-image`][] plugin and document the existing
servers, not creating a Node.js server.

## Adoption strategy

Not relevant since it is a new project.

[`rehype-github`]: https://github.com/rehypejs/rehype-github

[`rehype-github-image`]: https://github.com/rehypejs/rehype-github/tree/main/packages/image

[go-camo]: https://github.com/cactus/go-camo