[RFC] Add signature generation

[joelwurtz]

Hey,

Didn't find this in the doc, but maybe it's already implemented ?

Goal of this RFC is to be able to use flyimg as a public hosting media (no domain restriction) but still provides security to avoid "bad" users to generate their owns image (like doing a loop with +1 pixel width) and doing a DDOS attack.

A way to achieve that is to have on the page creating the url to this service, and on flyimage a shared key whichs allows to encode all the parameters with the url into a signature, and check this on the server (if signature invalid throw a 403 / 404 ?). It's very similar on how thumbor works.

WDYT ?

[sadok-f]

@joelwurtz Indeed this PR is a must have on Flyimg.
Currently, only the restricted domains are the only the security layer, the server could fail with DDOS.
I checked Thumbor implementation
https://github.com/thumbor/thumbor/wiki/Security
Very straightforward and simple to implement, We hope we can add this soon.
Many thanks for raising this topic.