-
Notifications
You must be signed in to change notification settings - Fork 823
Libraries
Even though the process of generating safe image URLs is explained in the Security page, we'll try to provide libraries in each programming language to ease this process.
- libthumbor - Python's extensions to thumbor. These are used to generate safe urls among others.
- django-thumbor - A django app with templatetags for resizing images with thumbor (by ricobl).
- django-thumborize - Provides shortcuts and conveniences for thumbor imaging service (by Thiago Pisani).
- django-thumborstorage - A Django custom storage for Thumbor backend (by Stanislas Guerra).
- flask-thumbor - Flask extensions to use thumbor (by thumby.io).
- ThumborUrlBuilder - Thumbor client for Node JS (by David Caramelo).
- thumbor - Thumbor client for Node JS (by PolicyMic).
- ruby-thumbor - Ruby's gem to interact with thumbor server.
- thumbor_rails - Ruby's gem to make easier to generate urls in Rails projects.
- thumbor-versionable - Ruby's gem to make easier to generate urls in rack compatible projects, works with carrierwave.
- Pollexor - Java client for the Thumbor image service which allows you to build URIs in an expressive fashion using a fluent API.
thumbor-enterprise-edition - Java library to enable generating encrypted URLs. This library is deprecated in favor of Pollexor.
- Phumbor - A minimal PHP client for generating Thumbor URLs.
- Phumbor for Laravel - A Laravel package providing a facade for Phumbor.
- Phumbor for Symfony2 - A Symfony2 Bundle providing a facade for Phumbor.
- Thumbor PHP - PHP implementation of URL generator for Thumbor, supports optional Laravel integration.
- OCThumbor - Objective-C for the Thumbor image service which allows you to build URIs in an expressive fashion using a fluent API.
- ThumborClient - Thumbor Client in Elixir language to service which allows you to build URIs with some options.
- DotNetThumbor - DotNet client for the Thumbor image service. Provides an expressive fluent API.
- DelphiThumbor - Delphi class to thumbor. These are used to generate safe urls among others (by Marlon Nardi).
If you want to provide a library to enable easy usage of thumbor in your favorite programming language, please send an e-mail to timehome@corp.globo.com and we'll add it here.
Below are all the scenarios we think are worth testing automatically so you can guarantee compatibility with thumbor. Please note that this is not meant to be a replacement for TDD or for any other testing methodology you might want to use. These are just helper scenarios that we thought would help any library developers.
We sincerely advise you to have thumbor installed in your machine, so you can implement a method in your tests that has thumbor generate a signature for your URL so you can compare with your own signature. This way you can make sure your url formatting and signing are working properly.
Here's how it was implemented in Ruby:
def sign_in_thumbor(key, str)
#bash command to call thumbor's decrypt method
command = "python -c 'from thumbor.crypto import Signer; signer = Signer(\"" << key << "\"); print signer.signature(\"" << str << "\")'"
#execute it in the shell using ruby's popen mechanism
result = Array.new
IO.popen(command) { |f| result.push(f.gets) }
result.join('')
end
You should be able to implement this easily in any modern programming language. It makes for very reliable tests.
Remember that these are in pseudo-code (BDD-like) language, and not in any programming language specifically.
These scenarios assume that you separate the logic of composing the url to be signed into a different "module", that is to be tested with the URL Testing Scenarios after these scenarios.
Given
A security key of 'my-security-key'
And an image URL of "my.server.com/some/path/to/image.jpg"
And a width of 300
And a height of 200
When
I ask my library for a signed url
Then
I get '/8ammJH8D-7tXy6kU3lTvoXlhu4o=/300x200/my.server.com/some/path/to/image.jpg' as url
Given
A security key of 'my-security-key'
And an image URL of "my.server.com/some/path/to/image.jpg"
And a width of 300
And a height of 200
When
I ask my library for an encrypted URL
Then
I get the proper url (/8ammJH8D-7tXy6kU3lTvoXlhu4o=/300x200/my.server.com/some/path/to/image.jpg)
Given
A security key of 'my-security-key'
And an image URL of "my.server.com/some/path/to/image.jpg"
And the meta flag
When
I ask my library for an encrypted URL
Then
I get the proper url (/Ps3ORJDqxlSQ8y00T29GdNAh2CY=/meta/my.server.com/some/path/to/image.jpg)
Given
A security key of 'my-security-key'
And an image URL of "my.server.com/some/path/to/image.jpg"
And the smart flag
When
I ask my library for an encrypted URL
Then
I get the proper url (/-2NHpejRK2CyPAm61FigfQgJBxw=/smart/my.server.com/some/path/to/image.jpg)
Given
A security key of 'my-security-key'
And an image URL of "my.server.com/some/path/to/image.jpg"
And the fit-in flag
When
I ask my library for an encrypted URL
Then
I get the proper url (/uvLnA6TJlF-Cc-L8z9pEtfasO3s=/fit-in/my.server.com/some/path/to/image.jpg)
Given
A security key of 'my-security-key'
And an image URL of "my.server.com/some/path/to/image.jpg"
And a 'quality(20)' filter
And a 'brightness(10)' filter
When
I ask my library for an encrypted URL
Then
I get the proper url (/H49B0suv7d2eZqsvy9oR9fsgeSM=/filters:quality(20):brightness(10)/my.server.com/some/path/to/image.jpg)
You should test the same kind of tests for horizontal and vertical flip, horizontal and vertical alignment and manual cropping.