0
0
Fork 0
mirror of https://github.com/matrix-org/dendrite synced 2024-12-18 01:53:43 +01:00
dendrite/mediaapi
S7evinK 8b22c4270d
Use LimitReader to prevent DoS risk (#1843)
* Use LimitReader to prevent DoS risk

Signed-off-by: Till Faelligen <tfaelligen@gmail.com>

* Check if bytesWritten is equal to the maxFileSize
Add tests

Signed-off-by: Till Faelligen <tfaelligen@gmail.com>

* Use oldschool defer to cleanup after the tests

* Let LimitReader read MaxFileSizeBytes + 1

Co-authored-by: Kegsay <kegan@matrix.org>
2021-06-07 09:17:20 +01:00
..
fileutils Retrieve remote file size without the Content-Size header (#1537) 2021-02-17 13:54:53 +00:00
routing Use LimitReader to prevent DoS risk (#1843) 2021-06-07 09:17:20 +01:00
storage Top-level setup package (#1605) 2020-12-02 17:41:00 +00:00
thumbnailer Top-level setup package (#1605) 2020-12-02 17:41:00 +00:00
types Top-level setup package (#1605) 2020-12-02 17:41:00 +00:00
bimg-96x96-crop.jpg use go module for dependencies (#594) 2019-05-21 21:56:55 +01:00
mediaapi.go Top-level setup package (#1605) 2020-12-02 17:41:00 +00:00
nfnt-96x96-crop.jpg use go module for dependencies (#594) 2019-05-21 21:56:55 +01:00
README.md Update Docker files and remove references to gb (#703) 2019-05-22 10:44:25 +01:00

Media API

This server is responsible for serving /media requests as per:

http://matrix.org/docs/spec/client_server/r0.2.0.html#id43

Scaling libraries

nfnt/resize (default)

Thumbnailing uses https://github.com/nfnt/resize by default which is a pure golang image scaling library relying on image codecs from the standard library. It is ISC-licensed.

It is multi-threaded and uses Lanczos3 so produces sharp images. Using Lanczos3 all the way makes it slower than some other approaches like bimg. (~845ms in total for pre-generating 32x32-crop, 96x96-crop, 320x240-scale, 640x480-scale and 800x600-scale from a given JPEG image on a given machine.)

See the sample below for image quality with nfnt/resize:

bimg (uses libvips C library)

Alternatively one can use go build -tags bimg to use bimg from https://github.com/h2non/bimg (MIT-licensed) which uses libvips from https://github.com/jcupitt/libvips (LGPL v2.1+ -licensed). libvips is a C library and must be installed/built separately. See the github page for details. Also note that libvips in turn has dependencies with a selection of FOSS licenses.

bimg and libvips have significantly better performance than nfnt/resize but produce slightly less-sharp images. bimg uses a box filter for downscaling to within about 200% of the target scale and then uses Lanczos3 for the last bit. This is a much faster approach but comes at the expense of sharpness. (~295ms in total for pre-generating 32x32-crop, 96x96-crop, 320x240-scale, 640x480-scale and 800x600-scale from a given JPEG image on a given machine.)

See the sample below for image quality with bimg: