Image Camo extension

[JadedBlueEyes]

This saves me from running a public proxy to any arbitrary URL, and lets me share infrastructure (with my forgejo instance, for example)

[Alkarex]

Thanks 👍🏻
Consider adding a reference in https://github.com/FreshRSS/Extensions/blob/master/README.md
(By the way, we should re-organise the readme to make a special section for extensions coming from this repo)

[JadedBlueEyes]

I've added references in the README and the JSON file.
I haven't added that new section, it looks like a lot of the extensions in the repo aren't listed in the README at all.

[Alkarex]

I have not checked the differences with the existing https://github.com/FreshRSS/Extensions/tree/master/xExtension-ImageProxy
It would be nice to add a little sentence to help users picking one or the other

[Alkarex]

Ping @Frenzie

[Frenzie]

I don't really know why this Camo would need a fully separate extension. Maybe something about authentication didn't fit into the existing setup very well and it couldn't be elegantly added.

https://github.com/pypi/camo

It sounds like it's basically go for ImageProxy unless you specifically want to use Camo.

[JadedBlueEyes]

The software I'm using is https://github.com/cactus/go-camo.

The main difference compared to the existing image proxies it means you're not just running an open proxy - which isn't really the greatest security idea.

It's a separate extension primarily because of the config, although it could have the image URL replacement logic shared. It's not that complex though, so I didn't think it was worth it.

[JadedBlueEyes]

The camo former is not specific to this software though, GitHub's implementation was in JS I think?

The important part is this URL format:

        private static function generateBase64CamoUrl(string $hmacKey, string $camoUrl, string $imageUrl): string { 
                 // Generate HMAC-SHA1 
                 $hmac = hash_hmac('sha1', $imageUrl, $hmacKey, true); 
  
                 // Base64 encode without padding (camo style) 
                 $b64Hmac = rtrim(strtr(base64_encode($hmac), '+/', '-_'), '='); 
                 $b64Url = rtrim(strtr(base64_encode($imageUrl), '+/', '-_'), '='); 
  
                 return rtrim($camoUrl, '/') . '/' . $b64Hmac . '/' . $b64Url; 
         }

hmacKey being a shared secret

[Frenzie]

The main difference compared to the existing image proxies it means you're not just running an open proxy - which isn't really the greatest security idea.

Mind, the Apache config in the README contains this:

  AuthType Basic
  AuthName "Proxy - Authorized Users ONLY"
  AuthBasicProvider file
  AuthUserFile /etc/apache2/htpasswd/users
  Require valid-user

Which is to say, any proxy is only as open as you want.

It's a separate extension primarily because of the config, although it could have the image URL replacement logic shared. It's not that complex though, so I didn't think it was worth it.

From a maintenance perspective that sounds a bit backwards to me, but perhaps from a UI perspective it could become confusing.

In any event, that particular logic is basically the only logic likely to change anytime soon (unless someone wants to add support for some different format like Camo).