Improve cover image performance #3580
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
Thanks! |
| authNotNeeded(req) { | ||
| return req.method === 'GET' && this.ignorePattern.test(req.originalUrl) | ||
| } |
There was a problem hiding this comment.
Doesn't this potentially leak the content of the library if you somehow get your hand on the item IDs?
There was a problem hiding this comment.
Yes, it does. We discussed this and concluded that the security risk is not very high in this case.
The situation up until now was much worse in my opinion - we sent authentication token as a url query parameter in cover and author img tags, and now we don't do that any more.
There was a problem hiding this comment.
@mikiher It's a lot of work but usually people solve this problem using HMAC signatures that is provided in the GET parameters of the URL.
There was a problem hiding this comment.
Yes, I read about some of these solutions a while back. It's not worth the investment, IMO. This isn't a DoD app 🙂
|
Excellent performance investigation and improvements, thanks a lot 👏 |
Following the experiments described here, I made the following changes to cover image GET requests (I will do the same for author images in separate PR - wanted to focus on covers here):
LibraryItemController.getCoverso that no database access is made if the resized image is already in the covers disk cacheThis reduces the average completion time for cover requests by a factor of ~10 when acessing the server through https, and minimizes concurrent access to the database.