Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Secure authenticated image delivery with signed URLs#16

Merged
florianheysen merged 7 commits intomainfrom
pr-13
Feb 4, 2026
Merged

Secure authenticated image delivery with signed URLs#16
florianheysen merged 7 commits intomainfrom
pr-13

Conversation

@florianheysen
Copy link
Contributor

@florianheysen florianheysen commented Jan 6, 2026

This PR finalizes the authenticated image delivery flow introduced in #13, with stronger security guarantees.

It adds a signed URL mechanism for protected media, hardens the original implementation, and closes the requirements discussed in #12.

Closes #12

Summary

  • Introduces an authenticated delivery endpoint using signed URLs
  • Centralizes signature logic in a dedicated utility
  • Hardens the original approach with modern cryptographic and runtime safeguards

URL Format

/authenticated/s--{signature}/{transformations}/{filePath}

Files

New

  • apps/api/src/utils/signature.ts

Updated

  • apps/api/src/routes/authenticated.ts
  • apps/api/src/index.ts
  • apps/api/env.template

Notes

As mentioned in #13, a follow-up could extend the upload flow to explicitly mark assets as authenticated-only.

Credits
Original work by @lancelotF, extended and secured in this PR.

@florianheysen florianheysen requested a review from Copilot February 3, 2026 22:25
@florianheysen florianheysen self-assigned this Feb 3, 2026
Copilot AI reviewed Feb 3, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR implements authenticated image delivery using HMAC-SHA256 signed URLs to prevent transformation abuse and unauthorized access, addressing the security concerns raised in issue #12. The implementation enhances the original work from PR #13 by upgrading from SHA-1 to HMAC-SHA256, adding path traversal protection, and centralizing signature logic.

Changes:

  • Adds signed URL authentication system with HMAC-SHA256 signatures for secure media delivery
  • Refactors transformation logic into a reusable TransformService to support both public and authenticated routes
  • Removes GitHub Actions PR checks workflow (unrelated to feature)

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 11 comments.

Show a summary per file
File Description
apps/api/src/utils/signature.ts New utility for HMAC-SHA256 signature generation, verification with timing-safe comparison, and path sanitization
apps/api/src/services/transform.service.ts New service extracting transformation logic from routes for code reuse between public and authenticated endpoints
apps/api/src/routes/authenticated.ts New authenticated route handler that validates signed URLs before processing transformations
apps/api/src/routes/transform.ts Refactored to use TransformService, significantly simplified from ~336 to ~66 lines
apps/api/src/index.ts Adds API_SECRET validation on startup and registers authenticated route with rate limiting
apps/api/env.template Documents API_SECRET configuration requirements and signature format
.github/workflows/pr-checks.yml Deleted GitHub Actions workflow for automated PR checks (lint, type-check, tests)
Comments suppressed due to low confidence (1)

.github/workflows/pr-checks.yml:1

  • The entire GitHub Actions workflow file for PR checks has been deleted. This appears unrelated to the authenticated image delivery feature. Unless this deletion is intentional and documented, it should not be part of this PR as it removes automated testing, linting, and type-checking for pull requests.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot AI mentioned this pull request Feb 4, 2026
Merged
Copy link

Copilot AI commented Feb 4, 2026

@florianheysen I've opened a new pull request, #21, to work on those changes. Once the pull request is ready, I'll request review from you.

@florianheysen florianheysen merged commit 9887a85 into main Feb 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@florianheysen florianheysen

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature request: Signed Delivery URL Support

4 participants

@florianheysen @lancelotF