imaginate
Advanced tools
Readme
Construct images on the fly via a simple URL!
You'll need to install Cairo as it currently can't be installed automatically with npm... If you want pdf support, install with --enable-pdf=yes. Same for --enable-svg=yes
const imaginage = require('imaginate')
const middleware = imaginate()
app.use('/images', middleware)
The returned middlware expects the following query string parameters to be provided with each request (preferably via urlinate) and responds with the created image.
If the transform is a URL, imaginate will execute the file at that URL
I hope that reading this gave you the chills. Are they really allowing people to execute arbitrary code on their machines via a simple GET request? This is where the whitelisting feature comes in.
GET /whitelist responds with the whitelist as JSONPOST /whitelist allows you to update the whitelist and is subject to basic authentication (username: admin, password: process.env.IMAGINATOR_PASS.Transforms are encouraged to throw really nice errors as these are passed along as-is to the user
Supposing there is an imaginator running at http://imaginator.io,
var urlinate = require('urlinate')
var url = urlinate('http://imaginator.io', {
input: 'http://wtv.com/img.jpg',
use: [
[ 'http://npmjs.com/package/ctx-resize', {
width: 900,
height: 600
}]
]
})
Notice the helper function, urlinate.
Then use the URL like any image URL:
<img src="IMAGINATOR_URL">
body {
background: url('IMAGINATOR_URL');
}
img_DOM_Node.src = 'IMAGINATOR_URL'
DOM_Node.style.background = "url('IMAGINATOR_URL')"
http.get('IMAGINATOR_URL', ...)
Launches a production-ready http server using this middleware.
This server also provides a /whitelist route which you can GET or POST json to. This whitelist is a package.json['dependencies']-style json object listing the allowed canvas transforms. This whitelist will be saved as a json file on S3 so that it can persist after a crash or restart. To authenticate with S3, the imaginator expects the following environment variables to be set:
IMAGINATOR_AWS_ACCESS_KEY_IDIMAGINATOR_AWS_SECRET_ACCESS_KEYIMAGINATOR_BUCKETIt also expects the IAM user to be associated to a policy giving it read and write permissions on the correct bucket and expects a file called whitelist.json to exist within the specified bucket and to be valid JSON (should look like the dependencies object in a package.json file). For more, have a fun time getting lost in the (poor but plentiful) AWS documentation.
Finally, modifying the whitelist requires basic Authentication. The username is always admin, but the password is determined by the value of the IMAGINATOR_PASS environment variable.
IMAGINATOR_PASSIn production (NODE_ENV === 'production'), this server will send all warnings and alerts to Slack as configured by:
IMAGINATOR_SLACK_TOKENSIMAGINATOR_SLACK_CHANNELdocker build -t imaginator .
docker run --rm -ti -p 3000:3000\
-e IMAGINATOR_PASS=$IMAGINATOR_PASS\
-e IMAGINATOR_SLACK_CHANNEL=$IMAGINATOR_SLACK_CHANNEL\
-e IMAGINATOR_SLACK_TOKENS=$IMAGINATOR_SLACK_TOKENS\
-e IMAGINATOR_AWS_ACCESS_KEY_ID=$IMAGINATOR_AWS_ACCESS_KEY_ID\
-e IMAGINATOR_AWS_SECRET_ACCESS_KEY=$IMAGINATOR_AWS_SECRET_ACCESS_KEY\
-e IMAGINATOR_BUCKET=$IMAGINATOR_BUCKET\
imaginator
now\
-e IMAGINATOR_PASS=$IMAGINATOR_PASS\
-e IMAGINATOR_SLACK_CHANNEL=$IMAGINATOR_SLACK_CHANNEL\
-e IMAGINATOR_SLACK_TOKENS=$IMAGINATOR_SLACK_TOKENS\
-e IMAGINATOR_AWS_ACCESS_KEY_ID=$IMAGINATOR_AWS_ACCESS_KEY_ID\
-e IMAGINATOR_AWS_SECRET_ACCESS_KEY=$IMAGINATOR_AWS_SECRET_ACCESS_KEY\
-e IMAGINATOR_BUCKET=$IMAGINATOR_BUCKET
...then press 2 for Dockerfile (see nowjs.org)
FAQs
Construct images on the fly via a simple URL!
The npm package imaginate receives a total of 8 weekly downloads. As such, imaginate popularity was classified as not popular.
We found that imaginate demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.
Security News
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.