From 036d0c51c413f2a43ae783d3633cbe52656a02f8 Mon Sep 17 00:00:00 2001
From: Will Norris <will@willnorris.com>
Date: Fri, 6 Dec 2013 14:17:39 -0800
Subject: [PATCH] allow setting max height and width

This is primarily added to prevent a denial of service attack where
insanely large images are requested, eating up CPU.
---
 imageproxy.go  |  2 ++
 proxy/proxy.go | 10 ++++++++++
 2 files changed, 12 insertions(+)

diff --git a/imageproxy.go b/imageproxy.go
index fde4d32..8111828 100644
--- a/imageproxy.go
+++ b/imageproxy.go
@@ -21,6 +21,8 @@ func main() {
 
 	p := proxy.NewProxy(nil)
 	p.Cache = cache.NewMemoryCache()
+	p.MaxWidth = 2000
+	p.MaxHeight = 2000
 	if *whitelist != "" {
 		p.Whitelist = strings.Split(*whitelist, ",")
 	}
diff --git a/proxy/proxy.go b/proxy/proxy.go
index d410604..3686be7 100644
--- a/proxy/proxy.go
+++ b/proxy/proxy.go
@@ -69,6 +69,9 @@ type Proxy struct {
 
 	// Whitelist specifies a list of remote hosts that images can be proxied from.  An empty list means all hosts are allowed.
 	Whitelist []string
+
+	MaxWidth  int
+	MaxHeight int
 }
 
 // NewProxy constructs a new proxy.  The provided http Client will be used to
@@ -88,6 +91,13 @@ func (p *Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if p.MaxWidth > 0 && req.Options.Width > p.MaxWidth {
+		req.Options.Width = p.MaxWidth
+	}
+	if p.MaxHeight > 0 && req.Options.Height > p.MaxHeight {
+		req.Options.Height = p.MaxHeight
+	}
+
 	u := req.URL.String()
 	glog.Infof("request for image: %v", u)