From 35eabea5918ce86e29a56aa0e95c0635b36a4c00 Mon Sep 17 00:00:00 2001
From: chaos <chaos@owo.monster>
Date: Sat, 30 Sep 2023 18:17:15 +0100
Subject: [PATCH] add option to turn on DISALLOW_IMAGE_TRANSCODING

---
 flake.nix                  | 9 ++++++---
 module/default.nix         | 6 ++++++
 module/proxy.nix           | 1 +
 packages/proxy/default.nix | 2 +-
 4 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/flake.nix b/flake.nix
index 4cb9db7..04ef44a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -27,9 +27,12 @@
           jdk = final.openjdk19;
         };
         piped-proxy = final.callPackage ./packages/proxy {};
-        piped-proxy-openssl = piped-proxy.override { withOpenSSL = true; };
-        piped-proxy-minimal = piped-proxy.override { withAVIF = false; withWebP = false; };
-        piped-proxy-minimal-openssl = piped-proxy-minimal.override { withOpenSSL = true; };
+        piped-proxy-openssl = piped-proxy.override {withOpenSSL = true;};
+        piped-proxy-minimal = piped-proxy.override {
+          withAVIF = false;
+          withWebP = false;
+        };
+        piped-proxy-minimal-openssl = piped-proxy-minimal.override {withOpenSSL = true;};
         piped-backend-deps = final.callPackage ./packages/backend/deps.nix {
           jdk = final.openjdk19;
         };
diff --git a/module/default.nix b/module/default.nix
index 16cf1f5..bff22e4 100644
--- a/module/default.nix
+++ b/module/default.nix
@@ -274,6 +274,12 @@ in {
         default = 3002;
       };
 
+      disallowImageTranscoding = mkOption {
+        type = types.bool;
+        default = false;
+        description = "turns off transcoding thumbnails/other to webp/avif if client adds those to allowed mime types on image requests; may use a lot of CPU depending on how many users";
+      };
+
       nginx = {
         disableNginx = mkOption {
           type = types.bool;
diff --git a/module/proxy.nix b/module/proxy.nix
index f823802..3bb08bc 100644
--- a/module/proxy.nix
+++ b/module/proxy.nix
@@ -35,6 +35,7 @@ in {
       wantedBy = ["multi-user.target"];
       environment.BIND = "0.0.0.0:${toString proxyConfig.internalPort}";
       environment.IPV4_ONLY = mkIf proxyConfig.proxyIPv4Only "1";
+      environment.DISALLOW_IMAGE_TRANSCODING = mkIf proxyConfig.disallowImageTranscoding "1";
       serviceConfig = {
         ExecStart = "${proxyConfig.package}/bin/piped-proxy";
 
diff --git a/packages/proxy/default.nix b/packages/proxy/default.nix
index 2d4f434..cf8f66a 100644
--- a/packages/proxy/default.nix
+++ b/packages/proxy/default.nix
@@ -34,7 +34,7 @@ in
       ++ (optional withMimalloc "mimalloc")
       ++ (optional withMimalloc "avif")
       ++ (optional withMimalloc "webp");
-  
+
     buildInputs = optional withOpenSSL openssl;
     nativeBuildInputs = [] ++ (optional withAVIF nasm) ++ (optional withOpenSSL pkg-config);