# pict-rs 0.5.0 Today I am announcing pict-rs 0.5.0. This release comes with a number of requested features, including enabling fully stateless pict-rs with postgres, and adding media proxy support to automatically remove infrequently accessed proxied media. There's much more to the 0.5.0 release than just those, so be sure to read through the release notes to get a full picture of what's new. If you're upgrading from 0.4, be sure to read through the [Upgrade Notes](#upgrade-notes) below. ## Overview ### Headline Features - [Postgres Repo](#postgres-repo) - [Media Proxy](#media-proxy) ### Changes - [Improved Animation Support](#improved-animation-support) - [Media Configuration](#media-configuration) - [Improved Collision Resistance](#improved-collision-resistance) - [Optional Video Transcoding](#optional-video-transcoding) - [Library API Changes](#library-api-changes) - [Reject Malformed Deadliens](#reject-malformed-deadlines) - [Logging Verbosity](#logging-verbosity) ### Other Features - [RUST_LOG Support](#rust_log-support) - [Quality Configuration](#quality-configuration) - [Read-Only Mode](#read-only-mode) - [Danger-Dummy Mode](#danger-dummy-mode) - [Media Variant Retention](#media-variant-retention) - [Configurable Temporary Directory](#configurable-temporary-directory) - [Serve From Object Storage](#serve-from-object-storage) - [Prometheus Metrics](#prometheus-metrics) - [Internal Hashes Endpoint](#internal-hashes-endpoint) - [Internal Delete Endpoint](#internal-delete-endpoint) - [Error Codes](#error-codes) ### Fixes - [Clean Stray Magick Files](#clean-stray-magick-files) - [Always Drain Payloads](#always-drain-payloads) - [Constant-Time Equality for Deletion](#constant-time-equality-for-deletion) ### Removals - [ini and json5](#ini-and-json5) - [Client Pool Size](#client-pool-size) - [0.3 Migration Path](#03-migration-path) - [Prepare Upgrade Endpoint](#prepare-upgrade-endpoint) ## Upgrade Notes The upgrade from pict-rs 0.4 to 0.5 might take some time. Any uploads that have not had their metadata extracted will be processed during this migration. In order to reduce the time required the migration, pict-rs version 0.4.6 can be run first, and the `/internal/prepare_upgrade` endpoint can be hit. This will tell pict-rs to extract the required metadata for the 0.5 upgrade in the background while 0.4 is still running, enabling the upgrade to 0.5 to proceed much faster after it completes. More information about this endpoint can be found in the [0.4.6 release document](./0.4.6.md) If you're running the provided docker container with default configuration values, the 0.5 container can be pulled and launched with no changes. There is a migration from the 0.4 database format to the 0.5 database format that will occur automatically on first launch. This is also the process that will extract metadata for any uploads that have not had their metadata extracted yet. If you have any custom configuration, note that some media-related configuration values have been moved. See [Media Configuration](#media-configuration) below. pict-rs 0.5 now supports postgres for metadata storage. It is possible to upgrade directly from 0.4 to 0.5 with postgres, rather than upgrading to 0.5 with sled and then making the migration later. This process is documented in the [pict-rs readme](https://git.asonix.dog/asonix/pict-rs#upgrading-directly-to-postgres). A notable addition in 0.5 is upgrade configuration. Since the migration accesses media from the configured store, increasing the concurrency can be beneficial. By default, pict-rs will attempt to migrate 32 records at a time, but this value can be increased. In the configuration file ```toml [upgrade] concurrency = 32 ``` With environment variables ```bash PICTRS__UPGRADE__CONCURRENCY=32 ``` On the commandline ```bash pict-rs run --upgrade-concurrency 32 ``` More information can be found in the [pict-rs 0.4 to 0.5 migration guide](https://git.asonix.dog/asonix/pict-rs#04-to-05-migration-guide). ## Descriptions ### Postgres Repo One of the most anticipated features of pict-rs 0.5 is the support for postgres for metadata storage. This makes pict-rs (mostly) stateless, enabling it to be scaled horizontally across multiple physical or virtual hosts. It also simplifies administration and backup processes for folks who are already running a postgres server for other reasons. Configuring postgres is simple. The `repo` section of the pict-rs configuration now supports more than just `sled`. In the configuration file ```toml [repo] type = 'postgres' url = 'postgres://user:password@host:5432/db' ``` With environment variables ```bash PICTRS__REPO__TYPE=postgres PICTRS__REPO__URL=postgres://user:password@host:5432/db ``` On the commandline ```bash pict-rs run filesystem -p ./data postgres -u 'postgres://user:password@host:5432/db' ``` It is possible to update from 0.4 directly to 0.5 with postgres, this process is documented in the [pict-rs readme](https://git.asonix.dog/asonix/pict-rs#upgrading-directly-to-postgres). It is possible to migrate to postgres after first upgrading to 0.5. This is also ducmented in the [pict-rs readme](https://git.asonix.dog/asonix/pict-rs#sled-to-postgres-migration). ### Media Proxy pict-rs 0.5 supports caching media, and purging cached media after it is no longer necessary to keep. This behavior is accessed with pict-rs' new `proxy` query parameter at the `/image/original` endpoint, and the `/image/process.{ext}` endpoint. By passing the URL to an image to the `proxy` parameter, you can instruct pict-rs to download the media from that URL and cache it locally before serving it, or a processed version of it. The proxied media is stored for a configurable time limit, which resets on each access to the proxied media. This value can be configured as follows In the configuration file ```toml [media.retention] proxy = "7d" # units available are "m" for minutes, "h" for hours, "d" for days, and "y" for years ``` With environment variables ```bash PICTRS__MEDIA__RETENTION__PROXY=7d ``` On the commandline ```bash pict-rs run --media-retention-proxy 7d ``` More documentation can be found in the [pict-rs readme](https://git.asonix.dog/asonix/pict-rs#api) and in the example [pict-rs.toml](https://git.asonix.dog/asonix/pict-rs/src/branch/main/pict-rs.toml). ### Improved Animation Support pict-rs 0.4 only supported `gif` for animated images. This decision had been made due to the format's poor support for higher-resolution animations with higher framerates compared to silent videos for a given file size. In pict-rs 0.5, animated images are now supported to the same extent as still images. Available formats for animated images include apng, avif, gif, and webp (although not jxl yet). With this support for more animated file types, pict-rs no longer transcodes larger animations into videos. Instead, animated images will be left in their original format unless an override is configured, and the default values for maximum animation dimensions, file size, and frame count have been increased. Configuration related to animations has been moved from `[media.gif]` to `[media.animation]` to better reflect what it applies to. For all configuration options regarding animations, see the example [pict-rs.toml](https://git.asonix.dog/asonix/pict-rs/src/branch/main/pict-rs.toml). ### Media Configuration pict-rs 0.5 splits media configuration further, allowing images, animations, and videos to each specify their own maximum file size, dimensions, frame counts, etc, in addition to a few global limits. Relevant sections of configuration are `[media]`, `[media.image]`, `[media.animation]`, and `[media.video]`. A list of updated and moved configuration values can be found below. ##### Image Changes | Old Environment Variable | New Environment Variable | | ------------------------------ | ------------------------------------- | | `PICTRS__MEDIA__FORMAT` | `PICTRS__MEDIA__IMAGE__FORMAT` | | `PICTRS__MEDIA__MAX_WIDTH` | `PICTRS__MEDIA__IMAGE__MAX_WIDTH` | | `PICTRS__MEDIA__MAX_HEIGHT` | `PICTRS__MEDIA__IMAGE__MAX_HEIGHT` | | `PICTRS__MEDIA__MAX_AREA` | `PICTRS__MEDIA__IMAGE__MAX_AREA` | | | `PICTRS__MEDIA__IMAGE__MAX_FILE_SIZE` | | Old TOML Value | New TOML Value | | ----------------------- | ----------------------------- | | `[media] format` | `[media.image] format` | | `[media] max_width` | `[media.image] max_width` | | `[media] max_height` | `[media.image] max_height` | | `[media] max_area` | `[media.image] max_area` | | | `[media.image] max_file_size` | ##### Animation Changes | Old Environment Variable | New Environment Variable | | ------------------------------------- | ------------------------------------------- | | `PICTRS__MEDIA__GIF__MAX_WIDTH` | `PICTRS__MEDIA__ANIMATION__MAX_WIDTH` | | `PICTRS__MEDIA__GIF__MAX_HEIGHT` | `PICTRS__MEDIA__ANIMATION__MAX_HEIGHT` | | `PICTRS__MEDIA__GIF__MAX_AREA` | `PICTRS__MEDIA__ANIMATION__MAX_AREA` | | `PICTRS__MEDIA__GIF__MAX_FILE_SIZE` | `PICTRS__MEDIA__ANIMATION__MAX_FILE_SIZE` | | `PICTRS__MEDIA__GIF__MAX_FRAME_COUNT` | `PICTRS__MEDIA__ANIMATION__MAX_FRAME_COUNT` | | | `PICTRS__MEDIA__ANIMATION__FORMAT` | | | `PICTRS__MEDIA__ANIMATION__MAX_FILE_SIZE` | | Old TOML Value | New TOML Value | | ----------------------------- | ----------------------------------- | | `[media.gif] max_width` | `[media.animation] max_width` | | `[media.gif] max_height` | `[media.animation] max_height` | | `[media.gif] max_area` | `[media.animation] max_area` | | `[media.gif] max_file_size` | `[media.animation] max_file_size` | | `[media.gif] max_frame_count` | `[media.animation] max_frame_count` | | | `[media.animation] format` | | | `[media.animation] max_file_size` | ##### Video Changes | Old Environment Variable | New Environment Variable | | ------------------------------------ | --------------------------------------- | | `PICTRS__MEDIA__ENABLE_SILENT_VIDEO` | `PICTRS__MEDIA__VIDEO__ENABLE` | | `PICTRS__MEDIA__ENABLE_FULL_VIDEO` | `PICTRS__MEDIA__VIDEO__ALLOW_AUDIO` | | `PICTRS__MEDIA__VIDEO_CODEC` | `PICTRS__MEDIA__VIDEO__VIDEO_CODEC` | | `PICTRS__MEDIA__AUDIO_CODEC` | `PICTRS__MEDIA__VIDEO__AUDIO_CODEC` | | `PICTRS__MEDIA__MAX_FRAME_COUNT` | `PICTRS__MEDIA__VIDEO__MAX_FRAME_COUNT` | | `PICTRS__MEDIA__ENABLE_FULL_VIDEO` | `PICTRS__MEDIA__VIDEO__ALLOW_AUDIO` | | | `PICTRS__MEDIA__VIDEO__MAX_WIDTH` | | | `PICTRS__MEDIA__VIDEO__MAX_HEIGHT` | | | `PICTRS__MEDIA__VIDEO__MAX_AREA` | | | `PICTRS__MEDIA__VIDEO__MAX_FILE_SIZE` | | Old TOML Value | New TOML Value | | ----------------------------- | ------------------------------- | | `[media] enable_silent_video` | `[media.video] enable` | | `[media] enable_full_video` | `[media.video] allow_audio` | | `[media] video_codec` | `[media.video] video_codec` | | `[media] audio_codec` | `[media.video] audio_codec` | | `[media] max_frame_count` | `[media.video] max_frame_count` | | `[media] enable_full_video` | `[media.video] allow_audio` | | | `[media.video] max_width` | | | `[media.video] max_height` | | | `[media.video] max_area` | | | `[media.video] max_file_size` | Note that although each media type now includes its own `MAX_FILE_SIZE` configuration, the `PICTRS__MEDIA__MAX_FILE_SIZE` value still exists as a global limit for any file type. In addition to all the configuration options mentioned above, there are now individual quality settings that can be configured for each image and animation type, as well as for video files. Please see the [pict-rs.toml](./pict-rs.toml) file for more information. For all configuration options regarding media, see the example [pict-rs.toml](https://git.asonix.dog/asonix/pict-rs/src/branch/main/pict-rs.toml). ### Improved Collision Resistance Previously, pict-rs relied on a sha256 hash of uploaded media's bytes in order to detect which files where the same, and which were unique. I have not heard of any existing problem with this behavior, however, as pict-rs becomes more widely deployed I want to ensure that deduplication does not happen erroneously. In the event of a hash collision between two different pieces of media, pict-rs would consider them duplicates and discard the newly uploaded file in favor of the one it already stored. This would lead to the wrong media being served for a user. In order to reduce the chances of a collission, pict-rs 0.5 now includes the media's file length and a marker indicating it's content type as part of it's unique identifier. This maintains the behavior of identical media being deduplicated, while making collisions far less likely to occur. ### Optional Video Transcoding In pict-rs 0.4, all videos that were uploaded were transcoded from their original format to either pict-rs' default format, or a format specified with configuration. pict-rs 0.5 removes the default "vp9" video codec, and allows uploaded videos to maintain their original codec and format, provided pict-rs supports it. This means uploaded h264, h265, vp8, vp9, and av1 videos no longer need to be decoded & encoded during the upload process aside from detecting their metadata. This behavior is enabled by default, but for administrators who have configured a non-default video codec, this can be enabled by removing the video_codec and audio_codec configurations. ### Library API Changes The library API for pict-rs has changed from 0.4. It now follows a "fluent programming" pattern of chaining methods to configure and launch the service from within another application. Documentation for the new library API can be found on [docs.rs](https://docs.rs/pict-rs) For most cases, using pict-rs' `ConfigSource` as the entrypoint is recommended. As a quick example, ```rust #[tokio::main] async fn main() -> Result<(), Box> { pict_rs::ConfigSource::memory(serde_json::json!({ "server": { "address": "127.0.0.1:8080" }, "repo": { "type": "sled", "path": "./sled-repo" }, "store": { "type": "filesystem", "path": "./files" } })) .init::<&str>(None)? .run_on_localset() .await?; Ok(()) } ``` ### Reject Malformed Deadlines pict-rs supports setting a request deadline with the `X-Request-Deadline` header, where the value is a unix timestamp in nanoseconds. In pict-rs 0.4, requests with deadlines that could not be parsed were treated as requests without deadlines. in pict-rs 0.5 a malformed deadline will cause the request to be rejected with a 400 Bad Request error. ### Logging Verbosity pict-rs 0.5 no longer logs the opening and closing of tracing spans. This means the logs will now be mostly empty aside from the occasional warning or error. Errors should still provide ample debug information, so the decrease in verbosity should not negatively affect debugging of the program. These spans can be re-enabled by setting a configuration option or passing a commandline flag. ```toml [tracing.logging] log_spans = true ``` ```bash PICTRS__TRACING__LOGGING__LOG_SPANS=true ``` ```bash pict-rs --log-spans ``` ### RUST_LOG Support pict-rs 0.5's log levels can now be configured with RUST_LOG. This only affects stdout logging and not exporting via opentelemetry. This value overrides the `[tracing.logging] targets = ""` value from the pict-rs.toml file, but it does not override the `PICTRS__TRACING__LOGGING__TARGETS` environment variable. ### Quality Configuration pict-rs 0.5 now supports configuring the quality and compression of transcoded media. New configuration sections have been introduced to allow setting values for each image format individually, as well as individual quality settings for different video resolutions. For the specifics of quality configuration, see the example [pict-rs.toml](https://git.asonix.dog/asonix/pict-rs/src/branch/main/pict-rs.toml). ### Read-Only Mode pict-rs 0.5 has gained the ability to run in a "read-only" mode, which will forbid the application from accepting new uploaded media, creating new media variants, or updating any metadata. This is useful for complex environments that are capable of running a copy of the pict-rs application while performing maintenance on the "real" deployment. For configuration information, see the example [pict-rs.toml](https://git.asonix.dog/asonix/pict-rs/src/branch/main/pict-rs.toml). ### Danger-Dummy Mode pict-rs 0.5 can now run without any external dependencies in "Danger-Dummy Mode." This allows uploading and serving media, but all of the metadata for that media will be fake default values, and the media cannot be processed in any way. This is not intended for production uses, since generic file stores (like directly using object storage) are more tailored for this use case. Instead, this is provided to enable applications to perform integration tests with pict-rs without needing to reconstruct a valid environment to run the application. For configuration information, see the example [pict-rs.toml](https://git.asonix.dog/asonix/pict-rs/src/branch/main/pict-rs.toml). ### Media Variant Retention Similar to the new proxy feature, pict-rs 0.5 now sets a time limit on media variants, and discards them if they are not accessed within that time limit. Since variants can be regenerated on request, there's no harm in removing them to save on storage space. For configuration information, see the example [pict-rs.toml](https://git.asonix.dog/asonix/pict-rs/src/branch/main/pict-rs.toml). ### Configurable Temporary Directory pict-rs now supports using a non-default temporary directory. Previous versions of pict-rs have resorted to the operating system's defined temporary directory, and that is still the default behavior, but this can now be overridden from pict-rs' configuration. For configuration information, see the example [pict-rs.toml](https://git.asonix.dog/asonix/pict-rs/src/branch/main/pict-rs.toml). ### Serve From Object Storage pict-rs 0.5 now supports serving images directly from object storage. This is achieved by telling pict-rs the public URL at which your object storage is available in the object storage configuration. When this is set up, any existing image requested from pict-rs will be served with a redirect to the object storage URL. Since pict-rs is not intended to be exposed directly to the internet, any proxy between the internet and pict-rs must be configured not to follow redirects, or else that proxy will end up fetching the image from object-storage itself. In some cases, this might be reasonable (e.g. if Web Access is cheaper than S3API access for fetching files). For configuration information, see the example [pict-rs.toml](https://git.asonix.dog/asonix/pict-rs/src/branch/main/pict-rs.toml). ### Prometheus Metrics pict-rs 0.5 now optionally exposes a scrape endpoint for Prometheus metrics. This includes various timings for requests, processing, and counts for pict-rs workings. It could be useful for admins to help monitor the health of pict-rs as it runs. For configuration information, see the example [pict-rs.toml](https://git.asonix.dog/asonix/pict-rs/src/branch/main/pict-rs.toml). ### Internal Hashes Endpoint pict-rs 0.5 offers a new internal endpoint at `/internal/hashes` which returns a paginated list of all uploaded files, sorted from most recently uploaded to least recently uploaded. This endpoint supports querying by timestamp in rfc3339 format in order to quickly jump deep into the list. The number of returned results per page is also configurable. For more information about this API, see the [pict-rs readme](https://git.asonix.dog/asonix/pict-rs#api). ### Internal Delete Endpoint pict-rs 0.5 offers a new internal endpoint for deleting aliases as `/internal/delete`. This is distinct from the purge endpoint in that it doesn't purge a whole image with all it's aliases, instead it simply deletes the provided alias and nothing more. It can be seen as an admin tool for deleting an upload on behalf of a user. For more information about this API, see the [pict-rs readme](https://git.asonix.dog/asonix/pict-rs#api). ### Error Codes In pict-rs 0.5, all errors returned by the application have an associated error code. While pict-rs has always provided an error description in the `"msg"` field of the response, the new `"code"` field represents a general idea of the error that can be used for choosing a translation in downstream software. While there's no documentation-level enumeration of all error codes, the file defining them is pretty easy to understand. You can find it [here](https://git.asonix.dog/asonix/pict-rs/src/branch/main/src/error_code.rs). ### Clean Stray Magick Files pict-rs depends on other applications in order to identify and process media. If these applications crash for any reason, they can potentially leave behind temporary files, which slowly aggregate over time, using disk or RAM. pict-rs 0.5 attempts to solve this by generating a new temporary directory for each invocation of imagemagick, and cleaning up that directory after the program terminates, regardless of success. This means that any stray `magick-` files should now be properly removed when they are no longer in use. ### Always Drain Payloads Actix Web, the framework used by pict-rs, has historically had problems with connections remaining open when request bodies are not read to completion. In order to avoid this, pict-rs has a dedicated task on each request thread that takes ownership of dropped request payloads and attempts to drain them, allowing the connections to close. ### Constant-Time Equality for Deletions pict-rs uses unique tokens generated per-image in order to authorize the deletion of those images. In pict-rs 0.5 the checking of these tokens has been made constant-time, preventing the use of timing attacks that could lead to images being deleted by an attacker. ### ini and json5 These configuration formats have been removed from pict-rs 0.5 in order to improve compile times. If this upsets anyone let me know. I only provide examples in toml anyway. ### Client Pool Size The client_pool_size configuration value hasn't meant anything since the switch from awc to reqwest as pict-rs' http client. It has been removed in 0.5. ### 0.3 Migration Path pict-rs 0.5 is not capable of migrating directly from 0.3. Instead, the upgrade path is to upgrade to 0.4 and then to 0.5. ### Prepare Upgrade Endpoint The internal prepare_upgrade endpoint was only useful in 0.4 to prepare for the 0.5 upgrade, so 0.5 removes this endpoint.