From ba9b590d698b7eb3607286f8913db839971b7579 Mon Sep 17 00:00:00 2001
From: Corey Donohoe <atmos@atmos.org>
Date: Sun, 26 Dec 2010 09:32:28 -0800
Subject: [PATCH 1/4] update features

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index afe1ab3..21cd9de 100644
--- a/README.md
+++ b/README.md
@@ -15,6 +15,7 @@ Features
 * Proxy images < 5 MB
 * Proxy google charts
 * 404s for anything other than a 200 or 304 HTTP response
+* Disallows proxying to private IP ranges
 
 At GitHub we render markdown and replace all of the `src` attributes on the `img` tags with the appropriate URL to hit the proxies.  There's example code for creating URLs in [the tests](https://github.com/atmos/camo/blob/master/test/proxy_test.rb).
 

From accf7fd3715bd61615e9a5bd4ce49f61188922c6 Mon Sep 17 00:00:00 2001
From: rick <technoweenie@gmail.com>
Date: Wed, 5 Jan 2011 20:29:48 -0800
Subject: [PATCH 2/4] track current/total connections

---
 server.coffee | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/server.coffee b/server.coffee
index 2c5e15b..3d67fd1 100644
--- a/server.coffee
+++ b/server.coffee
@@ -19,6 +19,13 @@ log = (msg) ->
 EXCLUDED_HOSTS = new RegExp(excluded.replace(".", "\\.").replace("*", "\\.*"))
 RESTRICTED_IPS = /^(10\.)|(127\.)|(169\.254)|(192\.168)|(172\.(1[6-9])|(2[0-9])|(3[0-1]))/
 
+total_connections   = 0
+current_connections = 0
+
+decr = ->
+  current_connections -= 1
+  current_connections  = 0 if current_connections < 1
+
 server = Http.createServer (req, resp) ->
   if req.method != 'GET' || req.url == '/'
     resp.writeHead 200
@@ -27,13 +34,15 @@ server = Http.createServer (req, resp) ->
     resp.writeHead 200
     resp.end 'ok'
   else
+    total_connections   += 1
+    current_connections += 1
     url = Url.parse req.url
 
     four_oh_four = (msg) ->
+      decr()
       log msg
-      resp.writeHead 404, { }
-      resp.write "Not Found"
-      resp.end()
+      resp.writeHead 404
+      resp.end "Not Found"
 
     transferred_headers =
       'Via'                    : process.env.CAMO_HEADER_VIA or= "Camo Asset Proxy #{version}"
@@ -80,7 +89,7 @@ server = Http.createServer (req, resp) ->
 
             content_length  = srcResp.headers['content-length']
 
-            if(content_length > 5242880)
+            if content_length > 5242880
               four_oh_four("Content-Length exceeded")
             else
               newHeaders =
@@ -91,9 +100,11 @@ server = Http.createServer (req, resp) ->
                 'X-Content-Type-Options' : 'nosniff'
 
               srcResp.on 'end', ->
+                decr()
                 resp.end()
 
               srcResp.on 'error', ->
+                decr()
                 resp.end()
 
               switch srcResp.statusCode
@@ -114,6 +125,7 @@ server = Http.createServer (req, resp) ->
                   four_oh_four("Responded with #{srcResp.statusCode}:#{srcResp.headers}")
 
           srcReq.on 'error', ->
+            decr()
             resp.end()
 
           srcReq.end()

From 2b67b5d8c90e76c5b2a50463aa80b39f93eac1b7 Mon Sep 17 00:00:00 2001
From: rick <technoweenie@gmail.com>
Date: Wed, 5 Jan 2011 20:32:52 -0800
Subject: [PATCH 3/4] move four_oh_four() to the top level so its not recreated
 on every request

---
 server.coffee | 39 ++++++++++++++++++---------------------
 1 file changed, 18 insertions(+), 21 deletions(-)

diff --git a/server.coffee b/server.coffee
index 3d67fd1..e3864d8 100644
--- a/server.coffee
+++ b/server.coffee
@@ -22,9 +22,15 @@ RESTRICTED_IPS = /^(10\.)|(127\.)|(169\.254)|(192\.168)|(172\.(1[6-9])|(2[0-9])|
 total_connections   = 0
 current_connections = 0
 
-decr = ->
+four_oh_four = (resp, msg) ->
+  log msg
+  resp.writeHead 404
+  finish resp, "Not Found"
+
+finish = (resp, str) ->
   current_connections -= 1
   current_connections  = 0 if current_connections < 1
+  resp.end str
 
 server = Http.createServer (req, resp) ->
   if req.method != 'GET' || req.url == '/'
@@ -38,12 +44,6 @@ server = Http.createServer (req, resp) ->
     current_connections += 1
     url = Url.parse req.url
 
-    four_oh_four = (msg) ->
-      decr()
-      log msg
-      resp.writeHead 404
-      resp.end "Not Found"
-
     transferred_headers =
       'Via'                    : process.env.CAMO_HEADER_VIA or= "Camo Asset Proxy #{version}"
       'Accept'                 : req.headers.accept
@@ -67,12 +67,12 @@ server = Http.createServer (req, resp) ->
 
         if url.host? && !url.host.match(RESTRICTED_IPS)
           if url.host.match(EXCLUDED_HOSTS)
-            return four_oh_four("Hitting excluded hostnames")
+            return four_oh_four(resp, "Hitting excluded hostnames")
 
           src = Http.createClient url.port || 80, url.hostname
 
           src.on 'error', (error) ->
-            four_oh_four("Client Request error #{error.stack}")
+            four_oh_four(resp, "Client Request error #{error.stack}")
 
           query_path = url.pathname
           if url.query?
@@ -90,7 +90,7 @@ server = Http.createServer (req, resp) ->
             content_length  = srcResp.headers['content-length']
 
             if content_length > 5242880
-              four_oh_four("Content-Length exceeded")
+              four_oh_four(resp, "Content-Length exceeded")
             else
               newHeaders =
                 'expires'                : srcResp.headers['expires']
@@ -100,17 +100,15 @@ server = Http.createServer (req, resp) ->
                 'X-Content-Type-Options' : 'nosniff'
 
               srcResp.on 'end', ->
-                decr()
-                resp.end()
+                finish resp
 
               srcResp.on 'error', ->
-                decr()
-                resp.end()
+                finish resp
 
               switch srcResp.statusCode
                 when 200
                   if newHeaders['content-type'] && newHeaders['content-type'].slice(0, 5) != 'image'
-                    four_oh_four("Non-Image content-type returned")
+                    four_oh_four(resp, "Non-Image content-type returned")
 
                   log newHeaders
 
@@ -122,20 +120,19 @@ server = Http.createServer (req, resp) ->
                   resp.writeHead srcResp.statusCode, newHeaders
 
                 else
-                  four_oh_four("Responded with #{srcResp.statusCode}:#{srcResp.headers}")
+                  four_oh_four(resp, "Responded with #{srcResp.statusCode}:#{srcResp.headers}")
 
           srcReq.on 'error', ->
-            decr()
-            resp.end()
+            finish resp
 
           srcReq.end()
 
         else
-          four_oh_four("No host found #{url.host}")
+          four_oh_four(resp, "No host found #{url.host}")
       else
-        four_oh_four("checksum mismatch #{hmac_digest}:#{query_digest}")
+        four_oh_four(resp, "checksum mismatch #{hmac_digest}:#{query_digest}")
     else
-      four_oh_four("No pathname provided on the server")
+      four_oh_four(resp, "No pathname provided on the server")
 
 console.log "SSL-Proxy running on #{port} with pid:#{process.pid}."
 console.log "Using the secret key #{shared_key}"

From 6b8cc1aad86e0d28a5e56e4d26355e3dc8c0b607 Mon Sep 17 00:00:00 2001
From: rick <technoweenie@gmail.com>
Date: Wed, 5 Jan 2011 20:36:33 -0800
Subject: [PATCH 4/4] show server status

---
 server.coffee | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server.coffee b/server.coffee
index e3864d8..8870bcb 100644
--- a/server.coffee
+++ b/server.coffee
@@ -21,6 +21,7 @@ RESTRICTED_IPS = /^(10\.)|(127\.)|(169\.254)|(192\.168)|(172\.(1[6-9])|(2[0-9])|
 
 total_connections   = 0
 current_connections = 0
+started_at          = new Date
 
 four_oh_four = (resp, msg) ->
   log msg
@@ -39,6 +40,9 @@ server = Http.createServer (req, resp) ->
   else if req.url == '/favicon.ico'
     resp.writeHead 200
     resp.end 'ok'
+  else if req.url == '/status'
+    resp.writeHead 200
+    resp.end "ok #{current_connections}/#{total_connections} since #{started_at.toString()}"
   else
     total_connections   += 1
     current_connections += 1