Imgix-flavoured HMAC URL signing.
Per imgix's docs:
- HMAC-SHA256 (we ship SHA-256 only; SHA-1 is not supported).
- Payload:
secret <> path <> "?" <> querywhere the query excludes thesparameter. When the query is empty the payload issecret <> pathwith no trailing?. - Hex digest, lowercase.
- Parameter: appended as
s=<hex>.
Differences from Image.Plug.Signing (Cloudflare-flavoured):
Parameter name:
svs Cloudflare'ssig. Imgix's choice matches what the imgix CDN itself uses; matters for wire- format compatibility with imgix's own URLs.Canonical-string rule: imgix prepends the secret to the payload; Cloudflare uses the secret as the HMAC key only.
Sign and verify share the same wire format, so a URL signed by
sign/3 verifies under verify/3 with the same key. The
module mirrors Image.Plug.Signing's public API so it's a
drop-in alternative when configuring the imgix provider.
Summary
Functions
Signs path_with_query (a request path, optionally with a query
string) using the first key in keys. Returns the path with
?s=<hex> (or &s=<hex> if a query is already present)
appended.
Verifies the signature on path_with_query.
Functions
Signs path_with_query (a request path, optionally with a query
string) using the first key in keys. Returns the path with
?s=<hex> (or &s=<hex> if a query is already present)
appended.
Options
:expires_at—DateTimeor unix-seconds. Adds anexpires=<unix>parameter; the verifier rejects after that time.
@spec verify(String.t(), [String.t(), ...], keyword()) :: :ok | {:error, Image.Plug.Error.t()}
Verifies the signature on path_with_query.
Returns :ok or an Image.Plug.Error with one of
:signature_required, :invalid_signature,
:signature_expired.
Options
:required?— whentrue, missing?s=produces:signature_required. Defaultfalse(defense-in-depth: a bad signature is always rejected, but a missing signature only fails when the deployment requires it).:now— current unix-seconds for expiry comparison. Defaults toSystem.system_time(:second). Test-only override.