https://github.com/swiss-devjoy/laravel-image-transformations
Secure Cloudflare-like image transformations with security features to your app
https://github.com/swiss-devjoy/laravel-image-transformations
cloudflare images laravel php
Last synced: 10 months ago
JSON representation
Secure Cloudflare-like image transformations with security features to your app
- Host: GitHub
- URL: https://github.com/swiss-devjoy/laravel-image-transformations
- Owner: swiss-devjoy
- License: mit
- Created: 2025-04-16T18:38:39.000Z (10 months ago)
- Default Branch: main
- Last Pushed: 2025-04-17T10:32:16.000Z (10 months ago)
- Last Synced: 2025-04-26T07:55:39.389Z (10 months ago)
- Topics: cloudflare, images, laravel, php
- Language: PHP
- Homepage:
- Size: 42 KB
- Stars: 10
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Funding: .github/FUNDING.yml
- License: LICENSE.md
Awesome Lists containing this project
README
# Secure Cloudflare-like Image Transformations for your Laravel App
[](https://packagist.org/packages/swiss-devjoy/laravel-image-transformations)
[](https://packagist.org/packages/swiss-devjoy/laravel-image-transformations)
Add Cloudflare-like image transformations with security features to your app, inspired by [Aaron Francis's image proxy implementation](https://aaronfrancis.com/2025/a-cookieless-cache-friendly-image-proxy-in-laravel-inspired-by-cloudflare-9e95f7e0).
## Features
- Transform images on-the-fly with simple URL parameters
- Support for various transformations (resize, blur, rotate, brightness, contrast, format conversion, quality)
- Secure URL signing to prevent abuse
- Rate limiting option for unsigned URLs to prevent abuse
- Browser and CDN-friendly caching
- Zero disk storage for transformed images (HTTP caching only)
## Installation
You can install the package via composer:
```bash
composer require swiss-devjoy/laravel-image-transformations
```
You can publish the config file with:
```bash
php artisan vendor:publish --tag="laravel-image-transformations-config"
```
## Configuration
The package comes with sensible defaults, but you can customize the behavior:
```php
return [
// Enable/disable all image transformations
'enabled' => env('IMAGE_TRANSFORMATIONS_ENABLED', true),
// Cache control headers for browser and CDN caching
// Sets 30-day cache with immutable flag to improve performance
'cache_control_headers' => 'public, max-age=2592000, s-maxage=2592000, immutable',
// URL route prefix for all transformed images
// Example: /img/options/path-to-image.jpg
'url_prefix' => '/img',
// Default compression quality (1-100) for supported formats
// Higher values mean better quality but larger file sizes
'default_quality' => 90,
// Security option 1: Cryptographic URL signing
// When enabled, prevents unauthorized image transformations by adding a signature hash to URLs
// Example: /img/[signature-hash]/options/path-to-image.jpg
'signed_urls' => true,
// Security option 2: Rate limiting
// Controls the frequency of transformation requests from the same client
// Note: Use either signed_urls OR ratelimiter (not both simultaneously)
'ratelimiter' => [
// Enable rate limiting for transformation requests
// Must be disabled when signed_urls is enabled
'enabled' => false,
// Cache store for rate limiter counters
// File-based store recommended to avoid edge case issues like database locks
// Options: 'file', 'redis', 'database', etc. from config('cache.stores')
'store' => env('IMAGE_TRANSFORMATIONS_RATELIMITER_STORE', 'file'),
// Maximum transformation requests allowed per minute per IP
// Adjust based on your application's needs and expected traffic
'max_attempts' => 2,
],
];
```
## Usage
### Basic Example
Original image reference:
```blade
```
With transformation:
```blade
%20}})
```
### Transformation Options
| Option | Description | Example |
|--------|-------------|---------|
| `width` | Scale down to specified width (maintains aspect ratio) | `width=300` |
| `height` | Scale down to specified height (maintains aspect ratio) | `height=200` |
| `format` | Convert image format | `format=webp` |
| `quality` | Set compression quality (1-100) | `quality=80` |
| `blur` | Apply blur effect (1-100) | `blur=10` |
| `rotate` | Rotate image (degrees) | `rotate=90` |
| `brightness` | Adjust brightness | `brightness=15` |
| `contrast` | Adjust contrast | `contrast=25` |
## Security Options
### Option 1: Signed URLs (Recommended)
Secure your transformations with cryptographic signatures:
```php
// config/image-transformations.php
'signed_urls' => true,
```
This generates a signed URL like:
```
/img/100000b3fe067c19625e10ccb1959320e65a7d34d43d9d4d48d3df95691f6f03/width=300,format=webp,quality=80/images/profile.jpg
```
### Option 2: Rate Limiting
If you prefer not to use signatures:
```php
// config/image-transformations.php
'signed_urls' => false,
'ratelimiter' => [
'enabled' => true,
],
```
Direct URLs:
```
/img/width=300,format=webp,quality=80/images/profile.jpg
```
## Performance Considerations
- Images are transformed on-the-fly
- No disk storage is used for transformed images
- HTTP caching with appropriate headers (30 days by default)
- Works best with CDNs for edge caching
## Example Use Cases
### Responsive Images
```blade
%20}})
```
### Creative Effects
```blade
%20}})
```
## Testing
```bash
composer test
```
## Changelog
Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently.
## Contributing
Please see [CONTRIBUTING](CONTRIBUTING.md) for details.
## Security Vulnerabilities
Please review [our security policy](../../security/policy) on how to report security vulnerabilities.
## Credits
- [Dimitri König](https://github.com/dimitri-koenig)
- [All Contributors](../../contributors)
## License
The MIT License (MIT). Please see [License File](LICENSE.md) for more information.