DDoS vulernability thanks to resizing images endpoint

[michaelKurowski]

As Matt pointed out:

I can change ?width= to any value causing it to be resized each time even if you have caching implemented if I change width, the cache won't be used this is an ideal case for DoS cheap request, expensive response

He proposed this as a solution: https://docs.imgproxy.net/#/signing_the_url

just plugging the imgproxy might be easier than reimplementing these signed urls there is a node.js package with conveniant API for generating and signing imgproxy urls https://github.com/unitedwardrobe/imgproxy-node

[michaelKurowski]

The idea is to sign URLs, so the server knows that the URL that the user clicks, has been generated by our SSR, instead of manually crafted.