Allow restricted operator usage

[pi0]

Specifically on resizing (numeric) operators to avoid abusing server (related to #44)

[ausir0726]

This feature is quite critical. Through testing, we found that users can create approximately 500MB images by using "w50000 + enlarge." This directly leads to the website crashing (nuxt-img middleware). If possible, this should be prioritized as a high-priority issue.

Alternatively, it would be preferable to prioritize enforcing the ability to enable or disable various modification parameters via environment variables, for example, enlarge: false, to prevent abuse.

[ausir0726]

Through testing, it has been observed that Cloudinary's image enlargement is limited to approximately 8100px. By forcefully setting q_100, it is possible to obtain a 3.1 MB image. Apart from forcibly disabling enlarge, it might also be beneficial to enforce a maximum width and height, along with a relationship with quality settings, to prevent potential attacks on the server.

Of course, the most fundamental solution should involve the implementation of access keys.

https://res.cloudinary.com/nuxt/image/upload/q_100,w_8100/vue-telemetry/32abc3212c97fd44ff24acaa6edc4573.jpg

[ausir0726]

@pi0

Through api.nuxt.org, it is also possible to access extremely large files. Testing has shown that files exceeding 11000px seem to cause the server to become unresponsive. For example, a simple PNG image with dimensions of 11000px can result in a download size of 2.2MB. More complex images could potentially lead to a complete crash of the serverless service.

If you have received this notification, please delete this post or modify its content to remove any potentially harmful material. Thank you.

https://api.nuxtjs.org/api/ipx/enlarge,w_11000,f_png/gh/nuxt/modules/main/icons/pinia.svg