secure/signed URL support

[pi0]

Some providers like imgix (https://docs.imgix.com/setup/securing-images) or Cloudinary (https://cloudinary.com/documentation/control_access_to_media) support signing URLs to disallow an attacker generating an unlimited amount of URLs causing downtimes, unprivileged access, resource abuse, etc.

To properly supporting this, we need a server only mechanism that can sign URLs (if exposing tokens to the client-side, an attacker can still access them to sign!). This can be possible with a serverMiddleware or server-only plugin/runtimeConfig (example idea: #205 (comment)). And introducing new set of usage limitations. (thus needs discussion before trying to implement)

[nathanchase]

Here's ImageKit's signed URL documentation, for your consideration:
https://docs.imagekit.io/features/security/signed-urls#generating-signed-urls-on-your-own

[shadow81627]

Glide signed URL documentation: https://glide.thephpleague.com/2.0/config/security/

[westende]

@pi0 Why the need to wait for Nuxt 3 as you stated in #385? What are the usage limitations you mention?

[BenjaminOddou]

@pi0, is it possible to call signed url through Nuxt Image with Imagekit set as provider ?

[everyx]

@pi0 @danielroe, has there been any recent progress on this issue?

[Baroshem]

@pi0

I have implemented this feature in Nuxt Cloudinary module and would be happy to implement it for Nuxt Image as well :)

If you can provide me some guidance from your side how you would like it to work/behave I am happy to create a PR with that feature :)

[adamdehaven]

I'd be interested in supporting Cloudflare image signed URLs here as well -- let me know if I can help contribute