OptStuff

Architecture Overview

Start here to understand the full OptStuff architecture — components, request pipelines, data stores, security model, and operational behavior.

If you want a complete mental model of OptStuff, read this page first. It gives you the big picture and an efficient reading path across the Architecture section.

Two-Plane Mental Model

OptStuff has two major planes:

  1. Control Plane (Dashboard + tRPC) Teams, projects, API keys, domain settings, and onboarding workflows.
  2. Data Plane (Image API /api/v1/...) Signed request validation, source fetch, image transform, rate limiting, logging, and usage tracking.

Component Map

ComponentResponsibilityMain Files
Image API GatewayHandles GET/HEAD image requests and enforces all request checkssrc/app/api/v1/[projectSlug]/[...path]/route.ts
Validation UtilitiesParses signature params, validates operations and domain rulessrc/server/lib/validators.ts, src/lib/ipx-utils.ts
Crypto & Key HandlingAPI key generation, encryption/decryption, signature verificationsrc/server/lib/api-key.ts
Config CacheCaches project/API-key configs (positive + negative cache)src/server/lib/config-cache.ts
Rate LimiterPer-day and per-minute sliding-window checkssrc/server/lib/rate-limiter.ts
Image EngineFetch + transform using IPX/Sharpsrc/server/lib/ipx-factory.ts
ObservabilityRequest logging and activity/usage updatessrc/server/lib/request-logger.ts, src/server/lib/usage-tracker.ts
Control Plane (tRPC)Team/project/API-key managementsrc/server/api/routers/*.ts
Auth & Route GuardClerk auth + service-route bypass for /api/v1src/server/api/trpc.ts, src/proxy.ts

Validation Pipeline

Why This Order

  • Signature verification happens before expensive project/rate-limit work on invalid traffic.
  • Project is loaded by apiKey.projectId first, then slug is matched to prevent cross-project confusion.
  • Rate limiting runs after signature verification so invalid requests cannot consume quota.

Request Flows

GET Flow

HEAD Fast-Path Flow

  • Reuses the same auth/abuse validation pipeline as GET.
  • Performs a lightweight upstream HEAD probe (no image transform).
  • Returns header-only responses with X-Head-Fast-Path: 1.

Data Model & Tenancy

EntityNotes
teamOwnership boundary (one personal team per user via onboarding)
projectHolds domain security settings and aggregate usage metadata
api_keyPublic/secret pair, expiry, revocation, per-key rate-limit values
usage_recordAggregated usage rows
request_logPer-request operational telemetry (sanitized URL)

Security Model

LayerMechanismNotes
URL AuthHMAC-SHA256 signatureConstant-time compare, optional exp
Key StorageAES-256-GCM + HKDFSecret keys encrypted at rest
Source ControlallowedSourceDomainsProduction empty-list is fail-closed
Hotlinking ControlallowedRefererDomainsMissing Referer is allowed by design
Abuse ControlPer-key rate limitingDay window then minute window

Operations Reference (Server Validation)

OperationExampleValidation Rule
ww_800Integer 1..8192
hh_600Integer 1..8192
qq_80Integer 1..100
ff_webpwebp|avif|png|jpg
fitfit_covercover|contain|fill
ss_1200x630{w}x{h} with each 1..8192
embedembedFlag only (no value)

Operational Notes

  • Cache propagation: config cache TTL is 60s; negative cache TTL is 10s.
  • Rate-limiter availability: Redis failures fail open (request allowed).
  • Request logging: source URL is sanitized (query/hash removed); retention target is 30 days; errors are always logged while successful requests can be sampled via REQUEST_LOG_SUCCESS_SAMPLE_RATE.
  • Usage metering: successful request counters are buffered in Redis minute buckets and flushed to usage_record via scheduled cron maintenance (with optional high-frequency flush route on higher plans).
  • Original-size metric: sampled (10%) to avoid extra upstream HEAD on every success.
  • Metric formulas: exact Usage metric formulas and caveats are documented in Usage Metrics Calculations.
  • HEAD upstream behavior: non-image content-type probes are treated as transform-ineligible (502).

To understand how the system was built up end-to-end, follow this order:

  1. Control Plane and Multi-Tenancy — How teams/projects/API keys are modeled and managed.
  2. User Onboarding Flow — How a new user becomes an active project owner.
  3. Create API Key Flow — Dual-key model, encryption-at-rest, and rotation.
  4. Request Lifecycle — Request-by-request runtime path for GET and HEAD.
  5. Usage Metering Pipeline — Hot-path buffering, flush jobs, consistency model, and operational controls.
  6. Usage Metrics Calculations — Exact formulas, data sources, and sampling caveats for analytics.
  7. Redis Schema — Cache-aside, rate-limit counters, write throttling, and usage buffer keys.
  8. SSRF Prevention — Threat model and redirect-handling invariant.

Last updated on

Environment Variables

Complete reference of all environment variables required to run OptStuff, organized by category.

Request Lifecycle

Runtime lifecycle for GET and HEAD requests in the image API, including validation order, response behavior, and background side effects.

On this page

Two-Plane Mental ModelComponent MapValidation PipelineWhy This OrderRequest FlowsGET FlowHEAD Fast-Path FlowData Model & TenancySecurity ModelOperations Reference (Server Validation)Operational NotesRecommended Reading OrderRelated Docs