feat: change img proxy configuration

.env

@@ -35,4 +35,5 @@ GATEKEEPER_PASSWORD=klz2026
 COOKIE_DOMAIN=localhost
 INFRA_DIRECTUS_URL=http://localhost:8059
 INFRA_DIRECTUS_TOKEN=59fb8f4c1a51b18fe28ad947f713914e
-GATEKEEPER_ORIGIN=http://klz.localhost
+GATEKEEPER_ORIGIN=http://klz.localhost
+OPENROUTER_API_KEY=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

docker-compose.yml

@@ -155,7 +155,7 @@ services:
       - default
 
   klz-imgproxy:
-    image: darthsim/imgproxy:latest
+    image: registry.infra.mintel.me/mintel/image-processor:latest
     restart: unless-stopped
     networks:
       - default
@@ -165,12 +165,10 @@ services:
       - "cms.klz.localhost:host-gateway"
       - "host.docker.internal:host-gateway"
     environment:
+      OPENROUTER_API_KEY: ${OPENROUTER_API_KEY}
+      # IMGPROXY_URL_MAPPING is not used by our new service yet, but we can keep it for future parity if we add it back
       IMGPROXY_URL_MAPPING: "${NEXT_PUBLIC_BASE_URL}:http://klz-app:3000,${DIRECTUS_URL}:http://klz-cms:8055"
-      IMGPROXY_USE_ETAG: "true"
-      IMGPROXY_MAX_SRC_RESOLUTION: 20
-      IMGPROXY_IGNORE_SSL_ERRORS: "true"
       IMGPROXY_LOG_LEVEL: debug
-      IMGPROXY_ALLOW_LOCAL_NETWORKS: "true"
 
     labels:
       - "traefik.enable=true"

lib/imgproxy.ts

@@ -39,34 +39,21 @@ export function getImgproxyUrl(src: string, options: ImgproxyOptions = {}): stri
     // Also handle direct container names if needed
   }
 
-  const {
+  const { width = 0, height = 0, enlarge = false, extension = '' } = options;
-    width = 0,
-    height = 0,
-    resizing_type = 'fit',
-    gravity = 'sm', // Default to smart gravity
-    enlarge = false,
-    extension = '',
-  } = options;
 
-  // Processing options
+  let quality = 80;
-  // Format: /rs:<type>:<width>:<height>:<enlarge>/g:<gravity>
+  if (extension) quality = 90;
-  const processingOptions = [
-    `rs:${resizing_type}:${width}:${height}:${enlarge ? 1 : 0}`,
-    `g:${gravity}`,
-  ].join('/');
 
-  // Using Base64 encoding for the source URL.
+  // Re-map imgproxy URL to our new parameter structure
-  // This completely eliminates any risk of intermediate proxies (Traefik/Next.js)
+  // e.g. /process?url=...&w=...&h=...&q=...&format=...
-  // URL-decoding the path, which corrupts the double-slash (// to /) and causes 403 errors.
+  const queryParams = new URLSearchParams({
-  // Imgproxy expects URL-safe Base64 (RFC 4648) without padding.
+    url: absoluteSrc,
-  const b64 =
+  });
-    typeof window === 'undefined'
-      ? Buffer.from(absoluteSrc).toString('base64')
-      : btoa(unescape(encodeURIComponent(absoluteSrc)));
 
-  const urlSafeB64 = b64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
+  if (width > 0) queryParams.set('w', width.toString());
+  if (height > 0) queryParams.set('h', height.toString());
+  if (extension) queryParams.set('format', extension.replace('.', ''));
+  if (quality) queryParams.set('q', quality.toString());
 
-  const suffix = extension ? `.${extension}` : '';
+  return `${baseUrl}/process?${queryParams.toString()}`;
-
-  return `${baseUrl}/unsafe/${processingOptions}/${urlSafeB64}${suffix}`;
 }