Skip to main content

Overview

The security package provides comprehensive safety mechanisms for the Camera Workflow application, including disk space verification, file integrity checks, processing markers, and automatic recovery from interrupted operations.

Types

SecurityChecker

Main security checker that performs validation and safety operations. 
type SecurityChecker struct {
    minOutputSizeRatio     float64
    minOutputSizeRatioAVIF float64
    minOutputSizeRatioWebP float64
}
minOutputSizeRatio
float64
Minimum size ratio for general output validation (default: 0.005)
minOutputSizeRatioAVIF
float64
Minimum size ratio for AVIF files (default: 0.001)
minOutputSizeRatioWebP
float64
Minimum size ratio for WebP files (default: 0.003)

Functions

NewSecurityChecker

Creates a new SecurityChecker instance. 
func NewSecurityChecker(
    minOutputSizeRatio,
    minOutputSizeRatioAVIF,
    minOutputSizeRatioWebP float64,
) *SecurityChecker
minOutputSizeRatio
float64
required
Minimum acceptable output size ratio (output_size / input_size)
minOutputSizeRatioAVIF
float64
required
Format-specific ratio for AVIF files
minOutputSizeRatioWebP
float64
required
Format-specific ratio for WebP files

Example

import "github.com/Azilone/Camera-Workflow/internal/security"

checker := security.NewSecurityChecker(0.005, 0.001, 0.003)

Methods

CheckDiskSpace

Verifies that sufficient disk space is available for conversion. 
func (s *SecurityChecker) CheckDiskSpace(sourceDir, destDir string) error
sourceDir
string
required
Path to source directory
destDir
string
required
Path to destination directory
error
error
Returns an error if insufficient disk space is available

Example

if err := checker.CheckDiskSpace("/source", "/dest"); err != nil {
    log.Fatalf("Insufficient disk space: %v", err)
}

Space Calculation

  • Estimates needed space as 50% of source directory size
  • Compares against available space in destination
  • Platform-specific implementations for accurate free space detection

VerifyOutputFile

Performs comprehensive validation of a converted output file. 
func (s *SecurityChecker) VerifyOutputFile(
    inputPath,
    outputPath,
    fileType,
    outputFormat string,
) error
inputPath
string
required
Path to original input file
outputPath
string
required
Path to converted output file
fileType
string
required
Type of file (“photo” or “video”)
outputFormat
string
required
Output format (“avif”, “webp”, “mp4”, etc.)
error
error
Returns an error if validation fails (file is corrupted or too small)

Validation Steps

  1. Existence Check: Verify output file exists
  2. Size Check: Ensure file is not empty
  3. Ratio Check: Validate minimum size ratio (format-specific)
  4. Integrity Check: Verify file can be opened by appropriate tool
    • Photos: Uses ImageMagick identify
    • Videos: Uses FFmpeg ffprobe

Example

err := checker.VerifyOutputFile(
    "/source/photo.jpg",
    "/dest/photo.avif",
    "photo",
    "avif",
)
if err != nil {
    log.Printf("Verification failed: %v", err)
}

SafeDelete

Safely deletes an original file after triple verification. 
func (s *SecurityChecker) SafeDelete(filePath, outputPath string) error
filePath
string
required
Path to original file to delete
outputPath
string
required
Path to converted output file (must exist and be valid)
error
error
Returns an error if deletion is unsafe or fails

Safety Checks

  1. Output file exists
  2. Output file is not empty
  3. Output file size > 1000 bytes (minimum threshold)

IsFileCorrupted

Checks if an existing file is corrupted or incomplete. 
func (s *SecurityChecker) IsFileCorrupted(filePath, fileType string) bool
filePath
string
required
Path to file to check
fileType
string
required
Type of file (“photo” or “video”)
corrupted
bool
Returns true if file is corrupted, missing, or invalid

Example

if checker.IsFileCorrupted("/dest/photo.avif", "photo") {
    log.Println("File is corrupted, will re-convert")
    os.Remove("/dest/photo.avif")
}

CreateProcessingMarker

Creates a marker file to track active conversions. 
func (s *SecurityChecker) CreateProcessingMarker(filePath string) error
filePath
string
required
Path to file being converted
error
error
Returns an error if marker creation fails

Marker Format

Creates a .processing file containing: 
PID:12345
Started:2026-03-03T10:30:00Z
File:/path/to/file.jpg

RemoveProcessingMarker

Removes the processing marker after conversion completes. 
func (s *SecurityChecker) RemoveProcessingMarker(filePath string) error
filePath
string
required
Path to file (marker is filePath + “.processing”)

FindAbandonedMarkers

Finds processing markers from previous runs where the process has died. 
func (s *SecurityChecker) FindAbandonedMarkers(dir string) ([]string, error)
dir
string
required
Directory to search for abandoned markers
markers
[]string
List of abandoned marker file paths
error
error
Returns an error if directory traversal fails

Detection Logic

  1. Finds all .processing files
  2. Reads PID from marker file
  3. Checks if process with that PID still exists
  4. Returns markers where process is dead

CleanupAbandonedFiles

Removes temporary and abandoned files from interrupted conversions. 
func (s *SecurityChecker) CleanupAbandonedFiles(dir string) error
dir
string
required
Directory to clean up
error
error
Returns an error if cleanup fails

Cleanup Targets

  • .tmp files (temporary conversion outputs)
  • .processing markers from dead processes

VerifyFileIntegrity

Performs comprehensive integrity check on a file. 
func (s *SecurityChecker) VerifyFileIntegrity(
    filePath,
    fileType string,
) error
filePath
string
required
Path to file to verify
fileType
string
required
Type of file (“photo” or “video”)
error
error
Returns an error if file is corrupted or inaccessible

Verification Steps

  1. File exists
  2. File is not empty
  3. File can be opened
  4. First 1KB can be read
  5. Type-specific validation (ImageMagick or FFprobe)

Platform-Specific Functions

The package includes platform-specific implementations for:

Disk Space Detection

  • Unix/Linux: diskspace_unix.go - Uses syscall.Statfs
  • Windows: diskspace_windows.go - Uses Windows API

Process Checking

  • Unix/Linux: process_check_unix.go - Checks /proc/{pid}
  • Windows: process_check_windows.go - Uses Windows process API

Safety Guarantees

The security package ensures:
  1. No data loss: Triple verification before deletion
  2. Atomic operations: Files converted to .tmp then renamed
  3. Crash recovery: Processing markers enable automatic recovery
  4. Integrity validation: All outputs verified with external tools
  5. Space safety: Pre-flight disk space checks
  • Converter - Uses SecurityChecker for validation
  • Config - Provides security thresholds
  • Utils - Platform-agnostic utility functions

Build docs developers (and LLMs) love

Get started for freeTalk to us