5.8 KiB
5.8 KiB
Copilot Rules for Rust Image Manipulation API
Project Overview
This project is a Rust-based API built with:
axum = "0.8.8"sea-orm = { version = "1.1.20", features = ["sqlx-postgres", "runtime-tokio-native-tls", "macros"] }tokio = { version = "1.51.1", features = ["full"] }tower-http = { version = "0.6.8", features = ["trace"] }
The main purpose of the API is image manipulation with support for:
avifpngjpgjpegwebp
The project already has an account system. Use it as-is unless explicitly asked to modify it.
Redis will be used for:
- temporary/signed access tokens
- time-based access control
- caching image manipulation results if needed
General Coding Rules
- Prefer idiomatic Rust.
- Follow Axum patterns for handlers, extractors, routers, and state management.
- Keep business logic in services, not in controllers/handlers.
- Use SeaORM for database access.
- Use async/await everywhere I/O is involved.
- Avoid blocking operations on the Tokio runtime.
- Write small, composable functions.
- Prefer strong types over raw strings for domain concepts.
- Handle errors explicitly and return structured API errors.
- Do not introduce unnecessary dependencies.
Architecture Rules
Use the following structure for new image-related code:
images/modelimages/controllerimages/serviceimages/repositoryimages/dtoimages/processor
If auth/token logic is needed for image access:
- keep verification in middleware or a dedicated auth/token service
- keep Redis interaction isolated in a repository or cache layer
Layer Responsibilities
- controller/handler: HTTP request parsing, response formatting
- service: business rules, token validation flow, image transformation orchestration
- repository: DB/Redis access
- processor: actual image resize/crop/convert operations
- model: entities and domain types
- dto: request/response payloads
Image Manipulation Rules
-
Support these output formats:
- avif
- png
- jpg
- jpeg
- webp
-
Accept image manipulation parameters such as:
width/wheight/hformatqualitycrop
-
Support crop modes like:
covercontainfillcentertopbottomleftrightsmartif implemented later
-
Validate all manipulation inputs:
- width and height must be positive
- quality must be within a valid range
- format must be one of the supported formats
- crop mode must be recognized
-
Never trust query parameters directly without validation.
-
Preserve aspect ratio when required by crop mode.
-
If a requested format is unsupported, return a clear API error.
-
If the image cannot be decoded or converted, return a meaningful error response.
Token Access Rules
- Image manipulation must be accessible through time-limited tokens.
- Tokens may be stored or validated through Redis.
- Token validation must occur before image processing.
- Token expiration must be enforced.
- Do not expose raw internal storage paths through public APIs.
- Tokens should be treated as opaque values from the client perspective.
- If token is invalid or expired, return
401 Unauthorizedor403 Forbiddenas appropriate.
Redis Rules
- Use Redis for short-lived access control data.
- Keep Redis keys namespaced, for example:
image:token:{token}image:cache:{hash}
- Set TTL explicitly for temporary tokens.
- Prefer cache-aside patterns if storing processed image results.
- Redis access code must be isolated and reusable.
SeaORM Rules
- Use entities generated or structured consistently with SeaORM conventions.
- Keep DB operations in repository layer.
- Avoid mixing query building into handlers.
- Return repository-level errors as domain errors or application errors.
- Use migrations for schema changes.
- Do not hardcode SQL unless necessary.
Axum Rules
- Use
Routercleanly and split routes by module. - Prefer typed extractors for shared state.
- Use
State<AppState>for database/Redis/shared services. - Use middleware only for cross-cutting concerns like auth, logging, rate limiting.
- Return JSON responses with consistent shape.
- Use
tower_http::trace::TraceLayerfor request tracing.
Error Handling Rules
- Define a unified error type for the API.
- Convert infrastructure errors into application errors.
- Return consistent error response payloads.
- Do not panic in request handlers.
- Log errors where useful, but avoid leaking secrets.
Naming Rules
- Use clear module names:
accountimagesauthsharedconfig
- Name functions by behavior, not implementation.
- Prefer
create_*,get_*,update_*,delete_*,process_*,validate_*. - Keep DTO names explicit, for example:
CreateTokenRequestManipulateImageRequestImageResponse
When Generating Code
Copilot should:
- follow existing project style
- reuse existing account/auth infrastructure
- avoid changing unrelated modules
- prefer minimal, targeted changes
- keep code ready for testing
- add comments only when they add clarity
What Copilot Should Not Do
- Do not rewrite the whole project unless explicitly asked.
- Do not replace SeaORM with another ORM.
- Do not introduce framework changes away from Axum.
- Do not hardcode credentials or secrets.
- Do not store tokens insecurely.
- Do not bypass validation for convenience.
Recommended Defaults
- Default output format:
webpunless user requests otherwise. - Default crop mode:
cover - Default quality:
80 - Default dimension behavior: preserve aspect ratio when only one side is provided
- Default access: token required for protected image processing routes