Event Images Aren't Verified

[Xevion]

Images for events are intended to be stable URLs that resolve to a PNG or JPEG image; but there is no verification. While it was intended to be a decent solution allowing dynamic media to be referenced, it appears this usage is not implicit and officers are linking media that is impossible for browsers to resolve properly.

For example

• https://drive.google.com/file/d/1XsOSfLbvJ1Z-RlByTvnMxPlR785qu2G5/view
• https://acmutsa.notion.site/All-Logos-41efcfae57324beb816f136c0756b16a#5e9b9c427ae64d849ad0f0d468a20ce4

These URLs are pages - they won't resolve. Browsers won't HTTPS images back. Even worse, I believe if the officers had done it properly (gotten a valid Content-Type returned), the image used may have been unstable; temporary. And not resolve after days or even hours.

For now, before proper media upload is implemented, a verification process needs to be created. This process needs to be server-side to eliminate potential errors from locally available images (localhost, intranet).

The check should make sure of the following, and return the reason (if any) for failure:

• Content Type is jpeg, png (use mime-types, headers)
• Maximum size (<= 1536 KB)
• The URL must be HTTPS

Potential other checks:

• Responds to HEAD requests
• Responds well to referred requests (emulate headers used by a browser, to eliminate bad URLs protected by hotlink protection/zone referrers)
• Multi-request matrix
• Ends with an expected suffix
• Comes from an expected domain (*.google.com, *.imgur.com).
• Within a certain aspect ratio range (1/3 to 3/1)
• Minimum size (>= 10KB)
• Minimum resolution (W > 100 && H > 80)