Append iframe=true query param to a URL when in iframe mode

Build embed snippets (script and iframe variants) for a ticket URL

Build a frame-ancestors CSP value from allowed embed hosts. Returns null if the list is empty (allow embedding from anywhere).

Delete an image from Bunny storage.

Detect iframe mode from a request URL and store it for the current request

Detect the actual image type from magic bytes. Returns the MIME type if matched, null otherwise.

Download and decrypt an image from Bunny storage. Uses the storage SDK directly (same as upload/delete) instead of a CDN pull zone URL, which requires a separate pull zone linked to the storage zone. Returns the decrypted image bytes, or null if the file does not exist.

Generate a random filename with the correct extension

Get the current request's iframe mode

Get the proxy URL path for serving a decrypted image. Images are encrypted on CDN, so they must be served through the proxy.

Get the MIME type for an image filename from its extension.

Check if image storage is enabled (both env vars are set)

Parse a comma-separated list of hosts into trimmed, lowercased entries. Filters out empty strings from trailing commas etc.

Try to delete an image from CDN storage, logging errors on failure

Upload an image to Bunny storage. Encrypts the image bytes before uploading. Returns the filename (without path) on success.

Validate a custom domain (delegates to bunnyCdnApi for testability).

Validate a comma-separated list of host patterns. Returns null if all valid, or the first error message.

Validate a single host pattern Returns null if valid, or an error message if invalid

Validate an image file: check MIME type, size, and magic bytes.

Image validation error

Image validation result

Stubbable API for testing

Matches a valid hostname like "example.com" or "sub.example.com"

User-facing messages for image validation errors