The task was to implement a security-critical webshop that can be used to sell and buy animated images stored in a custom format. The webshop has to support CAFF (_CrySyS Animated File Format_). The system consists of a web service and a mobile or web client.
# Overview of the implementation
During the design phase, we decided to implement a web client.
Our implementation consists of the following modules:
- **CAFF previewer** / [caff-previewer](https://github.com/UnstableVortexSecurity/caff-previewer): A program written in C that is used to extract a preview (a single frame) from a CAFF file. The extracted preview is saved in .tga (TARGA) format, which is a simple bitmap image format.
- **CAFF previewer wrapper** / [caff-previewer-wrapper](https://github.com/UnstableVortexSecurity/caff-previewer-wrapper): A wrapper written in Python/Flask that provides a simple HTTP interface between CAFF previewer and the web client. The wrapper also converts the extracted preview to PNG using ImageMagick.
- **Web application** / [webshop](https://github.com/UnstableVortexSecurity/webshop): A web client written in Python/Flask. This client implements the user functions.
Since our webshop is a modern web application it has quite a few dependencies. To make trying it out easier we deployed to our own secure Kubernetes cluster. It is available at https://unstablevortex.kmlabz.com/ .
The application connects to every dependency (Minio, Caff Previewer Wrapper, SMTP and PostgreSQL server) over TLS and the configuration environment variables are stored in Vault.
