From 586b7ea113440b7dc8113dada8ea4ca1ee485452 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Tue, 12 Nov 2024 20:12:27 +0000
Subject: [PATCH 01/40] =?UTF-8?q?=F0=9F=8E=89=20add=20cloudflareId=20to=20?=
 =?UTF-8?q?images=20table?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 db/migration/1731360326761-CloudflareImages.ts    | 15 +++++++++++++++
 .../@ourworldindata/types/src/dbTypes/Images.ts   |  1 +
 2 files changed, 16 insertions(+)
 create mode 100644 db/migration/1731360326761-CloudflareImages.ts

diff --git a/db/migration/1731360326761-CloudflareImages.ts b/db/migration/1731360326761-CloudflareImages.ts
new file mode 100644
index 00000000000..001a6a51d55
--- /dev/null
+++ b/db/migration/1731360326761-CloudflareImages.ts
@@ -0,0 +1,15 @@
+import { MigrationInterface, QueryRunner } from "typeorm"
+
+export class CloudflareImages1731360326761 implements MigrationInterface {
+    public async up(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`-- sql
+            ALTER TABLE images ADD COLUMN cloudflareId VARCHAR(255) NULL
+        `)
+    }
+
+    public async down(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`-- sql
+            ALTER TABLE images DROP COLUMN cloudflareId
+        `)
+    }
+}
diff --git a/packages/@ourworldindata/types/src/dbTypes/Images.ts b/packages/@ourworldindata/types/src/dbTypes/Images.ts
index 1efddb86d2a..430931cf3ce 100644
--- a/packages/@ourworldindata/types/src/dbTypes/Images.ts
+++ b/packages/@ourworldindata/types/src/dbTypes/Images.ts
@@ -7,6 +7,7 @@ export interface DbInsertImage {
     originalWidth?: number | null
     originalHeight?: number | null
     updatedAt?: string | null // MySQL Date objects round to the nearest second, whereas Google includes milliseconds so we store as an epoch of type bigint to avoid any conversion issues
+    cloudflareId?: string | null
 }
 export type DbRawImage = Required<DbInsertImage>
 export type DbEnrichedImage = Omit<DbRawImage, "updatedAt"> & {

From 080c2af513947c2eb64dfb85157d487c6371185c Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Tue, 12 Nov 2024 17:25:34 -0500
Subject: [PATCH 02/40] =?UTF-8?q?=F0=9F=8E=89=20add=20cloudflare=20images?=
 =?UTF-8?q?=20sync=20script?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Makefile                                      |   4 +
 .../cloudflareImagesSync.ts                   | 458 ++++++++++++++++++
 devTools/cloudflareImagesSync/tsconfig.json   |  15 +
 package.json                                  |   5 +-
 settings/serverSettings.ts                    |   6 +
 yarn.lock                                     |  31 ++
 6 files changed, 518 insertions(+), 1 deletion(-)
 create mode 100644 devTools/cloudflareImagesSync/cloudflareImagesSync.ts
 create mode 100644 devTools/cloudflareImagesSync/tsconfig.json

diff --git a/Makefile b/Makefile
index 8c7f50ed801..108e206e8ad 100644
--- a/Makefile
+++ b/Makefile
@@ -153,6 +153,10 @@ sync-images: sync-images.preflight-check
 	@echo '==> Syncing images to R2'
 	./devTools/docker/sync-s3-images.sh
 
+sync-cloudflare-images:
+	@echo '==> Syncing images to Cloudflare'
+	@yarn syncCloudflareImages
+
 refresh.full: refresh refresh.pageviews sync-images
 	@echo '==> Full refresh completed'
 	@make bake-images
diff --git a/devTools/cloudflareImagesSync/cloudflareImagesSync.ts b/devTools/cloudflareImagesSync/cloudflareImagesSync.ts
new file mode 100644
index 00000000000..94d1e4090c5
--- /dev/null
+++ b/devTools/cloudflareImagesSync/cloudflareImagesSync.ts
@@ -0,0 +1,458 @@
+const is = require("image-size")
+import * as readline from "readline"
+import pMap from "p-map"
+import path from "path"
+import fs from "fs/promises"
+import { DbEnrichedImage } from "@ourworldindata/types"
+import * as db from "../../db/db.js"
+import {
+    CLOUDFLARE_IMAGES_ACCOUNT_ID,
+    CLOUDFLARE_IMAGES_API_KEY,
+    IMAGE_HOSTING_R2_CDN_URL,
+} from "../../settings/serverSettings.js"
+import { excludeNullish, keyBy } from "@ourworldindata/utils"
+
+type CloudflareImageDirectory = Record<string, { id: string; filename: string }>
+
+enum InvalidImageReason {
+    TooLarge = "TooLarge",
+    InvalidFormat = "InvalidFormat",
+    InvalidDimensions = "InvalidDimensions",
+    TooManyMegapixels = "TooManyMegapixels",
+    InvalidMetadata = "InvalidMetadata",
+    UnknownError = "UnknownError",
+}
+
+type ImageValidationObject = {
+    filename: string
+    reason: InvalidImageReason
+    extra?: any
+}
+
+function stringifyImageMetadata(image: DbEnrichedImage) {
+    return JSON.stringify({
+        filename: image.filename,
+    })
+}
+
+/**
+ * Make sure that each database cloudflareId corresponds to a valid image in the Cloudflare Images directory
+ */
+async function validateDirectory(
+    trx: db.KnexReadWriteTransaction,
+    directory: CloudflareImageDirectory
+): Promise<{ isValid: boolean; invalidImages: string[] }> {
+    const imagesWithIds = await db.knexRaw<{
+        filename: string
+        cloudflareId: string
+    }>(
+        trx,
+        `-- sql
+        SELECT filename, cloudflareId FROM images WHERE cloudflareId IS NOT NULL`
+    )
+    const imagesSharingCloudflareIds = await db
+        .knexRaw<{
+            cloudflareId: string
+            count: number
+            filenames: string
+        }>(
+            trx,
+            `-- sql
+        SELECT 
+            cloudflareId,
+            COUNT(*) as count,
+            JSON_ARRAYAGG(
+                filename
+            ) as filenames
+        FROM images
+        WHERE cloudflareId IS NOT NULL
+        GROUP BY cloudflareId
+        HAVING count > 1`
+        )
+        .then((results) =>
+            results.map((result) => ({
+                cloudflareId: result.cloudflareId,
+                count: result.count,
+                filenames: JSON.parse(result.filenames) as string[],
+            }))
+        )
+        .then((results) => keyBy(results, "cloudflareId"))
+
+    const invalidImages: string[] = []
+    for (const image of imagesWithIds) {
+        if (!directory[image.filename]) {
+            // If an identical image was uploaded with multiple filenames, subsequent copies will use the same cloudflareId as the first
+            // so let's check if this is a case of that
+            const imagesSharingCloudflareId =
+                imagesSharingCloudflareIds[image.cloudflareId]
+            if (imagesSharingCloudflareId) {
+                const filenames = imagesSharingCloudflareId.filenames
+                if (filenames.includes(image.filename)) {
+                    console.log(
+                        `Image with filename "${image.filename}" has a cloudflareId that is shared with other images.`
+                    )
+                    continue
+                }
+            }
+            console.log(
+                `Image with filename "${image.filename}" has a cloudflareId that is not in the Cloudflare Images directory.`
+            )
+            invalidImages.push(image.filename)
+        }
+    }
+    return {
+        isValid: invalidImages.length === 0,
+        invalidImages,
+    }
+}
+
+async function purgeRecords(trx: db.KnexReadWriteTransaction) {
+    await new Promise<void>((resolve) => {
+        const readlineInterface = readline.createInterface({
+            input: process.stdin,
+            output: process.stdout,
+        })
+
+        readlineInterface.question(
+            "Are you sure you want to delete ALL images from Cloudflare Images? (y/n) ",
+            (answer) => {
+                if (answer.toLowerCase() === "y") {
+                    resolve()
+                } else {
+                    console.log("Aborting.")
+                    process.exit(0)
+                }
+                readlineInterface.close()
+            }
+        )
+    })
+
+    const directory = await getCloudflareImageDirectory()
+    console.log("Deleting all images from Cloudflare Images...")
+    await pMap(
+        Object.values(directory),
+        async (image) => {
+            console.log("Deleting image:", image.filename)
+            try {
+                await fetch(
+                    `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_IMAGES_ACCOUNT_ID}/images/v1/${image.id}`,
+                    {
+                        method: "DELETE",
+                        headers: {
+                            Authorization: `Bearer ${CLOUDFLARE_IMAGES_API_KEY}`,
+                        },
+                    }
+                )
+            } catch (e) {
+                console.error(e)
+            }
+        },
+        { concurrency: 10 }
+    )
+    console.log("Finished")
+
+    await new Promise<void>((resolve) => {
+        const readlineInterface = readline.createInterface({
+            input: process.stdin,
+            output: process.stdout,
+        })
+
+        readlineInterface.question(
+            "Would you also like to set all cloudflareIds to NULL in the DB? (y/n) ",
+            (answer) => {
+                if (answer.toLowerCase() === "y") {
+                    resolve()
+                } else {
+                    console.log("Aborting.")
+                    process.exit(0)
+                }
+                readlineInterface.close()
+            }
+        )
+    })
+    console.log("May God have mercy on your soul.")
+
+    await db.knexRaw(
+        trx,
+        `-- sql
+        UPDATE images
+        SET cloudflareId = NULL`
+    )
+    console.log("All cloudflareIds set to NULL in the DB.")
+}
+
+/**
+ *  Cloudflare has a width/height of 12000px, metadata of 1024B, 100megapixels, and a 10MB filesize limit
+ */
+function validateImage(
+    imageBuffer: Buffer,
+    metadata: string
+): InvalidImageReason | null {
+    const imageSize = is(imageBuffer)
+    if (!imageSize) {
+        return InvalidImageReason.InvalidFormat
+    }
+
+    if (imageSize.width > 12000 || imageSize.height > 12000) {
+        return InvalidImageReason.InvalidDimensions
+    }
+
+    if (imageSize.width * imageSize.height > 100 * 1000000) {
+        return InvalidImageReason.TooManyMegapixels
+    }
+
+    if (imageBuffer.byteLength > 10 * 1024 * 1024) {
+        return InvalidImageReason.TooLarge
+    }
+
+    if (Buffer.byteLength(metadata, "utf8") > 1024) {
+        return InvalidImageReason.InvalidMetadata
+    }
+
+    return null
+}
+
+async function checkIfAlreadyUploadedToCloudflareImages(
+    filename: string,
+    cloudflareImagesDirectory: CloudflareImageDirectory
+): Promise<boolean> {
+    if (cloudflareImagesDirectory[filename]) {
+        console.log(
+            `Image with filename "${filename}" has already uploaded to Cloudflare Images.`
+        )
+        return true
+    }
+    return false
+}
+
+async function checkIfAlreadyTrackedInDB(
+    trx: db.KnexReadWriteTransaction,
+    filename: string
+) {
+    console.log("Checking to see if the DB has the Cloudflare ID...")
+    const cloudflareId = await trx
+        .raw<{ cloudflareId: string }[][]>(
+            `-- sql
+                SELECT cloudflareId FROM images WHERE filename = ?
+                `,
+            [filename]
+        )
+        .then((res) => res[0][0]?.cloudflareId)
+    if (!cloudflareId) {
+        console.log("No Cloudflare ID found in the DB.")
+        return false
+    } else {
+        console.log(`Cloudflare ID "${cloudflareId}" exists in the DB.`)
+        return true
+    }
+}
+
+async function updateDbWithCloudflareId(
+    trx: db.KnexReadWriteTransaction,
+    filename: string,
+    cloudflareId: string
+) {
+    console.log("Updating the DB with the Cloudflare ID...")
+    await trx.raw(
+        `-- sql
+            UPDATE images
+            SET cloudflareId = ?
+            WHERE filename = ?`,
+        [cloudflareId, filename]
+    )
+}
+
+async function uploadImageToCloudflareImages(
+    trx: db.KnexReadWriteTransaction,
+    image: DbEnrichedImage,
+    invalidImages: ImageValidationObject[],
+    cloudflareImagesDirectory: CloudflareImageDirectory
+) {
+    const filename = image.filename
+
+    /**
+     * If the image is already tracked in the DB, we don't need to do anything.
+     * If the image is already uploaded to Cloudflare Images, we check if we need to update the DB with the cloudflareId.
+     * It's possible the image has already been uploaded but is saved under a different filename,
+     * in which case we go through the normal process of uploading the image,
+     * which is a no-op for Cloudflare, but will give us the right ID to update the DB with.
+     */
+    const alreadyTracked = await checkIfAlreadyTrackedInDB(trx, filename)
+    const alreadyUploaded = await checkIfAlreadyUploadedToCloudflareImages(
+        filename,
+        cloudflareImagesDirectory
+    )
+    if (alreadyTracked) {
+        return
+    }
+    if (alreadyUploaded) {
+        const cloudflareId = cloudflareImagesDirectory[filename].id
+        await updateDbWithCloudflareId(trx, filename, cloudflareId)
+        return
+    }
+
+    const imageUrl = `${IMAGE_HOSTING_R2_CDN_URL}/production/${filename}`
+    console.log("Downloading image:", filename)
+    const imageBuffer = await fetch(imageUrl).then((res) => res.arrayBuffer())
+    const metadata = stringifyImageMetadata(image)
+    const isInvalid = validateImage(Buffer.from(imageBuffer), metadata)
+    if (isInvalid) {
+        console.log(`Image "${filename}" is invalid: ${isInvalid}`)
+        invalidImages.push({
+            filename,
+            reason: isInvalid,
+        })
+        return
+    }
+
+    const formData = new FormData()
+    formData.append("url", imageUrl)
+    formData.append("metadata", metadata)
+    formData.append("requireSignedURLs", "false")
+
+    console.log("Uploading image to Cloudflare Images...")
+    const uploadResults = await fetch(
+        `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_IMAGES_ACCOUNT_ID}/images/v1`,
+        {
+            method: "POST",
+            headers: {
+                Authorization: `Bearer ${CLOUDFLARE_IMAGES_API_KEY}`,
+            },
+            body: formData,
+        }
+    ).then((res) => res.json())
+
+    if (!uploadResults || uploadResults.errors.length) {
+        invalidImages.push({
+            filename,
+            reason: InvalidImageReason.UnknownError,
+            extra: uploadResults.errors,
+        })
+        return
+    }
+
+    await trx.raw(
+        `-- sql
+                UPDATE images
+                SET cloudflareId = ?
+                WHERE googleId = ?`,
+        [uploadResults.result.id, image.googleId]
+    )
+}
+
+async function getCloudflareImageDirectory() {
+    console.log("Fetching Cloudflare Images directory...")
+    const directory = await fetch(
+        `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_IMAGES_ACCOUNT_ID}/images/v1?per_page=2000`,
+        {
+            headers: {
+                Authorization: `Bearer ${CLOUDFLARE_IMAGES_API_KEY}`,
+            },
+        }
+    )
+        .then((res) => res.json())
+        .then((res) => {
+            console.log(
+                `Cloudflare Images directory fetched. ${res.result.images.length} images found.`
+            )
+            return res.result.images
+        })
+        .then(
+            (images) =>
+                keyBy(images, (image) =>
+                    decodeURIComponent(image.filename)
+                ) as CloudflareImageDirectory
+        )
+
+    return directory
+}
+
+async function fetchImagesFromDatabase(trx: db.KnexReadWriteTransaction) {
+    console.log("Fetching images from the database...")
+    return await trx
+        .raw<DbEnrichedImage[]>(
+            `-- sql
+            SELECT * FROM images WHERE id IN (
+                SELECT DISTINCT imageId FROM posts_gdocs_x_images
+            )`
+        )
+        .then((res) => res.flat())
+        .then(excludeNullish)
+        .then((images) => images.filter((image) => image && image.filename))
+        .then((images) =>
+            images.sort((a, b) => a.filename.localeCompare(b.filename))
+        )
+}
+
+async function uploadImagesToCloudflareImages(
+    trx: db.KnexReadWriteTransaction,
+    cloudflareImagesDirectory: CloudflareImageDirectory
+) {
+    const invalidImages: ImageValidationObject[] = []
+
+    const images = await fetchImagesFromDatabase(trx)
+    console.log(`${images.length} images fetched.`)
+
+    await pMap(
+        images,
+        async (image) => {
+            console.log(`Processing image: ${image.filename}`)
+            try {
+                await uploadImageToCloudflareImages(
+                    trx,
+                    image,
+                    invalidImages,
+                    cloudflareImagesDirectory
+                )
+            } catch (e) {
+                console.error(e)
+                invalidImages.push({
+                    filename: image.filename,
+                    reason: InvalidImageReason.UnknownError,
+                    extra: e,
+                })
+            }
+        },
+        { concurrency: 10 }
+    )
+
+    console.log("Finished!")
+    console.log(
+        `There were ${invalidImages.length} invalid images. See invalidImages.json for details.`
+    )
+
+    await fs.writeFile(
+        path.join(__dirname, "invalidImages.json"),
+        JSON.stringify(invalidImages, null, 2)
+    )
+}
+
+async function main() {
+    if (!CLOUDFLARE_IMAGES_ACCOUNT_ID || !CLOUDFLARE_IMAGES_API_KEY) {
+        console.error(
+            `Cloudflare Images credentials not set. 
+You need to set "CLOUDFLARE_IMAGES_ACCOUNT_ID" and "CLOUDFLARE_IMAGES_API_KEY" in your .env`
+        )
+        return
+    }
+
+    await db.knexReadWriteTransaction(async (trx) => {
+        // await purgeRecords(trx)
+
+        const directory = await getCloudflareImageDirectory()
+        const { isValid, invalidImages } = await validateDirectory(
+            trx,
+            directory
+        )
+        if (isValid) {
+            await uploadImagesToCloudflareImages(trx, directory)
+        } else {
+            console.error(
+                `The DB has images that do not exist in the Cloudflare Images directory. You should check those out first`
+            )
+            console.error(invalidImages)
+        }
+    })
+}
+
+main().then(() => process.exit(0))
diff --git a/devTools/cloudflareImagesSync/tsconfig.json b/devTools/cloudflareImagesSync/tsconfig.json
new file mode 100644
index 00000000000..208a03820db
--- /dev/null
+++ b/devTools/cloudflareImagesSync/tsconfig.json
@@ -0,0 +1,15 @@
+{
+    "extends": "../tsconfigs/tsconfig.base.json",
+    "compilerOptions": {
+        "outDir": "../../itsJustJavascript/devTools/cloudflareImagesSync",
+        "rootDir": "."
+    },
+    "references": [
+        {
+            "path": "../../db"
+        },
+        {
+            "path": "../../settings"
+        }
+    ]
+}
diff --git a/package.json b/package.json
index 77a81064274..76707ebe367 100644
--- a/package.json
+++ b/package.json
@@ -41,7 +41,8 @@
         "testJest": "lerna run buildTests && jest",
         "testSiteNavigation": "tsx --tsconfig tsconfig.tsx.json devTools/navigationTest/navigationTest.ts",
         "generateDbTypes": "npx @rmp135/sql-ts -c db/sql-ts/sql-ts-config.json",
-        "syncGraphersToR2": "tsx --tsconfig tsconfig.tsx.json devTools/syncGraphersToR2/syncGraphersToR2.ts"
+        "syncGraphersToR2": "tsx --tsconfig tsconfig.tsx.json devTools/syncGraphersToR2/syncGraphersToR2.ts",
+        "syncCloudflareImages": "tsx --tsconfig tsconfig.tsx.json devTools/cloudflareImagesSync/cloudflareImagesSync.ts"
     },
     "dependencies": {
         "@algolia/autocomplete-js": "^1.17.2",
@@ -189,6 +190,7 @@
         "@types/fs-extra": "^11.0.1",
         "@types/geojson": "^7946.0.10",
         "@types/html-to-text": "^9.0.4",
+        "@types/image-size": "^0.8.0",
         "@types/indefinite": "^2.3.2",
         "@types/ini": "^4",
         "@types/js-cookie": "^3.0.2",
@@ -232,6 +234,7 @@
         "flag-icons": "^7.2.3",
         "http-server": "^14.1.1",
         "husky": "^9.0.11",
+        "image-size": "^1.1.1",
         "jest": "^29.7.0",
         "jest-environment-jsdom": "^29.7.0",
         "lerna": "^8.1.6",
diff --git a/settings/serverSettings.ts b/settings/serverSettings.ts
index 2530259bba4..51959210ada 100644
--- a/settings/serverSettings.ts
+++ b/settings/serverSettings.ts
@@ -169,6 +169,12 @@ export const R2_SECRET_ACCESS_KEY: string =
 export const R2_REGION: string =
     serverSettings.R2_REGION || rcloneConfig["owid-r2"]?.region || "auto"
 
+export const CLOUDFLARE_IMAGES_ACCOUNT_ID: string =
+    serverSettings.CLOUDFLARE_IMAGES_ACCOUNT_ID || ""
+
+export const CLOUDFLARE_IMAGES_API_KEY: string =
+    serverSettings.CLOUDFLARE_IMAGES_API_KEY || ""
+
 export const GRAPHER_CONFIG_R2_BUCKET: string | undefined =
     serverSettings.GRAPHER_CONFIG_R2_BUCKET
 export const GRAPHER_CONFIG_R2_BUCKET_PATH: string | undefined =
diff --git a/yarn.lock b/yarn.lock
index 14308cf0d1d..4bf31fa42a1 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -5270,6 +5270,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@types/image-size@npm:^0.8.0":
+  version: 0.8.0
+  resolution: "@types/image-size@npm:0.8.0"
+  dependencies:
+    image-size: "npm:*"
+  checksum: 10/9530adc7515609f801d37d4db80f883855d7e5ba6c593f3705b6d54550438a97822937d416bc27e09237b2c610e692cce3cf59ff3105d9c4bb8c91c13ba269b6
+  languageName: node
+  linkType: hard
+
 "@types/indefinite@npm:^2.3.2":
   version: 2.3.2
   resolution: "@types/indefinite@npm:2.3.2"
@@ -11073,6 +11082,7 @@ __metadata:
     "@types/fs-extra": "npm:^11.0.1"
     "@types/geojson": "npm:^7946.0.10"
     "@types/html-to-text": "npm:^9.0.4"
+    "@types/image-size": "npm:^0.8.0"
     "@types/indefinite": "npm:^2.3.2"
     "@types/ini": "npm:^4"
     "@types/js-cookie": "npm:^3.0.2"
@@ -11147,6 +11157,7 @@ __metadata:
     html-to-text: "npm:^9.0.5"
     http-server: "npm:^14.1.1"
     husky: "npm:^9.0.11"
+    image-size: "npm:^1.1.1"
     indefinite: "npm:^2.4.3"
     ini: "npm:^4.1.2"
     instantsearch.js: "npm:^4.72.1"
@@ -11728,6 +11739,17 @@ __metadata:
   languageName: node
   linkType: hard
 
+"image-size@npm:*, image-size@npm:^1.1.1":
+  version: 1.1.1
+  resolution: "image-size@npm:1.1.1"
+  dependencies:
+    queue: "npm:6.0.2"
+  bin:
+    image-size: bin/image-size.js
+  checksum: 10/f28966dd3f6d4feccc4028400bb7e8047c28b073ab0aa90c7c53039288139dd416c6bc254a976d4bf61113d4bc84871786804113099701cbfe9ccf377effdb54
+  languageName: node
+  linkType: hard
+
 "immutable@npm:^4.0.0, immutable@npm:^4.3.6":
   version: 4.3.6
   resolution: "immutable@npm:4.3.6"
@@ -16311,6 +16333,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"queue@npm:6.0.2":
+  version: 6.0.2
+  resolution: "queue@npm:6.0.2"
+  dependencies:
+    inherits: "npm:~2.0.3"
+  checksum: 10/3437954ef1442c86ff01a0fbe3dc6222838823b1ca97f37eff651bc20b868c0c2904424ef2c0d44cba46055f54b578f92866e573125dc9a5e8823d751e4d1585
+  languageName: node
+  linkType: hard
+
 "quick-lru@npm:^4.0.1":
   version: 4.0.1
   resolution: "quick-lru@npm:4.0.1"

From 15415605c651e11481a1b4df6897792989b6f586 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Tue, 12 Nov 2024 17:49:01 -0500
Subject: [PATCH 03/40] =?UTF-8?q?=E2=9C=A8=20use=20the=20v2=20list=20image?=
 =?UTF-8?q?s=20API=20in=20CFI=20sync=20script?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 devTools/cloudflareImagesSync/cloudflareImagesSync.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/devTools/cloudflareImagesSync/cloudflareImagesSync.ts b/devTools/cloudflareImagesSync/cloudflareImagesSync.ts
index 94d1e4090c5..8d78862cfe5 100644
--- a/devTools/cloudflareImagesSync/cloudflareImagesSync.ts
+++ b/devTools/cloudflareImagesSync/cloudflareImagesSync.ts
@@ -135,7 +135,7 @@ async function purgeRecords(trx: db.KnexReadWriteTransaction) {
             console.log("Deleting image:", image.filename)
             try {
                 await fetch(
-                    `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_IMAGES_ACCOUNT_ID}/images/v1/${image.id}`,
+                    `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_IMAGES_ACCOUNT_ID}/images/v2/${image.id}`,
                     {
                         method: "DELETE",
                         headers: {

From 3fae4c3c385ceec5d15431ff6f7bafd2a6e4bf83 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Wed, 13 Nov 2024 16:16:00 -0500
Subject: [PATCH 04/40] =?UTF-8?q?=F0=9F=90=9B=20fix=20sync=20script=20bug?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../cloudflareImagesSync.ts                   | 161 +++++++++---------
 package.json                                  |   2 -
 yarn.lock                                     |  31 ----
 3 files changed, 80 insertions(+), 114 deletions(-)

diff --git a/devTools/cloudflareImagesSync/cloudflareImagesSync.ts b/devTools/cloudflareImagesSync/cloudflareImagesSync.ts
index 8d78862cfe5..b00932aae9a 100644
--- a/devTools/cloudflareImagesSync/cloudflareImagesSync.ts
+++ b/devTools/cloudflareImagesSync/cloudflareImagesSync.ts
@@ -1,4 +1,3 @@
-const is = require("image-size")
 import * as readline from "readline"
 import pMap from "p-map"
 import path from "path"
@@ -15,7 +14,6 @@ import { excludeNullish, keyBy } from "@ourworldindata/utils"
 type CloudflareImageDirectory = Record<string, { id: string; filename: string }>
 
 enum InvalidImageReason {
-    TooLarge = "TooLarge",
     InvalidFormat = "InvalidFormat",
     InvalidDimensions = "InvalidDimensions",
     TooManyMegapixels = "TooManyMegapixels",
@@ -29,6 +27,34 @@ type ImageValidationObject = {
     extra?: any
 }
 
+type CloudflareAPIResponseInfo = {
+    code: number
+    message: string
+}
+
+type CloudflareAPIDeleteResponse = {
+    result: any
+    errors: CloudflareAPIResponseInfo[]
+    messages: CloudflareAPIResponseInfo[]
+    success: boolean
+}
+
+type CloudflareAPIUploadResponse = {
+    errors: CloudflareAPIResponseInfo[]
+    messages: CloudflareAPIResponseInfo[]
+    result: {
+        id?: string
+        filename?: string
+        meta?: {
+            key: string
+        }
+        requireSignedURLs?: boolean
+        uploaded?: string
+        variants?: string[]
+    }
+    success: boolean
+}
+
 function stringifyImageMetadata(image: DbEnrichedImage) {
     return JSON.stringify({
         filename: image.filename,
@@ -50,53 +76,10 @@ async function validateDirectory(
         `-- sql
         SELECT filename, cloudflareId FROM images WHERE cloudflareId IS NOT NULL`
     )
-    const imagesSharingCloudflareIds = await db
-        .knexRaw<{
-            cloudflareId: string
-            count: number
-            filenames: string
-        }>(
-            trx,
-            `-- sql
-        SELECT 
-            cloudflareId,
-            COUNT(*) as count,
-            JSON_ARRAYAGG(
-                filename
-            ) as filenames
-        FROM images
-        WHERE cloudflareId IS NOT NULL
-        GROUP BY cloudflareId
-        HAVING count > 1`
-        )
-        .then((results) =>
-            results.map((result) => ({
-                cloudflareId: result.cloudflareId,
-                count: result.count,
-                filenames: JSON.parse(result.filenames) as string[],
-            }))
-        )
-        .then((results) => keyBy(results, "cloudflareId"))
 
     const invalidImages: string[] = []
     for (const image of imagesWithIds) {
         if (!directory[image.filename]) {
-            // If an identical image was uploaded with multiple filenames, subsequent copies will use the same cloudflareId as the first
-            // so let's check if this is a case of that
-            const imagesSharingCloudflareId =
-                imagesSharingCloudflareIds[image.cloudflareId]
-            if (imagesSharingCloudflareId) {
-                const filenames = imagesSharingCloudflareId.filenames
-                if (filenames.includes(image.filename)) {
-                    console.log(
-                        `Image with filename "${image.filename}" has a cloudflareId that is shared with other images.`
-                    )
-                    continue
-                }
-            }
-            console.log(
-                `Image with filename "${image.filename}" has a cloudflareId that is not in the Cloudflare Images directory.`
-            )
             invalidImages.push(image.filename)
         }
     }
@@ -117,6 +100,7 @@ async function purgeRecords(trx: db.KnexReadWriteTransaction) {
             "Are you sure you want to delete ALL images from Cloudflare Images? (y/n) ",
             (answer) => {
                 if (answer.toLowerCase() === "y") {
+                    console.log("May God have mercy on your soul.")
                     resolve()
                 } else {
                     console.log("Aborting.")
@@ -135,7 +119,7 @@ async function purgeRecords(trx: db.KnexReadWriteTransaction) {
             console.log("Deleting image:", image.filename)
             try {
                 await fetch(
-                    `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_IMAGES_ACCOUNT_ID}/images/v2/${image.id}`,
+                    `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_IMAGES_ACCOUNT_ID}/images/v1/${encodeURIComponent(image.id)}`,
                     {
                         method: "DELETE",
                         headers: {
@@ -143,11 +127,23 @@ async function purgeRecords(trx: db.KnexReadWriteTransaction) {
                         },
                     }
                 )
+                    .then((res) => res.json())
+                    .then((res: CloudflareAPIDeleteResponse) => {
+                        if (res.success) {
+                            console.log("Image deleted:", image.filename)
+                        } else {
+                            console.error(
+                                "Error deleting image:",
+                                image.filename,
+                                res.errors
+                            )
+                        }
+                    })
             } catch (e) {
                 console.error(e)
             }
         },
-        { concurrency: 10 }
+        { concurrency: 6 }
     )
     console.log("Finished")
 
@@ -170,7 +166,6 @@ async function purgeRecords(trx: db.KnexReadWriteTransaction) {
             }
         )
     })
-    console.log("May God have mercy on your soul.")
 
     await db.knexRaw(
         trx,
@@ -185,24 +180,23 @@ async function purgeRecords(trx: db.KnexReadWriteTransaction) {
  *  Cloudflare has a width/height of 12000px, metadata of 1024B, 100megapixels, and a 10MB filesize limit
  */
 function validateImage(
-    imageBuffer: Buffer,
+    image: DbEnrichedImage,
     metadata: string
 ): InvalidImageReason | null {
-    const imageSize = is(imageBuffer)
-    if (!imageSize) {
+    if (!image.filename.match(/\.(png|jpg|jpeg|gif|webp)$/)) {
         return InvalidImageReason.InvalidFormat
     }
 
-    if (imageSize.width > 12000 || imageSize.height > 12000) {
-        return InvalidImageReason.InvalidDimensions
+    if (!image.originalWidth || !image.originalHeight) {
+        return InvalidImageReason.InvalidFormat
     }
 
-    if (imageSize.width * imageSize.height > 100 * 1000000) {
-        return InvalidImageReason.TooManyMegapixels
+    if (image.originalWidth > 12000 || image.originalHeight > 12000) {
+        return InvalidImageReason.InvalidDimensions
     }
 
-    if (imageBuffer.byteLength > 10 * 1024 * 1024) {
-        return InvalidImageReason.TooLarge
+    if (image.originalWidth * image.originalHeight > 100 * 1000000) {
+        return InvalidImageReason.TooManyMegapixels
     }
 
     if (Buffer.byteLength(metadata, "utf8") > 1024) {
@@ -217,9 +211,7 @@ async function checkIfAlreadyUploadedToCloudflareImages(
     cloudflareImagesDirectory: CloudflareImageDirectory
 ): Promise<boolean> {
     if (cloudflareImagesDirectory[filename]) {
-        console.log(
-            `Image with filename "${filename}" has already uploaded to Cloudflare Images.`
-        )
+        console.log("Already in Cloudflare Images:", filename)
         return true
     }
     return false
@@ -229,20 +221,18 @@ async function checkIfAlreadyTrackedInDB(
     trx: db.KnexReadWriteTransaction,
     filename: string
 ) {
-    console.log("Checking to see if the DB has the Cloudflare ID...")
     const cloudflareId = await trx
         .raw<{ cloudflareId: string }[][]>(
             `-- sql
-                SELECT cloudflareId FROM images WHERE filename = ?
-                `,
+            SELECT cloudflareId FROM images WHERE filename = ?`,
             [filename]
         )
         .then((res) => res[0][0]?.cloudflareId)
     if (!cloudflareId) {
-        console.log("No Cloudflare ID found in the DB.")
+        console.log("Not tracked in DB:", filename)
         return false
     } else {
-        console.log(`Cloudflare ID "${cloudflareId}" exists in the DB.`)
+        console.log("Already tracked in DB:", filename)
         return true
     }
 }
@@ -255,9 +245,9 @@ async function updateDbWithCloudflareId(
     console.log("Updating the DB with the Cloudflare ID...")
     await trx.raw(
         `-- sql
-            UPDATE images
-            SET cloudflareId = ?
-            WHERE filename = ?`,
+        UPDATE images
+        SET cloudflareId = ?
+        WHERE filename = ?`,
         [cloudflareId, filename]
     )
 }
@@ -292,25 +282,24 @@ async function uploadImageToCloudflareImages(
     }
 
     const imageUrl = `${IMAGE_HOSTING_R2_CDN_URL}/production/${filename}`
-    console.log("Downloading image:", filename)
-    const imageBuffer = await fetch(imageUrl).then((res) => res.arrayBuffer())
     const metadata = stringifyImageMetadata(image)
-    const isInvalid = validateImage(Buffer.from(imageBuffer), metadata)
-    if (isInvalid) {
-        console.log(`Image "${filename}" is invalid: ${isInvalid}`)
+    const invalidReason = validateImage(image, metadata)
+    if (invalidReason) {
+        console.log("Image invalid:", filename)
         invalidImages.push({
             filename,
-            reason: isInvalid,
+            reason: invalidReason,
         })
         return
     }
 
     const formData = new FormData()
     formData.append("url", imageUrl)
+    formData.append("id", encodeURIComponent(filename))
     formData.append("metadata", metadata)
     formData.append("requireSignedURLs", "false")
 
-    console.log("Uploading image to Cloudflare Images...")
+    console.log("Uploading image:", filename)
     const uploadResults = await fetch(
         `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_IMAGES_ACCOUNT_ID}/images/v1`,
         {
@@ -320,7 +309,16 @@ async function uploadImageToCloudflareImages(
             },
             body: formData,
         }
-    ).then((res) => res.json())
+    )
+        .then((res) => res.json())
+        .then((res: CloudflareAPIUploadResponse) => {
+            if (res.success) {
+                console.log("Upload complete:", filename)
+            } else {
+                console.error("Upload error:", filename, res.errors)
+            }
+            return res
+        })
 
     if (!uploadResults || uploadResults.errors.length) {
         invalidImages.push({
@@ -333,10 +331,10 @@ async function uploadImageToCloudflareImages(
 
     await trx.raw(
         `-- sql
-                UPDATE images
-                SET cloudflareId = ?
-                WHERE googleId = ?`,
-        [uploadResults.result.id, image.googleId]
+        UPDATE images
+        SET cloudflareId = ?
+        WHERE filename = ?`,
+        [uploadResults.result.id, filename]
     )
 }
 
@@ -391,6 +389,7 @@ async function uploadImagesToCloudflareImages(
     const invalidImages: ImageValidationObject[] = []
 
     const images = await fetchImagesFromDatabase(trx)
+
     console.log(`${images.length} images fetched.`)
 
     await pMap(
@@ -413,7 +412,7 @@ async function uploadImagesToCloudflareImages(
                 })
             }
         },
-        { concurrency: 10 }
+        { concurrency: 6 }
     )
 
     console.log("Finished!")
diff --git a/package.json b/package.json
index 76707ebe367..53ba5566e67 100644
--- a/package.json
+++ b/package.json
@@ -190,7 +190,6 @@
         "@types/fs-extra": "^11.0.1",
         "@types/geojson": "^7946.0.10",
         "@types/html-to-text": "^9.0.4",
-        "@types/image-size": "^0.8.0",
         "@types/indefinite": "^2.3.2",
         "@types/ini": "^4",
         "@types/js-cookie": "^3.0.2",
@@ -234,7 +233,6 @@
         "flag-icons": "^7.2.3",
         "http-server": "^14.1.1",
         "husky": "^9.0.11",
-        "image-size": "^1.1.1",
         "jest": "^29.7.0",
         "jest-environment-jsdom": "^29.7.0",
         "lerna": "^8.1.6",
diff --git a/yarn.lock b/yarn.lock
index 4bf31fa42a1..14308cf0d1d 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -5270,15 +5270,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@types/image-size@npm:^0.8.0":
-  version: 0.8.0
-  resolution: "@types/image-size@npm:0.8.0"
-  dependencies:
-    image-size: "npm:*"
-  checksum: 10/9530adc7515609f801d37d4db80f883855d7e5ba6c593f3705b6d54550438a97822937d416bc27e09237b2c610e692cce3cf59ff3105d9c4bb8c91c13ba269b6
-  languageName: node
-  linkType: hard
-
 "@types/indefinite@npm:^2.3.2":
   version: 2.3.2
   resolution: "@types/indefinite@npm:2.3.2"
@@ -11082,7 +11073,6 @@ __metadata:
     "@types/fs-extra": "npm:^11.0.1"
     "@types/geojson": "npm:^7946.0.10"
     "@types/html-to-text": "npm:^9.0.4"
-    "@types/image-size": "npm:^0.8.0"
     "@types/indefinite": "npm:^2.3.2"
     "@types/ini": "npm:^4"
     "@types/js-cookie": "npm:^3.0.2"
@@ -11157,7 +11147,6 @@ __metadata:
     html-to-text: "npm:^9.0.5"
     http-server: "npm:^14.1.1"
     husky: "npm:^9.0.11"
-    image-size: "npm:^1.1.1"
     indefinite: "npm:^2.4.3"
     ini: "npm:^4.1.2"
     instantsearch.js: "npm:^4.72.1"
@@ -11739,17 +11728,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"image-size@npm:*, image-size@npm:^1.1.1":
-  version: 1.1.1
-  resolution: "image-size@npm:1.1.1"
-  dependencies:
-    queue: "npm:6.0.2"
-  bin:
-    image-size: bin/image-size.js
-  checksum: 10/f28966dd3f6d4feccc4028400bb7e8047c28b073ab0aa90c7c53039288139dd416c6bc254a976d4bf61113d4bc84871786804113099701cbfe9ccf377effdb54
-  languageName: node
-  linkType: hard
-
 "immutable@npm:^4.0.0, immutable@npm:^4.3.6":
   version: 4.3.6
   resolution: "immutable@npm:4.3.6"
@@ -16333,15 +16311,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"queue@npm:6.0.2":
-  version: 6.0.2
-  resolution: "queue@npm:6.0.2"
-  dependencies:
-    inherits: "npm:~2.0.3"
-  checksum: 10/3437954ef1442c86ff01a0fbe3dc6222838823b1ca97f37eff651bc20b868c0c2904424ef2c0d44cba46055f54b578f92866e573125dc9a5e8823d751e4d1585
-  languageName: node
-  linkType: hard
-
 "quick-lru@npm:^4.0.1":
   version: 4.0.1
   resolution: "quick-lru@npm:4.0.1"

From 681db2b1bdfd47a55b20d4fe595b2b16432a1b88 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Fri, 15 Nov 2024 17:16:50 -0500
Subject: [PATCH 05/40] =?UTF-8?q?=F0=9F=8E=89=20add=20admin=20for=20managi?=
 =?UTF-8?q?ng=20cloudflare=20images?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adminSiteClient/AdminApp.tsx        |   2 +
 adminSiteClient/AdminSidebar.tsx    |   6 +
 adminSiteClient/ImagesIndexPage.tsx | 260 ++++++++++++++++++++++++++++
 adminSiteServer/apiRouter.ts        | 184 ++++++++++++++++++++
 db/db.ts                            |  13 ++
 5 files changed, 465 insertions(+)
 create mode 100644 adminSiteClient/ImagesIndexPage.tsx

diff --git a/adminSiteClient/AdminApp.tsx b/adminSiteClient/AdminApp.tsx
index e39777a31a4..04adf0d3878 100644
--- a/adminSiteClient/AdminApp.tsx
+++ b/adminSiteClient/AdminApp.tsx
@@ -44,6 +44,7 @@ import { GdocsStoreProvider } from "./GdocsStore.js"
 import { IndicatorChartEditorPage } from "./IndicatorChartEditorPage.js"
 import { ChartViewEditorPage } from "./ChartViewEditorPage.js"
 import { ChartViewIndexPage } from "./ChartViewIndexPage.js"
+import { ImageIndexPage } from "./ImagesIndexPage.js"
 
 @observer
 class AdminErrorMessage extends React.Component<{ admin: Admin }> {
@@ -175,6 +176,7 @@ export class AdminApp extends React.Component<{
                                     />
                                 )}
                             />
+                            <Route path="/images" component={ImageIndexPage} />
                             <Route
                                 exact
                                 path={`/${EXPLORERS_ROUTE_FOLDER}/:slug`}
diff --git a/adminSiteClient/AdminSidebar.tsx b/adminSiteClient/AdminSidebar.tsx
index be4b610b174..cb5e5eecf53 100644
--- a/adminSiteClient/AdminSidebar.tsx
+++ b/adminSiteClient/AdminSidebar.tsx
@@ -19,6 +19,7 @@ import {
     faHatWizard,
     faSitemap,
     faPanorama,
+    faImage,
 } from "@fortawesome/free-solid-svg-icons"
 
 import { ETL_WIZARD_URL } from "../settings/clientSettings.js"
@@ -48,6 +49,11 @@ export const AdminSidebar = (): React.ReactElement => (
                     <FontAwesomeIcon icon={faFile} /> Google Docs
                 </Link>
             </li>
+            <li>
+                <Link to="/images">
+                    <FontAwesomeIcon icon={faImage} /> Images
+                </Link>
+            </li>
             <li>
                 <Link to="/explorers">
                     <FontAwesomeIcon icon={faCoffee} /> Explorers
diff --git a/adminSiteClient/ImagesIndexPage.tsx b/adminSiteClient/ImagesIndexPage.tsx
new file mode 100644
index 00000000000..90e7787dfb0
--- /dev/null
+++ b/adminSiteClient/ImagesIndexPage.tsx
@@ -0,0 +1,260 @@
+import React, {
+    useCallback,
+    useContext,
+    useEffect,
+    useMemo,
+    useState,
+} from "react"
+import { Button, Flex, Input, Space, Table, Upload } from "antd"
+
+import { AdminLayout } from "./AdminLayout.js"
+import { AdminAppContext } from "./AdminAppContext.js"
+import { DbEnrichedImage } from "@ourworldindata/types"
+import { Timeago } from "./Forms.js"
+import { ColumnsType } from "antd/es/table/InternalTable.js"
+import { FontAwesomeIcon } from "@fortawesome/react-fontawesome"
+import { faUpload } from "@fortawesome/free-solid-svg-icons"
+import { Admin } from "./Admin.js"
+import { RcFile } from "antd/es/upload/interface.js"
+import TextArea from "antd/es/input/TextArea.js"
+
+type ImageEditorApi = {
+    patchImage: (
+        image: DbEnrichedImage,
+        patch: Partial<DbEnrichedImage>
+    ) => void
+    deleteImage: (image: DbEnrichedImage) => void
+    getImages: () => Promise<DbEnrichedImage[]>
+}
+
+function AltTextEditor({
+    image,
+    text,
+    patchImage,
+}: {
+    image: DbEnrichedImage
+    text: string
+    patchImage: ImageEditorApi["patchImage"]
+}) {
+    const [value, setValue] = useState(text)
+
+    const handleBlur = useCallback(
+        (e: React.FocusEvent<HTMLTextAreaElement>) => {
+            const trimmed = e.target.value.trim()
+            setValue(trimmed)
+            if (trimmed !== text) {
+                patchImage(image, { defaultAlt: trimmed })
+            }
+        },
+        [image, text, patchImage]
+    )
+
+    return (
+        <TextArea
+            value={value}
+            onChange={(e) => setValue(e.target.value)}
+            onBlur={handleBlur}
+        />
+    )
+}
+
+function createColumns({
+    api,
+}: {
+    api: ImageEditorApi
+}): ColumnsType<DbEnrichedImage> {
+    return [
+        {
+            title: "Preview",
+            dataIndex: "cloudflareId",
+            width: 100,
+            key: "cloudflareId",
+            render: (cloudflareId) => {
+                const src = `https://imagedelivery.net/qLq-8BTgXU8yG0N6HnOy8g/${encodeURIComponent(cloudflareId)}/test`
+                return (
+                    <div style={{ height: 100, width: 100 }}>
+                        <a target="_blank" href={src} rel="noopener" key={src}>
+                            <img
+                                src={src}
+                                style={{ maxHeight: 100, maxWidth: 100 }}
+                            />
+                        </a>
+                    </div>
+                )
+            },
+        },
+        {
+            title: "Filename",
+            dataIndex: "filename",
+            key: "filename",
+            width: 300,
+        },
+        {
+            title: "Alt text",
+            dataIndex: "defaultAlt",
+            key: "defaultAlt",
+            sorter: (a, b) =>
+                a.defaultAlt && b.defaultAlt
+                    ? a.defaultAlt.localeCompare(b.defaultAlt)
+                    : 0,
+            render: (text, image) => (
+                <AltTextEditor
+                    key={image.cloudflareId}
+                    text={text}
+                    image={image}
+                    patchImage={api.patchImage}
+                />
+            ),
+        },
+        {
+            title: "Width",
+            dataIndex: "originalWidth",
+            key: "originalWidth",
+            sorter: (a, b) =>
+                a.originalWidth && b.originalWidth
+                    ? a.originalWidth - b.originalWidth
+                    : 0,
+            width: 100,
+            render: (text) => <span>{text}</span>,
+        },
+        {
+            title: "Height",
+            dataIndex: "originalHeight",
+            key: "originalHeight",
+            sorter: (a, b) =>
+                a.originalHeight && b.originalHeight
+                    ? a.originalHeight - b.originalHeight
+                    : 0,
+            width: 100,
+            render: (text) => <span>{text}</span>,
+        },
+        {
+            title: "Last updated",
+            dataIndex: "updatedAt",
+            key: "updatedAt",
+            width: 150,
+            defaultSortOrder: "descend",
+            sorter: (a, b) =>
+                a.updatedAt && b.updatedAt ? a.updatedAt - b.updatedAt : 0,
+            render: (time) => <Timeago time={time} />,
+        },
+        {
+            title: "Action",
+            key: "action",
+            width: 100,
+            render: (_, image) => (
+                <Space size="middle">
+                    <Button
+                        type="text"
+                        danger
+                        onClick={() => api.deleteImage(image)}
+                    >
+                        Delete
+                    </Button>
+                </Space>
+            ),
+        },
+    ]
+}
+
+function ImageUploadButton({
+    setImages,
+    admin,
+}: {
+    setImages: (images: DbEnrichedImage[]) => void
+    admin: Admin
+}) {
+    function uploadImage({ file }: { file: string | Blob | RcFile }) {
+        if (typeof file === "string") return
+
+        const reader = new FileReader()
+        reader.onload = async () => {
+            const base64Data = reader.result?.toString()
+
+            const payload = {
+                filename: file.name,
+                content: base64Data,
+                type: file.type,
+            }
+
+            const response = await admin.requestJSON(
+                "/api/image",
+                payload,
+                "POST"
+            )
+
+            setImages(response.images)
+        }
+        reader.readAsDataURL(file)
+    }
+    return (
+        <Upload showUploadList={false} customRequest={uploadImage}>
+            <Button type="primary" icon={<FontAwesomeIcon icon={faUpload} />}>
+                Upload image
+            </Button>
+        </Upload>
+    )
+}
+
+export function ImageIndexPage() {
+    const { admin } = useContext(AdminAppContext)
+    const [images, setImages] = useState<DbEnrichedImage[]>([])
+    const [filenameSearchValue, setFilenameSearchValue] = useState("")
+    const api = useMemo(
+        (): ImageEditorApi => ({
+            deleteImage: async (image) => {
+                const response = await admin.requestJSON(
+                    `/api/images/${image.id}`,
+                    {},
+                    "DELETE"
+                )
+                setImages(response.images)
+            },
+            getImages: async () => {
+                const json = await admin.getJSON("/api/images.json")
+                setImages(json.images)
+                return json.images
+            },
+            patchImage: async (image, patch) => {
+                const response = await admin.requestJSON(
+                    `/api/images/${image.id}`,
+                    patch,
+                    "PATCH"
+                )
+                setImages(response.images)
+            },
+        }),
+        [admin]
+    )
+    const filteredImages = useMemo(
+        () =>
+            images.filter((image) =>
+                image.filename
+                    .toLowerCase()
+                    .includes(filenameSearchValue.toLowerCase())
+            ),
+        [images, filenameSearchValue]
+    )
+    const columns = useMemo(() => createColumns({ api }), [api])
+
+    useEffect(() => {
+        void api.getImages()
+    }, [api])
+
+    return (
+        <AdminLayout title="Images">
+            <main className="ImageIndexPage">
+                <Flex justify="space-between">
+                    <Input
+                        placeholder="Search by filename"
+                        value={filenameSearchValue}
+                        onChange={(e) => setFilenameSearchValue(e.target.value)}
+                        style={{ width: 500, marginBottom: 20 }}
+                    />
+                    <ImageUploadButton setImages={setImages} admin={admin} />
+                </Flex>
+                <Table columns={columns} dataSource={filteredImages} />
+            </main>
+        </AdminLayout>
+    )
+}
diff --git a/adminSiteServer/apiRouter.ts b/adminSiteServer/apiRouter.ts
index 8079aa1f503..efd6716cb93 100644
--- a/adminSiteServer/apiRouter.ts
+++ b/adminSiteServer/apiRouter.ts
@@ -1,6 +1,7 @@
 /* eslint @typescript-eslint/no-unused-vars: [ "warn", { argsIgnorePattern: "^(res|req)$" } ] */
 
 import * as lodash from "lodash"
+import sharp from "sharp"
 import * as db from "../db/db.js"
 import {
     UNCATEGORIZED_TAG_ID,
@@ -9,6 +10,8 @@ import {
     ADMIN_BASE_URL,
     DATA_API_URL,
     FEATURE_FLAGS,
+    CLOUDFLARE_IMAGES_ACCOUNT_ID,
+    CLOUDFLARE_IMAGES_API_KEY,
 } from "../settings/serverSettings.js"
 import { FeatureFlagFeature } from "../settings/clientSettings.js"
 import { expectInt, isValidSlug } from "../serverUtils/serverUtil.js"
@@ -111,6 +114,7 @@ import {
     DbInsertChartView,
     CHART_VIEW_PROPS_TO_PERSIST,
     CHART_VIEW_PROPS_TO_OMIT,
+    DbEnrichedImage,
 } from "@ourworldindata/types"
 import { uuidv7 } from "uuidv7"
 import {
@@ -3074,6 +3078,186 @@ postRouteWithRWTransaction(
     }
 )
 
+getRouteNonIdempotentWithRWTransaction(
+    apiRouter,
+    "/images.json",
+    async (_, res, trx) => {
+        try {
+            const images = await db.getCloudflareImages(trx)
+            res.set("Cache-Control", "no-store")
+            res.send({ images })
+        } catch (error) {
+            console.error("Error fetching images", error)
+            res.status(500).json({
+                error: { message: String(error), status: 500 },
+            })
+        }
+    }
+)
+
+postRouteWithRWTransaction(apiRouter, "/image", async (req, res, trx) => {
+    const { filename, type, content } = req.body
+    if (!filename || !type || !content) {
+        throw new JsonError("Missing required fields", 400)
+    }
+    if (
+        typeof filename !== "string" ||
+        typeof type !== "string" ||
+        typeof content !== "string"
+    ) {
+        throw new JsonError("Invalid field types", 400)
+    }
+
+    // Strip the data URL prefix
+    const stripped = content.slice(content.indexOf(",") + 1)
+    const asBuffer = Buffer.from(stripped, "base64")
+    const asBlob = new Blob([asBuffer], { type: type })
+    const dimensions = await sharp(asBuffer)
+        .metadata()
+        .then(({ width, height }) => ({ width, height }))
+
+    const body = new FormData()
+    body.append("file", asBlob)
+    body.append("id", encodeURIComponent(filename))
+    body.append("metadata", JSON.stringify({ filename }))
+    body.append("requireSignedURLs", "false")
+
+    console.log("Uploading image:", filename)
+    const response = await fetch(
+        `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_IMAGES_ACCOUNT_ID}/images/v1`,
+        {
+            method: "POST",
+            headers: {
+                Authorization: `Bearer ${CLOUDFLARE_IMAGES_API_KEY}`,
+            },
+            body,
+        }
+    ).then((res) => res.json())
+
+    if (response.errors.length) {
+        console.error("Error uploading image to Cloudflare:", response.errors)
+        throw new JsonError(JSON.stringify(response.errors))
+    }
+
+    const cloudflareId = response.result.id
+
+    if (!cloudflareId) {
+        return {
+            success: false,
+            error: "Failed to upload image",
+        }
+    }
+
+    await db.knexRaw(
+        trx,
+        `-- sql
+        INSERT INTO images
+            (filename, originalWidth, originalHeight, cloudflareId, defaultAlt, googleId, updatedAt)
+        VALUES
+            (?, ?, ?, ?, ?, ?, ?)`,
+        [
+            filename,
+            dimensions.width,
+            dimensions.height,
+            cloudflareId,
+            // TODO: make defaultAlt nullable
+            "Default alt text",
+            // TODO: drop googleId
+            String(Math.random()).slice(2),
+            new Date().getTime(),
+        ]
+    )
+
+    const images = await db.getCloudflareImages(trx)
+
+    return {
+        success: true,
+        images,
+    }
+})
+
+// Update alt text via patch
+patchRouteWithRWTransaction(apiRouter, "/images/:id", async (req, res, trx) => {
+    const { id } = req.params
+    const image = await db.knexRawFirst<DbEnrichedImage>(
+        trx,
+        `-- sql
+        SELECT * FROM images WHERE id = ?`,
+        [id]
+    )
+
+    if (!image) {
+        throw new JsonError(`No image found for id ${id}`, 404)
+    }
+
+    const patchableImageProperties = ["defaultAlt"] as const
+    const patch = lodash.pick(req.body, patchableImageProperties)
+
+    if (Object.keys(patch).length === 0) {
+        throw new JsonError("No patchable properties provided", 400)
+    }
+
+    await trx("images").where({ id }).update(patch)
+
+    const images = await db.getCloudflareImages(trx)
+
+    return {
+        success: true,
+        images,
+    }
+})
+
+deleteRouteWithRWTransaction(
+    apiRouter,
+    "/images/:id",
+    async (req, res, trx) => {
+        const { id } = req.params
+
+        const image = await db.knexRawFirst<{ cloudflareId: string }>(
+            trx,
+            `-- sql
+        SELECT cloudflareId FROM images WHERE id = ?`,
+            [id]
+        )
+
+        if (!image) {
+            throw new JsonError(`No image found for id ${id}`, 404)
+        }
+
+        const response = await fetch(
+            `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_IMAGES_ACCOUNT_ID}/images/v1/${image.cloudflareId}`,
+            {
+                method: "DELETE",
+                headers: {
+                    Authorization: `Bearer ${CLOUDFLARE_IMAGES_API_KEY}`,
+                },
+            }
+        ).then((res) => res.json())
+
+        if (response.errors.length) {
+            console.error(
+                "Error deleting image from Cloudflare:",
+                response.errors
+            )
+            throw new JsonError(JSON.stringify(response.errors))
+        }
+
+        await db.knexRaw(
+            trx,
+            `-- sql
+        DELETE FROM images WHERE id = ?`,
+            [id]
+        )
+
+        const images = await db.getCloudflareImages(trx)
+
+        return {
+            success: true,
+            images,
+        }
+    }
+)
+
 getRouteWithROTransaction(
     apiRouter,
     `/gpt/suggest-topics/${TaggableType.Charts}/:chartId.json`,
diff --git a/db/db.ts b/db/db.ts
index 8cc02389120..7fc2d8096c0 100644
--- a/db/db.ts
+++ b/db/db.ts
@@ -28,6 +28,7 @@ import {
     DbPlainTag,
     TagGraphNode,
     MinimalExplorerInfo,
+    DbEnrichedImage,
 } from "@ourworldindata/types"
 import { groupBy, uniq } from "lodash"
 import { gdocFromJSON } from "./model/Gdoc/GdocFactory.js"
@@ -705,3 +706,15 @@ export async function getLinkedIndicatorSlugs({
         .then((gdocs) => gdocs.flatMap((gdoc) => gdoc.linkedKeyIndicatorSlugs))
         .then((slugs) => new Set(slugs))
 }
+
+export function getCloudflareImages(
+    trx: KnexReadonlyTransaction
+): Promise<DbEnrichedImage[]> {
+    return knexRaw<DbEnrichedImage>(
+        trx,
+        `-- sql
+        SELECT filename, cloudflareId, id, defaultAlt, originalHeight, originalWidth, updatedAt
+        FROM images
+        WHERE cloudflareId IS NOT NULL`
+    )
+}

From 8d32cb86655f794a33e25f610cb09f723ad34af3 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Mon, 18 Nov 2024 21:24:46 +0000
Subject: [PATCH 06/40] =?UTF-8?q?=E2=9C=A8=20provisional=20cloudflare=20im?=
 =?UTF-8?q?age=20functionality=20in=20site,=20removing=20old=20gdrive=20co?=
 =?UTF-8?q?de?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adminSiteServer/apiRouter.ts                  |   5 +-
 db/db.ts                                      |   4 +-
 db/model/Gdoc/GdocFactory.ts                  |   4 -
 db/model/Image.ts                             | 215 +-----------------
 devTools/updateImageHeights/tsconfig.json     |   8 -
 .../update-image-heights.ts                   |  69 ------
 .../types/src/dbTypes/Images.ts               |   1 -
 .../types/src/gdocTypes/Image.ts              |   2 +-
 packages/@ourworldindata/utils/src/image.ts   |  16 +-
 settings/clientSettings.ts                    |   2 +
 site/gdocs/components/Image.tsx               |  79 +------
 tsconfig.json                                 |   3 -
 12 files changed, 25 insertions(+), 383 deletions(-)
 delete mode 100644 devTools/updateImageHeights/tsconfig.json
 delete mode 100644 devTools/updateImageHeights/update-image-heights.ts

diff --git a/adminSiteServer/apiRouter.ts b/adminSiteServer/apiRouter.ts
index efd6716cb93..ffeae29ac9a 100644
--- a/adminSiteServer/apiRouter.ts
+++ b/adminSiteServer/apiRouter.ts
@@ -193,7 +193,6 @@ import {
     deleteGrapherConfigFromR2ByUUID,
     saveGrapherConfigToR2ByUUID,
 } from "./chartConfigR2Helpers.js"
-import { fetchImagesFromDriveAndSyncToS3 } from "../db/model/Image.js"
 import { createMultiDimConfig } from "./multiDim.js"
 import { isMultiDimDataPagePublished } from "../db/model/MultiDimDataPage.js"
 import {
@@ -3022,9 +3021,7 @@ deleteRouteWithRWTransaction(apiRouter, "/gdocs/:id", async (req, res, trx) => {
         await validateTombstoneRelatedLinkUrl(trx, tombstone.relatedLinkUrl)
         const slug = gdocSlug.replace("/", "")
         const { relatedLinkThumbnail } = tombstone
-        if (relatedLinkThumbnail) {
-            await fetchImagesFromDriveAndSyncToS3(trx, [relatedLinkThumbnail])
-        }
+        // TODO: validate relatedLinkThumbnail?
         await trx
             .table("posts_gdocs_tombstones")
             .insert({ ...tombstone, gdocId: id, slug })
diff --git a/db/db.ts b/db/db.ts
index 7fc2d8096c0..54d905c73c3 100644
--- a/db/db.ts
+++ b/db/db.ts
@@ -356,12 +356,12 @@ export const getImageMetadataByFilenames = async (
         `-- sql
         SELECT
             id,
-            googleId,
             filename,
             defaultAlt,
             updatedAt,
             originalWidth,
-            originalHeight
+            originalHeight,
+            cloudflareId
         FROM
             images
         WHERE filename IN (?)`,
diff --git a/db/model/Gdoc/GdocFactory.ts b/db/model/Gdoc/GdocFactory.ts
index 5793ac9e5af..8ee2238864c 100644
--- a/db/model/Gdoc/GdocFactory.ts
+++ b/db/model/Gdoc/GdocFactory.ts
@@ -47,7 +47,6 @@ import { enrichedBlocksToMarkdown } from "./enrichedToMarkdown.js"
 import { GdocAbout } from "./GdocAbout.js"
 import { GdocAuthor } from "./GdocAuthor.js"
 import { extractFilenamesFromBlock } from "./gdocUtils.js"
-import { fetchImagesFromDriveAndSyncToS3 } from "../Image.js"
 
 export function gdocFromJSON(
     json: Record<string, any>
@@ -356,9 +355,6 @@ export async function loadGdocFromGdocBase(
     if (contentSource === GdocsContentSource.Gdocs) {
         // TODO: if we get here via fromJSON then we have already done this - optimize that?
         await gdoc.fetchAndEnrichGdoc()
-        // If we're loading from Gdocs, now's also the time to fetch images from gdrive and sync them to S3
-        // In any other case, the images should already be in the DB and S3
-        await fetchImagesFromDriveAndSyncToS3(knex, gdoc.filenames)
     }
 
     await gdoc.loadState(knex)
diff --git a/db/model/Image.ts b/db/model/Image.ts
index 7042f529eca..15296fd9126 100644
--- a/db/model/Image.ts
+++ b/db/model/Image.ts
@@ -31,113 +31,6 @@ import {
 } from "../../settings/serverSettings.js"
 import { KnexReadWriteTransaction, KnexReadonlyTransaction } from "../db.js"
 
-class ImageStore {
-    async fetchImageMetadata(
-        filenames: string[]
-    ): Promise<Record<string, ImageMetadata | undefined>> {
-        console.log(
-            `Fetching image metadata from Google Drive ${
-                filenames.length ? `for ${filenames.join(", ")}` : ""
-            }`
-        )
-        const driveClient = google.drive({
-            version: "v3",
-            auth: OwidGoogleAuth.getGoogleReadonlyAuth(),
-        })
-        // e.g. `and (name="example.png" or name="image.svg")`
-        // https://developers.google.com/drive/api/guides/search-files#examples
-        const filenamesFilter = filenames.length
-            ? `and (${filenames
-                  .map((filename) => `name='${filename}'`)
-                  .join(" or ")})`
-            : ""
-
-        const listParams: drive_v3.Params$Resource$Files$List = {
-            fields: "nextPageToken, files(id, name, description, modifiedTime, imageMediaMetadata, trashed)",
-            q: `'${GDOCS_CLIENT_EMAIL}' in readers and mimeType contains 'image/' ${filenamesFilter}`,
-            driveId: GDOCS_SHARED_DRIVE_ID,
-            corpora: "drive",
-            supportsAllDrives: true,
-            includeItemsFromAllDrives: true,
-            pageSize: 1000,
-        }
-
-        let files: drive_v3.Schema$File[] = []
-        let nextPageToken: drive_v3.Schema$FileList["nextPageToken"] = undefined
-        let isInitialQuery = true
-
-        while (nextPageToken || isInitialQuery) {
-            await driveClient.files
-                .list({
-                    ...listParams,
-                    pageToken: nextPageToken,
-                })
-                // chaining this so that reassigning nextPageToken doesn't trip up TypeScript
-                .then((res) => {
-                    const nextFiles = res.data.files ?? []
-                    nextPageToken = res.data.nextPageToken
-                    files = [...files, ...nextFiles]
-                })
-            isInitialQuery = false
-        }
-
-        function validateImage(
-            image: drive_v3.Schema$File
-        ): image is GDriveImageMetadata {
-            return Boolean(
-                image.id && image.name && image.modifiedTime && !image.trashed
-            )
-        }
-
-        const images: ImageMetadata[] = files
-            .filter(validateImage)
-            .map((google: GDriveImageMetadata) => ({
-                googleId: google.id,
-                filename: google.name,
-                defaultAlt: google.description ?? "",
-                updatedAt: new Date(google.modifiedTime).getTime(),
-                originalWidth: google.imageMediaMetadata?.width ?? null,
-                originalHeight: google.imageMediaMetadata?.height ?? null,
-            }))
-
-        const duplicateFilenames = findDuplicates(
-            images.map((image) => image.filename)
-        )
-
-        if (duplicateFilenames.length) {
-            throw new Error(
-                `Multiple images are named ${duplicateFilenames.join(", ")}`
-            )
-        }
-
-        console.log(
-            `Fetched ${images.length} images' metadata from Google Drive`
-        )
-        const imageMetadata = keyBy(images, "filename")
-        // Only applies when we're fetching specific images i.e. `filenames` is not empty
-        for (const filename of filenames) {
-            if (!imageMetadata[filename]) {
-                throw Error(`Image ${filename} not found in Google Drive`)
-            }
-        }
-        return imageMetadata
-    }
-
-    async syncImagesToS3(
-        knex: KnexReadWriteTransaction,
-        images: Record<string, ImageMetadata>
-    ): Promise<(Image | undefined)[]> {
-        if (!images) return []
-        return Promise.all(
-            Object.keys(images).map((filename) =>
-                Image.syncImage(knex, images[filename])
-            )
-        )
-    }
-}
-
-export const imageStore = new ImageStore()
-
 export const s3Client = new S3Client({
     endpoint: R2_ENDPOINT,
     forcePathStyle: false,
@@ -150,7 +43,7 @@ export const s3Client = new S3Client({
 
 export class Image implements ImageMetadata {
     id!: number
-    googleId!: string
+    cloudflareId!: string
     filename!: string
     defaultAlt!: string
     updatedAt!: number | null
@@ -177,94 +70,6 @@ export class Image implements ImageMetadata {
     constructor(metadata: ImageMetadata) {
         Object.assign(this, metadata)
     }
-
-    // Given a record from Drive, see if we're already aware of it
-    // If we are, see if Drive's version is different from the one we have stored
-    // If it is, upload it and update our record
-    // If we're not aware of it, upload and record it
-    static async syncImage(
-        knex: KnexReadWriteTransaction,
-        metadata: ImageMetadata
-    ): Promise<Image> {
-        const fresh = new Image(metadata)
-        const stored = await getImageByFilename(knex, metadata.filename)
-
-        try {
-            if (stored) {
-                if (
-                    stored.updatedAt !== fresh.updatedAt ||
-                    stored.defaultAlt !== fresh.defaultAlt ||
-                    stored.originalWidth !== fresh.originalWidth ||
-                    stored.originalHeight !== fresh.originalHeight
-                ) {
-                    await fresh.fetchFromDriveAndUploadToS3()
-                    stored.updatedAt = fresh.updatedAt
-                    stored.defaultAlt = fresh.defaultAlt
-                    stored.originalWidth = fresh.originalWidth
-                    stored.originalHeight = fresh.originalHeight
-                    await updateImage(knex, stored.id, {
-                        updatedAt: fresh.updatedAt,
-                        defaultAlt: fresh.defaultAlt,
-                        originalWidth: fresh.originalWidth,
-                        originalHeight: fresh.originalHeight,
-                    })
-                }
-                return stored
-            } else {
-                await fresh.fetchFromDriveAndUploadToS3()
-                const id = await insertImageClass(knex, fresh)
-                fresh.id = id
-                return fresh
-            }
-        } catch (e) {
-            throw new Error(`Error syncing image ${metadata.filename}: ${e}`)
-        }
-    }
-
-    async fetchFromDriveAndUploadToS3(): Promise<void> {
-        const driveClient = google.drive({
-            version: "v3",
-            auth: OwidGoogleAuth.getGoogleReadonlyAuth(),
-        })
-
-        const file = await driveClient.files.get(
-            {
-                fileId: this.googleId,
-                alt: "media",
-            },
-            {
-                responseType: "arraybuffer",
-            }
-        )
-
-        const imageArrayBuffer = file.data as Buffer
-
-        const indexOfFirstSlash = IMAGE_HOSTING_R2_BUCKET_PATH.indexOf("/")
-        const bucket = IMAGE_HOSTING_R2_BUCKET_PATH.slice(0, indexOfFirstSlash)
-        const directory = IMAGE_HOSTING_R2_BUCKET_PATH.slice(
-            indexOfFirstSlash + 1
-        )
-
-        const MIMEType = getFilenameMIMEType(this.filename)
-
-        if (!MIMEType) {
-            throw new Error(
-                `Error uploading image "${this.filename}": unsupported file extension`
-            )
-        }
-
-        const params: PutObjectCommandInput = {
-            Bucket: bucket,
-            Key: `${directory}/${this.filename}`,
-            Body: imageArrayBuffer,
-            ACL: "public-read",
-            ContentType: MIMEType,
-        }
-        await s3Client.send(new PutObjectCommand(params))
-        console.log(
-            `Successfully uploaded object: ${params.Bucket}/${params.Key}`
-        )
-    }
 }
 
 export async function getImageByFilename(
@@ -309,21 +114,3 @@ export async function insertImageObject(
     const [id] = await knex.table("images").insert(image)
     return id
 }
-
-export async function fetchImagesFromDriveAndSyncToS3(
-    knex: KnexReadWriteTransaction,
-    filenames: string[] = []
-): Promise<Image[]> {
-    if (!filenames.length) return []
-
-    try {
-        const metadataObject = await imageStore.fetchImageMetadata(filenames)
-        const metadataArray = Object.values(metadataObject) as ImageMetadata[]
-
-        return Promise.all(
-            metadataArray.map((metadata) => Image.syncImage(knex, metadata))
-        )
-    } catch (e) {
-        throw new Error(`Error fetching images from Drive: ${e}`)
-    }
-}
diff --git a/devTools/updateImageHeights/tsconfig.json b/devTools/updateImageHeights/tsconfig.json
deleted file mode 100644
index abbd4697531..00000000000
--- a/devTools/updateImageHeights/tsconfig.json
+++ /dev/null
@@ -1,8 +0,0 @@
-{
-    "extends": "../tsconfigs/tsconfig.base.json",
-    "compilerOptions": {
-        "outDir": "../../itsJustJavascript/devTools/updateImageHeights",
-        "rootDir": "."
-    },
-    "references": [{ "path": "../../settings" }, { "path": "../../db" }]
-}
diff --git a/devTools/updateImageHeights/update-image-heights.ts b/devTools/updateImageHeights/update-image-heights.ts
deleted file mode 100644
index d58f89770e2..00000000000
--- a/devTools/updateImageHeights/update-image-heights.ts
+++ /dev/null
@@ -1,69 +0,0 @@
-import { imageStore } from "../../db/model/Image.js"
-import * as db from "../../db/db.js"
-import * as lodash from "lodash"
-import { exit } from "../../db/cleanup.js"
-
-async function updateImageHeights() {
-    const transaction = await db.knexInstance().transaction()
-    const filenames = await db
-        .knexRaw<{ filename: string }>(
-            transaction,
-            `SELECT DISTINCT filename
-            FROM posts_gdocs_x_images pgxi
-            LEFT JOIN images i ON pgxi.imageId = i.id`
-        )
-        .then((rows) => rows.map((row) => row.filename))
-
-    console.log("Fetching image metadata...")
-    const images = await imageStore.fetchImageMetadata([])
-    console.log("Fetching image metadata...done")
-
-    if (!images) {
-        throw new Error("No images found")
-    }
-
-    let imagesWithoutOriginalHeight = []
-    try {
-        let index = 0
-        for (const batch of lodash.chunk(filenames, 20)) {
-            const promises = []
-            for (const filename of batch) {
-                const image = images[filename]
-                if (image && image.originalHeight) {
-                    promises.push(
-                        db.knexRaw(
-                            transaction,
-                            `
-                            UPDATE images
-                            SET originalHeight = ?
-                            WHERE filename = ?
-                        `,
-                            [image.originalHeight, filename]
-                        )
-                    )
-                } else {
-                    console.error(`No original height found for ${filename}`)
-                    imagesWithoutOriginalHeight.push(filename)
-                }
-            }
-            console.log(`Updating image heights for batch ${index}...`)
-            await Promise.all(promises)
-            console.log(`Updating image heights for batch ${index}...done`)
-            index++
-        }
-        await transaction.commit()
-        console.log("All image heights updated successfully!")
-        // Most likely due to the original file being deleted but the DB not being updated, each of these will need to be manually checked
-        console.log(
-            "Images without original height:",
-            imagesWithoutOriginalHeight
-        )
-        await exit()
-    } catch (error) {
-        console.error(error)
-        await transaction.rollback()
-        await exit()
-    }
-}
-
-updateImageHeights()
diff --git a/packages/@ourworldindata/types/src/dbTypes/Images.ts b/packages/@ourworldindata/types/src/dbTypes/Images.ts
index 430931cf3ce..15154d100a1 100644
--- a/packages/@ourworldindata/types/src/dbTypes/Images.ts
+++ b/packages/@ourworldindata/types/src/dbTypes/Images.ts
@@ -2,7 +2,6 @@ export const ImagesTableName = "images"
 export interface DbInsertImage {
     defaultAlt: string
     filename: string
-    googleId: string
     id?: number
     originalWidth?: number | null
     originalHeight?: number | null
diff --git a/packages/@ourworldindata/types/src/gdocTypes/Image.ts b/packages/@ourworldindata/types/src/gdocTypes/Image.ts
index f9e162ac31c..67296474477 100644
--- a/packages/@ourworldindata/types/src/gdocTypes/Image.ts
+++ b/packages/@ourworldindata/types/src/gdocTypes/Image.ts
@@ -18,7 +18,7 @@ export type ImageMetadata = Pick<
     DbEnrichedImage,
     | "defaultAlt"
     | "filename"
-    | "googleId"
+    | "cloudflareId"
     | "originalHeight"
     | "originalWidth"
     | "updatedAt"
diff --git a/packages/@ourworldindata/utils/src/image.ts b/packages/@ourworldindata/utils/src/image.ts
index 080a7ffd9c5..c03a518dd01 100644
--- a/packages/@ourworldindata/utils/src/image.ts
+++ b/packages/@ourworldindata/utils/src/image.ts
@@ -29,13 +29,12 @@ export function getSizes(
 
 export function generateSrcSet(
     sizes: number[],
-    filename: ImageMetadata["filename"]
+    id: ImageMetadata["cloudflareId"],
+    absoluteUrl: string = ""
 ): string {
     return sizes
         .map((size) => {
-            const path = `/images/published/${getFilenameWithoutExtension(
-                encodeURIComponent(filename)
-            )}_${size}.png`
+            const path = `${absoluteUrl}/${id}/w=${size}`
             return `${path} ${size}w`
         })
         .join(", ")
@@ -93,7 +92,8 @@ export type SourceProps = {
  */
 export function generateSourceProps(
     smallImage: ImageMetadata | undefined,
-    regularImage: ImageMetadata
+    regularImage: ImageMetadata,
+    absoluteUrl: string = ""
 ): SourceProps[] {
     const props: SourceProps[] = []
     if (smallImage) {
@@ -106,7 +106,11 @@ export function generateSourceProps(
     const regularSizes = getSizes(regularImage.originalWidth)
     props.push({
         media: undefined,
-        srcSet: generateSrcSet(regularSizes, regularImage.filename),
+        srcSet: generateSrcSet(
+            regularSizes,
+            regularImage.filename,
+            absoluteUrl
+        ),
     })
     return props
 }
diff --git a/settings/clientSettings.ts b/settings/clientSettings.ts
index d0f23ada019..318caa166ee 100644
--- a/settings/clientSettings.ts
+++ b/settings/clientSettings.ts
@@ -59,6 +59,8 @@ export const ALGOLIA_SEARCH_KEY: string = process.env.ALGOLIA_SEARCH_KEY ?? ""
 export const ALGOLIA_INDEX_PREFIX: string =
     process.env.ALGOLIA_INDEX_PREFIX ?? ""
 
+export const CLOUDFLARE_IMAGES_URL = process.env.CLOUDFLARE_IMAGES_URL ?? ""
+
 export const DONATE_API_URL: string =
     process.env.DONATE_API_URL ?? "http://localhost:8788/donation/donate"
 
diff --git a/site/gdocs/components/Image.tsx b/site/gdocs/components/Image.tsx
index a30a77dc477..4de70458745 100644
--- a/site/gdocs/components/Image.tsx
+++ b/site/gdocs/components/Image.tsx
@@ -8,10 +8,7 @@ import {
 } from "@ourworldindata/utils"
 import cx from "classnames"
 import { LIGHTBOX_IMAGE_CLASS } from "../../Lightbox.js"
-import {
-    IMAGE_HOSTING_R2_BUCKET_SUBFOLDER_PATH,
-    IMAGE_HOSTING_R2_CDN_URL,
-} from "../../../settings/clientSettings.js"
+import { CLOUDFLARE_IMAGES_URL } from "../../../settings/clientSettings.js"
 import { DocumentContext } from "../OwidGdoc.js"
 import { Container } from "./ArticleBlock.js"
 import { useImage } from "../utils.js"
@@ -86,7 +83,6 @@ export default function Image(props: {
         "image--has-outline": hasOutline,
     })
 
-    const { isPreviewing } = useContext(DocumentContext)
     const image = useImage(filename)
     const smallImage = useImage(smallFilename)
     const renderImageError = (name: string) => (
@@ -100,16 +96,10 @@ export default function Image(props: {
     )
 
     if (!image) {
-        if (isPreviewing) {
-            return renderImageError(filename)
-        }
         // Don't render anything if we're not previewing (i.e. a bake) and the image is not found
         return null
     }
     // Here we can fall back to the regular image filename, so don't return null if not found
-    if (isPreviewing && smallFilename && !smallImage) {
-        return renderImageError(smallFilename)
-    }
 
     const alt = props.alt ?? image.defaultAlt
     const maybeLightboxClassName =
@@ -117,67 +107,14 @@ export default function Image(props: {
             ? ""
             : LIGHTBOX_IMAGE_CLASS
 
-    if (isPreviewing) {
-        const makePreviewUrl = (f: string) =>
-            `${IMAGE_HOSTING_R2_CDN_URL}/${IMAGE_HOSTING_R2_BUCKET_SUBFOLDER_PATH}/${encodeURIComponent(f)}`
+    // TODO: SVG
 
-        const PreviewSource = (props: { i?: ImageMetadata; sm?: boolean }) => {
-            const { i, sm } = props
-            if (!i) return null
-
-            return (
-                <source
-                    srcSet={`${makePreviewUrl(i.filename)} ${i.originalWidth}w`}
-                    media={sm ? SMALL_BREAKPOINT_MEDIA_QUERY : undefined}
-                    type={getFilenameMIMEType(i.filename)}
-                    sizes={
-                        containerSizes[containerType] ?? containerSizes.default
-                    }
-                />
-            )
-        }
-        return (
-            <picture className={className}>
-                <PreviewSource i={smallImage} sm />
-                <PreviewSource i={image} />
-                <img
-                    src={makePreviewUrl(image.filename)}
-                    alt={alt}
-                    className={maybeLightboxClassName}
-                    width={image.originalWidth ?? undefined}
-                    height={image.originalHeight ?? undefined}
-                />
-            </picture>
-        )
-    }
-
-    if (filename.endsWith(".svg")) {
-        const pngFilename = `${getFilenameWithoutExtension(filename)}.png`
-        const imgSrc = `${IMAGES_DIRECTORY}${encodeURIComponent(filename)}`
-        return (
-            <div className={className}>
-                <img
-                    src={imgSrc}
-                    alt={alt}
-                    className={maybeLightboxClassName}
-                    width={image.originalWidth ?? undefined}
-                    height={image.originalHeight ?? undefined}
-                />
-                {containerType !== "thumbnail" ? (
-                    <a
-                        className="download-png-link"
-                        href={`${IMAGES_DIRECTORY}${pngFilename}`}
-                        download
-                    >
-                        Download image
-                    </a>
-                ) : null}
-            </div>
-        )
-    }
-
-    const imageSrc = `${IMAGES_DIRECTORY}${encodeURIComponent(filename)}`
-    const sourceProps = generateSourceProps(smallImage, image)
+    const imageSrc = `${CLOUDFLARE_IMAGES_URL}/${encodeURIComponent(filename)}/small`
+    const sourceProps = generateSourceProps(
+        smallImage,
+        image,
+        CLOUDFLARE_IMAGES_URL
+    )
 
     return (
         <picture className={className}>
diff --git a/tsconfig.json b/tsconfig.json
index 429704421c9..ed757b80026 100644
--- a/tsconfig.json
+++ b/tsconfig.json
@@ -25,9 +25,6 @@
         {
             "path": "./adminSiteServer"
         },
-        {
-            "path": "./devTools/updateImageHeights"
-        },
         {
             "path": "./devTools/svgTester"
         },

From 3eda121b842258a5c43e8ff6bce6777961e56ff8 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Wed, 20 Nov 2024 21:13:48 +0000
Subject: [PATCH 07/40] =?UTF-8?q?=E2=9C=A8=20lightbox=20support?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 packages/@ourworldindata/utils/src/image.ts | 22 ++++++++++-----------
 site/gdocs/components/Image.tsx             | 16 ++++++++++++---
 2 files changed, 24 insertions(+), 14 deletions(-)

diff --git a/packages/@ourworldindata/utils/src/image.ts b/packages/@ourworldindata/utils/src/image.ts
index c03a518dd01..09234afb050 100644
--- a/packages/@ourworldindata/utils/src/image.ts
+++ b/packages/@ourworldindata/utils/src/image.ts
@@ -96,22 +96,22 @@ export function generateSourceProps(
     absoluteUrl: string = ""
 ): SourceProps[] {
     const props: SourceProps[] = []
-    if (smallImage) {
+    if (smallImage && smallImage.cloudflareId) {
+        const encodedSmallId = encodeURIComponent(smallImage.cloudflareId)
         const smallSizes = getSizes(smallImage.originalWidth)
         props.push({
             media: "(max-width: 768px)",
-            srcSet: generateSrcSet(smallSizes, smallImage.filename),
+            srcSet: generateSrcSet(smallSizes, encodedSmallId),
+        })
+    }
+    if (regularImage && regularImage.cloudflareId) {
+        const encodedRegularId = encodeURIComponent(regularImage.cloudflareId)
+        const regularSizes = getSizes(regularImage.originalWidth)
+        props.push({
+            media: undefined,
+            srcSet: generateSrcSet(regularSizes, encodedRegularId, absoluteUrl),
         })
     }
-    const regularSizes = getSizes(regularImage.originalWidth)
-    props.push({
-        media: undefined,
-        srcSet: generateSrcSet(
-            regularSizes,
-            regularImage.filename,
-            absoluteUrl
-        ),
-    })
     return props
 }
 
diff --git a/site/gdocs/components/Image.tsx b/site/gdocs/components/Image.tsx
index 4de70458745..3bd72815c35 100644
--- a/site/gdocs/components/Image.tsx
+++ b/site/gdocs/components/Image.tsx
@@ -83,6 +83,7 @@ export default function Image(props: {
         "image--has-outline": hasOutline,
     })
 
+    const isPreviewing = useContext(DocumentContext).isPreviewing
     const image = useImage(filename)
     const smallImage = useImage(smallFilename)
     const renderImageError = (name: string) => (
@@ -96,10 +97,19 @@ export default function Image(props: {
     )
 
     if (!image) {
+        if (isPreviewing) {
+            return renderImageError(filename)
+        }
         // Don't render anything if we're not previewing (i.e. a bake) and the image is not found
         return null
     }
-    // Here we can fall back to the regular image filename, so don't return null if not found
+
+    if (!image.cloudflareId) {
+        if (isPreviewing) {
+            return renderImageError(filename)
+        }
+        return null
+    }
 
     const alt = props.alt ?? image.defaultAlt
     const maybeLightboxClassName =
@@ -107,9 +117,9 @@ export default function Image(props: {
             ? ""
             : LIGHTBOX_IMAGE_CLASS
 
-    // TODO: SVG
+    // TODO: SVG?
 
-    const imageSrc = `${CLOUDFLARE_IMAGES_URL}/${encodeURIComponent(filename)}/small`
+    const imageSrc = `${CLOUDFLARE_IMAGES_URL}/${encodeURIComponent(image.cloudflareId)}/w=1280`
     const sourceProps = generateSourceProps(
         smallImage,
         image,

From 477aef6998b2a4a81a6dc8e036b2e46f505e4bce Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Thu, 21 Nov 2024 22:19:25 +0000
Subject: [PATCH 08/40] =?UTF-8?q?=F0=9F=8E=89=20add=20CF=20Function=20for?=
 =?UTF-8?q?=20requesting=20png/jpeg=20of=20image?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 functions/_common/env.ts     |  2 ++
 functions/images/[[slug]].ts | 61 ++++++++++++++++++++++++++++++++++++
 2 files changed, 63 insertions(+)
 create mode 100644 functions/images/[[slug]].ts

diff --git a/functions/_common/env.ts b/functions/_common/env.ts
index a26d303d84c..778f57a2ff7 100644
--- a/functions/_common/env.ts
+++ b/functions/_common/env.ts
@@ -6,6 +6,8 @@ export interface Env {
     GRAPHER_CONFIG_R2_BUCKET_PATH: string
     GRAPHER_CONFIG_R2_BUCKET_FALLBACK_PATH: string
     CF_PAGES_BRANCH: string
+    CLOUDFLARE_IMAGES_API_KEY: string
+    CLOUDFLARE_IMAGES_URL: string
     ENV: string
 }
 // We collect the possible extensions here so we can easily take them into account
diff --git a/functions/images/[[slug]].ts b/functions/images/[[slug]].ts
new file mode 100644
index 00000000000..141e5d73260
--- /dev/null
+++ b/functions/images/[[slug]].ts
@@ -0,0 +1,61 @@
+// Double brackets around this filename allows us to match /:id/w=:width
+import { Env, Etag } from "../_common/env.js"
+import { IRequestStrict, Router, StatusError, error } from "itty-router"
+
+const router = Router<
+    IRequestStrict,
+    [URL, Env, Etag, EventContext<unknown, any, Record<string, unknown>>]
+>()
+
+router
+    .get(`/images/:id/w=:width`, async ({ params: { id, width } }, _, env) => {
+        const sourceUrl = `${env.CLOUDFLARE_IMAGES_URL}/${id}/w=${width}`
+        const image = await fetch(sourceUrl, {
+            headers: {
+                Authorization: `Bearer ${env.CLOUDFLARE_IMAGES_API_KEY}`,
+                // Based on my experiments, as long as width is the source image's width, CF won't change the format.
+                // e.g. if example.png is 1000px wide and we request example.png/w=1000, we'll get a PNG.
+                // If we ask for a different size, we might get a JPEG (but not a WebP or AVIF.)
+                Accept: "image/png, image/jpeg, image/svg+xml",
+            },
+        })
+        const buffer = await image.arrayBuffer()
+
+        const maxAge = 60 * 60 * 24 // 1 day
+
+        const response = new Response(buffer, {
+            status: image.status,
+            headers: new Headers({
+                "Content-Type": image.headers.get("Content-Type"),
+                "Content-Length": image.headers.get("Content-Length"),
+                "Cache-Control": `public, max-age=${maxAge}`,
+                "Access-Control-Allow-Origin": "*",
+            }),
+        })
+
+        return response
+    })
+    .all("*", () => error(404, "Route not defined"))
+
+export const onRequest: PagesFunction<Env> = async (context) => {
+    const { request, env } = context
+    const url = new URL(request.url)
+
+    return router
+        .fetch(
+            request,
+            url,
+            { ...env, url },
+            request.headers.get("if-none-match"),
+            context
+        )
+        .catch(async (e) => {
+            console.log("Handling error", e)
+            if (e instanceof StatusError && e.status === 404) {
+                console.log("Handling 404 for", url.pathname)
+                return error(404, "Not found")
+            } else if (e instanceof StatusError) {
+                return error(e.status, e.message)
+            } else return error(500, e)
+        })
+}

From a98954d51ad34beb4eae11c13824a74d212625e8 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Thu, 21 Nov 2024 23:58:52 +0000
Subject: [PATCH 09/40] =?UTF-8?q?=F0=9F=8E=89=20MVP=20image=20download=20b?=
 =?UTF-8?q?utton?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adminSiteClient/ImagesIndexPage.tsx         | 17 ++--
 site/gdocs/components/Image.tsx             | 99 ++++++++++++++-------
 site/gdocs/components/centered-article.scss |  9 +-
 3 files changed, 83 insertions(+), 42 deletions(-)

diff --git a/adminSiteClient/ImagesIndexPage.tsx b/adminSiteClient/ImagesIndexPage.tsx
index 90e7787dfb0..dd07ba357e6 100644
--- a/adminSiteClient/ImagesIndexPage.tsx
+++ b/adminSiteClient/ImagesIndexPage.tsx
@@ -69,13 +69,18 @@ function createColumns({
             dataIndex: "cloudflareId",
             width: 100,
             key: "cloudflareId",
-            render: (cloudflareId) => {
-                const src = `https://imagedelivery.net/qLq-8BTgXU8yG0N6HnOy8g/${encodeURIComponent(cloudflareId)}/test`
+            render: (cloudflareId, { originalWidth }) => {
+                const srcFor = (w: number) =>
+                    `https://imagedelivery.net/qLq-8BTgXU8yG0N6HnOy8g/${encodeURIComponent(cloudflareId)}/w=${w}`
                 return (
-                    <div style={{ height: 100, width: 100 }}>
-                        <a target="_blank" href={src} rel="noopener" key={src}>
+                    <div style={{ height: 100, width: 100 }} key={cloudflareId}>
+                        <a
+                            target="_blank"
+                            href={`${srcFor(originalWidth!)}`}
+                            rel="noopener"
+                        >
                             <img
-                                src={src}
+                                src={`${srcFor(200)}`}
                                 style={{ maxHeight: 100, maxWidth: 100 }}
                             />
                         </a>
@@ -115,7 +120,6 @@ function createColumns({
                     ? a.originalWidth - b.originalWidth
                     : 0,
             width: 100,
-            render: (text) => <span>{text}</span>,
         },
         {
             title: "Height",
@@ -126,7 +130,6 @@ function createColumns({
                     ? a.originalHeight - b.originalHeight
                     : 0,
             width: 100,
-            render: (text) => <span>{text}</span>,
         },
         {
             title: "Last updated",
diff --git a/site/gdocs/components/Image.tsx b/site/gdocs/components/Image.tsx
index 3bd72815c35..70b76244200 100644
--- a/site/gdocs/components/Image.tsx
+++ b/site/gdocs/components/Image.tsx
@@ -1,10 +1,8 @@
-import React, { useContext } from "react"
+import React, { useCallback, useContext } from "react"
 import {
-    getFilenameWithoutExtension,
-    IMAGES_DIRECTORY,
     generateSourceProps,
     ImageMetadata,
-    getFilenameMIMEType,
+    triggerDownloadFromBlob,
 } from "@ourworldindata/utils"
 import cx from "classnames"
 import { LIGHTBOX_IMAGE_CLASS } from "../../Lightbox.js"
@@ -14,6 +12,7 @@ import { Container } from "./ArticleBlock.js"
 import { useImage } from "../utils.js"
 import { BlockErrorFallback } from "./BlockErrorBoundary.js"
 import { SMALL_BREAKPOINT_MEDIA_QUERY } from "../../SiteConstants.js"
+import { useMediaQuery } from "usehooks-ts"
 
 // generates rules that tell the browser:
 // below the medium breakpoint, the image will be 95vw wide
@@ -84,6 +83,7 @@ export default function Image(props: {
     })
 
     const isPreviewing = useContext(DocumentContext).isPreviewing
+    const isSmall = useMediaQuery(SMALL_BREAKPOINT_MEDIA_QUERY)
     const image = useImage(filename)
     const smallImage = useImage(smallFilename)
     const renderImageError = (name: string) => (
@@ -96,18 +96,29 @@ export default function Image(props: {
         />
     )
 
-    if (!image) {
-        if (isPreviewing) {
-            return renderImageError(filename)
+    const handleDownload = useCallback(async () => {
+        let src = ""
+        let filename = ""
+        if (image) {
+            src = makeSrc(image)
+            filename = image.filename
         }
-        // Don't render anything if we're not previewing (i.e. a bake) and the image is not found
-        return null
-    }
+        if (isSmall && smallImage) {
+            src = makeSrc(smallImage)
+            filename = smallImage.filename
+        }
+        if (src && filename) {
+            const response = await fetch(src)
+            const blob = await response.blob()
+            triggerDownloadFromBlob(filename, blob)
+        }
+    }, [image, smallImage, isSmall])
 
-    if (!image.cloudflareId) {
+    if (!image || !image.cloudflareId) {
         if (isPreviewing) {
             return renderImageError(filename)
         }
+        // Don't render anything if we're not previewing (i.e. a bake) and the image is not found
         return null
     }
 
@@ -119,7 +130,14 @@ export default function Image(props: {
 
     // TODO: SVG?
 
-    const imageSrc = `${CLOUDFLARE_IMAGES_URL}/${encodeURIComponent(image.cloudflareId)}/w=1280`
+    function makeSrc(image: ImageMetadata) {
+        if (!image.cloudflareId) {
+            throw new Error("Image has no cloudflareId")
+        }
+        return `${CLOUDFLARE_IMAGES_URL}/${encodeURIComponent(image.cloudflareId)}/w=${image.originalWidth}`
+    }
+
+    const imageSrc = makeSrc(image)
     const sourceProps = generateSourceProps(
         smallImage,
         image,
@@ -127,27 +145,42 @@ export default function Image(props: {
     )
 
     return (
-        <picture className={className}>
-            {sourceProps.map((props, i) => (
-                <source
-                    key={i}
-                    {...props}
-                    type="image/png"
-                    sizes={
-                        containerSizes[containerType] ?? containerSizes.default
-                    }
+        <>
+            <picture className={className}>
+                {sourceProps.map((props, i) => (
+                    <source
+                        key={i}
+                        {...props}
+                        type="image/png"
+                        sizes={
+                            containerSizes[containerType] ??
+                            containerSizes.default
+                        }
+                    />
+                ))}
+                <img
+                    src={imageSrc}
+                    alt={alt}
+                    className={maybeLightboxClassName}
+                    loading="lazy"
+                    // There's no way of knowing in advance whether we'll be showing the image or smallImage - we just have to choose one
+                    // I went with image, as we currently only use smallImage for data insights
+                    width={image.originalWidth ?? undefined}
+                    height={image.originalHeight ?? undefined}
                 />
-            ))}
-            <img
-                src={imageSrc}
-                alt={alt}
-                className={maybeLightboxClassName}
-                loading="lazy"
-                // There's no way of knowing in advance whether we'll be showing the image or smallImage - we just have to choose one
-                // I went with image, as we currently only use smallImage for data insights
-                width={image.originalWidth ?? undefined}
-                height={image.originalHeight ?? undefined}
-            />
-        </picture>
+            </picture>
+            {
+                <button
+                    aria-label={`Download ${filename}`}
+                    className="article-block__image-download-button"
+                    onClick={(e) => {
+                        e.preventDefault()
+                        void handleDownload()
+                    }}
+                >
+                    Download this image
+                </button>
+            }
+        </>
     )
 }
diff --git a/site/gdocs/components/centered-article.scss b/site/gdocs/components/centered-article.scss
index 300dc937697..c848b2dc92a 100644
--- a/site/gdocs/components/centered-article.scss
+++ b/site/gdocs/components/centered-article.scss
@@ -352,9 +352,14 @@ h3.article-block__heading {
         }
     }
 
-    .download-png-link {
-        @include owid-link-60;
+    .article-block__image-download-button {
+        @include owid-link-90;
+        background-color: transparent;
+        cursor: pointer;
+        border: none;
         font-size: 14px;
+        padding: 0;
+        padding-top: 4px;
     }
 }
 

From 75440e883821bc67bd226fa285f1ca21690ca421 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Fri, 22 Nov 2024 20:30:35 +0000
Subject: [PATCH 10/40] =?UTF-8?q?=F0=9F=94=A8=20remove=20gdriveImages=20ba?=
 =?UTF-8?q?king=20step?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Makefile                    |   5 -
 baker/GDriveImagesBaker.tsx | 180 ------------------------------------
 baker/GrapherBaker.tsx      |  11 ++-
 baker/SiteBaker.tsx         |  25 +----
 db/model/Image.ts           | 116 +----------------------
 5 files changed, 16 insertions(+), 321 deletions(-)
 delete mode 100644 baker/GDriveImagesBaker.tsx

diff --git a/Makefile b/Makefile
index 108e206e8ad..0d07326addf 100644
--- a/Makefile
+++ b/Makefile
@@ -159,11 +159,6 @@ sync-cloudflare-images:
 
 refresh.full: refresh refresh.pageviews sync-images
 	@echo '==> Full refresh completed'
-	@make bake-images
-
-bake-images:
-	@echo '==> Baking images'
-	@yarn buildLocalBake --steps gdriveImages
 
 sync-images.preflight-check:
 	@echo '==> Checking for rclone'
diff --git a/baker/GDriveImagesBaker.tsx b/baker/GDriveImagesBaker.tsx
deleted file mode 100644
index c3d6625e6e6..00000000000
--- a/baker/GDriveImagesBaker.tsx
+++ /dev/null
@@ -1,180 +0,0 @@
-import fs from "fs-extra"
-import path from "path"
-import * as db from "../db/db.js"
-import {
-    IMAGE_HOSTING_R2_CDN_URL,
-    IMAGE_HOSTING_R2_BUCKET_SUBFOLDER_PATH,
-} from "../settings/serverSettings.js"
-
-import {
-    DbRawImage,
-    getFilenameAsPng,
-    parseImageRow,
-    retryPromise,
-} from "@ourworldindata/utils"
-import { Image } from "../db/model/Image.js"
-import sharp from "sharp"
-import pMap from "p-map"
-import { BAKED_BASE_URL } from "../settings/clientSettings.js"
-
-export const bakeDriveImages = async (
-    knex: db.KnexReadonlyTransaction,
-    bakedSiteDir: string
-) => {
-    // Get all GDocs images, download locally and resize them
-    const images: Image[] = await db
-        .knexRaw<DbRawImage>(
-            knex,
-            `SELECT DISTINCT *
-             FROM images
-             WHERE id IN (SELECT DISTINCT imageId FROM posts_gdocs_x_images)
-                OR filename IN (SELECT DISTINCT relatedLinkThumbnail FROM posts_gdocs_tombstones)`
-        )
-        .then((results) =>
-            results.map((result) => new Image(parseImageRow(result)))
-        )
-
-    const imagesDirectory = path.join(bakedSiteDir, "images", "published")
-
-    // TODO 2024-02-29: In the retrospective about a recent resized image bug in prod we
-    //                  discussed a few improvements to make to this code:
-    //                  - [ ] Add etags for all the resizes so that we are checking if all
-    //                        the sizes are up to date, not just the original image.
-    //                  - [ ] Clarify the filenames of the paths involved so that it is clear
-    //                        what refers to the original image, the local version, ...
-    //                  - [ ] Break this function into smaller functions to make it easier to
-    //                        understand and maintain.
-
-    // If this causes timeout errors, try decreasing concurrency (2 should be safe)
-    await pMap(
-        images,
-        async (image) => {
-            const remoteFilePath = path.join(
-                IMAGE_HOSTING_R2_CDN_URL,
-                IMAGE_HOSTING_R2_BUCKET_SUBFOLDER_PATH,
-                image.filename
-            )
-            const localImagePath = path.join(imagesDirectory, image.filename)
-            const localImageEtagPath = localImagePath + ".etag"
-
-            // If the image already exists locally, try to use its etag
-            const existingEtag = await readEtagFromFile(
-                localImagePath,
-                localImageEtagPath
-            )
-
-            const response = await retryPromise(
-                () =>
-                    fetch(remoteFilePath, {
-                        headers: {
-                            // XXX hotfix: force png rebuild every time, to work around missing png size variants on prod
-                            // "If-None-Match": existingEtag,
-                        },
-                    }).then((response) => {
-                        if (response.status === 304) {
-                            // Image has not been modified, skip without logging
-                            return response
-                        } else if (response.ok) {
-                            // Log fetched images if it was success but wasn't 304
-                            console.log(
-                                `Fetching image ${image.filename} from ${remoteFilePath} using etag ${existingEtag}...`
-                            )
-                            return response
-                        } else {
-                            // If the response status is 404, throw an error to trigger retry
-                            const msg = `Fetching image failed: ${response.status} ${response.statusText} ${response.url}`
-                            console.log(msg)
-                            throw new Error(msg)
-                        }
-                    }),
-                { maxRetries: 5, exponentialBackoff: true, initialDelay: 1000 }
-            )
-
-            // Image has not been modified, skip
-            // XXX hotfix: force png rebuild every time, to work around missing png size variants on prod
-            // if (response.status === 304) {
-            //     return
-            // }
-
-            let buffer = Buffer.from(await response.arrayBuffer())
-
-            if (!image.isSvg) {
-                // Save the original image
-                await fs.writeFile(
-                    path.join(imagesDirectory, image.filename),
-                    buffer
-                )
-                // Save resized versions
-                await Promise.all(
-                    image.sizes!.map((width) => {
-                        const localResizedFilepath = path.join(
-                            imagesDirectory,
-                            `${image.filenameWithoutExtension}_${width}.png`
-                        )
-                        return sharp(buffer)
-                            .resize(width)
-                            .png()
-                            .toFile(localResizedFilepath)
-                    })
-                )
-            } else {
-                // A PNG alternative to the SVG for the "Download image" link
-                const pngFilename = getFilenameAsPng(image.filename)
-                await sharp(buffer)
-                    .resize(2000)
-                    .png()
-                    .toFile(path.join(imagesDirectory, pngFilename))
-
-                // Import the site's webfonts
-                const svg = buffer
-                    .toString()
-                    .replace(
-                        /(<svg.*?>)/,
-                        `$1<defs><style>@import url(${BAKED_BASE_URL}/fonts.css)</style></defs>`
-                    )
-                buffer = Buffer.from(svg)
-                // Save the svg
-                await fs.writeFile(
-                    path.join(imagesDirectory, image.filename),
-                    buffer
-                )
-            }
-
-            // Save the etag to a sidecar
-            await fs.writeFile(
-                localImageEtagPath,
-                readEtagFromHeader(response),
-                "utf8"
-            )
-        },
-        { concurrency: 5 }
-    )
-}
-
-const readEtagFromHeader = (response: Response) => {
-    const etag = response.headers.get("etag")
-    if (!etag) {
-        throw new Error("No etag header found")
-    }
-    // strip extra quotes from etag
-    return etag.replace(/^"|"$/g, "")
-}
-
-const readEtagFromFile = async (
-    localImagePath: string,
-    localImageEtagPath: string
-) => {
-    let etag = await Promise.all([
-        fs.exists(localImagePath),
-        fs.exists(localImageEtagPath),
-    ]).then(([exists, etagExists]) =>
-        exists && etagExists ? fs.readFile(localImageEtagPath, "utf8") : ""
-    )
-
-    // DigitalOcean wraps etag in double quotes
-    if (!etag.includes('"')) {
-        etag = '"' + etag + '"'
-    }
-
-    return etag
-}
diff --git a/baker/GrapherBaker.tsx b/baker/GrapherBaker.tsx
index 143a94a9e13..3b28a805a58 100644
--- a/baker/GrapherBaker.tsx
+++ b/baker/GrapherBaker.tsx
@@ -40,6 +40,7 @@ import {
     ImageMetadata,
     DbPlainChart,
     DbRawChartConfig,
+    DbEnrichedImage,
 } from "@ourworldindata/types"
 import ProgressBar from "progress"
 import {
@@ -53,7 +54,7 @@ import {
     getPrimaryTopic,
     resolveFaqsForVariable,
 } from "./DatapageHelpers.js"
-import { Image, getAllImages } from "../db/model/Image.js"
+import { getAllImages } from "../db/model/Image.js"
 import { logErrorAndMaybeSendToBugsnag } from "../serverUtils/errorLog.js"
 
 import { getTagToSlugMap } from "./GrapherBakingUtils.js"
@@ -65,7 +66,7 @@ const renderDatapageIfApplicable = async (
     grapher: GrapherInterface,
     isPreviewing: boolean,
     knex: db.KnexReadWriteTransaction,
-    imageMetadataDictionary?: Record<string, Image>
+    imageMetadataDictionary?: Record<string, DbEnrichedImage>
 ) => {
     const variable = await getVariableOfDatapageIfApplicable(grapher)
 
@@ -102,7 +103,7 @@ const renderDatapageIfApplicable = async (
 export const renderDataPageOrGrapherPage = async (
     grapher: GrapherInterface,
     knex: db.KnexReadWriteTransaction,
-    imageMetadataDictionary?: Record<string, Image>
+    imageMetadataDictionary?: Record<string, DbEnrichedImage>
 ): Promise<string> => {
     const datapage = await renderDatapageIfApplicable(
         grapher,
@@ -290,7 +291,7 @@ const chartIsSameVersion = async (
 
 const bakeGrapherPageAndVariablesPngAndSVGIfChanged = async (
     bakedSiteDir: string,
-    imageMetadataDictionary: Record<string, Image>,
+    imageMetadataDictionary: Record<string, DbEnrichedImage>,
     grapher: GrapherInterface,
     knex: db.KnexReadWriteTransaction
 ) => {
@@ -370,7 +371,7 @@ export interface BakeSingleGrapherChartArguments {
     config: string
     bakedSiteDir: string
     slug: string
-    imageMetadataDictionary: Record<string, Image>
+    imageMetadataDictionary: Record<string, DbEnrichedImage>
 }
 
 export const bakeSingleGrapherChart = async (
diff --git a/baker/SiteBaker.tsx b/baker/SiteBaker.tsx
index cecd2b225c3..bc4674bb5cf 100644
--- a/baker/SiteBaker.tsx
+++ b/baker/SiteBaker.tsx
@@ -40,7 +40,6 @@ import {
 } from "../baker/GrapherBakingUtils.js"
 import { makeSitemap } from "../baker/sitemap.js"
 import { bakeCountries } from "../baker/countryProfiles.js"
-import { bakeDriveImages } from "../baker/GDriveImagesBaker.js"
 import {
     countries,
     FullPost,
@@ -58,7 +57,6 @@ import {
     TombstonePageData,
     gdocUrlRegex,
 } from "@ourworldindata/utils"
-
 import { execWrapper } from "../db/execWrapper.js"
 import { countryProfileSpecs } from "../site/countryProfileProjects.js"
 import {
@@ -81,7 +79,7 @@ import {
     postsFlushCache,
 } from "../db/model/Post.js"
 import { GdocPost } from "../db/model/Gdoc/GdocPost.js"
-import { Image, getAllImages } from "../db/model/Image.js"
+import { getAllImages } from "../db/model/Image.js"
 import { generateEmbedSnippet } from "../site/viteUtils.js"
 import { logErrorAndMaybeSendToBugsnag } from "../serverUtils/errorLog.js"
 import {
@@ -144,7 +142,6 @@ const nonWordpressSteps = [
     "multiDimPages",
     "gdocPosts",
     "gdocTombstones",
-    "gdriveImages",
     "dods",
     "dataInsights",
     "authors",
@@ -364,10 +361,9 @@ export class SiteBaker {
                 name: `✅ Prefetched ${publishedGdocs.length} gdocs`,
             })
 
-            const imageMetadataDictionary: Record<string, Image> =
-                await getAllImages(knex).then((images) =>
-                    keyBy(images, "filename")
-                )
+            const imageMetadataDictionary = await getAllImages(knex).then(
+                (images) => keyBy(images, "filename")
+            )
 
             this.progressBar.tick({
                 name: `✅ Prefetched ${Object.values(imageMetadataDictionary).length} images`,
@@ -1038,13 +1034,6 @@ export class SiteBaker {
         this.progressBar.tick({ name: "✅ baked rss" })
     }
 
-    private async bakeDriveImages(knex: db.KnexReadonlyTransaction) {
-        if (!this.bakeSteps.has("gdriveImages")) return
-        await this.ensureDir("images/published")
-        await bakeDriveImages(knex, this.bakedSiteDir)
-        this.progressBar.tick({ name: "✅ baked google drive images" })
-    }
-
     // We don't have an icon for every single tag (yet), but for the icons that we *do* have,
     // we want to make sure that we have a corresponding tag in the database.
     private async validateTagIcons(trx: db.KnexReadonlyTransaction) {
@@ -1067,9 +1056,6 @@ export class SiteBaker {
     private async bakeAssets(trx: db.KnexReadonlyTransaction) {
         if (!this.bakeSteps.has("assets")) return
 
-        // do not delete images/published folder so that we don't have to sync gdrive images again
-        const excludes = "--exclude images/published"
-
         await execWrapper(
             `rm -rf ${this.bakedSiteDir}/assets && cp -r ${BASE_DIR}/dist/assets ${this.bakedSiteDir}/assets`
         )
@@ -1081,7 +1067,7 @@ export class SiteBaker {
 
         await this.validateTagIcons(trx)
         await execWrapper(
-            `rsync -hav --delete ${BASE_DIR}/public/* ${this.bakedSiteDir}/ ${excludes}`
+            `rsync -hav --delete ${BASE_DIR}/public/* ${this.bakedSiteDir}/`
         )
 
         await fs.writeFile(
@@ -1147,7 +1133,6 @@ export class SiteBaker {
         await this.bakeGDocTombstones(knex)
         await this.bakeDataInsights(knex)
         await this.bakeAuthors(knex)
-        await this.bakeDriveImages(knex)
     }
 
     // TODO: this transaction is only RW because somewhere inside it we fetch images
diff --git a/db/model/Image.ts b/db/model/Image.ts
index 15296fd9126..de5b3edd729 100644
--- a/db/model/Image.ts
+++ b/db/model/Image.ts
@@ -1,116 +1,10 @@
-import { drive_v3, google } from "googleapis"
-import {
-    PutObjectCommand,
-    PutObjectCommandInput,
-    S3Client,
-} from "@aws-sdk/client-s3"
-import {
-    getFilenameWithoutExtension,
-    getSizes,
-    keyBy,
-    GDriveImageMetadata,
-    ImageMetadata,
-    findDuplicates,
-    getFilenameMIMEType,
-    DbRawImage,
-    DbEnrichedImage,
-    parseImageRow,
-    DbInsertImage,
-    serializeImageRow,
-    ImagesTableName,
-} from "@ourworldindata/utils"
-import { OwidGoogleAuth } from "../OwidGoogleAuth.js"
-import {
-    R2_ENDPOINT,
-    R2_ACCESS_KEY_ID,
-    R2_SECRET_ACCESS_KEY,
-    R2_REGION,
-    IMAGE_HOSTING_R2_BUCKET_PATH,
-    GDOCS_CLIENT_EMAIL,
-    GDOCS_SHARED_DRIVE_ID,
-} from "../../settings/serverSettings.js"
-import { KnexReadWriteTransaction, KnexReadonlyTransaction } from "../db.js"
-
-export const s3Client = new S3Client({
-    endpoint: R2_ENDPOINT,
-    forcePathStyle: false,
-    region: R2_REGION,
-    credentials: {
-        accessKeyId: R2_ACCESS_KEY_ID,
-        secretAccessKey: R2_SECRET_ACCESS_KEY,
-    },
-})
-
-export class Image implements ImageMetadata {
-    id!: number
-    cloudflareId!: string
-    filename!: string
-    defaultAlt!: string
-    updatedAt!: number | null
-    originalWidth!: number | null
-    originalHeight!: number | null
-
-    get isSvg(): boolean {
-        return this.fileExtension === "svg"
-    }
-
-    get sizes(): number[] | undefined {
-        if (this.isSvg) return
-        return getSizes(this.originalWidth)
-    }
-
-    get filenameWithoutExtension(): string {
-        return getFilenameWithoutExtension(this.filename)
-    }
-
-    get fileExtension(): string {
-        return this.filename.slice(this.filename.indexOf(".") + 1)
-    }
-
-    constructor(metadata: ImageMetadata) {
-        Object.assign(this, metadata)
-    }
-}
-
-export async function getImageByFilename(
-    knex: KnexReadonlyTransaction,
-    filename: string
-): Promise<Image | undefined> {
-    const image = await knex
-        .table(ImagesTableName)
-        .where({ filename })
-        .first<DbRawImage | undefined>()
-    if (!image) return undefined
-    const enrichedImage = parseImageRow(image)
-    return new Image(enrichedImage)
-}
+import { DbEnrichedImage, DbRawImage } from "@ourworldindata/types"
+import { parseImageRow } from "@ourworldindata/utils"
+import { KnexReadonlyTransaction } from "../db.js"
 
 export async function getAllImages(
     knex: KnexReadonlyTransaction
-): Promise<Image[]> {
+): Promise<DbEnrichedImage[]> {
     const images = await knex.table("images").select<DbRawImage[]>()
-    return images.map(parseImageRow).map((row) => new Image(row))
-}
-
-export async function updateImage(
-    knex: KnexReadWriteTransaction,
-    id: number,
-    updates: Partial<DbEnrichedImage>
-): Promise<void> {
-    await knex.table("images").where({ id }).update(updates)
-}
-
-export async function insertImageClass(
-    knex: KnexReadWriteTransaction,
-    image: Image
-): Promise<number> {
-    return insertImageObject(knex, serializeImageRow({ ...image }))
-}
-
-export async function insertImageObject(
-    knex: KnexReadWriteTransaction,
-    image: DbInsertImage
-): Promise<number> {
-    const [id] = await knex.table("images").insert(image)
-    return id
+    return images.map(parseImageRow)
 }

From 442bc5c98401c95a46f37e4fcca08d2b88ca3d94 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Fri, 22 Nov 2024 16:35:23 -0500
Subject: [PATCH 11/40] =?UTF-8?q?=F0=9F=94=A8=20remove=20all=20redundant?=
 =?UTF-8?q?=20gdoc=20readwrite=20transactions?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adminSiteServer/adminRouter.tsx       | 11 +---
 adminSiteServer/appClass.tsx          |  3 +-
 adminSiteServer/mockSiteRouter.tsx    | 94 ++++++++++-----------------
 baker/DatapageHelpers.ts              |  9 ++-
 baker/DeployUtils.ts                  |  8 +--
 baker/GrapherBaker.tsx                | 22 ++-----
 baker/MultiDimBaker.tsx               | 10 +--
 baker/SiteBaker.tsx                   | 32 ++++-----
 baker/algolia/indexPagesToAlgolia.tsx |  3 +-
 baker/algolia/utils/pages.ts          |  3 +-
 baker/bakeGdocPost.ts                 |  3 +-
 baker/bakeGdocPosts.ts                |  3 +-
 baker/buildLocalBake.ts               |  3 +-
 baker/redirects.ts                    |  2 +-
 baker/runBakeGraphers.ts              |  3 +-
 baker/siteRenderers.tsx               | 21 ++----
 baker/sitemap.ts                      |  3 +-
 baker/startDeployQueueServer.ts       |  3 +-
 db/model/Gdoc/GdocAuthor.ts           |  3 +-
 db/model/Gdoc/GdocDataInsight.ts      |  3 +-
 db/model/Gdoc/GdocFactory.ts          | 25 +++----
 db/model/Post.ts                      |  3 +-
 devTools/markdownTest/markdown.ts     |  3 +-
 23 files changed, 97 insertions(+), 176 deletions(-)

diff --git a/adminSiteServer/adminRouter.tsx b/adminSiteServer/adminRouter.tsx
index 99a1ab8154e..537dd8f2077 100644
--- a/adminSiteServer/adminRouter.tsx
+++ b/adminSiteServer/adminRouter.tsx
@@ -43,10 +43,7 @@ import {
 import { getChartConfigBySlug } from "../db/model/Chart.js"
 import { getVariableMetadata } from "../db/model/Variable.js"
 import { DbPlainDatasetFile, DbPlainDataset } from "@ourworldindata/types"
-import {
-    getPlainRouteNonIdempotentWithRWTransaction,
-    getPlainRouteWithROTransaction,
-} from "./plainRouterHelpers.js"
+import { getPlainRouteWithROTransaction } from "./plainRouterHelpers.js"
 import { getMultiDimDataPageBySlug } from "../db/model/MultiDimDataPage.js"
 import { renderMultiDimDataPageFromConfig } from "../baker/MultiDimBaker.js"
 
@@ -323,8 +320,7 @@ getPlainRouteWithROTransaction(
         return res.send(explorerPage)
     }
 )
-// TODO: this transaction is only RW because somewhere inside it we fetch images
-getPlainRouteNonIdempotentWithRWTransaction(
+getPlainRouteWithROTransaction(
     adminRouter,
     "/datapage-preview/:id",
     async (req, res, trx) => {
@@ -345,8 +341,7 @@ getPlainRouteNonIdempotentWithRWTransaction(
         )
     }
 )
-// TODO: this transaction is only RW because somewhere inside it we fetch images
-getPlainRouteNonIdempotentWithRWTransaction(
+getPlainRouteWithROTransaction(
     adminRouter,
     "/grapher/:slug",
     async (req, res, trx) => {
diff --git a/adminSiteServer/appClass.tsx b/adminSiteServer/appClass.tsx
index a6972ad5264..c2467c13c4f 100644
--- a/adminSiteServer/appClass.tsx
+++ b/adminSiteServer/appClass.tsx
@@ -131,8 +131,7 @@ export class OwidAdminApp {
         // Public preview of a Gdoc document
         app.get("/gdocs/:id/preview", async (req, res) => {
             try {
-                // TODO: this transaction is only RW because somewhere inside it we fetch images
-                await db.knexReadWriteTransaction(async (knex) => {
+                await db.knexReadonlyTransaction(async (knex) => {
                     const gdoc = await getAndLoadGdocById(
                         knex,
                         req.params.id,
diff --git a/adminSiteServer/mockSiteRouter.tsx b/adminSiteServer/mockSiteRouter.tsx
index 8cb903a6c50..8ea79c4c16c 100644
--- a/adminSiteServer/mockSiteRouter.tsx
+++ b/adminSiteServer/mockSiteRouter.tsx
@@ -94,8 +94,7 @@ const mockSiteRouter = Router()
 mockSiteRouter.use(express.urlencoded({ extended: true }))
 mockSiteRouter.use(express.json())
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
-getPlainRouteNonIdempotentWithRWTransaction(
+getPlainRouteWithROTransaction(
     mockSiteRouter,
     "/atom.xml",
     async (req, res, trx) => {
@@ -105,8 +104,7 @@ getPlainRouteNonIdempotentWithRWTransaction(
     }
 )
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
-getPlainRouteNonIdempotentWithRWTransaction(
+getPlainRouteWithROTransaction(
     mockSiteRouter,
     "/atom-no-topic-pages.xml",
     async (req, res, trx) => {
@@ -116,21 +114,17 @@ getPlainRouteNonIdempotentWithRWTransaction(
     }
 )
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
-getPlainRouteNonIdempotentWithRWTransaction(
+getPlainRouteWithROTransaction(
     mockSiteRouter,
     `/${DATA_INSIGHTS_ATOM_FEED_NAME}`,
-    async (_, res) => {
+    async (_, res, trx) => {
         res.set("Content-Type", "application/xml")
-        const atomFeedDataInsights = await db.knexReadWriteTransaction((knex) =>
-            makeDataInsightsAtomFeed(knex)
-        )
+        const atomFeedDataInsights = await makeDataInsightsAtomFeed(trx)
         res.send(atomFeedDataInsights)
     }
 )
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
-getPlainRouteNonIdempotentWithRWTransaction(
+getPlainRouteWithROTransaction(
     mockSiteRouter,
     "/sitemap.xml",
     async (req, res, trx) => {
@@ -261,8 +255,7 @@ getPlainRouteWithROTransaction(
     }
 )
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
-getPlainRouteNonIdempotentWithRWTransaction(
+getPlainRouteWithROTransaction(
     mockSiteRouter,
     "/grapher/:slug",
     async (req, res, trx) => {
@@ -292,29 +285,20 @@ getPlainRouteNonIdempotentWithRWTransaction(
     }
 )
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
-getPlainRouteNonIdempotentWithRWTransaction(
-    mockSiteRouter,
-    "/",
-    async (req, res, trx) => {
-        const frontPage = await renderFrontPage(trx)
-        res.send(frontPage)
-    }
-)
+getPlainRouteWithROTransaction(mockSiteRouter, "/", async (_, res, trx) => {
+    const frontPage = await renderFrontPage(trx)
+    res.send(frontPage)
+})
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
-getPlainRouteNonIdempotentWithRWTransaction(
-    mockSiteRouter,
-    "/donate",
-    async (req, res, trx) => res.send(await renderDonatePage(trx))
+getPlainRouteWithROTransaction(mockSiteRouter, "/donate", async (_, res, trx) =>
+    res.send(await renderDonatePage(trx))
 )
 
 mockSiteRouter.get("/thank-you", async (req, res) =>
     res.send(await renderThankYouPage())
 )
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
-getPlainRouteNonIdempotentWithRWTransaction(
+getPlainRouteWithROTransaction(
     mockSiteRouter,
     "/data-insights/:pageNumberOrSlug?",
     async (req, res, trx) => {
@@ -370,8 +354,7 @@ getPlainRouteWithROTransaction(
     }
 )
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
-getPlainRouteNonIdempotentWithRWTransaction(
+getPlainRouteWithROTransaction(
     mockSiteRouter,
     "/datapage-preview/:id",
     async (req, res, trx) => {
@@ -411,18 +394,16 @@ mockSiteRouter.get("/search", async (req, res) =>
     res.send(await renderSearchPage())
 )
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
-getPlainRouteNonIdempotentWithRWTransaction(
+getPlainRouteWithROTransaction(
     mockSiteRouter,
     "/latest",
-    async (req, res, trx) => {
+    async (_, res, trx) => {
         const latest = await renderBlogByPageNum(1, trx)
         res.send(latest)
     }
 )
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
-getPlainRouteNonIdempotentWithRWTransaction(
+getPlainRouteWithROTransaction(
     mockSiteRouter,
     "/latest/page/:pageno",
     async (req, res, trx) => {
@@ -599,30 +580,25 @@ getPlainRouteWithROTransaction(
     }
 )
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
-getPlainRouteNonIdempotentWithRWTransaction(
-    mockSiteRouter,
-    "/*",
-    async (req, res, trx) => {
-        // Remove leading and trailing slashes
-        const slug = req.path.replace(/^\/|\/$/g, "")
+getPlainRouteWithROTransaction(mockSiteRouter, "/*", async (req, res, trx) => {
+    // Remove leading and trailing slashes
+    const slug = req.path.replace(/^\/|\/$/g, "")
 
-        try {
-            const page = await renderGdocsPageBySlug(trx, slug)
-            res.send(page)
-            return
-        } catch (e) {
-            console.error(e)
-        }
+    try {
+        const page = await renderGdocsPageBySlug(trx, slug)
+        res.send(page)
+        return
+    } catch (e) {
+        console.error(e)
+    }
 
-        try {
-            const page = await renderPageBySlug(slug, trx)
-            res.send(page)
-        } catch (e) {
-            console.error(e)
-            res.status(404).send(renderNotFoundPage())
-        }
+    try {
+        const page = await renderPageBySlug(slug, trx)
+        res.send(page)
+    } catch (e) {
+        console.error(e)
+        res.status(404).send(renderNotFoundPage())
     }
-)
+})
 
 export { mockSiteRouter }
diff --git a/baker/DatapageHelpers.ts b/baker/DatapageHelpers.ts
index 8d1aef9e316..469a26b5d75 100644
--- a/baker/DatapageHelpers.ts
+++ b/baker/DatapageHelpers.ts
@@ -23,7 +23,7 @@ import {
     GrapherInterface,
     OwidGdocBaseInterface,
 } from "@ourworldindata/types"
-import { KnexReadWriteTransaction } from "../db/db.js"
+import { KnexReadonlyTransaction } from "../db/db.js"
 import { parseFaqs } from "../db/model/Gdoc/rawToEnriched.js"
 import { logErrorAndMaybeSendToBugsnag } from "../serverUtils/errorLog.js"
 import { getSlugForTopicTag } from "./GrapherBakingUtils.js"
@@ -88,8 +88,7 @@ export const getDatapageDataV2 = async (
  * see https://github.com/owid/owid-grapher/issues/2121#issue-1676097164
  */
 export const getDatapageGdoc = async (
-    // TODO: this transaction is only RW because somewhere inside it we fetch images
-    knex: KnexReadWriteTransaction,
+    knex: KnexReadonlyTransaction,
     googleDocEditLinkOrId: string,
     isPreviewing: boolean
 ): Promise<OwidGdocBaseInterface | null> => {
@@ -137,7 +136,7 @@ type EnrichedFaqLookupSuccess = {
 type EnrichedFaqLookupResult = EnrichedFaqLookupError | EnrichedFaqLookupSuccess
 
 export const fetchAndParseFaqs = async (
-    knex: KnexReadWriteTransaction, // TODO: this transaction is only RW because somewhere inside it we fetch images
+    knex: KnexReadonlyTransaction,
     faqGdocIds: string[],
     { isPreviewing }: { isPreviewing: boolean }
 ) => {
@@ -189,7 +188,7 @@ export const resolveFaqsForVariable = (
 }
 
 export const getPrimaryTopic = async (
-    knex: KnexReadWriteTransaction,
+    knex: KnexReadonlyTransaction,
     firstTopicTag: string | undefined
 ) => {
     if (!firstTopicTag) return undefined
diff --git a/baker/DeployUtils.ts b/baker/DeployUtils.ts
index 997da9a72a9..3e961be1d70 100644
--- a/baker/DeployUtils.ts
+++ b/baker/DeployUtils.ts
@@ -11,7 +11,7 @@ import {
 import { SiteBaker } from "../baker/SiteBaker.js"
 import { WebClient } from "@slack/web-api"
 import { DeployChange, DeployMetadata } from "@ourworldindata/utils"
-import { KnexReadWriteTransaction } from "../db/db.js"
+import { KnexReadonlyTransaction } from "../db/db.js"
 
 const deployQueueServer = new DeployQueueServer()
 
@@ -34,10 +34,9 @@ export const defaultCommitMessage = async (): Promise<string> => {
  * Initiate a deploy, without any checks. Throws error on failure.
  */
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
 const triggerBakeAndDeploy = async (
     deployMetadata: DeployMetadata,
-    knex: KnexReadWriteTransaction,
+    knex: KnexReadonlyTransaction,
     lightningQueue?: DeployChange[]
 ) => {
     // deploy to Buildkite if we're on master and BUILDKITE_API_ACCESS_TOKEN is set
@@ -164,8 +163,7 @@ let deploying = false
  * If there are no changes in the queue, a deploy won't be initiated.
  */
 export const deployIfQueueIsNotEmpty = async (
-    // TODO: this transaction is only RW because somewhere inside it we fetch images
-    knex: KnexReadWriteTransaction
+    knex: KnexReadonlyTransaction
 ) => {
     if (deploying) return
     deploying = true
diff --git a/baker/GrapherBaker.tsx b/baker/GrapherBaker.tsx
index 3b28a805a58..313b45c7ee7 100644
--- a/baker/GrapherBaker.tsx
+++ b/baker/GrapherBaker.tsx
@@ -65,7 +65,7 @@ import pMap from "p-map"
 const renderDatapageIfApplicable = async (
     grapher: GrapherInterface,
     isPreviewing: boolean,
-    knex: db.KnexReadWriteTransaction,
+    knex: db.KnexReadonlyTransaction,
     imageMetadataDictionary?: Record<string, DbEnrichedImage>
 ) => {
     const variable = await getVariableOfDatapageIfApplicable(grapher)
@@ -99,10 +99,9 @@ const renderDatapageIfApplicable = async (
  * Render a datapage if available, otherwise render a grapher page.
  */
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
 export const renderDataPageOrGrapherPage = async (
     grapher: GrapherInterface,
-    knex: db.KnexReadWriteTransaction,
+    knex: db.KnexReadonlyTransaction,
     imageMetadataDictionary?: Record<string, DbEnrichedImage>
 ): Promise<string> => {
     const datapage = await renderDatapageIfApplicable(
@@ -131,9 +130,7 @@ export async function renderDataPageV2(
         pageGrapher?: GrapherInterface
         imageMetadataDictionary?: Record<string, ImageMetadata>
     },
-
-    // TODO: this transaction is only RW because somewhere inside it we fetch images
-    knex: db.KnexReadWriteTransaction
+    knex: db.KnexReadonlyTransaction
 ) {
     const grapherConfigForVariable = await getMergedGrapherConfigForVariable(
         knex,
@@ -238,9 +235,7 @@ export async function renderDataPageV2(
  */
 export const renderPreviewDataPageOrGrapherPage = async (
     grapher: GrapherInterface,
-
-    // TODO: this transaction is only RW because somewhere inside it we fetch images
-    knex: db.KnexReadWriteTransaction
+    knex: db.KnexReadonlyTransaction
 ) => {
     const datapage = await renderDatapageIfApplicable(grapher, true, knex)
     if (datapage) return datapage
@@ -293,7 +288,7 @@ const bakeGrapherPageAndVariablesPngAndSVGIfChanged = async (
     bakedSiteDir: string,
     imageMetadataDictionary: Record<string, DbEnrichedImage>,
     grapher: GrapherInterface,
-    knex: db.KnexReadWriteTransaction
+    knex: db.KnexReadonlyTransaction
 ) => {
     const htmlPath = `${bakedSiteDir}/grapher/${grapher.slug}.html`
     const isSameVersion = await chartIsSameVersion(htmlPath, grapher.version)
@@ -376,9 +371,7 @@ export interface BakeSingleGrapherChartArguments {
 
 export const bakeSingleGrapherChart = async (
     args: BakeSingleGrapherChartArguments,
-
-    // TODO: this transaction is only RW because somewhere inside it we fetch images
-    knex: db.KnexReadWriteTransaction
+    knex: db.KnexReadonlyTransaction
 ) => {
     const grapher: GrapherInterface = JSON.parse(args.config)
     grapher.id = args.id
@@ -400,8 +393,7 @@ export const bakeSingleGrapherChart = async (
 }
 
 export const bakeAllChangedGrapherPagesVariablesPngSvgAndDeleteRemovedGraphers =
-    // TODO: this transaction is only RW because somewhere inside it we fetch images
-    async (bakedSiteDir: string, knex: db.KnexReadWriteTransaction) => {
+    async (bakedSiteDir: string, knex: db.KnexReadonlyTransaction) => {
         const chartsToBake = await knexRaw<
             Pick<DbPlainChart, "id"> & {
                 config: DbRawChartConfig["full"]
diff --git a/baker/MultiDimBaker.tsx b/baker/MultiDimBaker.tsx
index 424a2c90a5f..4828e914cf3 100644
--- a/baker/MultiDimBaker.tsx
+++ b/baker/MultiDimBaker.tsx
@@ -60,7 +60,7 @@ const getRelevantVariableMetadata = async (
 }
 
 const getFaqEntries = async (
-    knex: db.KnexReadWriteTransaction, // TODO: this transaction is only RW because somewhere inside it we fetch images
+    knex: db.KnexReadonlyTransaction,
     config: MultiDimDataPageConfigPreProcessed,
     variableMetadataDict: Record<number, OwidVariableWithSource>
 ): Promise<FaqEntryKeyedByGdocIdAndFragmentId> => {
@@ -117,7 +117,7 @@ const getFaqEntries = async (
 }
 
 export const renderMultiDimDataPageFromConfig = async (
-    knex: db.KnexReadWriteTransaction,
+    knex: db.KnexReadonlyTransaction,
     slug: string,
     config: MultiDimDataPageConfigEnriched
 ) => {
@@ -148,7 +148,7 @@ export const renderMultiDimDataPageFromConfig = async (
 }
 
 export const renderMultiDimDataPageBySlug = async (
-    knex: db.KnexReadWriteTransaction,
+    knex: db.KnexReadonlyTransaction,
     slug: string,
     { onlyPublished = true }: { onlyPublished?: boolean } = {}
 ) => {
@@ -165,7 +165,7 @@ export const renderMultiDimDataPageFromProps = async (
 }
 
 export const bakeMultiDimDataPage = async (
-    knex: db.KnexReadWriteTransaction,
+    knex: db.KnexReadonlyTransaction,
     bakedSiteDir: string,
     slug: string,
     config: MultiDimDataPageConfigEnriched
@@ -180,7 +180,7 @@ export const bakeMultiDimDataPage = async (
 }
 
 export const bakeAllMultiDimDataPages = async (
-    knex: db.KnexReadWriteTransaction,
+    knex: db.KnexReadonlyTransaction,
     bakedSiteDir: string
 ) => {
     const multiDimsBySlug = await getAllMultiDimDataPages(knex)
diff --git a/baker/SiteBaker.tsx b/baker/SiteBaker.tsx
index bc4674bb5cf..c422adcaa4e 100644
--- a/baker/SiteBaker.tsx
+++ b/baker/SiteBaker.tsx
@@ -689,8 +689,7 @@ export class SiteBaker {
 
     // Bake unique individual pages
 
-    // TODO: this transaction is only RW because somewhere inside it we fetch images
-    private async bakeSpecialPages(knex: db.KnexReadWriteTransaction) {
+    private async bakeSpecialPages(knex: db.KnexReadonlyTransaction) {
         if (!this.bakeSteps.has("specialPages")) return
         await this.stageWrite(
             `${this.bakedSiteDir}/index.html`,
@@ -817,7 +816,7 @@ export class SiteBaker {
         this.progressBar.tick({ name: "✅ validated grapher dods" })
     }
 
-    private async bakeMultiDimPages(knex: db.KnexReadWriteTransaction) {
+    private async bakeMultiDimPages(knex: db.KnexReadonlyTransaction) {
         if (!this.bakeSteps.has("multiDimPages")) return
         if (!FEATURE_FLAGS.has(FeatureFlagFeature.MultiDimDataPage)) {
             console.log(
@@ -861,8 +860,7 @@ export class SiteBaker {
         }
     }
 
-    // TODO: this transaction is only RW because somewhere inside it we fetch images
-    private async bakeDataInsights(knex: db.KnexReadWriteTransaction) {
+    private async bakeDataInsights(knex: db.KnexReadonlyTransaction) {
         if (!this.bakeSteps.has("dataInsights")) return
         const {
             dataInsights: latestDataInsights,
@@ -939,8 +937,7 @@ export class SiteBaker {
         }
     }
 
-    // TODO: this transaction is only RW because somewhere inside it we fetch images
-    private async bakeAuthors(knex: db.KnexReadWriteTransaction) {
+    private async bakeAuthors(knex: db.KnexReadonlyTransaction) {
         if (!this.bakeSteps.has("authors")) return
 
         const publishedAuthors = await GdocAuthor.getPublishedAuthors(knex)
@@ -1000,8 +997,7 @@ export class SiteBaker {
 
     // Bake the blog index
 
-    // TODO: this transaction is only RW because somewhere inside it we fetch images
-    private async bakeBlogIndex(knex: db.KnexReadWriteTransaction) {
+    private async bakeBlogIndex(knex: db.KnexReadonlyTransaction) {
         if (!this.bakeSteps.has("blogIndex")) return
         const allPosts = await getBlogIndex(knex)
         const numPages = Math.ceil(allPosts.length / BLOG_POSTS_PER_PAGE)
@@ -1016,8 +1012,7 @@ export class SiteBaker {
 
     // Bake the RSS feed
 
-    // TODO: this transaction is only RW because somewhere inside it we fetch images
-    private async bakeRSS(knex: db.KnexReadWriteTransaction) {
+    private async bakeRSS(knex: db.KnexReadonlyTransaction) {
         if (!this.bakeSteps.has("rss")) return
         await this.stageWrite(
             `${this.bakedSiteDir}/atom.xml`,
@@ -1080,7 +1075,7 @@ export class SiteBaker {
         this.progressBar.tick({ name: "✅ baked assets" })
     }
 
-    async bakeRedirects(knex: db.KnexReadWriteTransaction) {
+    async bakeRedirects(knex: db.KnexReadonlyTransaction) {
         if (!this.bakeSteps.has("redirects")) return
         const redirects = await getRedirects(knex)
         this.progressBar.tick({ name: "✅ got redirects" })
@@ -1098,9 +1093,7 @@ export class SiteBaker {
         this.progressBar.tick({ name: "✅ baked redirects" })
     }
 
-    // TODO: This transaction is RW because we delete expired redirects and
-    //       somewhere inside it we fetch images.
-    async bakeWordpressPages(knex: db.KnexReadWriteTransaction) {
+    async bakeWordpressPages(knex: db.KnexReadonlyTransaction) {
         await this.bakeRedirects(knex)
         await this.bakeEmbeds(knex)
         await this.bakeBlogIndex(knex)
@@ -1109,8 +1102,7 @@ export class SiteBaker {
         await this.bakePosts(knex)
     }
 
-    // TODO: this transaction is only RW because somewhere inside it we fetch images
-    private async _bakeNonWordpressPages(knex: db.KnexReadWriteTransaction) {
+    private async _bakeNonWordpressPages(knex: db.KnexReadonlyTransaction) {
         if (this.bakeSteps.has("countries")) {
             await bakeCountries(this, knex)
         }
@@ -1135,8 +1127,7 @@ export class SiteBaker {
         await this.bakeAuthors(knex)
     }
 
-    // TODO: this transaction is only RW because somewhere inside it we fetch images
-    async bakeNonWordpressPages(knex: db.KnexReadWriteTransaction) {
+    async bakeNonWordpressPages(knex: db.KnexReadonlyTransaction) {
         const progressBarTotal = nonWordpressSteps
             .map((step) => this.bakeSteps.has(step))
             .filter((hasStep) => hasStep).length
@@ -1150,8 +1141,7 @@ export class SiteBaker {
         await this._bakeNonWordpressPages(knex)
     }
 
-    // TODO: this transaction is only RW because somewhere inside it we fetch images
-    async bakeAll(knex: db.KnexReadWriteTransaction) {
+    async bakeAll(knex: db.KnexReadonlyTransaction) {
         // Ensure caches are correctly initialized
         this.flushCache()
         await this.removeDeletedPosts(knex)
diff --git a/baker/algolia/indexPagesToAlgolia.tsx b/baker/algolia/indexPagesToAlgolia.tsx
index 703f618c73b..2a0bf6a1093 100644
--- a/baker/algolia/indexPagesToAlgolia.tsx
+++ b/baker/algolia/indexPagesToAlgolia.tsx
@@ -15,8 +15,7 @@ const indexPagesToAlgolia = async () => {
     }
     const index = client.initIndex(getIndexName(SearchIndexName.Pages))
 
-    // TODO: this transaction is only RW because somewhere inside it we fetch images
-    const records = await db.knexReadWriteTransaction(
+    const records = await db.knexReadonlyTransaction(
         getPagesRecords,
         db.TransactionCloseMode.Close
     )
diff --git a/baker/algolia/utils/pages.ts b/baker/algolia/utils/pages.ts
index e5b5983d9cd..1b88ff4fd17 100644
--- a/baker/algolia/utils/pages.ts
+++ b/baker/algolia/utils/pages.ts
@@ -239,9 +239,8 @@ function generateGdocRecords(
     return records
 }
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
 // Generate records for countries, WP posts (not including posts that have been succeeded by Gdocs equivalents), and Gdocs
-export const getPagesRecords = async (knex: db.KnexReadWriteTransaction) => {
+export const getPagesRecords = async (knex: db.KnexReadonlyTransaction) => {
     const pageviews = await getAnalyticsPageviewsByUrlObj(knex)
     const gdocs = await db
         .getPublishedGdocPostsWithTags(knex)
diff --git a/baker/bakeGdocPost.ts b/baker/bakeGdocPost.ts
index d63c6561395..97deb5caac3 100644
--- a/baker/bakeGdocPost.ts
+++ b/baker/bakeGdocPost.ts
@@ -19,8 +19,7 @@ void yargs(hideBin(process.argv))
         async ({ slug }) => {
             const baker = new SiteBaker(BAKED_SITE_DIR, BAKED_BASE_URL)
 
-            // TODO: this transaction is only RW because somewhere inside it we fetch images
-            await db.knexReadWriteTransaction(
+            await db.knexReadonlyTransaction(
                 (trx) => baker.bakeGDocPosts(trx, [slug]),
                 db.TransactionCloseMode.Close
             )
diff --git a/baker/bakeGdocPosts.ts b/baker/bakeGdocPosts.ts
index bf332cf237b..1b1638208ea 100644
--- a/baker/bakeGdocPosts.ts
+++ b/baker/bakeGdocPosts.ts
@@ -24,8 +24,7 @@ void yargs(hideBin(process.argv))
         async ({ slugs }) => {
             const baker = new SiteBaker(BAKED_SITE_DIR, BAKED_BASE_URL)
 
-            // TODO: this transaction is only RW because somewhere inside it we fetch images
-            await db.knexReadWriteTransaction(
+            await db.knexReadonlyTransaction(
                 (trx) => baker.bakeGDocPosts(trx, slugs),
                 db.TransactionCloseMode.Close
             )
diff --git a/baker/buildLocalBake.ts b/baker/buildLocalBake.ts
index 6d401a63a9b..5cf9fa766e5 100644
--- a/baker/buildLocalBake.ts
+++ b/baker/buildLocalBake.ts
@@ -18,8 +18,7 @@ const bakeDomainToFolder = async (
     const baker = new SiteBaker(dir, baseUrl, bakeSteps)
     console.log(`Baking site locally with baseUrl '${baseUrl}' to dir '${dir}'`)
 
-    // TODO: this transaction is only RW because somewhere inside it we fetch images
-    await db.knexReadWriteTransaction(
+    await db.knexReadonlyTransaction(
         (trx) => baker.bakeAll(trx),
         db.TransactionCloseMode.Close
     )
diff --git a/baker/redirects.ts b/baker/redirects.ts
index 1c45a9d7697..3a897b2b15b 100644
--- a/baker/redirects.ts
+++ b/baker/redirects.ts
@@ -8,7 +8,7 @@ import {
     getRedirectsFromDb,
 } from "../db/model/Redirect.js"
 
-export const getRedirects = async (knex: db.KnexReadWriteTransaction) => {
+export const getRedirects = async (knex: db.KnexReadonlyTransaction) => {
     const staticRedirects = [
         // RSS feed
         "/feed /atom.xml 302",
diff --git a/baker/runBakeGraphers.ts b/baker/runBakeGraphers.ts
index 898a4a1a78d..02f862ea2e9 100755
--- a/baker/runBakeGraphers.ts
+++ b/baker/runBakeGraphers.ts
@@ -9,8 +9,7 @@ import * as db from "../db/db.js"
  */
 
 const main = async (folder: string) => {
-    // TODO: this transaction is only RW because somewhere inside it we fetch images
-    return db.knexReadWriteTransaction(
+    return db.knexReadonlyTransaction(
         (trx) =>
             bakeAllChangedGrapherPagesVariablesPngSvgAndDeleteRemovedGraphers(
                 folder,
diff --git a/baker/siteRenderers.tsx b/baker/siteRenderers.tsx
index a6c46848bfb..163f7961a7a 100644
--- a/baker/siteRenderers.tsx
+++ b/baker/siteRenderers.tsx
@@ -144,9 +144,8 @@ export function renderDynamicCollectionPage() {
     return renderToHtmlPage(<DynamicCollectionPage baseUrl={BAKED_BASE_URL} />)
 }
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
 export const renderGdocsPageBySlug = async (
-    knex: KnexReadWriteTransaction,
+    knex: KnexReadonlyTransaction,
     slug: string,
     isPreviewing: boolean = false
 ): Promise<string | undefined> => {
@@ -242,8 +241,7 @@ export const renderPost = async (
     )
 }
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
-export const renderFrontPage = async (knex: KnexReadWriteTransaction) => {
+export const renderFrontPage = async (knex: KnexReadonlyTransaction) => {
     const gdocHomepageId = await getHomepageId(knex)
 
     if (gdocHomepageId) {
@@ -260,8 +258,7 @@ export const renderFrontPage = async (knex: KnexReadWriteTransaction) => {
     }
 }
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
-export const renderDonatePage = async (knex: KnexReadWriteTransaction) => {
+export const renderDonatePage = async (knex: KnexReadonlyTransaction) => {
     const faqsGdoc = (await getAndLoadGdocById(
         knex,
         GDOCS_DONATE_FAQS_DOCUMENT_ID
@@ -301,10 +298,9 @@ export const renderDataInsightsIndexPage = (
     )
 }
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
 export const renderBlogByPageNum = async (
     pageNum: number,
-    knex: KnexReadWriteTransaction
+    knex: KnexReadonlyTransaction
 ) => {
     const allPosts = await getBlogIndex(knex)
 
@@ -330,13 +326,12 @@ export const renderSearchPage = () =>
 export const renderNotFoundPage = () =>
     renderToHtmlPage(<NotFoundPage baseUrl={BAKED_BASE_URL} />)
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
-export async function makeAtomFeed(knex: KnexReadWriteTransaction) {
+export async function makeAtomFeed(knex: KnexReadonlyTransaction) {
     const posts = (await getBlogIndex(knex)).slice(0, 10)
     return makeAtomFeedFromPosts({ posts })
 }
 
-export async function makeDataInsightsAtomFeed(knex: KnexReadWriteTransaction) {
+export async function makeDataInsightsAtomFeed(knex: KnexReadonlyTransaction) {
     const dataInsights = await getAndLoadPublishedDataInsightsPage(knex, 0)
     return makeAtomFeedFromDataInsights({
         dataInsights,
@@ -348,9 +343,7 @@ export async function makeDataInsightsAtomFeed(knex: KnexReadWriteTransaction) {
 // We don't want to include topic pages in the atom feed that is being consumed
 // by Mailchimp for sending the "immediate update" newsletter. Instead topic
 // pages announcements are sent out manually.
-
-// TODO: this transaction is only RW because somewhere inside it we fetch images
-export async function makeAtomFeedNoTopicPages(knex: KnexReadWriteTransaction) {
+export async function makeAtomFeedNoTopicPages(knex: KnexReadonlyTransaction) {
     const posts = (await getBlogIndex(knex))
         .filter((post: IndexPost) => post.type !== OwidGdocType.TopicPage)
         .slice(0, 10)
diff --git a/baker/sitemap.ts b/baker/sitemap.ts
index b4fc385da29..edc45c1cdcd 100644
--- a/baker/sitemap.ts
+++ b/baker/sitemap.ts
@@ -65,10 +65,9 @@ const explorerToSitemapUrl = (program: ExplorerProgram): SitemapUrl[] => {
     }
 }
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
 export const makeSitemap = async (
     explorerAdminServer: ExplorerAdminServer,
-    knex: db.KnexReadWriteTransaction
+    knex: db.KnexReadonlyTransaction
 ) => {
     const alreadyPublishedViaGdocsSlugsSet =
         await db.getSlugsWithPublishedGdocsSuccessors(knex)
diff --git a/baker/startDeployQueueServer.ts b/baker/startDeployQueueServer.ts
index 881bb261686..9ac3ebe606d 100644
--- a/baker/startDeployQueueServer.ts
+++ b/baker/startDeployQueueServer.ts
@@ -11,7 +11,7 @@ import * as db from "../db/db.js"
 import "../db/cleanup.js"
 
 const runDeployIfQueueIsNotEmpty = async () =>
-    await db.knexReadWriteTransaction(
+    await db.knexReadonlyTransaction(
         deployIfQueueIsNotEmpty,
         db.TransactionCloseMode.KeepOpen
     )
@@ -40,7 +40,6 @@ const main = async () => {
         setTimeout(runDeployIfQueueIsNotEmpty, 10 * 1000)
     })
 
-    // TODO: this transaction is only RW because somewhere inside it we fetch images
     void runDeployIfQueueIsNotEmpty()
 }
 
diff --git a/db/model/Gdoc/GdocAuthor.ts b/db/model/Gdoc/GdocAuthor.ts
index 8f7271c3c3f..d7955789593 100644
--- a/db/model/Gdoc/GdocAuthor.ts
+++ b/db/model/Gdoc/GdocAuthor.ts
@@ -153,9 +153,8 @@ export class GdocAuthor extends GdocBase implements OwidGdocAuthorInterface {
         return errors
     }
 
-    // TODO: this transaction is only RW because somewhere inside it we fetch images
     static async getPublishedAuthors(
-        knex: db.KnexReadWriteTransaction
+        knex: db.KnexReadonlyTransaction
     ): Promise<GdocAuthor[]> {
         return loadPublishedGdocAuthors(knex)
     }
diff --git a/db/model/Gdoc/GdocDataInsight.ts b/db/model/Gdoc/GdocDataInsight.ts
index 6a3987486c0..de2cfa435e2 100644
--- a/db/model/Gdoc/GdocDataInsight.ts
+++ b/db/model/Gdoc/GdocDataInsight.ts
@@ -61,9 +61,8 @@ export class GdocDataInsight
         this.imageMetadata = Object.assign(this.imageMetadata, imageMetadata)
     }
 
-    // TODO: this transaction is only RW because somewhere inside it we fetch images
     static async getPublishedDataInsights(
-        knex: db.KnexReadWriteTransaction,
+        knex: db.KnexReadonlyTransaction,
         page?: number
     ): Promise<GdocDataInsight[]> {
         return getAndLoadPublishedDataInsightsPage(knex, page)
diff --git a/db/model/Gdoc/GdocFactory.ts b/db/model/Gdoc/GdocFactory.ts
index 8ee2238864c..1ca76d3f0c6 100644
--- a/db/model/Gdoc/GdocFactory.ts
+++ b/db/model/Gdoc/GdocFactory.ts
@@ -276,9 +276,8 @@ export async function getPublishedGdocBaseObjectBySlug(
     return gdoc
 }
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
 export async function getAndLoadGdocBySlug(
-    knex: KnexReadWriteTransaction,
+    knex: KnexReadonlyTransaction,
     slug: string
 ): Promise<GdocPost | GdocDataInsight | GdocHomepage | GdocAbout | GdocAuthor> {
     const base = await getPublishedGdocBaseObjectBySlug(knex, slug, true)
@@ -290,9 +289,8 @@ export async function getAndLoadGdocBySlug(
     return loadGdocFromGdocBase(knex, base)
 }
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
 export async function getAndLoadGdocById(
-    knex: KnexReadWriteTransaction,
+    knex: KnexReadonlyTransaction,
     id: string,
     contentSource?: GdocsContentSource
 ): Promise<GdocPost | GdocDataInsight | GdocHomepage | GdocAbout | GdocAuthor> {
@@ -302,7 +300,6 @@ export async function getAndLoadGdocById(
     return loadGdocFromGdocBase(knex, base, contentSource)
 }
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
 export async function createOrLoadGdocById(
     trx: KnexReadWriteTransaction,
     id: string
@@ -318,10 +315,8 @@ export async function createOrLoadGdocById(
 
 // From an ID, get a Gdoc object with all its metadata and state loaded, in its correct subclass.
 // If contentSource is Gdocs, use live data from Google, otherwise use the data in the DB.
-
-// TODO: this transaction is only RW because somewhere inside it we fetch images
 export async function loadGdocFromGdocBase(
-    knex: KnexReadWriteTransaction,
+    knex: KnexReadonlyTransaction,
     base: OwidGdocBaseInterface,
     contentSource?: GdocsContentSource
 ): Promise<GdocPost | GdocDataInsight | GdocHomepage | GdocAbout | GdocAuthor> {
@@ -362,9 +357,8 @@ export async function loadGdocFromGdocBase(
     return gdoc
 }
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
 export async function getAndLoadPublishedDataInsights(
-    knex: KnexReadWriteTransaction,
+    knex: KnexReadonlyTransaction,
     options?: { limit: number; offset?: number }
 ): Promise<GdocDataInsight[]> {
     let query = knex<DbRawPostGdoc>(PostsGdocsTableName)
@@ -399,7 +393,7 @@ export async function getAndLoadPublishedDataInsights(
 }
 
 export async function getAndLoadPublishedDataInsightsPage(
-    knex: KnexReadWriteTransaction,
+    knex: KnexReadonlyTransaction,
     page?: number
 ): Promise<GdocDataInsight[]> {
     const options =
@@ -453,9 +447,8 @@ export async function getLatestDataInsights(
     }
 }
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
 export async function getAndLoadPublishedGdocPosts(
-    knex: KnexReadWriteTransaction
+    knex: KnexReadonlyTransaction
 ): Promise<GdocPost[]> {
     const rows = await getPublishedGdocPostsWithTags(knex)
     const gdocs = await Promise.all(
@@ -464,9 +457,8 @@ export async function getAndLoadPublishedGdocPosts(
     return gdocs as GdocPost[]
 }
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
 export async function loadPublishedGdocAuthors(
-    knex: KnexReadWriteTransaction
+    knex: KnexReadonlyTransaction
 ): Promise<GdocAuthor[]> {
     const rows = await knexRaw<DbRawPostGdoc>(
         knex,
@@ -491,9 +483,8 @@ export async function loadPublishedGdocAuthors(
     return gdocs as GdocAuthor[]
 }
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
 export async function getAndLoadListedGdocPosts(
-    knex: KnexReadWriteTransaction
+    knex: KnexReadonlyTransaction
 ): Promise<GdocPost[]> {
     // TODO: Check if we shouldn't also restrict the types of gdocs here
     const rows = await knexRaw<DbRawPostGdoc>(
diff --git a/db/model/Post.ts b/db/model/Post.ts
index 64f7c094850..ed4d62dca1f 100644
--- a/db/model/Post.ts
+++ b/db/model/Post.ts
@@ -282,9 +282,8 @@ export const getFullPost = async (
 const selectHomepagePosts: FilterFnPostRestApi = (post) =>
     post.meta?.owid_publication_context_meta_field?.homepage === true
 
-// TODO: this transaction is only RW because somewhere inside it we fetch images
 export const getBlogIndex = memoize(
-    async (knex: db.KnexReadWriteTransaction): Promise<IndexPost[]> => {
+    async (knex: db.KnexReadonlyTransaction): Promise<IndexPost[]> => {
         const gdocPosts = await getAndLoadListedGdocPosts(knex)
         const wpPosts = await Promise.all(
             await getPostsFromSnapshots(
diff --git a/devTools/markdownTest/markdown.ts b/devTools/markdownTest/markdown.ts
index 141ee0ebab1..4f694ff6d04 100644
--- a/devTools/markdownTest/markdown.ts
+++ b/devTools/markdownTest/markdown.ts
@@ -15,8 +15,7 @@ import { getAndLoadGdocBySlug } from "../../db/model/Gdoc/GdocFactory.js"
 
 async function main(parsedArgs: parseArgs.ParsedArgs) {
     try {
-        // TODO: this transaction is only RW because somewhere inside it we fetch images
-        await knexReadWriteTransaction(async (trx) => {
+        await knexReadonlyTransaction(async (trx) => {
             const gdoc = await getAndLoadGdocBySlug(trx, parsedArgs._[0])
             let archieMlContent: OwidEnrichedGdocBlock[] | null
             let contentToShowOnError: any

From e79247b3068ad24a4847481d4bbcd0d860e394f5 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Mon, 25 Nov 2024 14:36:29 -0500
Subject: [PATCH 12/40] =?UTF-8?q?=F0=9F=8E=89=20use=20public=20variant=20f?=
 =?UTF-8?q?or=20og:image?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 site/gdocs/OwidGdocPage.tsx | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/site/gdocs/OwidGdocPage.tsx b/site/gdocs/OwidGdocPage.tsx
index 8cb03506ba0..6968a789d20 100644
--- a/site/gdocs/OwidGdocPage.tsx
+++ b/site/gdocs/OwidGdocPage.tsx
@@ -17,10 +17,10 @@ import { match, P } from "ts-pattern"
 import {
     ARCHVED_THUMBNAIL_FILENAME,
     EnrichedBlockText,
-    IMAGES_DIRECTORY,
 } from "@ourworldindata/types"
 import { DATA_INSIGHT_ATOM_FEED_PROPS } from "../SiteConstants.js"
 import { Html } from "../Html.js"
+import { CLOUDFLARE_IMAGES_URL } from "../../settings/clientSettings.js"
 
 declare global {
     interface Window {
@@ -100,7 +100,8 @@ export default function OwidGdocPage({
     ) {
         imageUrl = `${baseUrl}/${ARCHVED_THUMBNAIL_FILENAME}`
     } else if (featuredImageFilename) {
-        imageUrl = `${baseUrl}${IMAGES_DIRECTORY}${featuredImageFilename}`
+        // A hard-coded variant that doesn't need to know the image's width
+        imageUrl = `${CLOUDFLARE_IMAGES_URL}/${featuredImageFilename}/public`
     }
 
     return (

From 38fc7b7eac5ac2502560e30db90d69c78796225e Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Mon, 25 Nov 2024 16:33:36 -0500
Subject: [PATCH 13/40] =?UTF-8?q?=E2=9C=A8=20image=20download=20button=20s?=
 =?UTF-8?q?tyles?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../components/src/styles/variables.scss      |  6 ++
 site/gdocs/components/Image.tsx               | 47 ++++++-----
 site/gdocs/components/centered-article.scss   | 83 +++++++++++++++++--
 3 files changed, 111 insertions(+), 25 deletions(-)

diff --git a/packages/@ourworldindata/components/src/styles/variables.scss b/packages/@ourworldindata/components/src/styles/variables.scss
index fca2dfbf854..e5a32d5b7be 100644
--- a/packages/@ourworldindata/components/src/styles/variables.scss
+++ b/packages/@ourworldindata/components/src/styles/variables.scss
@@ -142,6 +142,12 @@ $xxlg: 1536px;
     }
 }
 
+@mixin touch-device {
+    @media (hover: none) {
+        @content;
+    }
+}
+
 /*******************************************************************************
  * Z-index
  */
diff --git a/site/gdocs/components/Image.tsx b/site/gdocs/components/Image.tsx
index 70b76244200..4847c620383 100644
--- a/site/gdocs/components/Image.tsx
+++ b/site/gdocs/components/Image.tsx
@@ -13,6 +13,8 @@ import { useImage } from "../utils.js"
 import { BlockErrorFallback } from "./BlockErrorBoundary.js"
 import { SMALL_BREAKPOINT_MEDIA_QUERY } from "../../SiteConstants.js"
 import { useMediaQuery } from "usehooks-ts"
+import { FontAwesomeIcon } from "@fortawesome/react-fontawesome"
+import { faDownload } from "@fortawesome/free-solid-svg-icons"
 
 // generates rules that tell the browser:
 // below the medium breakpoint, the image will be 95vw wide
@@ -79,6 +81,7 @@ export default function Image(props: {
     } = props
 
     const className = cx(props.className, {
+        image: true,
         "image--has-outline": hasOutline,
     })
 
@@ -123,10 +126,8 @@ export default function Image(props: {
     }
 
     const alt = props.alt ?? image.defaultAlt
-    const maybeLightboxClassName =
-        containerType === "thumbnail" || !shouldLightbox
-            ? ""
-            : LIGHTBOX_IMAGE_CLASS
+    const isInteractive = containerType !== "thumbnail" && shouldLightbox
+    const maybeLightboxClassName = isInteractive ? LIGHTBOX_IMAGE_CLASS : ""
 
     // TODO: SVG?
 
@@ -145,8 +146,8 @@ export default function Image(props: {
     )
 
     return (
-        <>
-            <picture className={className}>
+        <div className={className}>
+            <picture>
                 {sourceProps.map((props, i) => (
                     <source
                         key={i}
@@ -169,18 +170,26 @@ export default function Image(props: {
                     height={image.originalHeight ?? undefined}
                 />
             </picture>
-            {
-                <button
-                    aria-label={`Download ${filename}`}
-                    className="article-block__image-download-button"
-                    onClick={(e) => {
-                        e.preventDefault()
-                        void handleDownload()
-                    }}
-                >
-                    Download this image
-                </button>
-            }
-        </>
+            {isInteractive && (
+                <div className="article-block__image-download-button-container">
+                    <button
+                        aria-label={`Download ${filename}`}
+                        className="article-block__image-download-button"
+                        onClick={(e) => {
+                            e.preventDefault()
+                            void handleDownload()
+                        }}
+                    >
+                        <FontAwesomeIcon
+                            icon={faDownload}
+                            className="article-block__image-download-button-icon"
+                        />
+                        <span className="article-block__image-download-button-text">
+                            Download image
+                        </span>
+                    </button>
+                </div>
+            )}
+        </div>
     )
 }
diff --git a/site/gdocs/components/centered-article.scss b/site/gdocs/components/centered-article.scss
index c848b2dc92a..85c32410125 100644
--- a/site/gdocs/components/centered-article.scss
+++ b/site/gdocs/components/centered-article.scss
@@ -335,10 +335,20 @@ h3.article-block__heading {
     width: 100%;
     margin: 32px 0;
 
-    & .image--has-outline {
+    .image {
+        position: relative;
+    }
+
+    & .image--has-outline picture {
         outline: 1px solid $gray-10;
     }
 
+    @include touch-device {
+        &:has(.article-block__image-download-button-container) {
+            margin-bottom: 16px;
+        }
+    }
+
     picture {
         // fixes strange extra height that is otherwise added to the element on firefox
         display: flex;
@@ -352,14 +362,75 @@ h3.article-block__heading {
         }
     }
 
+    &:hover {
+        .article-block__image-download-button-container {
+            opacity: 1;
+        }
+    }
+
+    .article-block__image-download-button-container {
+        backdrop-filter: blur(1px);
+        bottom: 16px;
+        right: 16px;
+        position: absolute;
+        overflow: hidden;
+        transition: opacity 0.3s ease;
+        opacity: 0;
+        &:has(.article-block__image-download-button:focus) {
+            opacity: 1;
+        }
+
+        @include touch-device {
+            position: initial;
+            margin-top: 16px;
+            opacity: 1;
+
+            .article-block__image-download-button {
+                transform: none;
+                background-color: $blue-20;
+                color: $blue-90;
+                width: 100%;
+                justify-content: center;
+                height: 40px;
+            }
+            .article-block__image-download-button-text {
+                opacity: 1;
+            }
+        }
+    }
+
     .article-block__image-download-button {
-        @include owid-link-90;
-        background-color: transparent;
+        background-color: scale-color($gray-70, $alpha: -25%);
+        display: flex;
+        align-items: center;
         cursor: pointer;
         border: none;
-        font-size: 14px;
-        padding: 0;
-        padding-top: 4px;
+        color: #fff;
+        height: 28px;
+        padding-left: 8px;
+        padding-right: 8px;
+        transform: translateX(calc(100% - 28px));
+        transition: transform 0.3s ease;
+
+        &:hover,
+        &:focus {
+            transform: translateX(0);
+            .article-block__image-download-button-text {
+                opacity: 1;
+            }
+        }
+    }
+    .article-block__image-download-button-icon {
+        width: 12px;
+        height: 12px;
+        margin-right: 4px;
+    }
+    .article-block__image-download-button-text {
+        @include label-2-medium;
+        display: inline-block;
+        line-height: 16px;
+        opacity: 0;
+        transition: opacity 0.3s ease;
     }
 }
 

From 81c0bd06ecd32076bc684622bd639f6fff42cfcb Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Tue, 26 Nov 2024 11:33:34 -0500
Subject: [PATCH 14/40] =?UTF-8?q?=F0=9F=90=9B=20fix=20background=20blur=20?=
 =?UTF-8?q?for=20image=20download=20button?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 baker/siteRenderers.tsx                     |  1 -
 site/gdocs/components/Image.tsx             | 16 +++----
 site/gdocs/components/centered-article.scss | 46 ++++++++++++---------
 3 files changed, 35 insertions(+), 28 deletions(-)

diff --git a/baker/siteRenderers.tsx b/baker/siteRenderers.tsx
index 163f7961a7a..de8bd8deaa4 100644
--- a/baker/siteRenderers.tsx
+++ b/baker/siteRenderers.tsx
@@ -61,7 +61,6 @@ import { CountryProfileSpec } from "../site/countryProfileProjects.js"
 import { formatPost } from "./formatWordpressPost.js"
 import {
     knexRaw,
-    KnexReadWriteTransaction,
     KnexReadonlyTransaction,
     getHomepageId,
     getFlatTagGraph,
diff --git a/site/gdocs/components/Image.tsx b/site/gdocs/components/Image.tsx
index 4847c620383..e4728b6d228 100644
--- a/site/gdocs/components/Image.tsx
+++ b/site/gdocs/components/Image.tsx
@@ -180,13 +180,15 @@ export default function Image(props: {
                             void handleDownload()
                         }}
                     >
-                        <FontAwesomeIcon
-                            icon={faDownload}
-                            className="article-block__image-download-button-icon"
-                        />
-                        <span className="article-block__image-download-button-text">
-                            Download image
-                        </span>
+                        <div className="article-block__image-download-button-background-layer">
+                            <FontAwesomeIcon
+                                icon={faDownload}
+                                className="article-block__image-download-button-icon"
+                            />
+                            <span className="article-block__image-download-button-text">
+                                Download image
+                            </span>
+                        </div>
                     </button>
                 </div>
             )}
diff --git a/site/gdocs/components/centered-article.scss b/site/gdocs/components/centered-article.scss
index 85c32410125..bb1b19a8fc2 100644
--- a/site/gdocs/components/centered-article.scss
+++ b/site/gdocs/components/centered-article.scss
@@ -363,35 +363,32 @@ h3.article-block__heading {
     }
 
     &:hover {
-        .article-block__image-download-button-container {
+        .article-block__image-download-button {
             opacity: 1;
         }
     }
 
     .article-block__image-download-button-container {
-        backdrop-filter: blur(1px);
         bottom: 16px;
         right: 16px;
         position: absolute;
         overflow: hidden;
-        transition: opacity 0.3s ease;
-        opacity: 0;
-        &:has(.article-block__image-download-button:focus) {
-            opacity: 1;
-        }
 
         @include touch-device {
             position: initial;
             margin-top: 16px;
-            opacity: 1;
 
             .article-block__image-download-button {
+                opacity: 1;
                 transform: none;
-                background-color: $blue-20;
-                color: $blue-90;
                 width: 100%;
+            }
+            .article-block__image-download-button-background-layer {
+                display: flex;
                 justify-content: center;
                 height: 40px;
+                color: $blue-90;
+                background-color: $blue-20;
             }
             .article-block__image-download-button-text {
                 opacity: 1;
@@ -400,26 +397,35 @@ h3.article-block__heading {
     }
 
     .article-block__image-download-button {
-        background-color: scale-color($gray-70, $alpha: -25%);
-        display: flex;
-        align-items: center;
-        cursor: pointer;
-        border: none;
-        color: #fff;
-        height: 28px;
-        padding-left: 8px;
-        padding-right: 8px;
+        background: transparent;
         transform: translateX(calc(100% - 28px));
-        transition: transform 0.3s ease;
+        transition: 0.3s ease;
+        backdrop-filter: blur(1px);
+        padding: 0;
+        opacity: 0;
 
         &:hover,
         &:focus {
             transform: translateX(0);
+            opacity: 1;
             .article-block__image-download-button-text {
                 opacity: 1;
             }
         }
     }
+
+    .article-block__image-download-button-background-layer {
+        background-color: scale-color($gray-70, $alpha: -25%);
+        display: flex;
+        align-items: center;
+        cursor: pointer;
+        border: none;
+        color: #fff;
+        height: 28px;
+        padding-left: 8px;
+        padding-right: 8px;
+    }
+
     .article-block__image-download-button-icon {
         width: 12px;
         height: 12px;

From c397afc11da73972a7a385db2a94a816c5b8cbf0 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Tue, 26 Nov 2024 15:19:43 -0500
Subject: [PATCH 15/40] =?UTF-8?q?=F0=9F=94=A8=20remove=20unused=20image=20?=
 =?UTF-8?q?worker?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 functions/images/[[slug]].ts | 61 ------------------------------------
 1 file changed, 61 deletions(-)
 delete mode 100644 functions/images/[[slug]].ts

diff --git a/functions/images/[[slug]].ts b/functions/images/[[slug]].ts
deleted file mode 100644
index 141e5d73260..00000000000
--- a/functions/images/[[slug]].ts
+++ /dev/null
@@ -1,61 +0,0 @@
-// Double brackets around this filename allows us to match /:id/w=:width
-import { Env, Etag } from "../_common/env.js"
-import { IRequestStrict, Router, StatusError, error } from "itty-router"
-
-const router = Router<
-    IRequestStrict,
-    [URL, Env, Etag, EventContext<unknown, any, Record<string, unknown>>]
->()
-
-router
-    .get(`/images/:id/w=:width`, async ({ params: { id, width } }, _, env) => {
-        const sourceUrl = `${env.CLOUDFLARE_IMAGES_URL}/${id}/w=${width}`
-        const image = await fetch(sourceUrl, {
-            headers: {
-                Authorization: `Bearer ${env.CLOUDFLARE_IMAGES_API_KEY}`,
-                // Based on my experiments, as long as width is the source image's width, CF won't change the format.
-                // e.g. if example.png is 1000px wide and we request example.png/w=1000, we'll get a PNG.
-                // If we ask for a different size, we might get a JPEG (but not a WebP or AVIF.)
-                Accept: "image/png, image/jpeg, image/svg+xml",
-            },
-        })
-        const buffer = await image.arrayBuffer()
-
-        const maxAge = 60 * 60 * 24 // 1 day
-
-        const response = new Response(buffer, {
-            status: image.status,
-            headers: new Headers({
-                "Content-Type": image.headers.get("Content-Type"),
-                "Content-Length": image.headers.get("Content-Length"),
-                "Cache-Control": `public, max-age=${maxAge}`,
-                "Access-Control-Allow-Origin": "*",
-            }),
-        })
-
-        return response
-    })
-    .all("*", () => error(404, "Route not defined"))
-
-export const onRequest: PagesFunction<Env> = async (context) => {
-    const { request, env } = context
-    const url = new URL(request.url)
-
-    return router
-        .fetch(
-            request,
-            url,
-            { ...env, url },
-            request.headers.get("if-none-match"),
-            context
-        )
-        .catch(async (e) => {
-            console.log("Handling error", e)
-            if (e instanceof StatusError && e.status === 404) {
-                console.log("Handling 404 for", url.pathname)
-                return error(404, "Not found")
-            } else if (e instanceof StatusError) {
-                return error(e.status, e.message)
-            } else return error(500, e)
-        })
-}

From d1f5bee8966fe62d9c9bb594c3ec885e5e130a31 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Tue, 26 Nov 2024 15:55:29 -0500
Subject: [PATCH 16/40] =?UTF-8?q?=E2=9C=A8=20improve=20lightbox=20with=20c?=
 =?UTF-8?q?loudflare=20images?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 site/Lightbox.tsx | 38 +++++++++++++++++++++++++++++++++-----
 1 file changed, 33 insertions(+), 5 deletions(-)

diff --git a/site/Lightbox.tsx b/site/Lightbox.tsx
index 0fbcab71235..fb90d4a6552 100644
--- a/site/Lightbox.tsx
+++ b/site/Lightbox.tsx
@@ -12,6 +12,7 @@ import React, { useCallback, useRef, useState } from "react"
 import ReactDOM from "react-dom"
 import { TransformComponent, TransformWrapper } from "react-zoom-pan-pinch"
 import { useTriggerOnEscape } from "./hooks.js"
+import { triggerDownloadFromBlob } from "@ourworldindata/utils"
 
 export const LIGHTBOX_IMAGE_CLASS = "lightbox-image"
 
@@ -36,14 +37,30 @@ function getActiveSourceImgUrl(img: HTMLImageElement): string | undefined {
     return undefined
 }
 
+// Cloudflare Images URLs end in w=1000, so we need to extract the filename from the URL
+// e.g. https://imagedelivery.net/owid-id/the-filename.png/w=1000 -> the-filename.png
+function getFilenameFromCloudflareUrl(url: string | undefined) {
+    if (!url) return undefined
+    const regex = /\/([^\/]+)\/w=/
+    const match = url.match(regex)
+    if (match) {
+        return match[1]
+    }
+    return undefined
+}
+
 const Lightbox = ({
     children,
     containerNode,
     imgSrc,
+    imgFilename,
 }: {
     children: any
     containerNode: Element | null
     imgSrc: string
+    // With CF Images, the filename is not the last part of the URL
+    // so we need to pass it separately
+    imgFilename?: string
 }) => {
     const [isLoaded, setIsLoaded] = useState(false)
     const contentRef = useRef<HTMLDivElement>(null)
@@ -54,6 +71,13 @@ const Lightbox = ({
         }
     }, [containerNode])
 
+    const handleDownload = useCallback(async () => {
+        const response = await fetch(imgSrc)
+        const blob = await response.blob()
+        const filename = imgFilename || imgSrc.split("/").pop() || "image"
+        triggerDownloadFromBlob(filename, blob)
+    }, [imgFilename, imgSrc])
+
     useTriggerOnEscape(close)
 
     return (
@@ -98,13 +122,12 @@ const Lightbox = ({
                                     >
                                         <FontAwesomeIcon icon={faCompress} />
                                     </button>
-                                    <a
-                                        href={imgSrc}
-                                        download={imgSrc.split("/").pop()}
+                                    <button
+                                        onClick={handleDownload}
                                         aria-label="Download high resolution image"
                                     >
                                         <FontAwesomeIcon icon={faDownload} />
-                                    </a>
+                                    </button>
                                 </>
                             )}
                             <button
@@ -170,6 +193,7 @@ export const runLightbox = () => {
             const highResSrc = img.getAttribute("data-high-res-src")
             // If the image is a Gdoc Image with a smallFilename, get the source that is currently active
             const activeSourceImgUrl = getActiveSourceImgUrl(img)
+            const imgFilename = getFilenameFromCloudflareUrl(activeSourceImgUrl)
             const imgSrc = highResSrc
                 ? // getAttribute doesn't automatically URI encode values, img.src does
                   encodeURI(highResSrc)
@@ -180,7 +204,11 @@ export const runLightbox = () => {
             const imgAlt = img.alt
             if (imgSrc) {
                 ReactDOM.render(
-                    <Lightbox imgSrc={imgSrc} containerNode={lightboxContainer}>
+                    <Lightbox
+                        imgSrc={imgSrc}
+                        imgFilename={imgFilename}
+                        containerNode={lightboxContainer}
+                    >
                         {(isLoaded: boolean, setIsLoaded: any) => (
                             <Image
                                 src={imgSrc}

From 1d22dc1a2ca5c0048c5fcda570d0700b706287a2 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Tue, 26 Nov 2024 16:11:04 -0500
Subject: [PATCH 17/40] =?UTF-8?q?=F0=9F=90=9B=20fix=20smallFilename=20sour?=
 =?UTF-8?q?ce=20with=20cloudflare=20images?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 packages/@ourworldindata/utils/src/image.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/@ourworldindata/utils/src/image.ts b/packages/@ourworldindata/utils/src/image.ts
index 09234afb050..326cbca456e 100644
--- a/packages/@ourworldindata/utils/src/image.ts
+++ b/packages/@ourworldindata/utils/src/image.ts
@@ -101,7 +101,7 @@ export function generateSourceProps(
         const smallSizes = getSizes(smallImage.originalWidth)
         props.push({
             media: "(max-width: 768px)",
-            srcSet: generateSrcSet(smallSizes, encodedSmallId),
+            srcSet: generateSrcSet(smallSizes, encodedSmallId, absoluteUrl),
         })
     }
     if (regularImage && regularImage.cloudflareId) {

From 892d6068f44e58b25ac3ac1e2039aa1b5b2e940c Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Tue, 26 Nov 2024 17:22:15 -0500
Subject: [PATCH 18/40] =?UTF-8?q?=E2=9C=A8=20CF=20images=20API=20enhanceme?=
 =?UTF-8?q?nts?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adminSiteClient/ImagesIndexPage.tsx           | 39 +++++-----
 adminSiteServer/apiRouter.ts                  | 71 +++++++------------
 .../types/src/dbTypes/Images.ts               |  1 +
 3 files changed, 46 insertions(+), 65 deletions(-)

diff --git a/adminSiteClient/ImagesIndexPage.tsx b/adminSiteClient/ImagesIndexPage.tsx
index dd07ba357e6..2a9c2b58058 100644
--- a/adminSiteClient/ImagesIndexPage.tsx
+++ b/adminSiteClient/ImagesIndexPage.tsx
@@ -24,7 +24,7 @@ type ImageEditorApi = {
         patch: Partial<DbEnrichedImage>
     ) => void
     deleteImage: (image: DbEnrichedImage) => void
-    getImages: () => Promise<DbEnrichedImage[]>
+    getImages: () => void
 }
 
 function AltTextEditor({
@@ -164,7 +164,7 @@ function ImageUploadButton({
     setImages,
     admin,
 }: {
-    setImages: (images: DbEnrichedImage[]) => void
+    setImages: React.Dispatch<React.SetStateAction<DbEnrichedImage[]>>
     admin: Admin
 }) {
     function uploadImage({ file }: { file: string | Blob | RcFile }) {
@@ -180,13 +180,12 @@ function ImageUploadButton({
                 type: file.type,
             }
 
-            const response = await admin.requestJSON(
-                "/api/image",
-                payload,
-                "POST"
-            )
+            const { image } = await admin.requestJSON<{
+                sucess: true
+                image: DbEnrichedImage
+            }>("/api/image", payload, "POST")
 
-            setImages(response.images)
+            setImages((images) => [image, ...images])
         }
         reader.readAsDataURL(file)
     }
@@ -206,25 +205,23 @@ export function ImageIndexPage() {
     const api = useMemo(
         (): ImageEditorApi => ({
             deleteImage: async (image) => {
-                const response = await admin.requestJSON(
-                    `/api/images/${image.id}`,
-                    {},
-                    "DELETE"
-                )
-                setImages(response.images)
+                await admin.requestJSON(`/api/images/${image.id}`, {}, "DELETE")
+                setImages((images) => images.filter((i) => i.id !== image.id))
             },
             getImages: async () => {
-                const json = await admin.getJSON("/api/images.json")
+                const json = await admin.getJSON<{
+                    images: DbEnrichedImage[]
+                }>("/api/images.json")
                 setImages(json.images)
-                return json.images
             },
             patchImage: async (image, patch) => {
-                const response = await admin.requestJSON(
-                    `/api/images/${image.id}`,
-                    patch,
-                    "PATCH"
+                const response = await admin.requestJSON<{
+                    success: true
+                    image: DbEnrichedImage
+                }>(`/api/images/${image.id}`, patch, "PATCH")
+                setImages((images) =>
+                    images.map((i) => (i.id === image.id ? response.image : i))
                 )
-                setImages(response.images)
             },
         }),
         [admin]
diff --git a/adminSiteServer/apiRouter.ts b/adminSiteServer/apiRouter.ts
index ffeae29ac9a..0aeeb56dd8d 100644
--- a/adminSiteServer/apiRouter.ts
+++ b/adminSiteServer/apiRouter.ts
@@ -3145,43 +3145,35 @@ postRouteWithRWTransaction(apiRouter, "/image", async (req, res, trx) => {
         }
     }
 
-    await db.knexRaw(
-        trx,
-        `-- sql
-        INSERT INTO images
-            (filename, originalWidth, originalHeight, cloudflareId, defaultAlt, googleId, updatedAt)
-        VALUES
-            (?, ?, ?, ?, ?, ?, ?)`,
-        [
-            filename,
-            dimensions.width,
-            dimensions.height,
-            cloudflareId,
-            // TODO: make defaultAlt nullable
-            "Default alt text",
-            // TODO: drop googleId
-            String(Math.random()).slice(2),
-            new Date().getTime(),
-        ]
-    )
+    await trx<DbEnrichedImage>("images").insert({
+        filename,
+        originalWidth: dimensions.width,
+        originalHeight: dimensions.height,
+        cloudflareId,
+        // TODO: make defaultAlt nullable
+        defaultAlt: "Default alt text",
+        // TODO: drop googleId
+        googleId: String(Math.random()).slice(2),
+        updatedAt: new Date().getTime(),
+    })
 
-    const images = await db.getCloudflareImages(trx)
+    const image = await trx<DbEnrichedImage>("images")
+        .where("cloudflareId", "=", cloudflareId)
+        .first()
 
     return {
         success: true,
-        images,
+        image,
     }
 })
 
 // Update alt text via patch
 patchRouteWithRWTransaction(apiRouter, "/images/:id", async (req, res, trx) => {
     const { id } = req.params
-    const image = await db.knexRawFirst<DbEnrichedImage>(
-        trx,
-        `-- sql
-        SELECT * FROM images WHERE id = ?`,
-        [id]
-    )
+
+    const image = await trx<DbEnrichedImage>("images")
+        .where("id", "=", id)
+        .first()
 
     if (!image) {
         throw new JsonError(`No image found for id ${id}`, 404)
@@ -3196,11 +3188,13 @@ patchRouteWithRWTransaction(apiRouter, "/images/:id", async (req, res, trx) => {
 
     await trx("images").where({ id }).update(patch)
 
-    const images = await db.getCloudflareImages(trx)
+    const updated = await trx<DbEnrichedImage>("images")
+        .where("id", "=", id)
+        .first()
 
     return {
         success: true,
-        images,
+        image: updated,
     }
 })
 
@@ -3210,12 +3204,9 @@ deleteRouteWithRWTransaction(
     async (req, res, trx) => {
         const { id } = req.params
 
-        const image = await db.knexRawFirst<{ cloudflareId: string }>(
-            trx,
-            `-- sql
-        SELECT cloudflareId FROM images WHERE id = ?`,
-            [id]
-        )
+        const image = await trx<DbEnrichedImage>("images")
+            .where("id", "=", id)
+            .first()
 
         if (!image) {
             throw new JsonError(`No image found for id ${id}`, 404)
@@ -3239,18 +3230,10 @@ deleteRouteWithRWTransaction(
             throw new JsonError(JSON.stringify(response.errors))
         }
 
-        await db.knexRaw(
-            trx,
-            `-- sql
-        DELETE FROM images WHERE id = ?`,
-            [id]
-        )
-
-        const images = await db.getCloudflareImages(trx)
+        await trx("images").where({ id }).delete()
 
         return {
             success: true,
-            images,
         }
     }
 )
diff --git a/packages/@ourworldindata/types/src/dbTypes/Images.ts b/packages/@ourworldindata/types/src/dbTypes/Images.ts
index 15154d100a1..702415b33d6 100644
--- a/packages/@ourworldindata/types/src/dbTypes/Images.ts
+++ b/packages/@ourworldindata/types/src/dbTypes/Images.ts
@@ -1,5 +1,6 @@
 export const ImagesTableName = "images"
 export interface DbInsertImage {
+    googleId: string
     defaultAlt: string
     filename: string
     id?: number

From 66d146296df63dcf69d056fec444c89e282d0375 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Tue, 26 Nov 2024 17:35:50 -0500
Subject: [PATCH 19/40] =?UTF-8?q?=F0=9F=90=9B=20CF=20images=20svg=20suppor?=
 =?UTF-8?q?t?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 site/Lightbox.tsx               | 39 ++++++++++++++++++++++++++++++---
 site/css/lightbox.scss          |  4 ++--
 site/gdocs/components/Image.tsx |  2 --
 3 files changed, 38 insertions(+), 7 deletions(-)

diff --git a/site/Lightbox.tsx b/site/Lightbox.tsx
index fb90d4a6552..207203f6ee8 100644
--- a/site/Lightbox.tsx
+++ b/site/Lightbox.tsx
@@ -145,20 +145,26 @@ const Lightbox = ({
     )
 }
 
-const Image = ({
+const LightboxImage = ({
     src,
     alt,
     isLoaded,
     setIsLoaded,
+    width,
+    height,
 }: {
     src: string
     alt: string
     isLoaded: boolean
     setIsLoaded: any
+    width: number
+    height: number
 }) => {
     return (
         <>
             <img
+                width={width}
+                height={height}
                 onLoad={() => {
                     setIsLoaded(true)
                 }}
@@ -173,6 +179,24 @@ const Image = ({
     )
 }
 
+const getImageDimensions = (url: string) => {
+    return new Promise<{ width: number; height: number } | undefined>(
+        (resolve, reject) => {
+            const img = new Image()
+
+            img.onload = () => {
+                resolve({
+                    width: img.naturalWidth,
+                    height: img.naturalHeight,
+                })
+            }
+
+            img.onerror = reject
+            img.src = url
+        }
+    )
+}
+
 export const runLightbox = () => {
     let lightboxContainer = document.querySelector(".lightbox")
     if (!lightboxContainer) {
@@ -188,12 +212,13 @@ export const runLightbox = () => {
         if (img.closest("[data-no-lightbox]")) return
 
         img.classList.add("lightbox-enabled")
-        img.addEventListener("click", () => {
+        img.addEventListener("click", async () => {
             // An attribute placed by our WP image formatter: the URL of the original image without any WxH suffix
             const highResSrc = img.getAttribute("data-high-res-src")
             // If the image is a Gdoc Image with a smallFilename, get the source that is currently active
             const activeSourceImgUrl = getActiveSourceImgUrl(img)
             const imgFilename = getFilenameFromCloudflareUrl(activeSourceImgUrl)
+
             const imgSrc = highResSrc
                 ? // getAttribute doesn't automatically URI encode values, img.src does
                   encodeURI(highResSrc)
@@ -201,6 +226,12 @@ export const runLightbox = () => {
                   ? activeSourceImgUrl
                   : img.src
 
+            // load image in advance and get naturalHeight and naturalWidth
+            // if the image doesn't load, use the dimensions of the img element
+            const dimensions = await getImageDimensions(imgSrc)
+            const width = dimensions?.width || img.width
+            const height = dimensions?.height || img.height
+
             const imgAlt = img.alt
             if (imgSrc) {
                 ReactDOM.render(
@@ -210,7 +241,9 @@ export const runLightbox = () => {
                         containerNode={lightboxContainer}
                     >
                         {(isLoaded: boolean, setIsLoaded: any) => (
-                            <Image
+                            <LightboxImage
+                                width={width}
+                                height={height}
                                 src={imgSrc}
                                 alt={imgAlt}
                                 isLoaded={isLoaded}
diff --git a/site/css/lightbox.scss b/site/css/lightbox.scss
index 78fc1f0c4a6..8a3e84ef0cc 100644
--- a/site/css/lightbox.scss
+++ b/site/css/lightbox.scss
@@ -33,9 +33,9 @@
 
     .react-transform-component {
         display: block; // prevent stretching large images on Safari
-        & > * {
+        img {
+            object-fit: contain;
             max-height: 100vh; // prevent tall images from overflowing
-            background: white;
         }
     }
 
diff --git a/site/gdocs/components/Image.tsx b/site/gdocs/components/Image.tsx
index e4728b6d228..4ae5ccaee08 100644
--- a/site/gdocs/components/Image.tsx
+++ b/site/gdocs/components/Image.tsx
@@ -129,8 +129,6 @@ export default function Image(props: {
     const isInteractive = containerType !== "thumbnail" && shouldLightbox
     const maybeLightboxClassName = isInteractive ? LIGHTBOX_IMAGE_CLASS : ""
 
-    // TODO: SVG?
-
     function makeSrc(image: ImageMetadata) {
         if (!image.cloudflareId) {
             throw new Error("Image has no cloudflareId")

From d81330c962b319b8c135084561b1300a97a08269 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Tue, 26 Nov 2024 18:34:47 -0500
Subject: [PATCH 20/40] =?UTF-8?q?=E2=9C=A8=20CF=20images=20for=20tombstone?=
 =?UTF-8?q?s?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adminSiteClient/GdocsMoreMenu.tsx | 2 +-
 adminSiteServer/apiRouter.ts      | 9 ++++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/adminSiteClient/GdocsMoreMenu.tsx b/adminSiteClient/GdocsMoreMenu.tsx
index 1a78dff16b2..c1557ca68ad 100644
--- a/adminSiteClient/GdocsMoreMenu.tsx
+++ b/adminSiteClient/GdocsMoreMenu.tsx
@@ -303,7 +303,7 @@ function DeleteModal({
                                     <Form.Item
                                         name="relatedLinkThumbnail"
                                         label="Thumbnail file name"
-                                        extra="The image must be already in Google Drive."
+                                        extra="The image must be already be uploaded in the admin."
                                     >
                                         <Input type="text" />
                                     </Form.Item>
diff --git a/adminSiteServer/apiRouter.ts b/adminSiteServer/apiRouter.ts
index 0aeeb56dd8d..8c096d701e2 100644
--- a/adminSiteServer/apiRouter.ts
+++ b/adminSiteServer/apiRouter.ts
@@ -3021,7 +3021,14 @@ deleteRouteWithRWTransaction(apiRouter, "/gdocs/:id", async (req, res, trx) => {
         await validateTombstoneRelatedLinkUrl(trx, tombstone.relatedLinkUrl)
         const slug = gdocSlug.replace("/", "")
         const { relatedLinkThumbnail } = tombstone
-        // TODO: validate relatedLinkThumbnail?
+        if (relatedLinkThumbnail) {
+            const images = await db.getCloudflareImages(trx)
+            if (!images.find((i) => i.filename === relatedLinkThumbnail)) {
+                throw new JsonError(
+                    `Image "${relatedLinkThumbnail}" doesn't exist in the database`
+                )
+            }
+        }
         await trx
             .table("posts_gdocs_tombstones")
             .insert({ ...tombstone, gdocId: id, slug })

From 17bc272bab525759ede6aafac4c791c55d78a5c9 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Tue, 26 Nov 2024 18:47:34 -0500
Subject: [PATCH 21/40] =?UTF-8?q?=E2=9C=A8=20update=20docs=20/=20remove=20?=
 =?UTF-8?q?references=20to=20old=20gdrive=20images=20flow?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 db/model/Gdoc/GdocBase.ts                     |  2 +-
 ops/buildkite/deploy-content                  |  2 -
 .../types/src/gdocTypes/Image.ts              | 12 -----
 packages/@ourworldindata/types/src/index.ts   |  2 +-
 site/README.md                                | 54 ++-----------------
 5 files changed, 6 insertions(+), 66 deletions(-)

diff --git a/db/model/Gdoc/GdocBase.ts b/db/model/Gdoc/GdocBase.ts
index 00666aef159..df1b60d25ed 100644
--- a/db/model/Gdoc/GdocBase.ts
+++ b/db/model/Gdoc/GdocBase.ts
@@ -668,7 +668,7 @@ export class GdocBase implements OwidGdocBaseInterface {
     }
 
     /**
-     * Load image metadata from the database. Does not check Google Drive or sync to S3
+     * Load image metadata from the database.
      */
     async loadImageMetadataFromDB(
         knex: db.KnexReadonlyTransaction,
diff --git a/ops/buildkite/deploy-content b/ops/buildkite/deploy-content
index cff504d6110..405a9f810d1 100755
--- a/ops/buildkite/deploy-content
+++ b/ops/buildkite/deploy-content
@@ -75,8 +75,6 @@ sync_to_r2_aws() {
 sync_baked_data_to_r2() {
     echo '--- Sync baked data to R2'
     # Cloudflare Pages has limit of 20000 files
-    # NOTE: There's also images/published, which are the gdocs images synced from GDrive.
-    #   There's currently a small-enough amount of them, but we need to sync them to R2 or Cloudflare Images at some point.
     # NOTE: aws is about 3x faster than rclone
     sync_to_r2_aws grapher/exports  # 9203 files
     sync_to_r2_aws exports  # 3314 files
diff --git a/packages/@ourworldindata/types/src/gdocTypes/Image.ts b/packages/@ourworldindata/types/src/gdocTypes/Image.ts
index 67296474477..12f4ba3e015 100644
--- a/packages/@ourworldindata/types/src/gdocTypes/Image.ts
+++ b/packages/@ourworldindata/types/src/gdocTypes/Image.ts
@@ -1,17 +1,5 @@
 import { DbEnrichedImage } from "../dbTypes/Images.js"
 
-// This is the JSON we get from Google's API before remapping the keys to be consistent with the rest of our interfaces
-export interface GDriveImageMetadata {
-    name: string // -> filename
-    modifiedTime: string // -> updatedAt e.g. "2023-01-11T19:45:27.000Z"
-    id: string // -> googleId e.g. "1dfArzg3JrAJupVl4YyJpb2FOnBn4irPX"
-    description?: string // -> defaultAlt
-    imageMediaMetadata?: {
-        width?: number // -> originalWidth
-        height?: number // -> originalHeight
-    }
-}
-
 // All the data we use in the client to render images
 // everything except the ID, effectively
 export type ImageMetadata = Pick<
diff --git a/packages/@ourworldindata/types/src/index.ts b/packages/@ourworldindata/types/src/index.ts
index 35934ae8bd2..5bbe97d8fa5 100644
--- a/packages/@ourworldindata/types/src/index.ts
+++ b/packages/@ourworldindata/types/src/index.ts
@@ -359,7 +359,7 @@ export {
     type UnformattedSpan,
 } from "./gdocTypes/Spans.js"
 
-export type { GDriveImageMetadata, ImageMetadata } from "./gdocTypes/Image.js"
+export type { ImageMetadata } from "./gdocTypes/Image.js"
 export {
     ALL_CHARTS_ID,
     LICENSE_ID,
diff --git a/site/README.md b/site/README.md
index 7e33171c831..d6bd0122d15 100644
--- a/site/README.md
+++ b/site/README.md
@@ -22,11 +22,9 @@ A Google Doc can be written and registered via the `/admin/gdocs` view in the ad
 
 This content is only updated in an environment's database when someone presses "publish" from the Google Doc preview (`/admin/gdocs/google_doc_id/preview`)
 
-## Images in Google Docs
+## Images
 
-To match Google Docs' "one document, many environments" paradigm, the source of images for all environments is a Shared Drive. An image is referenced, in Archie, via filename, which we use to find the entity via Google Drive's API.
-
-e.g.
+Image blocks can be added to gdocs via the follow archie syntax:
 
 ```
 {.image}
@@ -34,53 +32,9 @@ filename: my_image.png
 {}
 ```
 
-This means that the filenames of images uploaded to the Shared Drive **must be unique**.
-
-We chose to do it this way instead of via Google Drive File ID because it's easier to read and sanity check. We also considered inline images, but Google Docs doesn't support inline SVGs and downsizes images wider than 1600px.
-
-We mirror these images to Cloudflare's R2 to allow environments to have some amount of independence from one another. For OWID developers, the env variables needed for this functionality are stored in our password manager.
-
-It is recommended to use a unique folder in R2 for each environment. By convention, `dev-$NAME` for your local development server (when you run `make create-if-missing.env.full` for the first time, this will be generated based on your unix `$USER` variable by default), and one for your staging server too (e.g. `neurath`).
-
-### Baking images
-
-During the baking process (`bakeDriveImages`) we:
-
-1. Find the filenames of all the images that are currently referenced in published Google documents (the `posts_gdocs_x_images` table stores this data)
-2. See if we've already uploaded them to R2 (by checking the `images` table, which is only updated after we've successfully mirrored the image to R2)
-3. Mirror them to R2 if not
-4. Pull all the images from R2
-5. Create optimized WEBP versions of each image at multiple resolutions
-6. Save them, and the original file, into the assets folder
-
-### Previewing images
-
-The preview flow is slightly different. If a document with an image in it is previewed, we also fetch the image from the Shared Drive and upload it to R2, but we don't do the resizing - we just display the source image via R2's CDN. This logic is all contained in the [Image component](gdocs/Image.tsx).
+where `my_image.png` is an image that has been uploaded via the `/admin/images` view in the admin client, and thus exists in Cloudflare Images.
 
-### Gotchas
-
-#### Updating images
-
-If an image has changed since we last uploaded it to R2 (e.g. a new version has been uploaded, or its description has changed) we'll re-upload the file to R2. This happens even if you're only previewing a document that references the image, regardless of whether or not you re-publish it.
-
-This means that any other documents that reference the image will use the updated version during the next bake, even if they haven't been republished. This seemed preferable to tracking version state and having to manually update every article whenever you update an image.
-
-#### Refreshing a database
-
-If you are refreshing your environment's database by importing a database dump from prod, the prod `images` table may make claims about the existence of files in your environment's S3 folder that aren't true, which will lead to 403 errors when trying to bake.
-
-In this project's root Makefile, we have a make command (`make sync-images`) that runs `rclone sync` from prod to your environment to solve this problem. Make sure your `~/.config/rclone/rclone.conf` is configured correctly and contains
-
-```
-[owid-r2]
-type = s3
-provider = Cloudflare
-env_auth = true
-access_key_id = xxx
-secret_access_key = xxx
-region = auto
-endpoint = https://078fcdfed9955087315dd86792e71a7e.r2.cloudflarestorage.com
-```
+We store information about the image's dimensions and alt text in the database, which is shared via React content to any component that needs to render them. See `Image.tsx` for the (many) implementation details.
 
 ## Data Catalog
 

From 6e968cf348630ae4c7376953d878cb7d67cc23d1 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Tue, 26 Nov 2024 18:52:10 -0500
Subject: [PATCH 22/40] =?UTF-8?q?=E2=9C=A8=20update=20Makefile=20for=20clo?=
 =?UTF-8?q?udflare=20images?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Makefile | 18 ++++--------------
 1 file changed, 4 insertions(+), 14 deletions(-)

diff --git a/Makefile b/Makefile
index 0d07326addf..7fb2ee62a53 100644
--- a/Makefile
+++ b/Makefile
@@ -27,7 +27,7 @@ help:
 	@echo '  make down                   stop any services still running'
 	@echo '  make refresh                (while up) download a new grapher snapshot and update MySQL'
 	@echo '  make refresh.pageviews      (while up) download and load pageviews from the private datasette instance'
-	@echo '  make refresh.full           (while up) run refresh and refresh.pageviews and sync images from R2'
+	@echo '  make refresh.full           (while up) run refresh and refresh.pageviews'
 	@echo '  make migrate                (while up) run any outstanding db migrations'
 	@echo '  make test                   run full suite (except db tests) of CI checks including unit tests'
 	@echo '  make dbtest                 run db test suite that needs a running mysql db'
@@ -36,10 +36,10 @@ help:
 	@echo
 	@echo '  GRAPHER + CLOUDFLARE (staff-only)'
 	@echo '  make up.full                start dev environment via docker-compose and tmux'
-	@echo '  make sync-images            sync all images from the remote master'
 	@echo '  make update.chart-entities  update the charts_x_entities join table'
 	@echo '  make reindex                reindex (or initialise) search in Algolia'
 	@echo '  make bench.search           run search benchmarks'
+	@echo '  make sync-cloudflare-images sync Cloudflare Images with local DB'
 
 up: export DEBUG = 'knex:query'
 
@@ -149,24 +149,14 @@ refresh.pageviews: node_modules
 	@echo '==> Refreshing pageviews'
 	yarn refreshPageviews
 
-sync-images: sync-images.preflight-check
-	@echo '==> Syncing images to R2'
-	./devTools/docker/sync-s3-images.sh
-
+# Only needed to run once to seed the prod DB with initially
 sync-cloudflare-images:
-	@echo '==> Syncing images to Cloudflare'
+	@echo '==> Syncing images table with Cloudflare Images'
 	@yarn syncCloudflareImages
 
 refresh.full: refresh refresh.pageviews sync-images
 	@echo '==> Full refresh completed'
 
-sync-images.preflight-check:
-	@echo '==> Checking for rclone'
-	@which rclone >/dev/null 2>&1 || (echo "ERROR: please install rclone -- e.g. brew install rclone"; exit 1)
-	@echo '==> Checking if rclone is configured'
-	@test -f ~/.config/rclone/rclone.conf || (echo "ERROR: please configure rclone -- e.g. rclone configure"; exit 1)
-
-
 down:
 	@echo '==> Stopping services'
 	docker compose -f docker-compose.grapher.yml down

From 42301d43d11c382ee62daba783e672b04f28ddb2 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Tue, 26 Nov 2024 19:36:37 -0500
Subject: [PATCH 23/40] =?UTF-8?q?=E2=9C=A8=20add=20improved=20error=20mess?=
 =?UTF-8?q?aging=20for=20cloudflare=20images?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adminSiteServer/apiRouter.ts | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/adminSiteServer/apiRouter.ts b/adminSiteServer/apiRouter.ts
index 8c096d701e2..9970696e8c6 100644
--- a/adminSiteServer/apiRouter.ts
+++ b/adminSiteServer/apiRouter.ts
@@ -3112,6 +3112,17 @@ postRouteWithRWTransaction(apiRouter, "/image", async (req, res, trx) => {
         throw new JsonError("Invalid field types", 400)
     }
 
+    const preexisting = await trx<DbEnrichedImage>("images")
+        .where("filename", "=", filename)
+        .first()
+
+    if (preexisting) {
+        return {
+            success: false,
+            error: "An image with this filename already exists",
+        }
+    }
+
     // Strip the data URL prefix
     const stripped = content.slice(content.indexOf(",") + 1)
     const asBuffer = Buffer.from(stripped, "base64")
@@ -3139,6 +3150,14 @@ postRouteWithRWTransaction(apiRouter, "/image", async (req, res, trx) => {
     ).then((res) => res.json())
 
     if (response.errors.length) {
+        if (response.errors.length === 1) {
+            if (response.errors[0].code === 5409) {
+                throw new JsonError(
+                    "An image with this filename already exists in Cloudflare Images but isn't tracked in the database. Please contact a developer for help."
+                )
+            }
+        }
+
         console.error("Error uploading image to Cloudflare:", response.errors)
         throw new JsonError(JSON.stringify(response.errors))
     }

From 8770d9ad4b48bc821394d3bbb5b64c6449379bf8 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Fri, 29 Nov 2024 16:42:46 -0500
Subject: [PATCH 24/40] =?UTF-8?q?=E2=9C=A8=20CF=20images=20PR=20feedback?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Makefile                                      | 10 +++++++--
 adminSiteClient/GdocsMoreMenu.tsx             |  2 +-
 adminSiteClient/ImagesIndexPage.tsx           | 21 ++++++++++++-------
 adminSiteServer/apiRouter.ts                  | 13 ++++++------
 db/db.ts                                      |  8 +++++++
 .../1731360326761-CloudflareImages.ts         |  8 +++++--
 .../cloudflareImagesSync.ts                   | 21 +++++++------------
 site/README.md                                |  2 +-
 site/gdocs/components/Image.tsx               |  3 +--
 9 files changed, 52 insertions(+), 36 deletions(-)

diff --git a/Makefile b/Makefile
index 7fb2ee62a53..35e8bdb32ff 100644
--- a/Makefile
+++ b/Makefile
@@ -149,12 +149,18 @@ refresh.pageviews: node_modules
 	@echo '==> Refreshing pageviews'
 	yarn refreshPageviews
 
+sync-images:
+	@echo 'Task has been deprecated.'
+
+bake-images:
+	@echo 'Task has been deprecated.'
+
 # Only needed to run once to seed the prod DB with initially
-sync-cloudflare-images:
+sync-cloudflare-images: node_modules
 	@echo '==> Syncing images table with Cloudflare Images'
 	@yarn syncCloudflareImages
 
-refresh.full: refresh refresh.pageviews sync-images
+refresh.full: refresh refresh.pageviews
 	@echo '==> Full refresh completed'
 
 down:
diff --git a/adminSiteClient/GdocsMoreMenu.tsx b/adminSiteClient/GdocsMoreMenu.tsx
index c1557ca68ad..2c203f8222c 100644
--- a/adminSiteClient/GdocsMoreMenu.tsx
+++ b/adminSiteClient/GdocsMoreMenu.tsx
@@ -303,7 +303,7 @@ function DeleteModal({
                                     <Form.Item
                                         name="relatedLinkThumbnail"
                                         label="Thumbnail file name"
-                                        extra="The image must be already be uploaded in the admin."
+                                        extra="The image must already be uploaded in the admin."
                                     >
                                         <Input type="text" />
                                     </Form.Item>
diff --git a/adminSiteClient/ImagesIndexPage.tsx b/adminSiteClient/ImagesIndexPage.tsx
index 2a9c2b58058..65e9114778b 100644
--- a/adminSiteClient/ImagesIndexPage.tsx
+++ b/adminSiteClient/ImagesIndexPage.tsx
@@ -5,7 +5,7 @@ import React, {
     useMemo,
     useState,
 } from "react"
-import { Button, Flex, Input, Space, Table, Upload } from "antd"
+import { Button, Flex, Input, Popconfirm, Space, Table, Upload } from "antd"
 
 import { AdminLayout } from "./AdminLayout.js"
 import { AdminAppContext } from "./AdminAppContext.js"
@@ -17,6 +17,7 @@ import { faUpload } from "@fortawesome/free-solid-svg-icons"
 import { Admin } from "./Admin.js"
 import { RcFile } from "antd/es/upload/interface.js"
 import TextArea from "antd/es/input/TextArea.js"
+import { CLOUDFLARE_IMAGES_URL } from "../settings/clientSettings.js"
 
 type ImageEditorApi = {
     patchImage: (
@@ -71,7 +72,7 @@ function createColumns({
             key: "cloudflareId",
             render: (cloudflareId, { originalWidth }) => {
                 const srcFor = (w: number) =>
-                    `https://imagedelivery.net/qLq-8BTgXU8yG0N6HnOy8g/${encodeURIComponent(cloudflareId)}/w=${w}`
+                    `${CLOUDFLARE_IMAGES_URL}/${encodeURIComponent(cloudflareId)}/w=${w}`
                 return (
                     <div style={{ height: 100, width: 100 }} key={cloudflareId}>
                         <a
@@ -147,13 +148,17 @@ function createColumns({
             width: 100,
             render: (_, image) => (
                 <Space size="middle">
-                    <Button
-                        type="text"
-                        danger
-                        onClick={() => api.deleteImage(image)}
+                    <Popconfirm
+                        title="Are you sure?"
+                        description="This will delete the image being used in production."
+                        onConfirm={() => api.deleteImage(image)}
+                        okText="Yes"
+                        cancelText="No"
                     >
-                        Delete
-                    </Button>
+                        <Button type="text" danger>
+                            Delete
+                        </Button>
+                    </Popconfirm>
                 </Space>
             ),
         },
diff --git a/adminSiteServer/apiRouter.ts b/adminSiteServer/apiRouter.ts
index 9970696e8c6..f397713bae2 100644
--- a/adminSiteServer/apiRouter.ts
+++ b/adminSiteServer/apiRouter.ts
@@ -3022,10 +3022,13 @@ deleteRouteWithRWTransaction(apiRouter, "/gdocs/:id", async (req, res, trx) => {
         const slug = gdocSlug.replace("/", "")
         const { relatedLinkThumbnail } = tombstone
         if (relatedLinkThumbnail) {
-            const images = await db.getCloudflareImages(trx)
-            if (!images.find((i) => i.filename === relatedLinkThumbnail)) {
+            const thumbnailExists = await db.checkIsImageInDB(
+                trx,
+                relatedLinkThumbnail
+            )
+            if (!thumbnailExists) {
                 throw new JsonError(
-                    `Image "${relatedLinkThumbnail}" doesn't exist in the database`
+                    `Image with filename "${relatedLinkThumbnail}" not found`
                 )
             }
         }
@@ -3132,7 +3135,7 @@ postRouteWithRWTransaction(apiRouter, "/image", async (req, res, trx) => {
         .then(({ width, height }) => ({ width, height }))
 
     const body = new FormData()
-    body.append("file", asBlob)
+    body.append("file", asBlob, filename)
     body.append("id", encodeURIComponent(filename))
     body.append("metadata", JSON.stringify({ filename }))
     body.append("requireSignedURLs", "false")
@@ -3178,8 +3181,6 @@ postRouteWithRWTransaction(apiRouter, "/image", async (req, res, trx) => {
         cloudflareId,
         // TODO: make defaultAlt nullable
         defaultAlt: "Default alt text",
-        // TODO: drop googleId
-        googleId: String(Math.random()).slice(2),
         updatedAt: new Date().getTime(),
     })
 
diff --git a/db/db.ts b/db/db.ts
index 54d905c73c3..1b67f811bfe 100644
--- a/db/db.ts
+++ b/db/db.ts
@@ -346,6 +346,14 @@ export const getHomepageId = (
     ).then((result) => result?.id)
 }
 
+export async function checkIsImageInDB(
+    trx: KnexReadonlyTransaction,
+    filename: string
+): Promise<boolean> {
+    const image = await trx("images").where("filename", filename).first()
+    return !!image
+}
+
 export const getImageMetadataByFilenames = async (
     knex: KnexReadonlyTransaction,
     filenames: string[]
diff --git a/db/migration/1731360326761-CloudflareImages.ts b/db/migration/1731360326761-CloudflareImages.ts
index 001a6a51d55..09032b0e7ac 100644
--- a/db/migration/1731360326761-CloudflareImages.ts
+++ b/db/migration/1731360326761-CloudflareImages.ts
@@ -3,13 +3,17 @@ import { MigrationInterface, QueryRunner } from "typeorm"
 export class CloudflareImages1731360326761 implements MigrationInterface {
     public async up(queryRunner: QueryRunner): Promise<void> {
         await queryRunner.query(`-- sql
-            ALTER TABLE images ADD COLUMN cloudflareId VARCHAR(255) NULL
+            ALTER TABLE images 
+                ADD COLUMN cloudflareId VARCHAR(255) NULL,
+                MODIFY COLUMN googleId VARCHAR(255) NULL
         `)
     }
 
     public async down(queryRunner: QueryRunner): Promise<void> {
         await queryRunner.query(`-- sql
-            ALTER TABLE images DROP COLUMN cloudflareId
+            ALTER TABLE images 
+                DROP COLUMN cloudflareId,
+                MODIFY COLUMN googleId VARCHAR(255) NOT NULL
         `)
     }
 }
diff --git a/devTools/cloudflareImagesSync/cloudflareImagesSync.ts b/devTools/cloudflareImagesSync/cloudflareImagesSync.ts
index b00932aae9a..0b9521514dc 100644
--- a/devTools/cloudflareImagesSync/cloudflareImagesSync.ts
+++ b/devTools/cloudflareImagesSync/cloudflareImagesSync.ts
@@ -341,7 +341,7 @@ async function uploadImageToCloudflareImages(
 async function getCloudflareImageDirectory() {
     console.log("Fetching Cloudflare Images directory...")
     const directory = await fetch(
-        `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_IMAGES_ACCOUNT_ID}/images/v1?per_page=2000`,
+        `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_IMAGES_ACCOUNT_ID}/images/v1?per_page=10000`,
         {
             headers: {
                 Authorization: `Bearer ${CLOUDFLARE_IMAGES_API_KEY}`,
@@ -367,19 +367,12 @@ async function getCloudflareImageDirectory() {
 
 async function fetchImagesFromDatabase(trx: db.KnexReadWriteTransaction) {
     console.log("Fetching images from the database...")
-    return await trx
-        .raw<DbEnrichedImage[]>(
-            `-- sql
-            SELECT * FROM images WHERE id IN (
-                SELECT DISTINCT imageId FROM posts_gdocs_x_images
-            )`
-        )
-        .then((res) => res.flat())
-        .then(excludeNullish)
-        .then((images) => images.filter((image) => image && image.filename))
-        .then((images) =>
-            images.sort((a, b) => a.filename.localeCompare(b.filename))
-        )
+    return await trx("images")
+        .select("images.*")
+        .whereIn("images.id", trx("posts_gdocs_x_images").distinct("imageId"))
+        .whereNotNull("images.id")
+        .whereNotNull("images.filename")
+        .orderBy("filename", "asc")
 }
 
 async function uploadImagesToCloudflareImages(
diff --git a/site/README.md b/site/README.md
index d6bd0122d15..4b5aebab6c5 100644
--- a/site/README.md
+++ b/site/README.md
@@ -34,7 +34,7 @@ filename: my_image.png
 
 where `my_image.png` is an image that has been uploaded via the `/admin/images` view in the admin client, and thus exists in Cloudflare Images.
 
-We store information about the image's dimensions and alt text in the database, which is shared via React content to any component that needs to render them. See `Image.tsx` for the (many) implementation details.
+We store information about the image's dimensions and alt text in the database, which is shared via React context to any component that needs to render them. See `Image.tsx` for the (many) implementation details.
 
 ## Data Catalog
 
diff --git a/site/gdocs/components/Image.tsx b/site/gdocs/components/Image.tsx
index 4ae5ccaee08..d69bbb6258c 100644
--- a/site/gdocs/components/Image.tsx
+++ b/site/gdocs/components/Image.tsx
@@ -80,8 +80,7 @@ export default function Image(props: {
         shouldLightbox = true,
     } = props
 
-    const className = cx(props.className, {
-        image: true,
+    const className = cx("image", props.className, {
         "image--has-outline": hasOutline,
     })
 

From 478806ca36bb0af50932c2b72e940d5449161b85 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Fri, 29 Nov 2024 16:23:04 -0500
Subject: [PATCH 25/40] =?UTF-8?q?=E2=9C=A8=20PR=20feedback?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../1732833869225-CloudflareImagesAuthors.ts  |   9 ++
 .../cloudflareImagesSync/invalidImages.json   | 114 ++++++++++++++++++
 2 files changed, 123 insertions(+)
 create mode 100644 db/migration/1732833869225-CloudflareImagesAuthors.ts
 create mode 100644 devTools/cloudflareImagesSync/invalidImages.json

diff --git a/db/migration/1732833869225-CloudflareImagesAuthors.ts b/db/migration/1732833869225-CloudflareImagesAuthors.ts
new file mode 100644
index 00000000000..821a6bc5a12
--- /dev/null
+++ b/db/migration/1732833869225-CloudflareImagesAuthors.ts
@@ -0,0 +1,9 @@
+import { MigrationInterface, QueryRunner } from "typeorm"
+
+export class CloudflareImagesAuthors1732833869225
+    implements MigrationInterface
+{
+    public async up(queryRunner: QueryRunner): Promise<void> {}
+
+    public async down(queryRunner: QueryRunner): Promise<void> {}
+}
diff --git a/devTools/cloudflareImagesSync/invalidImages.json b/devTools/cloudflareImagesSync/invalidImages.json
new file mode 100644
index 00000000000..700dfd54d48
--- /dev/null
+++ b/devTools/cloudflareImagesSync/invalidImages.json
@@ -0,0 +1,114 @@
+[
+    {
+        "filename": "2019-Revision-–-World-Population-Growth-1700-2100.png",
+        "reason": "InvalidDimensions"
+    },
+    {
+        "filename": "Annual-World-Population-since-10-thousand-BCE-1.png",
+        "reason": "TooManyMegapixels"
+    },
+    {
+        "filename": "By-continent-and-decade-01.png",
+        "reason": "InvalidDimensions"
+    },
+    {
+        "filename": "cable-tv-access-and-preference-for-a-son.png",
+        "reason": "InvalidDimensions"
+    },
+    {
+        "filename": "calculating-risk-ratios-differences-odds.png",
+        "reason": "InvalidDimensions"
+    },
+    {
+        "filename": "cancer-death-rate-decline-who-mdb-desktop.png",
+        "reason": "InvalidFormat"
+    },
+    {
+        "filename": "cancer-death-rate-decline-who-mdb-mobile.png",
+        "reason": "InvalidFormat"
+    },
+    {
+        "filename": "cardiovascular-diseases-types.png",
+        "reason": "InvalidDimensions"
+    },
+    {
+        "filename": "causes-of-death-2019-full.png",
+        "reason": "InvalidDimensions"
+    },
+    {
+        "filename": "Decade-in-which-smallpox-ceased-to-be-endemic-map.png",
+        "reason": "InvalidDimensions"
+    },
+    {
+        "filename": "Energy-Units-01.png",
+        "reason": "InvalidDimensions"
+    },
+    {
+        "filename": "England-death-rates.png",
+        "reason": "InvalidDimensions"
+    },
+    {
+        "filename": "Famine-victims-since-1860s_March18.png",
+        "reason": "InvalidDimensions"
+    },
+    {
+        "filename": "FEATURED-IMAGE-World-Population-Growth.png",
+        "reason": "InvalidDimensions"
+    },
+    {
+        "filename": "Female-to-male-wage-ratio-01.png",
+        "reason": "InvalidDimensions"
+    },
+    {
+        "filename": "future-yields-climate-distribution.png",
+        "reason": "InvalidDimensions"
+    },
+    {
+        "filename": "Gender-Pay-Gap-01.png",
+        "reason": "InvalidDimensions"
+    },
+    {
+        "filename": "Global-land-use-breakdown.png",
+        "reason": "InvalidDimensions"
+    },
+    {
+        "filename": "Global-land-use-graphic.png",
+        "reason": "InvalidDimensions"
+    },
+    {
+        "filename": "height-distribution.png",
+        "reason": "InvalidDimensions"
+    },
+    {
+        "filename": "Multiple-risk-factors-full-1.png",
+        "reason": "TooManyMegapixels"
+    },
+    {
+        "filename": "Norway-death-rates.png",
+        "reason": "InvalidDimensions"
+    },
+    {
+        "filename": "not-reading-with-comprehension.png",
+        "reason": "InvalidDimensions"
+    },
+    {
+        "filename": "Pandemics-Timeline-Death-Tolls-OWID.png",
+        "reason": "InvalidDimensions"
+    },
+    {
+        "filename": "period-vs-cohort-explanation.png",
+        "reason": "TooManyMegapixels"
+    },
+    {
+        "filename": "proportion-dying-latex.svg",
+        "reason": "InvalidFormat"
+    },
+    {
+        "filename": "record-female-life-expectancy-since-1840-updated-2023.png",
+        "reason": "InvalidDimensions"
+    },
+    {
+        "filename": "the-history-of-global-inequality-featured-image.png",
+        "reason": "InvalidDimensions"
+    }
+]

From fe95f0a0265fc7d8d224eab781a76d91656c1374 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Sat, 30 Nov 2024 16:24:31 -0500
Subject: [PATCH 26/40] =?UTF-8?q?=F0=9F=8E=89=20add=20users=5Fx=5Fimages?=
 =?UTF-8?q?=20table?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../1732994843041-CloudflareImagesAuthors.ts  | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 db/migration/1732994843041-CloudflareImagesAuthors.ts

diff --git a/db/migration/1732994843041-CloudflareImagesAuthors.ts b/db/migration/1732994843041-CloudflareImagesAuthors.ts
new file mode 100644
index 00000000000..b20f7366d52
--- /dev/null
+++ b/db/migration/1732994843041-CloudflareImagesAuthors.ts
@@ -0,0 +1,21 @@
+import { MigrationInterface, QueryRunner } from "typeorm"
+
+export class CloudflareImagesAuthors1732994843041
+    implements MigrationInterface
+{
+    public async up(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`-- sql
+            CREATE TABLE users_x_images (
+                userId INTEGER REFERENCES users(id),
+                imageId INTEGER REFERENCES images(id),
+                createdAt TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+                UNIQUE (userId, imageId)
+            );
+        `)
+    }
+    public async down(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`-- sql
+            DROP TABLE users_x_images;
+        `)
+    }
+}

From 4b0c7f95fb422acf127ec000b33810f34d7bda26 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Sun, 1 Dec 2024 00:37:36 -0500
Subject: [PATCH 27/40] =?UTF-8?q?=F0=9F=8E=89=20add=20users=20column=20to?=
 =?UTF-8?q?=20images=20table?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adminSiteClient/ImagesIndexPage.tsx           | 226 ++++++++++++++++--
 adminSiteClient/admin.scss                    |  13 +
 adminSiteServer/apiRouter.ts                  |  41 +++-
 db/db.ts                                      |  33 ++-
 .../cloudflareImagesSync/invalidImages.json   | 114 ---------
 .../types/src/dbTypes/Images.ts               |   7 +
 .../types/src/dbTypes/UsersXImages.ts         |   9 +
 packages/@ourworldindata/types/src/index.ts   |   8 +
 8 files changed, 305 insertions(+), 146 deletions(-)
 delete mode 100644 devTools/cloudflareImagesSync/invalidImages.json
 create mode 100644 packages/@ourworldindata/types/src/dbTypes/UsersXImages.ts

diff --git a/adminSiteClient/ImagesIndexPage.tsx b/adminSiteClient/ImagesIndexPage.tsx
index 65e9114778b..5321bfd188b 100644
--- a/adminSiteClient/ImagesIndexPage.tsx
+++ b/adminSiteClient/ImagesIndexPage.tsx
@@ -5,27 +5,54 @@ import React, {
     useMemo,
     useState,
 } from "react"
-import { Button, Flex, Input, Popconfirm, Space, Table, Upload } from "antd"
-
+import {
+    Button,
+    Flex,
+    Input,
+    Mentions,
+    Popconfirm,
+    Space,
+    Table,
+    Upload,
+} from "antd"
 import { AdminLayout } from "./AdminLayout.js"
 import { AdminAppContext } from "./AdminAppContext.js"
-import { DbEnrichedImage } from "@ourworldindata/types"
+import { DbEnrichedImageWithUserId, DbPlainUser } from "@ourworldindata/types"
 import { Timeago } from "./Forms.js"
 import { ColumnsType } from "antd/es/table/InternalTable.js"
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome"
-import { faUpload } from "@fortawesome/free-solid-svg-icons"
+import { faClose, faUpload } from "@fortawesome/free-solid-svg-icons"
 import { Admin } from "./Admin.js"
 import { RcFile } from "antd/es/upload/interface.js"
 import TextArea from "antd/es/input/TextArea.js"
 import { CLOUDFLARE_IMAGES_URL } from "../settings/clientSettings.js"
+import { keyBy } from "lodash"
+
+// Define map types
+type ImageMap = Record<string, DbEnrichedImageWithUserId>
+
+type UserMap = Record<string, DbPlainUser>
 
 type ImageEditorApi = {
     patchImage: (
-        image: DbEnrichedImage,
-        patch: Partial<DbEnrichedImage>
+        image: DbEnrichedImageWithUserId,
+        patch: Partial<DbEnrichedImageWithUserId>
     ) => void
-    deleteImage: (image: DbEnrichedImage) => void
+    deleteImage: (image: DbEnrichedImageWithUserId) => void
     getImages: () => void
+    getUsers: () => void
+    postUserXImage: (
+        user: DbPlainUser,
+        image: DbEnrichedImageWithUserId
+    ) => void
+    deleteUserXImage: (
+        user: DbPlainUser,
+        image: DbEnrichedImageWithUserId
+    ) => void
+}
+
+function mapToArray<T>(map: { [id: string]: T }): T[] {
+    return Object.values(map)
 }
 
 function AltTextEditor({
@@ -33,7 +60,7 @@ function AltTextEditor({
     text,
     patchImage,
 }: {
-    image: DbEnrichedImage
+    image: DbEnrichedImageWithUserId
     text: string
     patchImage: ImageEditorApi["patchImage"]
 }) {
@@ -59,11 +86,85 @@ function AltTextEditor({
     )
 }
 
+function UserSelect({
+    usersMap,
+    initialValue = "",
+    onUserSelect,
+}: {
+    usersMap: UserMap
+    initialValue?: string
+    onUserSelect: (user: DbPlainUser) => void
+}) {
+    const [isSetting, setIsSetting] = useState(false)
+
+    const { admin } = useContext(AdminAppContext)
+    const [value, setValue] = useState(initialValue)
+    const [filteredOptions, setFilteredOptions] = useState(() =>
+        mapToArray(usersMap).map((user) => ({
+            value: user.fullName,
+            label: user.fullName,
+        }))
+    )
+
+    const handleChange = (value: string) => {
+        setValue(value)
+        const lowercaseValue = value.toLowerCase()
+        setFilteredOptions(
+            mapToArray(usersMap)
+                .filter((user) =>
+                    user.fullName.toLowerCase().includes(lowercaseValue)
+                )
+                .map((user) => ({
+                    value: user.fullName,
+                    label: user.fullName,
+                }))
+        )
+    }
+
+    const handleSelect = async (option: { value?: string; label?: string }) => {
+        const selectedUser = mapToArray(usersMap).find(
+            (u) => u.fullName === option.value
+        )
+        if (selectedUser) {
+            setValue(selectedUser.fullName)
+            await onUserSelect(selectedUser)
+        }
+    }
+
+    if (isSetting) {
+        return (
+            <Mentions
+                prefix=""
+                allowClear
+                value={value}
+                onChange={handleChange}
+                onSelect={handleSelect}
+                options={filteredOptions}
+            />
+        )
+    }
+    return (
+        <div>
+            <Button
+                type="text"
+                onClick={() => handleSelect({ value: admin.username })}
+            >
+                Claim
+            </Button>
+            <Button type="text" onClick={() => setIsSetting(true)}>
+                Set
+            </Button>
+        </div>
+    )
+}
+
 function createColumns({
     api,
+    users,
 }: {
     api: ImageEditorApi
-}): ColumnsType<DbEnrichedImage> {
+    users: UserMap
+}): ColumnsType<DbEnrichedImageWithUserId> {
     return [
         {
             title: "Preview",
@@ -72,7 +173,9 @@ function createColumns({
             key: "cloudflareId",
             render: (cloudflareId, { originalWidth }) => {
                 const srcFor = (w: number) =>
-                    `${CLOUDFLARE_IMAGES_URL}/${encodeURIComponent(cloudflareId)}/w=${w}`
+                    `${CLOUDFLARE_IMAGES_URL}/${encodeURIComponent(
+                        cloudflareId
+                    )}/w=${w}`
                 return (
                     <div style={{ height: 100, width: 100 }} key={cloudflareId}>
                         <a
@@ -142,6 +245,34 @@ function createColumns({
                 a.updatedAt && b.updatedAt ? a.updatedAt - b.updatedAt : 0,
             render: (time) => <Timeago time={time} />,
         },
+        {
+            title: "Owner",
+            key: "userId",
+            width: 200,
+            render: (_, image) => {
+                const user = users[image.userId]
+                if (!user)
+                    return (
+                        <UserSelect
+                            usersMap={users}
+                            onUserSelect={(user) =>
+                                api.postUserXImage(user, image)
+                            }
+                        />
+                    )
+                return (
+                    <div>
+                        {user.fullName}
+                        <button
+                            className="ImageIndexPage__delete-user-button"
+                            onClick={() => api.deleteUserXImage(user, image)}
+                        >
+                            <FontAwesomeIcon icon={faClose} />
+                        </button>
+                    </div>
+                )
+            },
+        },
         {
             title: "Action",
             key: "action",
@@ -166,10 +297,10 @@ function createColumns({
 }
 
 function ImageUploadButton({
-    setImages,
+    setImagesMap,
     admin,
 }: {
-    setImages: React.Dispatch<React.SetStateAction<DbEnrichedImage[]>>
+    setImagesMap: React.Dispatch<React.SetStateAction<ImageMap>>
     admin: Admin
 }) {
     function uploadImage({ file }: { file: string | Blob | RcFile }) {
@@ -187,10 +318,13 @@ function ImageUploadButton({
 
             const { image } = await admin.requestJSON<{
                 sucess: true
-                image: DbEnrichedImage
+                image: DbEnrichedImageWithUserId
             }>("/api/image", payload, "POST")
 
-            setImages((images) => [image, ...images])
+            setImagesMap((imagesMap) => ({
+                ...imagesMap,
+                [image.id]: image,
+            }))
         }
         reader.readAsDataURL(file)
     }
@@ -205,45 +339,87 @@ function ImageUploadButton({
 
 export function ImageIndexPage() {
     const { admin } = useContext(AdminAppContext)
-    const [images, setImages] = useState<DbEnrichedImage[]>([])
+    const [images, setImages] = useState<ImageMap>({})
+    const [users, setUsers] = useState<UserMap>({})
     const [filenameSearchValue, setFilenameSearchValue] = useState("")
+
     const api = useMemo(
         (): ImageEditorApi => ({
             deleteImage: async (image) => {
                 await admin.requestJSON(`/api/images/${image.id}`, {}, "DELETE")
-                setImages((images) => images.filter((i) => i.id !== image.id))
+                setImages((prevMap) => {
+                    const newMap = { ...prevMap }
+                    delete newMap[image.id]
+                    return newMap
+                })
             },
             getImages: async () => {
                 const json = await admin.getJSON<{
-                    images: DbEnrichedImage[]
+                    images: DbEnrichedImageWithUserId[]
                 }>("/api/images.json")
-                setImages(json.images)
+                setImages(keyBy(json.images, "id"))
+            },
+            getUsers: async () => {
+                const json = await admin.getJSON<{ users: DbPlainUser[] }>(
+                    "/api/users.json"
+                )
+                setUsers(keyBy(json.users, "id"))
             },
             patchImage: async (image, patch) => {
                 const response = await admin.requestJSON<{
                     success: true
-                    image: DbEnrichedImage
+                    image: DbEnrichedImageWithUserId
                 }>(`/api/images/${image.id}`, patch, "PATCH")
-                setImages((images) =>
-                    images.map((i) => (i.id === image.id ? response.image : i))
+                setImages((prevMap) => ({
+                    ...prevMap,
+                    [image.id]: response.image,
+                }))
+            },
+            postUserXImage: async (user, image) => {
+                const result = await admin.requestJSON(
+                    `/api/users/${user.id}/image/${image.id}`,
+                    {},
+                    "POST"
+                )
+                if (result.success) {
+                    setImages((prevMap) => ({
+                        ...prevMap,
+                        [image.id]: { ...prevMap[image.id], userId: user.id },
+                    }))
+                }
+            },
+            deleteUserXImage: async (user, image) => {
+                const result = await admin.requestJSON(
+                    `/api/users/${user.id}/image/${image.id}`,
+                    {},
+                    "DELETE"
                 )
+                if (result.success) {
+                    setImages((prevMap) => ({
+                        ...prevMap,
+                        [image.id]: { ...prevMap[image.id], userId: null },
+                    }))
+                }
             },
         }),
         [admin]
     )
+
     const filteredImages = useMemo(
         () =>
-            images.filter((image) =>
+            mapToArray(images).filter((image) =>
                 image.filename
                     .toLowerCase()
                     .includes(filenameSearchValue.toLowerCase())
             ),
         [images, filenameSearchValue]
     )
-    const columns = useMemo(() => createColumns({ api }), [api])
+
+    const columns = useMemo(() => createColumns({ api, users }), [api, users])
 
     useEffect(() => {
         void api.getImages()
+        void api.getUsers()
     }, [api])
 
     return (
@@ -251,12 +427,12 @@ export function ImageIndexPage() {
             <main className="ImageIndexPage">
                 <Flex justify="space-between">
                     <Input
-                        placeholder="Search by filename"
+                        placeholder="Search by filename or owner"
                         value={filenameSearchValue}
                         onChange={(e) => setFilenameSearchValue(e.target.value)}
                         style={{ width: 500, marginBottom: 20 }}
                     />
-                    <ImageUploadButton setImages={setImages} admin={admin} />
+                    <ImageUploadButton setImagesMap={setImages} admin={admin} />
                 </Flex>
                 <Table columns={columns} dataSource={filteredImages} />
             </main>
diff --git a/adminSiteClient/admin.scss b/adminSiteClient/admin.scss
index a48897a273d..b1d4b8865e6 100644
--- a/adminSiteClient/admin.scss
+++ b/adminSiteClient/admin.scss
@@ -1207,3 +1207,16 @@ main:not(.ChartEditorPage):not(.GdocsEditPage) {
         display: block;
     }
 }
+
+.ImageIndexPage {
+    .ImageIndexPage__delete-user-button {
+        border-radius: 50%;
+        margin-left: 8px;
+        height: 16px;
+        font-size: 0.8em;
+        align-items: center;
+        display: inline-flex;
+        width: 16px;
+        vertical-align: -2px;
+    }
+}
diff --git a/adminSiteServer/apiRouter.ts b/adminSiteServer/apiRouter.ts
index f397713bae2..386201f24c0 100644
--- a/adminSiteServer/apiRouter.ts
+++ b/adminSiteServer/apiRouter.ts
@@ -115,6 +115,7 @@ import {
     CHART_VIEW_PROPS_TO_PERSIST,
     CHART_VIEW_PROPS_TO_OMIT,
     DbEnrichedImage,
+    DbRawUsersXImages,
 } from "@ourworldindata/types"
 import { uuidv7 } from "uuidv7"
 import {
@@ -1239,6 +1240,28 @@ postRouteWithRWTransaction(
     }
 )
 
+postRouteWithRWTransaction(
+    apiRouter,
+    "/users/:userId/image/:imageId",
+    async (req, res, trx) => {
+        const userId = expectInt(req.params.userId)
+        const imageId = expectInt(req.params.imageId)
+        await trx("users_x_images").insert({ userId, imageId })
+        return { success: true }
+    }
+)
+
+deleteRouteWithRWTransaction(
+    apiRouter,
+    "/users/:userId/image/:imageId",
+    async (req, res, trx) => {
+        const userId = expectInt(req.params.userId)
+        const imageId = expectInt(req.params.imageId)
+        await trx("users_x_images").where({ userId, imageId }).delete()
+        return { success: true }
+    }
+)
+
 getRouteWithROTransaction(
     apiRouter,
     "/variables.json",
@@ -3090,7 +3113,7 @@ getRouteNonIdempotentWithRWTransaction(
     "/images.json",
     async (_, res, trx) => {
         try {
-            const images = await db.getCloudflareImages(trx)
+            const images = await db.getCloudflareImagesWithUsers(trx)
             res.set("Cache-Control", "no-store")
             res.send({ images })
         } catch (error) {
@@ -3174,7 +3197,7 @@ postRouteWithRWTransaction(apiRouter, "/image", async (req, res, trx) => {
         }
     }
 
-    await trx<DbEnrichedImage>("images").insert({
+    const [imageId] = await trx<DbEnrichedImage>("images").insert({
         filename,
         originalWidth: dimensions.width,
         originalHeight: dimensions.height,
@@ -3184,9 +3207,12 @@ postRouteWithRWTransaction(apiRouter, "/image", async (req, res, trx) => {
         updatedAt: new Date().getTime(),
     })
 
-    const image = await trx<DbEnrichedImage>("images")
-        .where("cloudflareId", "=", cloudflareId)
-        .first()
+    await trx<DbRawUsersXImages>("users_x_images").insert({
+        userId: res.locals.user.id,
+        imageId,
+    })
+
+    const image = await db.getCloudflareImageWithUser(trx, filename)
 
     return {
         success: true,
@@ -3240,7 +3266,7 @@ deleteRouteWithRWTransaction(
         }
 
         const response = await fetch(
-            `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_IMAGES_ACCOUNT_ID}/images/v1/${image.cloudflareId}`,
+            `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_IMAGES_ACCOUNT_ID}/images/v1/${encodeURIComponent(image.cloudflareId!)}`,
             {
                 method: "DELETE",
                 headers: {
@@ -3257,6 +3283,9 @@ deleteRouteWithRWTransaction(
             throw new JsonError(JSON.stringify(response.errors))
         }
 
+        await trx<DbRawUsersXImages>("users_x_images")
+            .where("imageId", "=", id)
+            .delete()
         await trx("images").where({ id }).delete()
 
         return {
diff --git a/db/db.ts b/db/db.ts
index 1b67f811bfe..d929217928a 100644
--- a/db/db.ts
+++ b/db/db.ts
@@ -29,6 +29,7 @@ import {
     TagGraphNode,
     MinimalExplorerInfo,
     DbEnrichedImage,
+    DbEnrichedImageWithUserId,
 } from "@ourworldindata/types"
 import { groupBy, uniq } from "lodash"
 import { gdocFromJSON } from "./model/Gdoc/GdocFactory.js"
@@ -183,7 +184,7 @@ export const getSlugsWithPublishedGdocsSuccessors = async (
     return knexRaw(
         knex,
         `-- sql
-        SELECT
+        select
             p.slug
         FROM
             posts p
@@ -726,3 +727,33 @@ export function getCloudflareImages(
         WHERE cloudflareId IS NOT NULL`
     )
 }
+
+export function getCloudflareImagesWithUsers(
+    trx: KnexReadonlyTransaction
+): Promise<DbEnrichedImageWithUserId[]> {
+    return knexRaw(
+        trx,
+        `-- sql
+        SELECT i.*, u.id AS userId
+        FROM images i
+        LEFT JOIN users_x_images uxi ON i.id = uxi.imageId
+        LEFT JOIN users u ON uxi.userId = u.id
+        WHERE i.cloudflareId IS NOT NULL`
+    )
+}
+
+export function getCloudflareImageWithUser(
+    trx: KnexReadonlyTransaction,
+    filename: string
+): Promise<DbEnrichedImageWithUserId | undefined> {
+    return knexRawFirst(
+        trx,
+        `-- sql
+        SELECT i.*, u.id AS userId
+        FROM images i
+        LEFT JOIN users_x_images uxi ON i.id = uxi.imageId
+        LEFT JOIN users u ON uxi.userId = u.id
+        WHERE i.filename = ?`,
+        [filename]
+    )
+}
diff --git a/devTools/cloudflareImagesSync/invalidImages.json b/devTools/cloudflareImagesSync/invalidImages.json
deleted file mode 100644
index 700dfd54d48..00000000000
--- a/devTools/cloudflareImagesSync/invalidImages.json
+++ /dev/null
@@ -1,114 +0,0 @@
-[
-    {
-        "filename": "2019-Revision-–-World-Population-Growth-1700-2100.png",
-        "reason": "InvalidDimensions"
-    },
-    {
-        "filename": "Annual-World-Population-since-10-thousand-BCE-1.png",
-        "reason": "TooManyMegapixels"
-    },
-    {
-        "filename": "By-continent-and-decade-01.png",
-        "reason": "InvalidDimensions"
-    },
-    {
-        "filename": "cable-tv-access-and-preference-for-a-son.png",
-        "reason": "InvalidDimensions"
-    },
-    {
-        "filename": "calculating-risk-ratios-differences-odds.png",
-        "reason": "InvalidDimensions"
-    },
-    {
-        "filename": "cancer-death-rate-decline-who-mdb-desktop.png",
-        "reason": "InvalidFormat"
-    },
-    {
-        "filename": "cancer-death-rate-decline-who-mdb-mobile.png",
-        "reason": "InvalidFormat"
-    },
-    {
-        "filename": "cardiovascular-diseases-types.png",
-        "reason": "InvalidDimensions"
-    },
-    {
-        "filename": "causes-of-death-2019-full.png",
-        "reason": "InvalidDimensions"
-    },
-    {
-        "filename": "Decade-in-which-smallpox-ceased-to-be-endemic-map.png",
-        "reason": "InvalidDimensions"
-    },
-    {
-        "filename": "Energy-Units-01.png",
-        "reason": "InvalidDimensions"
-    },
-    {
-        "filename": "England-death-rates.png",
-        "reason": "InvalidDimensions"
-    },
-    {
-        "filename": "Famine-victims-since-1860s_March18.png",
-        "reason": "InvalidDimensions"
-    },
-    {
-        "filename": "FEATURED-IMAGE-World-Population-Growth.png",
-        "reason": "InvalidDimensions"
-    },
-    {
-        "filename": "Female-to-male-wage-ratio-01.png",
-        "reason": "InvalidDimensions"
-    },
-    {
-        "filename": "future-yields-climate-distribution.png",
-        "reason": "InvalidDimensions"
-    },
-    {
-        "filename": "Gender-Pay-Gap-01.png",
-        "reason": "InvalidDimensions"
-    },
-    {
-        "filename": "Global-land-use-breakdown.png",
-        "reason": "InvalidDimensions"
-    },
-    {
-        "filename": "Global-land-use-graphic.png",
-        "reason": "InvalidDimensions"
-    },
-    {
-        "filename": "height-distribution.png",
-        "reason": "InvalidDimensions"
-    },
-    {
-        "filename": "Multiple-risk-factors-full-1.png",
-        "reason": "TooManyMegapixels"
-    },
-    {
-        "filename": "Norway-death-rates.png",
-        "reason": "InvalidDimensions"
-    },
-    {
-        "filename": "not-reading-with-comprehension.png",
-        "reason": "InvalidDimensions"
-    },
-    {
-        "filename": "Pandemics-Timeline-Death-Tolls-OWID.png",
-        "reason": "InvalidDimensions"
-    },
-    {
-        "filename": "period-vs-cohort-explanation.png",
-        "reason": "TooManyMegapixels"
-    },
-    {
-        "filename": "proportion-dying-latex.svg",
-        "reason": "InvalidFormat"
-    },
-    {
-        "filename": "record-female-life-expectancy-since-1840-updated-2023.png",
-        "reason": "InvalidDimensions"
-    },
-    {
-        "filename": "the-history-of-global-inequality-featured-image.png",
-        "reason": "InvalidDimensions"
-    }
-]
diff --git a/packages/@ourworldindata/types/src/dbTypes/Images.ts b/packages/@ourworldindata/types/src/dbTypes/Images.ts
index 702415b33d6..e7cae59f036 100644
--- a/packages/@ourworldindata/types/src/dbTypes/Images.ts
+++ b/packages/@ourworldindata/types/src/dbTypes/Images.ts
@@ -1,3 +1,5 @@
+import { DbPlainUser } from "./Users.js"
+
 export const ImagesTableName = "images"
 export interface DbInsertImage {
     googleId: string
@@ -10,10 +12,15 @@ export interface DbInsertImage {
     cloudflareId?: string | null
 }
 export type DbRawImage = Required<DbInsertImage>
+
 export type DbEnrichedImage = Omit<DbRawImage, "updatedAt"> & {
     updatedAt: number | null
 }
 
+export type DbEnrichedImageWithUserId = DbEnrichedImage & {
+    userId: DbPlainUser["id"]
+}
+
 export function parseImageRow(row: DbRawImage): DbEnrichedImage {
     return { ...row, updatedAt: parseImageUpdatedAt(row.updatedAt) }
 }
diff --git a/packages/@ourworldindata/types/src/dbTypes/UsersXImages.ts b/packages/@ourworldindata/types/src/dbTypes/UsersXImages.ts
new file mode 100644
index 00000000000..b008bea2534
--- /dev/null
+++ b/packages/@ourworldindata/types/src/dbTypes/UsersXImages.ts
@@ -0,0 +1,9 @@
+export const UsersXImagesTableName = "users_x_images"
+
+export interface DbInsertUsersXImages {
+    createdAt?: Date
+    imageId: number
+    userId: number
+}
+
+export type DbRawUsersXImages = Required<DbInsertUsersXImages>
diff --git a/packages/@ourworldindata/types/src/index.ts b/packages/@ourworldindata/types/src/index.ts
index 5bbe97d8fa5..b0a5083eb15 100644
--- a/packages/@ourworldindata/types/src/index.ts
+++ b/packages/@ourworldindata/types/src/index.ts
@@ -545,6 +545,7 @@ export {
 export {
     type DbRawImage,
     type DbEnrichedImage,
+    type DbEnrichedImageWithUserId,
     type DbInsertImage,
     parseImageRow,
     parseImageUpdatedAt,
@@ -678,6 +679,13 @@ export {
     type DbInsertUser,
     UsersTableName,
 } from "./dbTypes/Users.js"
+
+export {
+    UsersXImagesTableName,
+    type DbInsertUsersXImages,
+    type DbRawUsersXImages,
+} from "./dbTypes/UsersXImages.js"
+
 export {
     type DbRawVariable,
     type DbEnrichedVariable,

From b7e06addf1182148b11d29cafa1d3254c5f6f1a7 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Sun, 1 Dec 2024 15:05:26 -0500
Subject: [PATCH 28/40] =?UTF-8?q?=E2=9C=A8=20add=20author=20filtering=20in?=
 =?UTF-8?q?=20imagesindexpage?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adminSiteClient/ImagesIndexPage.tsx | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/adminSiteClient/ImagesIndexPage.tsx b/adminSiteClient/ImagesIndexPage.tsx
index 5321bfd188b..df20dc15c84 100644
--- a/adminSiteClient/ImagesIndexPage.tsx
+++ b/adminSiteClient/ImagesIndexPage.tsx
@@ -135,8 +135,12 @@ function UserSelect({
         return (
             <Mentions
                 prefix=""
+                autoFocus
                 allowClear
                 value={value}
+                onKeyDown={(e) => {
+                    if (e.key === "Escape") setIsSetting(false)
+                }}
                 onChange={handleChange}
                 onSelect={handleSelect}
                 options={filteredOptions}
@@ -149,10 +153,10 @@ function UserSelect({
                 type="text"
                 onClick={() => handleSelect({ value: admin.username })}
             >
-                Claim
+                + {admin.username}
             </Button>
             <Button type="text" onClick={() => setIsSetting(true)}>
-                Set
+                + Someone else
             </Button>
         </div>
     )
@@ -249,6 +253,19 @@ function createColumns({
             title: "Owner",
             key: "userId",
             width: 200,
+            filters: [
+                {
+                    text: "Unassigned",
+                    value: null as any,
+                },
+                ...mapToArray(users)
+                    .map((user) => ({
+                        text: user.fullName,
+                        value: user.id,
+                    }))
+                    .sort((a, b) => a.text.localeCompare(b.text)),
+            ],
+            onFilter: (value, record) => record.userId === value,
             render: (_, image) => {
                 const user = users[image.userId]
                 if (!user)
@@ -427,7 +444,7 @@ export function ImageIndexPage() {
             <main className="ImageIndexPage">
                 <Flex justify="space-between">
                     <Input
-                        placeholder="Search by filename or owner"
+                        placeholder="Search by filename"
                         value={filenameSearchValue}
                         onChange={(e) => setFilenameSearchValue(e.target.value)}
                         style={{ width: 500, marginBottom: 20 }}

From 47caded3349c260b29786e61cbf32e3e9cdf1a01 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Sun, 1 Dec 2024 15:09:57 -0500
Subject: [PATCH 29/40] =?UTF-8?q?=E2=9C=A8=20image=20authors=20code=20clea?=
 =?UTF-8?q?nup?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adminSiteClient/ImagesIndexPage.tsx | 9 ++++-----
 db/db.ts                            | 2 +-
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/adminSiteClient/ImagesIndexPage.tsx b/adminSiteClient/ImagesIndexPage.tsx
index df20dc15c84..4b952b58751 100644
--- a/adminSiteClient/ImagesIndexPage.tsx
+++ b/adminSiteClient/ImagesIndexPage.tsx
@@ -28,7 +28,6 @@ import TextArea from "antd/es/input/TextArea.js"
 import { CLOUDFLARE_IMAGES_URL } from "../settings/clientSettings.js"
 import { keyBy } from "lodash"
 
-// Define map types
 type ImageMap = Record<string, DbEnrichedImageWithUserId>
 
 type UserMap = Record<string, DbPlainUser>
@@ -314,10 +313,10 @@ function createColumns({
 }
 
 function ImageUploadButton({
-    setImagesMap,
+    setImages,
     admin,
 }: {
-    setImagesMap: React.Dispatch<React.SetStateAction<ImageMap>>
+    setImages: React.Dispatch<React.SetStateAction<ImageMap>>
     admin: Admin
 }) {
     function uploadImage({ file }: { file: string | Blob | RcFile }) {
@@ -338,7 +337,7 @@ function ImageUploadButton({
                 image: DbEnrichedImageWithUserId
             }>("/api/image", payload, "POST")
 
-            setImagesMap((imagesMap) => ({
+            setImages((imagesMap) => ({
                 ...imagesMap,
                 [image.id]: image,
             }))
@@ -449,7 +448,7 @@ export function ImageIndexPage() {
                         onChange={(e) => setFilenameSearchValue(e.target.value)}
                         style={{ width: 500, marginBottom: 20 }}
                     />
-                    <ImageUploadButton setImagesMap={setImages} admin={admin} />
+                    <ImageUploadButton setImages={setImages} admin={admin} />
                 </Flex>
                 <Table columns={columns} dataSource={filteredImages} />
             </main>
diff --git a/db/db.ts b/db/db.ts
index d929217928a..00709b9f655 100644
--- a/db/db.ts
+++ b/db/db.ts
@@ -184,7 +184,7 @@ export const getSlugsWithPublishedGdocsSuccessors = async (
     return knexRaw(
         knex,
         `-- sql
-        select
+        SELECT
             p.slug
         FROM
             posts p

From 1d27c528495e940ffdbfafb54ecb100144c292c0 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Sun, 1 Dec 2024 17:16:50 -0500
Subject: [PATCH 30/40] =?UTF-8?q?=F0=9F=94=A8=20remove=20unused=20migratio?=
 =?UTF-8?q?n?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 db/migration/1732833869225-CloudflareImagesAuthors.ts | 9 ---------
 1 file changed, 9 deletions(-)
 delete mode 100644 db/migration/1732833869225-CloudflareImagesAuthors.ts

diff --git a/db/migration/1732833869225-CloudflareImagesAuthors.ts b/db/migration/1732833869225-CloudflareImagesAuthors.ts
deleted file mode 100644
index 821a6bc5a12..00000000000
--- a/db/migration/1732833869225-CloudflareImagesAuthors.ts
+++ /dev/null
@@ -1,9 +0,0 @@
-import { MigrationInterface, QueryRunner } from "typeorm"
-
-export class CloudflareImagesAuthors1732833869225
-    implements MigrationInterface
-{
-    public async up(queryRunner: QueryRunner): Promise<void> {}
-
-    public async down(queryRunner: QueryRunner): Promise<void> {}
-}

From 4147a2df9eaf639ab662202e534214611c4f3075 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Mon, 2 Dec 2024 18:30:50 -0500
Subject: [PATCH 31/40] =?UTF-8?q?=E2=9C=A8=20CF=20images=20authors=20PR=20?=
 =?UTF-8?q?feedback?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adminSiteClient/ImagesIndexPage.tsx           | 33 +++++++------------
 adminSiteServer/apiRouter.ts                  | 20 ++++-------
 db/db.ts                                      | 24 +++-----------
 ...1732994843041-CloudflareImagesAddUserId.ts | 20 +++++++++++
 .../1732994843041-CloudflareImagesAuthors.ts  | 21 ------------
 .../types/src/dbTypes/Images.ts               |  1 +
 .../types/src/dbTypes/UsersXImages.ts         |  9 -----
 packages/@ourworldindata/types/src/index.ts   |  6 ----
 8 files changed, 44 insertions(+), 90 deletions(-)
 create mode 100644 db/migration/1732994843041-CloudflareImagesAddUserId.ts
 delete mode 100644 db/migration/1732994843041-CloudflareImagesAuthors.ts
 delete mode 100644 packages/@ourworldindata/types/src/dbTypes/UsersXImages.ts

diff --git a/adminSiteClient/ImagesIndexPage.tsx b/adminSiteClient/ImagesIndexPage.tsx
index 4b952b58751..31632fabbf5 100644
--- a/adminSiteClient/ImagesIndexPage.tsx
+++ b/adminSiteClient/ImagesIndexPage.tsx
@@ -40,20 +40,13 @@ type ImageEditorApi = {
     deleteImage: (image: DbEnrichedImageWithUserId) => void
     getImages: () => void
     getUsers: () => void
-    postUserXImage: (
-        user: DbPlainUser,
-        image: DbEnrichedImageWithUserId
-    ) => void
-    deleteUserXImage: (
+    postUserImage: (user: DbPlainUser, image: DbEnrichedImageWithUserId) => void
+    deleteUserImage: (
         user: DbPlainUser,
         image: DbEnrichedImageWithUserId
     ) => void
 }
 
-function mapToArray<T>(map: { [id: string]: T }): T[] {
-    return Object.values(map)
-}
-
 function AltTextEditor({
     image,
     text,
@@ -99,7 +92,7 @@ function UserSelect({
     const { admin } = useContext(AdminAppContext)
     const [value, setValue] = useState(initialValue)
     const [filteredOptions, setFilteredOptions] = useState(() =>
-        mapToArray(usersMap).map((user) => ({
+        Object.values(usersMap).map((user) => ({
             value: user.fullName,
             label: user.fullName,
         }))
@@ -109,21 +102,19 @@ function UserSelect({
         setValue(value)
         const lowercaseValue = value.toLowerCase()
         setFilteredOptions(
-            mapToArray(usersMap)
+            Object.values(usersMap)
                 .filter((user) =>
                     user.fullName.toLowerCase().includes(lowercaseValue)
                 )
                 .map((user) => ({
-                    value: user.fullName,
+                    value: String(user.id),
                     label: user.fullName,
                 }))
         )
     }
 
     const handleSelect = async (option: { value?: string; label?: string }) => {
-        const selectedUser = mapToArray(usersMap).find(
-            (u) => u.fullName === option.value
-        )
+        const selectedUser = usersMap[option.value!]
         if (selectedUser) {
             setValue(selectedUser.fullName)
             await onUserSelect(selectedUser)
@@ -257,7 +248,7 @@ function createColumns({
                     text: "Unassigned",
                     value: null as any,
                 },
-                ...mapToArray(users)
+                ...Object.values(users)
                     .map((user) => ({
                         text: user.fullName,
                         value: user.id,
@@ -272,7 +263,7 @@ function createColumns({
                         <UserSelect
                             usersMap={users}
                             onUserSelect={(user) =>
-                                api.postUserXImage(user, image)
+                                api.postUserImage(user, image)
                             }
                         />
                     )
@@ -281,7 +272,7 @@ function createColumns({
                         {user.fullName}
                         <button
                             className="ImageIndexPage__delete-user-button"
-                            onClick={() => api.deleteUserXImage(user, image)}
+                            onClick={() => api.deleteUserImage(user, image)}
                         >
                             <FontAwesomeIcon icon={faClose} />
                         </button>
@@ -391,7 +382,7 @@ export function ImageIndexPage() {
                     [image.id]: response.image,
                 }))
             },
-            postUserXImage: async (user, image) => {
+            postUserImage: async (user, image) => {
                 const result = await admin.requestJSON(
                     `/api/users/${user.id}/image/${image.id}`,
                     {},
@@ -404,7 +395,7 @@ export function ImageIndexPage() {
                     }))
                 }
             },
-            deleteUserXImage: async (user, image) => {
+            deleteUserImage: async (user, image) => {
                 const result = await admin.requestJSON(
                     `/api/users/${user.id}/image/${image.id}`,
                     {},
@@ -423,7 +414,7 @@ export function ImageIndexPage() {
 
     const filteredImages = useMemo(
         () =>
-            mapToArray(images).filter((image) =>
+            Object.values(images).filter((image) =>
                 image.filename
                     .toLowerCase()
                     .includes(filenameSearchValue.toLowerCase())
diff --git a/adminSiteServer/apiRouter.ts b/adminSiteServer/apiRouter.ts
index 386201f24c0..8def1d3f8f1 100644
--- a/adminSiteServer/apiRouter.ts
+++ b/adminSiteServer/apiRouter.ts
@@ -115,7 +115,6 @@ import {
     CHART_VIEW_PROPS_TO_PERSIST,
     CHART_VIEW_PROPS_TO_OMIT,
     DbEnrichedImage,
-    DbRawUsersXImages,
 } from "@ourworldindata/types"
 import { uuidv7 } from "uuidv7"
 import {
@@ -1246,7 +1245,7 @@ postRouteWithRWTransaction(
     async (req, res, trx) => {
         const userId = expectInt(req.params.userId)
         const imageId = expectInt(req.params.imageId)
-        await trx("users_x_images").insert({ userId, imageId })
+        await trx("images").where({ id: imageId }).update({ userId })
         return { success: true }
     }
 )
@@ -1257,7 +1256,9 @@ deleteRouteWithRWTransaction(
     async (req, res, trx) => {
         const userId = expectInt(req.params.userId)
         const imageId = expectInt(req.params.imageId)
-        await trx("users_x_images").where({ userId, imageId }).delete()
+        await trx("images")
+            .where({ id: imageId, userId })
+            .update({ userId: null })
         return { success: true }
     }
 )
@@ -3113,7 +3114,7 @@ getRouteNonIdempotentWithRWTransaction(
     "/images.json",
     async (_, res, trx) => {
         try {
-            const images = await db.getCloudflareImagesWithUsers(trx)
+            const images = await db.getCloudflareImages(trx)
             res.set("Cache-Control", "no-store")
             res.send({ images })
         } catch (error) {
@@ -3197,7 +3198,7 @@ postRouteWithRWTransaction(apiRouter, "/image", async (req, res, trx) => {
         }
     }
 
-    const [imageId] = await trx<DbEnrichedImage>("images").insert({
+    await trx<DbEnrichedImage>("images").insert({
         filename,
         originalWidth: dimensions.width,
         originalHeight: dimensions.height,
@@ -3205,14 +3206,10 @@ postRouteWithRWTransaction(apiRouter, "/image", async (req, res, trx) => {
         // TODO: make defaultAlt nullable
         defaultAlt: "Default alt text",
         updatedAt: new Date().getTime(),
-    })
-
-    await trx<DbRawUsersXImages>("users_x_images").insert({
         userId: res.locals.user.id,
-        imageId,
     })
 
-    const image = await db.getCloudflareImageWithUser(trx, filename)
+    const image = await db.getCloudflareImage(trx, filename)
 
     return {
         success: true,
@@ -3283,9 +3280,6 @@ deleteRouteWithRWTransaction(
             throw new JsonError(JSON.stringify(response.errors))
         }
 
-        await trx<DbRawUsersXImages>("users_x_images")
-            .where("imageId", "=", id)
-            .delete()
         await trx("images").where({ id }).delete()
 
         return {
diff --git a/db/db.ts b/db/db.ts
index 00709b9f655..bab8530fc3e 100644
--- a/db/db.ts
+++ b/db/db.ts
@@ -722,37 +722,21 @@ export function getCloudflareImages(
     return knexRaw<DbEnrichedImage>(
         trx,
         `-- sql
-        SELECT filename, cloudflareId, id, defaultAlt, originalHeight, originalWidth, updatedAt
+        SELECT *
         FROM images
         WHERE cloudflareId IS NOT NULL`
     )
 }
 
-export function getCloudflareImagesWithUsers(
-    trx: KnexReadonlyTransaction
-): Promise<DbEnrichedImageWithUserId[]> {
-    return knexRaw(
-        trx,
-        `-- sql
-        SELECT i.*, u.id AS userId
-        FROM images i
-        LEFT JOIN users_x_images uxi ON i.id = uxi.imageId
-        LEFT JOIN users u ON uxi.userId = u.id
-        WHERE i.cloudflareId IS NOT NULL`
-    )
-}
-
-export function getCloudflareImageWithUser(
+export function getCloudflareImage(
     trx: KnexReadonlyTransaction,
     filename: string
 ): Promise<DbEnrichedImageWithUserId | undefined> {
     return knexRawFirst(
         trx,
         `-- sql
-        SELECT i.*, u.id AS userId
-        FROM images i
-        LEFT JOIN users_x_images uxi ON i.id = uxi.imageId
-        LEFT JOIN users u ON uxi.userId = u.id
+        SELECT * 
+        FROM images
         WHERE i.filename = ?`,
         [filename]
     )
diff --git a/db/migration/1732994843041-CloudflareImagesAddUserId.ts b/db/migration/1732994843041-CloudflareImagesAddUserId.ts
new file mode 100644
index 00000000000..9305ec2c417
--- /dev/null
+++ b/db/migration/1732994843041-CloudflareImagesAddUserId.ts
@@ -0,0 +1,20 @@
+import { MigrationInterface, QueryRunner } from "typeorm"
+
+export class CloudflareImagesAddUserId1732994843041
+    implements MigrationInterface
+{
+    public async up(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`-- sql
+            ALTER TABLE images
+            ADD COLUMN userId INTEGER,
+            ADD CONSTRAINT fk_user_images
+            FOREIGN KEY (userId) REFERENCES users(id)
+            ON DELETE SET NULL;
+        `)
+    }
+    public async down(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`-- sql
+            ALTER TABLE images DROP COLUMN userId;
+        `)
+    }
+}
diff --git a/db/migration/1732994843041-CloudflareImagesAuthors.ts b/db/migration/1732994843041-CloudflareImagesAuthors.ts
deleted file mode 100644
index b20f7366d52..00000000000
--- a/db/migration/1732994843041-CloudflareImagesAuthors.ts
+++ /dev/null
@@ -1,21 +0,0 @@
-import { MigrationInterface, QueryRunner } from "typeorm"
-
-export class CloudflareImagesAuthors1732994843041
-    implements MigrationInterface
-{
-    public async up(queryRunner: QueryRunner): Promise<void> {
-        await queryRunner.query(`-- sql
-            CREATE TABLE users_x_images (
-                userId INTEGER REFERENCES users(id),
-                imageId INTEGER REFERENCES images(id),
-                createdAt TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
-                UNIQUE (userId, imageId)
-            );
-        `)
-    }
-    public async down(queryRunner: QueryRunner): Promise<void> {
-        await queryRunner.query(`-- sql
-            DROP TABLE users_x_images;
-        `)
-    }
-}
diff --git a/packages/@ourworldindata/types/src/dbTypes/Images.ts b/packages/@ourworldindata/types/src/dbTypes/Images.ts
index e7cae59f036..e60157f9983 100644
--- a/packages/@ourworldindata/types/src/dbTypes/Images.ts
+++ b/packages/@ourworldindata/types/src/dbTypes/Images.ts
@@ -10,6 +10,7 @@ export interface DbInsertImage {
     originalHeight?: number | null
     updatedAt?: string | null // MySQL Date objects round to the nearest second, whereas Google includes milliseconds so we store as an epoch of type bigint to avoid any conversion issues
     cloudflareId?: string | null
+    userId?: number | null
 }
 export type DbRawImage = Required<DbInsertImage>
 
diff --git a/packages/@ourworldindata/types/src/dbTypes/UsersXImages.ts b/packages/@ourworldindata/types/src/dbTypes/UsersXImages.ts
deleted file mode 100644
index b008bea2534..00000000000
--- a/packages/@ourworldindata/types/src/dbTypes/UsersXImages.ts
+++ /dev/null
@@ -1,9 +0,0 @@
-export const UsersXImagesTableName = "users_x_images"
-
-export interface DbInsertUsersXImages {
-    createdAt?: Date
-    imageId: number
-    userId: number
-}
-
-export type DbRawUsersXImages = Required<DbInsertUsersXImages>
diff --git a/packages/@ourworldindata/types/src/index.ts b/packages/@ourworldindata/types/src/index.ts
index b0a5083eb15..d293f3b8958 100644
--- a/packages/@ourworldindata/types/src/index.ts
+++ b/packages/@ourworldindata/types/src/index.ts
@@ -680,12 +680,6 @@ export {
     UsersTableName,
 } from "./dbTypes/Users.js"
 
-export {
-    UsersXImagesTableName,
-    type DbInsertUsersXImages,
-    type DbRawUsersXImages,
-} from "./dbTypes/UsersXImages.js"
-
 export {
     type DbRawVariable,
     type DbEnrichedVariable,

From d078e49611dc7eaae9d9a30e3630d4b533bfe8c8 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Tue, 3 Dec 2024 15:58:54 -0500
Subject: [PATCH 32/40] =?UTF-8?q?=F0=9F=90=9B=20fix=20image=20upload=20rou?=
 =?UTF-8?q?te?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 db/db.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/db/db.ts b/db/db.ts
index bab8530fc3e..9f4e4c69528 100644
--- a/db/db.ts
+++ b/db/db.ts
@@ -737,7 +737,7 @@ export function getCloudflareImage(
         `-- sql
         SELECT * 
         FROM images
-        WHERE i.filename = ?`,
+        WHERE filename = ?`,
         [filename]
     )
 }

From 7df1a91df522ff268d16265edf1f85fa721f0f06 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Tue, 3 Dec 2024 15:59:10 -0500
Subject: [PATCH 33/40] =?UTF-8?q?=F0=9F=94=A8=20WIP=20image=20PUT?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adminSiteClient/ImagesIndexPage.tsx | 73 +++++++++++++++++++++--------
 1 file changed, 53 insertions(+), 20 deletions(-)

diff --git a/adminSiteClient/ImagesIndexPage.tsx b/adminSiteClient/ImagesIndexPage.tsx
index 31632fabbf5..b959885c916 100644
--- a/adminSiteClient/ImagesIndexPage.tsx
+++ b/adminSiteClient/ImagesIndexPage.tsx
@@ -37,6 +37,16 @@ type ImageEditorApi = {
         image: DbEnrichedImageWithUserId,
         patch: Partial<DbEnrichedImageWithUserId>
     ) => void
+    putImage: (payload: {
+        filename: string
+        content?: string
+        type: string
+    }) => void
+    postImage: (payload: {
+        filename: string
+        content?: string
+        type: string
+    }) => void
     deleteImage: (image: DbEnrichedImageWithUserId) => void
     getImages: () => void
     getUsers: () => void
@@ -286,6 +296,9 @@ function createColumns({
             width: 100,
             render: (_, image) => (
                 <Space size="middle">
+                    <ImageUpload onRequest={(payload) => api.putImage(payload)}>
+                        <Button type="text">Upload new version</Button>
+                    </ImageUpload>
                     <Popconfirm
                         title="Are you sure?"
                         description="This will delete the image being used in production."
@@ -303,12 +316,16 @@ function createColumns({
     ]
 }
 
-function ImageUploadButton({
-    setImages,
-    admin,
+function ImageUpload({
+    children,
+    onRequest,
 }: {
-    setImages: React.Dispatch<React.SetStateAction<ImageMap>>
-    admin: Admin
+    children: React.ReactNode
+    onRequest: (payload: {
+        filename: string
+        content?: string
+        type: string
+    }) => void
 }) {
     function uploadImage({ file }: { file: string | Blob | RcFile }) {
         if (typeof file === "string") return
@@ -323,23 +340,13 @@ function ImageUploadButton({
                 type: file.type,
             }
 
-            const { image } = await admin.requestJSON<{
-                sucess: true
-                image: DbEnrichedImageWithUserId
-            }>("/api/image", payload, "POST")
-
-            setImages((imagesMap) => ({
-                ...imagesMap,
-                [image.id]: image,
-            }))
+            onRequest(payload)
         }
         reader.readAsDataURL(file)
     }
     return (
         <Upload showUploadList={false} customRequest={uploadImage}>
-            <Button type="primary" icon={<FontAwesomeIcon icon={faUpload} />}>
-                Upload image
-            </Button>
+            {children}
         </Upload>
     )
 }
@@ -382,13 +389,33 @@ export function ImageIndexPage() {
                     [image.id]: response.image,
                 }))
             },
+            postImage: async (image) => {
+                const response = await admin.requestJSON<{
+                    success: true
+                    image: DbEnrichedImageWithUserId
+                }>(`/api/image`, image, "POST")
+                setImages((prevMap) => ({
+                    ...prevMap,
+                    [response.image.id]: response.image,
+                }))
+            },
+            putImage: async (image) => {
+                const response = await admin.requestJSON<{
+                    success: true
+                    image: DbEnrichedImageWithUserId
+                }>(`/api/image/${image.id}`, image, "PUT")
+                setImages((prevMap) => ({
+                    ...prevMap,
+                    [image.id]: response.image,
+                }))
+            },
             postUserImage: async (user, image) => {
-                const result = await admin.requestJSON(
+                const response = await admin.requestJSON(
                     `/api/users/${user.id}/image/${image.id}`,
                     {},
                     "POST"
                 )
-                if (result.success) {
+                if (response.success) {
                     setImages((prevMap) => ({
                         ...prevMap,
                         [image.id]: { ...prevMap[image.id], userId: user.id },
@@ -439,7 +466,13 @@ export function ImageIndexPage() {
                         onChange={(e) => setFilenameSearchValue(e.target.value)}
                         style={{ width: 500, marginBottom: 20 }}
                     />
-                    <ImageUploadButton setImages={setImages} admin={admin} />
+                    <ImageUpload
+                        onRequest={(payload) => api.postImage(payload)}
+                    >
+                        <Button type="primary">
+                            <FontAwesomeIcon icon={faUpload} /> Upload
+                        </Button>
+                    </ImageUpload>
                 </Flex>
                 <Table columns={columns} dataSource={filteredImages} />
             </main>

From bdb4d3ddc814367d3d3362841aed7795625187cb Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Tue, 3 Dec 2024 18:02:15 -0500
Subject: [PATCH 34/40] =?UTF-8?q?=F0=9F=8E=89=20add=20upload=20new=20versi?=
 =?UTF-8?q?on=20of=20image=20functionality?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adminSiteClient/ImagesIndexPage.tsx | 202 ++++++++++++++++++----------
 adminSiteClient/admin.scss          |   5 +
 adminSiteServer/apiRouter.ts        | 140 +++++++++----------
 adminSiteServer/imagesHelpers.ts    | 103 ++++++++++++++
 4 files changed, 305 insertions(+), 145 deletions(-)
 create mode 100644 adminSiteServer/imagesHelpers.ts

diff --git a/adminSiteClient/ImagesIndexPage.tsx b/adminSiteClient/ImagesIndexPage.tsx
index b959885c916..0eeff9194b2 100644
--- a/adminSiteClient/ImagesIndexPage.tsx
+++ b/adminSiteClient/ImagesIndexPage.tsx
@@ -3,18 +3,10 @@ import React, {
     useContext,
     useEffect,
     useMemo,
+    useRef,
     useState,
 } from "react"
-import {
-    Button,
-    Flex,
-    Input,
-    Mentions,
-    Popconfirm,
-    Space,
-    Table,
-    Upload,
-} from "antd"
+import { Button, Flex, Input, Mentions, Popconfirm, Table, Upload } from "antd"
 import { AdminLayout } from "./AdminLayout.js"
 import { AdminAppContext } from "./AdminAppContext.js"
 import { DbEnrichedImageWithUserId, DbPlainUser } from "@ourworldindata/types"
@@ -22,7 +14,6 @@ import { Timeago } from "./Forms.js"
 import { ColumnsType } from "antd/es/table/InternalTable.js"
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome"
 import { faClose, faUpload } from "@fortawesome/free-solid-svg-icons"
-import { Admin } from "./Admin.js"
 import { RcFile } from "antd/es/upload/interface.js"
 import TextArea from "antd/es/input/TextArea.js"
 import { CLOUDFLARE_IMAGES_URL } from "../settings/clientSettings.js"
@@ -37,11 +28,14 @@ type ImageEditorApi = {
         image: DbEnrichedImageWithUserId,
         patch: Partial<DbEnrichedImageWithUserId>
     ) => void
-    putImage: (payload: {
-        filename: string
-        content?: string
-        type: string
-    }) => void
+    putImage: (
+        id: number,
+        payload: {
+            filename: string
+            content?: string
+            type: string
+        }
+    ) => void
     postImage: (payload: {
         filename: string
         content?: string
@@ -124,7 +118,11 @@ function UserSelect({
     }
 
     const handleSelect = async (option: { value?: string; label?: string }) => {
-        const selectedUser = usersMap[option.value!]
+        // iterating because we only have the label when using the admin context
+        const selectedUser = Object.values(usersMap).find(
+            (user) => user.fullName === option.label
+        )
+
         if (selectedUser) {
             setValue(selectedUser.fullName)
             await onUserSelect(selectedUser)
@@ -151,7 +149,7 @@ function UserSelect({
         <div>
             <Button
                 type="text"
-                onClick={() => handleSelect({ value: admin.username })}
+                onClick={() => handleSelect({ label: admin.username })}
             >
                 + {admin.username}
             </Button>
@@ -162,6 +160,33 @@ function UserSelect({
     )
 }
 
+// when updatedAt changes, the image will reload the src
+// but it looks like sometimes cloudflare doesn't update in time :(
+function ImgWithRefresh({
+    src,
+    updatedAt,
+}: {
+    src: string
+    updatedAt: number | null
+}) {
+    const ref = useRef<HTMLImageElement>(null)
+    useEffect(() => {
+        if (ref.current && updatedAt) {
+            ref.current.src = ""
+            fetch(src, { cache: "reload" })
+                .then(() => {
+                    if (ref.current) {
+                        ref.current.src = src
+                    }
+                })
+                .catch(() => {
+                    console.log("Something went wrong refreshing the image")
+                })
+        }
+    })
+    return <img ref={ref} src={src} style={{ maxHeight: 100, maxWidth: 100 }} />
+}
+
 function createColumns({
     api,
     users,
@@ -175,7 +200,7 @@ function createColumns({
             dataIndex: "cloudflareId",
             width: 100,
             key: "cloudflareId",
-            render: (cloudflareId, { originalWidth }) => {
+            render: (cloudflareId, { originalWidth, updatedAt }) => {
                 const srcFor = (w: number) =>
                     `${CLOUDFLARE_IMAGES_URL}/${encodeURIComponent(
                         cloudflareId
@@ -187,9 +212,9 @@ function createColumns({
                             href={`${srcFor(originalWidth!)}`}
                             rel="noopener"
                         >
-                            <img
+                            <ImgWithRefresh
                                 src={`${srcFor(200)}`}
-                                style={{ maxHeight: 100, maxWidth: 100 }}
+                                updatedAt={updatedAt}
                             />
                         </a>
                     </div>
@@ -295,10 +320,8 @@ function createColumns({
             key: "action",
             width: 100,
             render: (_, image) => (
-                <Space size="middle">
-                    <ImageUpload onRequest={(payload) => api.putImage(payload)}>
-                        <Button type="text">Upload new version</Button>
-                    </ImageUpload>
+                <Flex vertical>
+                    <PutImageButton putImage={api.putImage} id={image.id} />
                     <Popconfirm
                         title="Are you sure?"
                         description="This will delete the image being used in production."
@@ -310,43 +333,78 @@ function createColumns({
                             Delete
                         </Button>
                     </Popconfirm>
-                </Space>
+                </Flex>
             ),
         },
     ]
 }
 
-function ImageUpload({
-    children,
-    onRequest,
-}: {
-    children: React.ReactNode
-    onRequest: (payload: {
-        filename: string
-        content?: string
-        type: string
-    }) => void
-}) {
-    function uploadImage({ file }: { file: string | Blob | RcFile }) {
-        if (typeof file === "string") return
+type File = string | Blob | RcFile
 
-        const reader = new FileReader()
-        reader.onload = async () => {
-            const base64Data = reader.result?.toString()
+type FileToBase64Result = {
+    filename: string
+    content: string
+    type: string
+}
 
-            const payload = {
+/**
+ * Uploading as base64, because otherwise we'd need multipart/form-data parsing middleware in the server.
+ * This seems easier as a one-off.
+ **/
+function fileToBase64(file: File): Promise<FileToBase64Result | null> {
+    if (typeof file === "string") return Promise.resolve(null)
+
+    return new Promise((resolve) => {
+        const reader = new FileReader()
+        reader.onload = () => {
+            resolve({
                 filename: file.name,
-                content: base64Data,
+                content: reader.result?.toString() ?? "",
                 type: file.type,
-            }
-
-            onRequest(payload)
+            })
         }
         reader.readAsDataURL(file)
+    })
+}
+
+function PostImageButton({
+    postImage,
+}: {
+    postImage: ImageEditorApi["postImage"]
+}) {
+    async function uploadImage({ file }: { file: File }) {
+        const result = await fileToBase64(file)
+        if (result) {
+            postImage(result)
+        }
     }
     return (
         <Upload showUploadList={false} customRequest={uploadImage}>
-            {children}
+            <Button type="primary">
+                <FontAwesomeIcon icon={faUpload} /> Upload
+            </Button>
+        </Upload>
+    )
+}
+
+function PutImageButton({
+    putImage,
+    id,
+}: {
+    putImage: ImageEditorApi["putImage"]
+    id: number
+}) {
+    async function uploadImage({ file }: { file: File }) {
+        const result = await fileToBase64(file)
+        if (result) {
+            putImage(id, result)
+        }
+    }
+    return (
+        <Upload showUploadList={false} customRequest={uploadImage}>
+            <Button className="ImageIndexPage__update-image-button" type="text">
+                Upload new version
+            </Button>
         </Upload>
     )
 }
@@ -384,34 +442,40 @@ export function ImageIndexPage() {
                     success: true
                     image: DbEnrichedImageWithUserId
                 }>(`/api/images/${image.id}`, patch, "PATCH")
-                setImages((prevMap) => ({
-                    ...prevMap,
-                    [image.id]: response.image,
-                }))
+                if (response.success) {
+                    setImages((prevMap) => ({
+                        ...prevMap,
+                        [image.id]: response.image,
+                    }))
+                }
             },
             postImage: async (image) => {
                 const response = await admin.requestJSON<{
                     success: true
                     image: DbEnrichedImageWithUserId
-                }>(`/api/image`, image, "POST")
-                setImages((prevMap) => ({
-                    ...prevMap,
-                    [response.image.id]: response.image,
-                }))
+                }>(`/api/images`, image, "POST")
+                if (response.success) {
+                    setImages((prevMap) => ({
+                        ...prevMap,
+                        [response.image.id]: response.image,
+                    }))
+                }
             },
-            putImage: async (image) => {
+            putImage: async (id, payload) => {
                 const response = await admin.requestJSON<{
                     success: true
                     image: DbEnrichedImageWithUserId
-                }>(`/api/image/${image.id}`, image, "PUT")
-                setImages((prevMap) => ({
-                    ...prevMap,
-                    [image.id]: response.image,
-                }))
+                }>(`/api/images/${id}`, payload, "PUT")
+                if (response.success) {
+                    setImages((prevMap) => ({
+                        ...prevMap,
+                        [id]: response.image,
+                    }))
+                }
             },
             postUserImage: async (user, image) => {
                 const response = await admin.requestJSON(
-                    `/api/users/${user.id}/image/${image.id}`,
+                    `/api/users/${user.id}/images/${image.id}`,
                     {},
                     "POST"
                 )
@@ -424,7 +488,7 @@ export function ImageIndexPage() {
             },
             deleteUserImage: async (user, image) => {
                 const result = await admin.requestJSON(
-                    `/api/users/${user.id}/image/${image.id}`,
+                    `/api/users/${user.id}/images/${image.id}`,
                     {},
                     "DELETE"
                 )
@@ -466,13 +530,7 @@ export function ImageIndexPage() {
                         onChange={(e) => setFilenameSearchValue(e.target.value)}
                         style={{ width: 500, marginBottom: 20 }}
                     />
-                    <ImageUpload
-                        onRequest={(payload) => api.postImage(payload)}
-                    >
-                        <Button type="primary">
-                            <FontAwesomeIcon icon={faUpload} /> Upload
-                        </Button>
-                    </ImageUpload>
+                    <PostImageButton postImage={api.postImage} />
                 </Flex>
                 <Table columns={columns} dataSource={filteredImages} />
             </main>
diff --git a/adminSiteClient/admin.scss b/adminSiteClient/admin.scss
index b1d4b8865e6..a0a13798d6e 100644
--- a/adminSiteClient/admin.scss
+++ b/adminSiteClient/admin.scss
@@ -1219,4 +1219,9 @@ main:not(.ChartEditorPage):not(.GdocsEditPage) {
         width: 16px;
         vertical-align: -2px;
     }
+
+    .ImageIndexPage__update-image-button {
+        color: #007bff;
+        margin-bottom: 8px;
+    }
 }
diff --git a/adminSiteServer/apiRouter.ts b/adminSiteServer/apiRouter.ts
index 8def1d3f8f1..07c25101115 100644
--- a/adminSiteServer/apiRouter.ts
+++ b/adminSiteServer/apiRouter.ts
@@ -1,7 +1,6 @@
 /* eslint @typescript-eslint/no-unused-vars: [ "warn", { argsIgnorePattern: "^(res|req)$" } ] */
 
 import * as lodash from "lodash"
-import sharp from "sharp"
 import * as db from "../db/db.js"
 import {
     UNCATEGORIZED_TAG_ID,
@@ -10,8 +9,6 @@ import {
     ADMIN_BASE_URL,
     DATA_API_URL,
     FEATURE_FLAGS,
-    CLOUDFLARE_IMAGES_ACCOUNT_ID,
-    CLOUDFLARE_IMAGES_API_KEY,
 } from "../settings/serverSettings.js"
 import { FeatureFlagFeature } from "../settings/clientSettings.js"
 import { expectInt, isValidSlug } from "../serverUtils/serverUtil.js"
@@ -202,6 +199,13 @@ import {
 } from "./chartConfigHelpers.js"
 import { ApiChartViewOverview } from "../adminShared/AdminTypes.js"
 import { References } from "../adminSiteClient/AbstractChartEditor.js"
+import { CHART_VIEW_PROPS_TO_PERSIST } from "../db/model/ChartView.js"
+import {
+    deleteFromCloudflare,
+    processImageContent,
+    uploadToCloudflare,
+    validateImagePayload,
+} from "./imagesHelpers.js"
 
 const apiRouter = new FunctionalRouter()
 
@@ -1241,7 +1245,7 @@ postRouteWithRWTransaction(
 
 postRouteWithRWTransaction(
     apiRouter,
-    "/users/:userId/image/:imageId",
+    "/users/:userId/images/:imageId",
     async (req, res, trx) => {
         const userId = expectInt(req.params.userId)
         const imageId = expectInt(req.params.imageId)
@@ -1252,7 +1256,7 @@ postRouteWithRWTransaction(
 
 deleteRouteWithRWTransaction(
     apiRouter,
-    "/users/:userId/image/:imageId",
+    "/users/:userId/images/:imageId",
     async (req, res, trx) => {
         const userId = expectInt(req.params.userId)
         const imageId = expectInt(req.params.imageId)
@@ -3126,18 +3130,8 @@ getRouteNonIdempotentWithRWTransaction(
     }
 )
 
-postRouteWithRWTransaction(apiRouter, "/image", async (req, res, trx) => {
-    const { filename, type, content } = req.body
-    if (!filename || !type || !content) {
-        throw new JsonError("Missing required fields", 400)
-    }
-    if (
-        typeof filename !== "string" ||
-        typeof type !== "string" ||
-        typeof content !== "string"
-    ) {
-        throw new JsonError("Invalid field types", 400)
-    }
+postRouteWithRWTransaction(apiRouter, "/images", async (req, res, trx) => {
+    const { filename, type, content } = validateImagePayload(req.body)
 
     const preexisting = await trx<DbEnrichedImage>("images")
         .where("filename", "=", filename)
@@ -3150,46 +3144,9 @@ postRouteWithRWTransaction(apiRouter, "/image", async (req, res, trx) => {
         }
     }
 
-    // Strip the data URL prefix
-    const stripped = content.slice(content.indexOf(",") + 1)
-    const asBuffer = Buffer.from(stripped, "base64")
-    const asBlob = new Blob([asBuffer], { type: type })
-    const dimensions = await sharp(asBuffer)
-        .metadata()
-        .then(({ width, height }) => ({ width, height }))
-
-    const body = new FormData()
-    body.append("file", asBlob, filename)
-    body.append("id", encodeURIComponent(filename))
-    body.append("metadata", JSON.stringify({ filename }))
-    body.append("requireSignedURLs", "false")
-
-    console.log("Uploading image:", filename)
-    const response = await fetch(
-        `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_IMAGES_ACCOUNT_ID}/images/v1`,
-        {
-            method: "POST",
-            headers: {
-                Authorization: `Bearer ${CLOUDFLARE_IMAGES_API_KEY}`,
-            },
-            body,
-        }
-    ).then((res) => res.json())
-
-    if (response.errors.length) {
-        if (response.errors.length === 1) {
-            if (response.errors[0].code === 5409) {
-                throw new JsonError(
-                    "An image with this filename already exists in Cloudflare Images but isn't tracked in the database. Please contact a developer for help."
-                )
-            }
-        }
-
-        console.error("Error uploading image to Cloudflare:", response.errors)
-        throw new JsonError(JSON.stringify(response.errors))
-    }
+    const { asBlob, dimensions } = await processImageContent(content, type)
 
-    const cloudflareId = response.result.id
+    const cloudflareId = await uploadToCloudflare(filename, asBlob)
 
     if (!cloudflareId) {
         return {
@@ -3217,6 +3174,56 @@ postRouteWithRWTransaction(apiRouter, "/image", async (req, res, trx) => {
     }
 })
 
+/**
+ * Similar to the POST route, but for updating an existing image. Deletes the image
+ * from Cloudflare and re-uploads it with the new content. The filename will stay the same,
+ * but the dimensions will be updated.
+ */
+putRouteWithRWTransaction(apiRouter, "/images/:id", async (req, res, trx) => {
+    const { id } = req.params
+
+    const image = await trx<DbEnrichedImage>("images")
+        .where("id", "=", id)
+        .first()
+
+    if (!image) {
+        throw new JsonError(`No image found for id ${id}`, 404)
+    }
+
+    const originalCloudflareId = image.cloudflareId
+    const originalFilename = image.filename
+
+    if (!originalCloudflareId) {
+        throw new JsonError(
+            `Image with id ${id} has no associated Cloudflare image`,
+            400
+        )
+    }
+
+    await deleteFromCloudflare(originalCloudflareId)
+
+    const { type, content } = validateImagePayload(req.body)
+    const { asBlob, dimensions } = await processImageContent(content, type)
+    const newCloudflareId = await uploadToCloudflare(originalFilename, asBlob)
+
+    if (!newCloudflareId) {
+        throw new JsonError("Failed to upload image", 500)
+    }
+
+    await trx<DbEnrichedImage>("images").where("id", "=", id).update({
+        originalWidth: dimensions.width,
+        originalHeight: dimensions.height,
+        updatedAt: new Date().getTime(),
+    })
+
+    const updated = await db.getCloudflareImage(trx, originalFilename)
+
+    return {
+        success: true,
+        image: updated,
+    }
+})
+
 // Update alt text via patch
 patchRouteWithRWTransaction(apiRouter, "/images/:id", async (req, res, trx) => {
     const { id } = req.params
@@ -3261,25 +3268,12 @@ deleteRouteWithRWTransaction(
         if (!image) {
             throw new JsonError(`No image found for id ${id}`, 404)
         }
-
-        const response = await fetch(
-            `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_IMAGES_ACCOUNT_ID}/images/v1/${encodeURIComponent(image.cloudflareId!)}`,
-            {
-                method: "DELETE",
-                headers: {
-                    Authorization: `Bearer ${CLOUDFLARE_IMAGES_API_KEY}`,
-                },
-            }
-        ).then((res) => res.json())
-
-        if (response.errors.length) {
-            console.error(
-                "Error deleting image from Cloudflare:",
-                response.errors
-            )
-            throw new JsonError(JSON.stringify(response.errors))
+        if (!image.cloudflareId) {
+            throw new JsonError(`Image does not have a cloudflare ID`, 400)
         }
 
+        await deleteFromCloudflare(image.cloudflareId)
+
         await trx("images").where({ id }).delete()
 
         return {
diff --git a/adminSiteServer/imagesHelpers.ts b/adminSiteServer/imagesHelpers.ts
new file mode 100644
index 00000000000..edda44f13a8
--- /dev/null
+++ b/adminSiteServer/imagesHelpers.ts
@@ -0,0 +1,103 @@
+import { JsonError } from "@ourworldindata/types"
+import sharp from "sharp"
+import {
+    CLOUDFLARE_IMAGES_ACCOUNT_ID,
+    CLOUDFLARE_IMAGES_API_KEY,
+} from "../settings/serverSettings.js"
+
+export function validateImagePayload(body: any): {
+    filename: string
+    type: string
+    content: string
+} {
+    const { filename, type, content } = body
+    if (!filename || !type || !content) {
+        throw new JsonError("Missing required fields", 400)
+    }
+    if (
+        typeof filename !== "string" ||
+        typeof type !== "string" ||
+        typeof content !== "string"
+    ) {
+        throw new JsonError("Invalid field types", 400)
+    }
+    return { filename, type, content }
+}
+
+export async function processImageContent(
+    content: string,
+    type: string
+): Promise<{
+    asBlob: Blob
+    dimensions: { width: number; height: number }
+}> {
+    const stripped = content.slice(content.indexOf(",") + 1)
+    const asBuffer = Buffer.from(stripped, "base64")
+    const asBlob = new Blob([asBuffer], { type })
+    const { width, height } = await sharp(asBuffer)
+        .metadata()
+        .then(({ width, height }) => ({ width, height }))
+
+    if (!width || !height) {
+        throw new JsonError("Invalid image dimensions", 400)
+    }
+
+    return {
+        asBlob,
+        dimensions: {
+            width,
+            height,
+        },
+    }
+}
+
+export async function uploadToCloudflare(filename: string, blob: Blob) {
+    const body = new FormData()
+    body.append("file", blob, filename)
+    body.append("id", encodeURIComponent(filename))
+    body.append("metadata", JSON.stringify({ filename }))
+    body.append("requireSignedURLs", "false")
+
+    console.log("Uploading image:", filename)
+    const response = await fetch(
+        `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_IMAGES_ACCOUNT_ID}/images/v1`,
+        {
+            method: "POST",
+            headers: {
+                Authorization: `Bearer ${CLOUDFLARE_IMAGES_API_KEY}`,
+            },
+            body,
+        }
+    ).then((res) => res.json())
+
+    if (response.errors.length) {
+        if (response.errors.length === 1 && response.errors[0].code === 5409) {
+            throw new JsonError(
+                "An image with this filename already exists in Cloudflare Images but isn't tracked in the database. Please contact a developer for help."
+            )
+        }
+        console.error("Error uploading image to Cloudflare:", response.errors)
+        throw new JsonError(JSON.stringify(response.errors))
+    }
+
+    return response.result.id
+}
+
+export async function deleteFromCloudflare(cloudflareId: string) {
+    const response = await fetch(
+        `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_IMAGES_ACCOUNT_ID}/images/v1/${encodeURIComponent(
+            cloudflareId
+        )}`,
+        {
+            method: "DELETE",
+            headers: {
+                Authorization: `Bearer ${CLOUDFLARE_IMAGES_API_KEY}`,
+            },
+        }
+    ).then((res) => res.json())
+
+    if (response.errors.length) {
+        console.error("Error deleting image from Cloudflare:", response.errors)
+        throw new JsonError(JSON.stringify(response.errors))
+    }
+}

From a38d51fcc55e5a0f22d5fc4264e1e821fb757fdb Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Thu, 5 Dec 2024 18:40:12 -0500
Subject: [PATCH 35/40] =?UTF-8?q?=F0=9F=94=A8=20don't=20swallow=20error=20?=
 =?UTF-8?q?on=20image=20refresh?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adminSiteClient/ImagesIndexPage.tsx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/adminSiteClient/ImagesIndexPage.tsx b/adminSiteClient/ImagesIndexPage.tsx
index 0eeff9194b2..4f67354ece9 100644
--- a/adminSiteClient/ImagesIndexPage.tsx
+++ b/adminSiteClient/ImagesIndexPage.tsx
@@ -179,8 +179,8 @@ function ImgWithRefresh({
                         ref.current.src = src
                     }
                 })
-                .catch(() => {
-                    console.log("Something went wrong refreshing the image")
+                .catch((e) => {
+                    console.log("Something went wrong refreshing the image", e)
                 })
         }
     })

From 682481346487b581636fd4935afcae3d752afb45 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Thu, 5 Dec 2024 18:34:01 -0500
Subject: [PATCH 36/40] =?UTF-8?q?=F0=9F=8E=89=20add=20automatic=20alt=20te?=
 =?UTF-8?q?xt=20to=20cloudflare=20images=20admin?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adminSiteClient/ImagesIndexPage.tsx           | 83 +++++++++++++++----
 adminSiteClient/admin.scss                    | 23 +++++
 adminSiteServer/apiRouter.ts                  | 44 +++++++++-
 adminSiteServer/imagesHelpers.ts              | 34 ++++++++
 .../1731360326761-CloudflareImages.ts         | 27 ++++--
 ...1732994843041-CloudflareImagesAddUserId.ts |  3 +
 6 files changed, 190 insertions(+), 24 deletions(-)

diff --git a/adminSiteClient/ImagesIndexPage.tsx b/adminSiteClient/ImagesIndexPage.tsx
index 4f67354ece9..b72cbb48ccd 100644
--- a/adminSiteClient/ImagesIndexPage.tsx
+++ b/adminSiteClient/ImagesIndexPage.tsx
@@ -13,17 +13,23 @@ import { DbEnrichedImageWithUserId, DbPlainUser } from "@ourworldindata/types"
 import { Timeago } from "./Forms.js"
 import { ColumnsType } from "antd/es/table/InternalTable.js"
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome"
-import { faClose, faUpload } from "@fortawesome/free-solid-svg-icons"
+import {
+    faClose,
+    faRobot,
+    faSave,
+    faUpload,
+} from "@fortawesome/free-solid-svg-icons"
 import { RcFile } from "antd/es/upload/interface.js"
-import TextArea from "antd/es/input/TextArea.js"
 import { CLOUDFLARE_IMAGES_URL } from "../settings/clientSettings.js"
 import { keyBy } from "lodash"
+import cx from "classnames"
 
 type ImageMap = Record<string, DbEnrichedImageWithUserId>
 
 type UserMap = Record<string, DbPlainUser>
 
 type ImageEditorApi = {
+    getAltText: (id: number) => void
     patchImage: (
         image: DbEnrichedImageWithUserId,
         patch: Partial<DbEnrichedImageWithUserId>
@@ -55,30 +61,58 @@ function AltTextEditor({
     image,
     text,
     patchImage,
+    getAltText,
 }: {
     image: DbEnrichedImageWithUserId
     text: string
     patchImage: ImageEditorApi["patchImage"]
+    getAltText: ImageEditorApi["getAltText"]
 }) {
     const [value, setValue] = useState(text)
+    const [savedValue, setSavedValue] = useState(text)
+    const [shouldAutosize, setShouldAutosize] = useState(false)
 
-    const handleBlur = useCallback(
-        (e: React.FocusEvent<HTMLTextAreaElement>) => {
-            const trimmed = e.target.value.trim()
-            setValue(trimmed)
-            if (trimmed !== text) {
-                patchImage(image, { defaultAlt: trimmed })
-            }
-        },
-        [image, text, patchImage]
-    )
+    // Update local state if the prop updates (i.e. from the alt text suggestion)
+    useEffect(() => {
+        setValue(text)
+    }, [text])
+
+    const saveAltText = useCallback(() => {
+        const trimmed = value.trim()
+        patchImage(image, { defaultAlt: trimmed })
+        setSavedValue(trimmed)
+    }, [image, patchImage, value])
+
+    const handleGetAltText = useCallback(() => {
+        getAltText(image.id)
+        // Only autoexpand the textarea if the user generates alt text
+        setShouldAutosize(true)
+    }, [image.id, getAltText])
 
     return (
-        <TextArea
-            value={value}
-            onChange={(e) => setValue(e.target.value)}
-            onBlur={handleBlur}
-        />
+        <div className="ImageIndexPage__alt-text-editor">
+            <textarea
+                className={cx({
+                    "ImageIndexPage__alt-text-editor--should-autosize":
+                        shouldAutosize,
+                })}
+                value={value}
+                onChange={(e) => setValue(e.target.value)}
+            />
+            <Button onClick={handleGetAltText} type="text">
+                <FontAwesomeIcon icon={faRobot} />
+            </Button>
+            <Button
+                type="text"
+                onClick={saveAltText}
+                disabled={savedValue === value}
+            >
+                <FontAwesomeIcon icon={faSave} />
+            </Button>
+            {savedValue !== value && (
+                <span className="ImageIndexPage__unsaved-chip">Unsaved</span>
+            )}
+        </div>
     )
 }
 
@@ -183,7 +217,7 @@ function ImgWithRefresh({
                     console.log("Something went wrong refreshing the image", e)
                 })
         }
-    })
+    }, [src, updatedAt])
     return <img ref={ref} src={src} style={{ maxHeight: 100, maxWidth: 100 }} />
 }
 
@@ -241,6 +275,7 @@ function createColumns({
                     text={text}
                     image={image}
                     patchImage={api.patchImage}
+                    getAltText={api.getAltText}
                 />
             ),
         },
@@ -417,6 +452,18 @@ export function ImageIndexPage() {
 
     const api = useMemo(
         (): ImageEditorApi => ({
+            getAltText: async (id) => {
+                const response = await admin.requestJSON<{
+                    success: true
+                    altText: string
+                }>(`/api/gpt/suggest-alt-text/${id}`, {}, "GET")
+                if (response.success) {
+                    setImages((prevMap) => ({
+                        ...prevMap,
+                        [id]: { ...prevMap[id], defaultAlt: response.altText },
+                    }))
+                }
+            },
             deleteImage: async (image) => {
                 await admin.requestJSON(`/api/images/${image.id}`, {}, "DELETE")
                 setImages((prevMap) => {
diff --git a/adminSiteClient/admin.scss b/adminSiteClient/admin.scss
index a0a13798d6e..745bf9add7e 100644
--- a/adminSiteClient/admin.scss
+++ b/adminSiteClient/admin.scss
@@ -1224,4 +1224,27 @@ main:not(.ChartEditorPage):not(.GdocsEditPage) {
         color: #007bff;
         margin-bottom: 8px;
     }
+
+    .ImageIndexPage__alt-text-editor {
+        textarea {
+            border-radius: 6px;
+            position: relative;
+            border: 1px solid #ccc;
+            width: 100%;
+            &.ImageIndexPage__alt-text-editor--should-autosize {
+                field-sizing: content;
+            }
+        }
+    }
+    .ImageIndexPage__unsaved-chip {
+        color: gray;
+        background-color: lightgray;
+        padding: 2px 4px;
+        border-radius: 3px;
+        font-size: 10px;
+        text-transform: uppercase;
+        display: inline-block;
+        top: -2px;
+        position: relative;
+    }
 }
diff --git a/adminSiteServer/apiRouter.ts b/adminSiteServer/apiRouter.ts
index 07c25101115..f5fae7b303a 100644
--- a/adminSiteServer/apiRouter.ts
+++ b/adminSiteServer/apiRouter.ts
@@ -10,7 +10,10 @@ import {
     DATA_API_URL,
     FEATURE_FLAGS,
 } from "../settings/serverSettings.js"
-import { FeatureFlagFeature } from "../settings/clientSettings.js"
+import {
+    CLOUDFLARE_IMAGES_URL,
+    FeatureFlagFeature,
+} from "../settings/clientSettings.js"
 import { expectInt, isValidSlug } from "../serverUtils/serverUtil.js"
 import {
     OldChartFieldList,
@@ -202,6 +205,7 @@ import { References } from "../adminSiteClient/AbstractChartEditor.js"
 import { CHART_VIEW_PROPS_TO_PERSIST } from "../db/model/ChartView.js"
 import {
     deleteFromCloudflare,
+    fetchGptGeneratedAltText,
     processImageContent,
     uploadToCloudflare,
     validateImagePayload,
@@ -3307,6 +3311,44 @@ getRouteWithROTransaction(
     }
 )
 
+getRouteWithROTransaction(
+    apiRouter,
+    `/gpt/suggest-alt-text/:imageId`,
+    async (
+        req: Request,
+        res,
+        trx
+    ): Promise<{
+        success: boolean
+        altText: string | null
+    }> => {
+        const imageId = parseIntOrUndefined(req.params.imageId)
+        if (!imageId) throw new JsonError(`Invalid image ID`, 400)
+        const image = await trx<DbEnrichedImage>("images")
+            .where("id", imageId)
+            .first()
+        if (!image) throw new JsonError(`No image found for ID ${imageId}`, 404)
+
+        const src = `${CLOUDFLARE_IMAGES_URL}/${image.cloudflareId}/public`
+        let altText: string | null = ""
+        try {
+            altText = await fetchGptGeneratedAltText(src)
+        } catch (error) {
+            console.error(
+                `Error fetching GPT alt text for image ${imageId}`,
+                error
+            )
+            throw new JsonError(`Error fetching GPT alt text: ${error}`, 500)
+        }
+
+        if (!altText) {
+            throw new JsonError(`Unable to generate alt text for image`, 404)
+        }
+
+        return { success: true, altText }
+    }
+)
+
 postRouteWithRWTransaction(
     apiRouter,
     "/explorer/:slug/tags",
diff --git a/adminSiteServer/imagesHelpers.ts b/adminSiteServer/imagesHelpers.ts
index edda44f13a8..d6ab707121c 100644
--- a/adminSiteServer/imagesHelpers.ts
+++ b/adminSiteServer/imagesHelpers.ts
@@ -3,7 +3,9 @@ import sharp from "sharp"
 import {
     CLOUDFLARE_IMAGES_ACCOUNT_ID,
     CLOUDFLARE_IMAGES_API_KEY,
+    OPENAI_API_KEY,
 } from "../settings/serverSettings.js"
+import { OpenAI } from "openai"
 
 export function validateImagePayload(body: any): {
     filename: string
@@ -101,3 +103,35 @@ export async function deleteFromCloudflare(cloudflareId: string) {
         throw new JsonError(JSON.stringify(response.errors))
     }
 }
+
+export async function fetchGptGeneratedAltText(url: string) {
+    const openai = new OpenAI({
+        apiKey: OPENAI_API_KEY,
+    })
+
+    const completion = await openai.chat.completions.create({
+        messages: [
+            {
+                role: "user",
+                content: `Generate alt text for this image, describing it for a vision impaired person using a screen reader.
+Do not say "alt text:".
+Do not say "The image...".
+If the image is a data visualization and there are data sources in the footer, describe them exhaustively.`,
+            },
+            {
+                role: "user",
+                content: [
+                    {
+                        type: "image_url",
+                        image_url: {
+                            url,
+                        },
+                    },
+                ],
+            },
+        ],
+        model: "gpt-4o-mini",
+    })
+
+    return completion.choices[0].message.content
+}
diff --git a/db/migration/1731360326761-CloudflareImages.ts b/db/migration/1731360326761-CloudflareImages.ts
index 09032b0e7ac..1a1adb47530 100644
--- a/db/migration/1731360326761-CloudflareImages.ts
+++ b/db/migration/1731360326761-CloudflareImages.ts
@@ -3,17 +3,34 @@ import { MigrationInterface, QueryRunner } from "typeorm"
 export class CloudflareImages1731360326761 implements MigrationInterface {
     public async up(queryRunner: QueryRunner): Promise<void> {
         await queryRunner.query(`-- sql
-            ALTER TABLE images 
-                ADD COLUMN cloudflareId VARCHAR(255) NULL,
-                MODIFY COLUMN googleId VARCHAR(255) NULL
+            ALTER TABLE images
+            ADD COLUMN cloudflareId VARCHAR(255) NULL,
+            MODIFY COLUMN googleId VARCHAR(255) NULL,
+            MODIFY COLUMN defaultAlt VARCHAR(1600) NULL;`)
+
+        // One-way migration 👋
+        await queryRunner.query(`-- sql
+            UPDATE images
+            SET defaultAlt = NULL
+            WHERE defaultAlt = 'legacy-wordpress-upload';
         `)
     }
 
     public async down(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`-- sql
+            ALTER TABLE images
+            DROP COLUMN cloudflareId
+        `)
+
+        await queryRunner.query(`-- sql
+            UPDATE images 
+            SET googleId = 'cloudflare_image' 
+            WHERE googleId IS NULL
+        `)
+
         await queryRunner.query(`-- sql
             ALTER TABLE images 
-                DROP COLUMN cloudflareId,
-                MODIFY COLUMN googleId VARCHAR(255) NOT NULL
+            MODIFY COLUMN googleId VARCHAR(255) NOT NULL
         `)
     }
 }
diff --git a/db/migration/1732994843041-CloudflareImagesAddUserId.ts b/db/migration/1732994843041-CloudflareImagesAddUserId.ts
index 9305ec2c417..2a6165ccc53 100644
--- a/db/migration/1732994843041-CloudflareImagesAddUserId.ts
+++ b/db/migration/1732994843041-CloudflareImagesAddUserId.ts
@@ -13,6 +13,9 @@ export class CloudflareImagesAddUserId1732994843041
         `)
     }
     public async down(queryRunner: QueryRunner): Promise<void> {
+        await queryRunner.query(`-- sql
+            ALTER TABLE images DROP CONSTRAINT fk_user_images;
+        `)
         await queryRunner.query(`-- sql
             ALTER TABLE images DROP COLUMN userId;
         `)

From 57dc741d4c8631d3be0f6a171ca38c05f97224b5 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Fri, 6 Dec 2024 17:20:12 -0500
Subject: [PATCH 37/40] =?UTF-8?q?=E2=9C=A8=20improve=20automatic=20alt=20t?=
 =?UTF-8?q?ext=20react=20state?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adminSiteClient/ImagesIndexPage.tsx | 32 ++++++++---------------------
 1 file changed, 8 insertions(+), 24 deletions(-)

diff --git a/adminSiteClient/ImagesIndexPage.tsx b/adminSiteClient/ImagesIndexPage.tsx
index b72cbb48ccd..b95d10bbf62 100644
--- a/adminSiteClient/ImagesIndexPage.tsx
+++ b/adminSiteClient/ImagesIndexPage.tsx
@@ -29,7 +29,7 @@ type ImageMap = Record<string, DbEnrichedImageWithUserId>
 type UserMap = Record<string, DbPlainUser>
 
 type ImageEditorApi = {
-    getAltText: (id: number) => void
+    getAltText: (id: number) => Promise<{ altText: string; success: boolean }>
     patchImage: (
         image: DbEnrichedImageWithUserId,
         patch: Partial<DbEnrichedImageWithUserId>
@@ -69,22 +69,16 @@ function AltTextEditor({
     getAltText: ImageEditorApi["getAltText"]
 }) {
     const [value, setValue] = useState(text)
-    const [savedValue, setSavedValue] = useState(text)
     const [shouldAutosize, setShouldAutosize] = useState(false)
 
-    // Update local state if the prop updates (i.e. from the alt text suggestion)
-    useEffect(() => {
-        setValue(text)
-    }, [text])
-
     const saveAltText = useCallback(() => {
         const trimmed = value.trim()
         patchImage(image, { defaultAlt: trimmed })
-        setSavedValue(trimmed)
     }, [image, patchImage, value])
 
-    const handleGetAltText = useCallback(() => {
-        getAltText(image.id)
+    const handleGetAltText = useCallback(async () => {
+        const response = await getAltText(image.id)
+        setValue(response.altText)
         // Only autoexpand the textarea if the user generates alt text
         setShouldAutosize(true)
     }, [image.id, getAltText])
@@ -102,14 +96,10 @@ function AltTextEditor({
             <Button onClick={handleGetAltText} type="text">
                 <FontAwesomeIcon icon={faRobot} />
             </Button>
-            <Button
-                type="text"
-                onClick={saveAltText}
-                disabled={savedValue === value}
-            >
+            <Button type="text" onClick={saveAltText} disabled={value === text}>
                 <FontAwesomeIcon icon={faSave} />
             </Button>
-            {savedValue !== value && (
+            {value !== text && (
                 <span className="ImageIndexPage__unsaved-chip">Unsaved</span>
             )}
         </div>
@@ -452,17 +442,11 @@ export function ImageIndexPage() {
 
     const api = useMemo(
         (): ImageEditorApi => ({
-            getAltText: async (id) => {
-                const response = await admin.requestJSON<{
+            getAltText: (id) => {
+                return admin.requestJSON<{
                     success: true
                     altText: string
                 }>(`/api/gpt/suggest-alt-text/${id}`, {}, "GET")
-                if (response.success) {
-                    setImages((prevMap) => ({
-                        ...prevMap,
-                        [id]: { ...prevMap[id], defaultAlt: response.altText },
-                    }))
-                }
             },
             deleteImage: async (image) => {
                 await admin.requestJSON(`/api/images/${image.id}`, {}, "DELETE")

From 5fafd3b9059be70c33098554460b0a1377039e96 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Fri, 6 Dec 2024 18:14:31 -0500
Subject: [PATCH 38/40] =?UTF-8?q?=F0=9F=8E=89=20add=20hash=20table=20to=20?=
 =?UTF-8?q?images=20table?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adminSiteServer/apiRouter.ts                  | 39 ++++++++++++++++---
 adminSiteServer/imagesHelpers.ts              |  4 ++
 .../1731360326761-CloudflareImages.ts         |  5 ++-
 .../types/src/dbTypes/Images.ts               |  3 +-
 4 files changed, 43 insertions(+), 8 deletions(-)

diff --git a/adminSiteServer/apiRouter.ts b/adminSiteServer/apiRouter.ts
index f5fae7b303a..cf25285cb87 100644
--- a/adminSiteServer/apiRouter.ts
+++ b/adminSiteServer/apiRouter.ts
@@ -3148,7 +3148,21 @@ postRouteWithRWTransaction(apiRouter, "/images", async (req, res, trx) => {
         }
     }
 
-    const { asBlob, dimensions } = await processImageContent(content, type)
+    const { asBlob, dimensions, hash } = await processImageContent(
+        content,
+        type
+    )
+
+    const collision = await trx<DbEnrichedImage>("images")
+        .where("hash", "=", hash)
+        .first()
+
+    if (collision) {
+        return {
+            success: false,
+            error: `An image with this content already exists (filename: ${collision.filename})`,
+        }
+    }
 
     const cloudflareId = await uploadToCloudflare(filename, asBlob)
 
@@ -3164,10 +3178,9 @@ postRouteWithRWTransaction(apiRouter, "/images", async (req, res, trx) => {
         originalWidth: dimensions.width,
         originalHeight: dimensions.height,
         cloudflareId,
-        // TODO: make defaultAlt nullable
-        defaultAlt: "Default alt text",
         updatedAt: new Date().getTime(),
         userId: res.locals.user.id,
+        hash,
     })
 
     const image = await db.getCloudflareImage(trx, filename)
@@ -3204,10 +3217,23 @@ putRouteWithRWTransaction(apiRouter, "/images/:id", async (req, res, trx) => {
         )
     }
 
-    await deleteFromCloudflare(originalCloudflareId)
-
     const { type, content } = validateImagePayload(req.body)
-    const { asBlob, dimensions } = await processImageContent(content, type)
+    const { asBlob, dimensions, hash } = await processImageContent(
+        content,
+        type
+    )
+    const collision = await trx<DbEnrichedImage>("images")
+        .where("hash", "=", hash)
+        .first()
+
+    if (collision) {
+        return {
+            success: false,
+            error: `An image with this content already exists (filename: ${collision.filename})`,
+        }
+    }
+
+    await deleteFromCloudflare(originalCloudflareId)
     const newCloudflareId = await uploadToCloudflare(originalFilename, asBlob)
 
     if (!newCloudflareId) {
@@ -3218,6 +3244,7 @@ putRouteWithRWTransaction(apiRouter, "/images/:id", async (req, res, trx) => {
         originalWidth: dimensions.width,
         originalHeight: dimensions.height,
         updatedAt: new Date().getTime(),
+        hash,
     })
 
     const updated = await db.getCloudflareImage(trx, originalFilename)
diff --git a/adminSiteServer/imagesHelpers.ts b/adminSiteServer/imagesHelpers.ts
index d6ab707121c..d2e90bea7e6 100644
--- a/adminSiteServer/imagesHelpers.ts
+++ b/adminSiteServer/imagesHelpers.ts
@@ -1,3 +1,4 @@
+import crypto from "crypto"
 import { JsonError } from "@ourworldindata/types"
 import sharp from "sharp"
 import {
@@ -32,9 +33,11 @@ export async function processImageContent(
 ): Promise<{
     asBlob: Blob
     dimensions: { width: number; height: number }
+    hash: string
 }> {
     const stripped = content.slice(content.indexOf(",") + 1)
     const asBuffer = Buffer.from(stripped, "base64")
+    const hash = crypto.createHash("sha256").update(asBuffer).digest("hex")
     const asBlob = new Blob([asBuffer], { type })
     const { width, height } = await sharp(asBuffer)
         .metadata()
@@ -50,6 +53,7 @@ export async function processImageContent(
             width,
             height,
         },
+        hash,
     }
 }
 
diff --git a/db/migration/1731360326761-CloudflareImages.ts b/db/migration/1731360326761-CloudflareImages.ts
index 1a1adb47530..fc93ecd61e5 100644
--- a/db/migration/1731360326761-CloudflareImages.ts
+++ b/db/migration/1731360326761-CloudflareImages.ts
@@ -5,6 +5,8 @@ export class CloudflareImages1731360326761 implements MigrationInterface {
         await queryRunner.query(`-- sql
             ALTER TABLE images
             ADD COLUMN cloudflareId VARCHAR(255) NULL,
+            ADD CONSTRAINT images_cloudflareId_unique UNIQUE (cloudflareId),
+            ADD COLUMN hash VARCHAR(255) NULL,
             MODIFY COLUMN googleId VARCHAR(255) NULL,
             MODIFY COLUMN defaultAlt VARCHAR(1600) NULL;`)
 
@@ -19,7 +21,8 @@ export class CloudflareImages1731360326761 implements MigrationInterface {
     public async down(queryRunner: QueryRunner): Promise<void> {
         await queryRunner.query(`-- sql
             ALTER TABLE images
-            DROP COLUMN cloudflareId
+            DROP COLUMN cloudflareId,
+            DROP COLUMN hash
         `)
 
         await queryRunner.query(`-- sql
diff --git a/packages/@ourworldindata/types/src/dbTypes/Images.ts b/packages/@ourworldindata/types/src/dbTypes/Images.ts
index e60157f9983..a17431a5a44 100644
--- a/packages/@ourworldindata/types/src/dbTypes/Images.ts
+++ b/packages/@ourworldindata/types/src/dbTypes/Images.ts
@@ -2,7 +2,7 @@ import { DbPlainUser } from "./Users.js"
 
 export const ImagesTableName = "images"
 export interface DbInsertImage {
-    googleId: string
+    googleId: string | null
     defaultAlt: string
     filename: string
     id?: number
@@ -10,6 +10,7 @@ export interface DbInsertImage {
     originalHeight?: number | null
     updatedAt?: string | null // MySQL Date objects round to the nearest second, whereas Google includes milliseconds so we store as an epoch of type bigint to avoid any conversion issues
     cloudflareId?: string | null
+    hash?: string | null
     userId?: number | null
 }
 export type DbRawImage = Required<DbInsertImage>

From 9ba649540a29a22c9808db970a0c44305d44bc99 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Fri, 6 Dec 2024 18:38:34 -0500
Subject: [PATCH 39/40] =?UTF-8?q?=F0=9F=94=A8=20fix=20rebase?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 adminSiteServer/apiRouter.ts | 1 -
 1 file changed, 1 deletion(-)

diff --git a/adminSiteServer/apiRouter.ts b/adminSiteServer/apiRouter.ts
index cf25285cb87..862e50b8179 100644
--- a/adminSiteServer/apiRouter.ts
+++ b/adminSiteServer/apiRouter.ts
@@ -202,7 +202,6 @@ import {
 } from "./chartConfigHelpers.js"
 import { ApiChartViewOverview } from "../adminShared/AdminTypes.js"
 import { References } from "../adminSiteClient/AbstractChartEditor.js"
-import { CHART_VIEW_PROPS_TO_PERSIST } from "../db/model/ChartView.js"
 import {
     deleteFromCloudflare,
     fetchGptGeneratedAltText,

From 24576e2b44ca12a577ae7bd909a6abcab41b3ae6 Mon Sep 17 00:00:00 2001
From: Ike Saunders <ikesau@protonmail.com>
Date: Mon, 9 Dec 2024 22:17:51 -0500
Subject: [PATCH 40/40] =?UTF-8?q?=E2=9C=A8=20use=20a=20uuid=20for=20cloudf?=
 =?UTF-8?q?lareId,=20fix=20algolia=20indexing?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 baker/algolia/utils/pages.ts                  |  60 +++++++++++++++---
 .../1731360326761-CloudflareImages.ts         |   2 +-
 .../cloudflareImagesSync.ts                   |   4 +-
 .../types/src/gdocTypes/GdocConstants.ts      |   5 +-
 packages/@ourworldindata/utils/src/image.ts   |  11 +---
 packages/@ourworldindata/utils/src/index.ts   |   2 -
 public/default-featured-image.png             | Bin 0 -> 30731 bytes
 site/search/SearchPanel.tsx                   |   9 +--
 8 files changed, 57 insertions(+), 36 deletions(-)
 create mode 100644 public/default-featured-image.png

diff --git a/baker/algolia/utils/pages.ts b/baker/algolia/utils/pages.ts
index 1b88ff4fd17..10451000000 100644
--- a/baker/algolia/utils/pages.ts
+++ b/baker/algolia/utils/pages.ts
@@ -12,10 +12,10 @@ import {
     PostRestApi,
     DbPlainTag,
     OwidGdocPostInterface,
-    getThumbnailPath,
     ARCHVED_THUMBNAIL_FILENAME,
     DEFAULT_GDOC_FEATURED_IMAGE,
     DEFAULT_THUMBNAIL_FILENAME,
+    DbEnrichedImage,
 } from "@ourworldindata/utils"
 import { formatPost } from "../../formatWordpressPost.js"
 import ReactDOMServer from "react-dom/server.js"
@@ -40,6 +40,11 @@ import { match, P } from "ts-pattern"
 import { gdocFromJSON } from "../../../db/model/Gdoc/GdocFactory.js"
 import { formatUrls } from "../../../site/formatting.js"
 import { TypeAndImportance } from "./types.js"
+import {
+    BAKED_BASE_URL,
+    CLOUDFLARE_IMAGES_URL,
+} from "../../../settings/clientSettings.js"
+import { logErrorAndMaybeSendToBugsnag } from "../../../serverUtils/errorLog.js"
 
 const computePageScore = (record: Omit<PageRecord, "score">): number => {
     const { importance, views_7d } = record
@@ -155,19 +160,38 @@ async function generateWordpressRecords(
     return records
 }
 
-function getGdocThumbnailUrl(gdoc: OwidGdocPostInterface): string {
+const getThumbnailUrl = (
+    gdoc: OwidGdocPostInterface,
+    cloudflareImages: Record<string, DbEnrichedImage>
+): string => {
     if (gdoc.content["deprecation-notice"]) {
-        return `/${ARCHVED_THUMBNAIL_FILENAME}`
+        return `${BAKED_BASE_URL}/${ARCHVED_THUMBNAIL_FILENAME}`
+    }
+
+    if (!gdoc.content["featured-image"]) {
+        return `${BAKED_BASE_URL}/${DEFAULT_GDOC_FEATURED_IMAGE}`
     }
-    if (gdoc.content["featured-image"]) {
-        return getThumbnailPath(gdoc.content["featured-image"])
+
+    const thumbnailFilename = gdoc.content["featured-image"]
+    const cloudflareId = cloudflareImages[thumbnailFilename]?.cloudflareId
+
+    if (!cloudflareId) {
+        void logErrorAndMaybeSendToBugsnag(
+            new Error(
+                `Gdoc ${gdoc.id} has no cloudflare image with filename ${thumbnailFilename}`
+            )
+        )
+        // won't render in the search page
+        return ""
     }
-    return `/images/published/${DEFAULT_GDOC_FEATURED_IMAGE}`
+
+    return `${CLOUDFLARE_IMAGES_URL}/${cloudflareId}/w=512`
 }
 
 function generateGdocRecords(
     gdocs: OwidGdocPostInterface[],
-    pageviews: Record<string, RawPageview>
+    pageviews: Record<string, RawPageview>,
+    cloudflareImagesByFilename: Record<string, DbEnrichedImage>
 ): PageRecord[] {
     const getPostTypeAndImportance = (
         gdoc: OwidGdocPostInterface
@@ -211,7 +235,8 @@ function generateGdocRecords(
         const chunks = generateChunksFromHtmlText(renderedPostContent)
         const postTypeAndImportance = getPostTypeAndImportance(gdoc)
         let i = 0
-        const thumbnailUrl = getGdocThumbnailUrl(gdoc)
+
+        const thumbnailUrl = getThumbnailUrl(gdoc, cloudflareImagesByFilename)
 
         for (const chunk of chunks) {
             const record = {
@@ -266,7 +291,15 @@ export const getPagesRecords = async (knex: db.KnexReadonlyTransaction) => {
         pageviews,
         knex
     )
-    const gdocsRecords = generateGdocRecords(gdocs, pageviews)
+    const cloudflareImagesByFilename = await db
+        .getCloudflareImages(knex)
+        .then((images) => keyBy(images, "filename"))
+
+    const gdocsRecords = generateGdocRecords(
+        gdocs,
+        pageviews,
+        cloudflareImagesByFilename
+    )
 
     return [...countryRecords, ...wordpressRecords, ...gdocsRecords]
 }
@@ -317,6 +350,9 @@ export async function indexIndividualGdocPost(
     }
     const index = client.initIndex(getIndexName(SearchIndexName.Pages))
     const pageviews = await getAnalyticsPageviewsByUrlObj(knex)
+    const cloudflareImagesByFilename = await db
+        .getCloudflareImages(knex)
+        .then((images) => keyBy(images, "filename"))
     const existingPageviews = pageviews[`/${indexedSlug}`]
     const pageviewsForGdoc = {
         [gdoc.slug]: existingPageviews || {
@@ -327,7 +363,11 @@ export async function indexIndividualGdocPost(
             url: gdoc.slug,
         },
     }
-    const records = generateGdocRecords([gdoc], pageviewsForGdoc)
+    const records = generateGdocRecords(
+        [gdoc],
+        pageviewsForGdoc,
+        cloudflareImagesByFilename
+    )
 
     const existingRecordsForPost: ObjectWithObjectID[] =
         await getExistingRecordsForSlug(index, indexedSlug)
diff --git a/db/migration/1731360326761-CloudflareImages.ts b/db/migration/1731360326761-CloudflareImages.ts
index fc93ecd61e5..6d3a2dfb57a 100644
--- a/db/migration/1731360326761-CloudflareImages.ts
+++ b/db/migration/1731360326761-CloudflareImages.ts
@@ -4,7 +4,7 @@ export class CloudflareImages1731360326761 implements MigrationInterface {
     public async up(queryRunner: QueryRunner): Promise<void> {
         await queryRunner.query(`-- sql
             ALTER TABLE images
-            ADD COLUMN cloudflareId VARCHAR(255) NULL,
+            ADD COLUMN cloudflareId CHAR(36) NULL,
             ADD CONSTRAINT images_cloudflareId_unique UNIQUE (cloudflareId),
             ADD COLUMN hash VARCHAR(255) NULL,
             MODIFY COLUMN googleId VARCHAR(255) NULL,
diff --git a/devTools/cloudflareImagesSync/cloudflareImagesSync.ts b/devTools/cloudflareImagesSync/cloudflareImagesSync.ts
index 0b9521514dc..6d4037ce52a 100644
--- a/devTools/cloudflareImagesSync/cloudflareImagesSync.ts
+++ b/devTools/cloudflareImagesSync/cloudflareImagesSync.ts
@@ -119,7 +119,7 @@ async function purgeRecords(trx: db.KnexReadWriteTransaction) {
             console.log("Deleting image:", image.filename)
             try {
                 await fetch(
-                    `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_IMAGES_ACCOUNT_ID}/images/v1/${encodeURIComponent(image.id)}`,
+                    `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_IMAGES_ACCOUNT_ID}/images/v1/${image.id}`,
                     {
                         method: "DELETE",
                         headers: {
@@ -295,7 +295,6 @@ async function uploadImageToCloudflareImages(
 
     const formData = new FormData()
     formData.append("url", imageUrl)
-    formData.append("id", encodeURIComponent(filename))
     formData.append("metadata", metadata)
     formData.append("requireSignedURLs", "false")
 
@@ -430,7 +429,6 @@ You need to set "CLOUDFLARE_IMAGES_ACCOUNT_ID" and "CLOUDFLARE_IMAGES_API_KEY" i
 
     await db.knexReadWriteTransaction(async (trx) => {
         // await purgeRecords(trx)
-
         const directory = await getCloudflareImageDirectory()
         const { isValid, invalidImages } = await validateDirectory(
             trx,
diff --git a/packages/@ourworldindata/types/src/gdocTypes/GdocConstants.ts b/packages/@ourworldindata/types/src/gdocTypes/GdocConstants.ts
index 0faf546ec2f..883f82537bd 100644
--- a/packages/@ourworldindata/types/src/gdocTypes/GdocConstants.ts
+++ b/packages/@ourworldindata/types/src/gdocTypes/GdocConstants.ts
@@ -29,10 +29,11 @@ export const GDOCS_URL_PLACEHOLDER = `${GDOCS_BASE_URL}/document/d/****/edit`
 
 export const gdocIdRegex = /^[0-9A-Za-z\-_]{44}$/
 
-// This file is saved in Drive in the Unattributed Images folder
-// Somewhat fragile, should be fixed as part of https://github.com/owid/owid-grapher/issues/2485
+// Stored in this repo and served
 export const DEFAULT_GDOC_FEATURED_IMAGE = "default-featured-image.png"
 
+// Stored in this repo and served
 export const DEFAULT_THUMBNAIL_FILENAME = "default-thumbnail.png"
 
+// Stored in this repo and served
 export const ARCHVED_THUMBNAIL_FILENAME = "archived-thumbnail.jpg"
diff --git a/packages/@ourworldindata/utils/src/image.ts b/packages/@ourworldindata/utils/src/image.ts
index 326cbca456e..0ba121291bf 100644
--- a/packages/@ourworldindata/utils/src/image.ts
+++ b/packages/@ourworldindata/utils/src/image.ts
@@ -56,16 +56,6 @@ export function getFilenameAsPng(filename: ImageMetadata["filename"]): string {
     return `${getFilenameWithoutExtension(filename)}.png`
 }
 
-export function getFilenameAsThumbnail(
-    filename: ImageMetadata["filename"]
-): string {
-    return `${getFilenameWithoutExtension(filename)}_${LARGE_THUMBNAIL_WIDTH}.png`
-}
-
-export function getThumbnailPath(filename: string): string {
-    return `/images/published/${getFilenameAsThumbnail(filename)}`
-}
-
 export function getFilenameMIMEType(filename: string): string | undefined {
     const fileExtension = getFilenameExtension(filename)
     const MIMEType = {
@@ -133,6 +123,7 @@ export function getFeaturedImageFilename(gdoc: OwidGdoc): string | undefined {
                 const featuredImageSlug = match.content["featured-image"]
                 if (!featuredImageSlug) return undefined
                 // Social media platforms don't support SVG's for og:image, in which case, use the fallback PNG that the baker generates
+                // TODO: remove this and add an error if an author tries to use an SVG as a featured image
                 return getFilenameExtension(featuredImageSlug) === "svg"
                     ? getFilenameAsPng(featuredImageSlug)
                     : featuredImageSlug
diff --git a/packages/@ourworldindata/utils/src/index.ts b/packages/@ourworldindata/utils/src/index.ts
index ce1d4e5aed3..af900b5f15b 100644
--- a/packages/@ourworldindata/utils/src/index.ts
+++ b/packages/@ourworldindata/utils/src/index.ts
@@ -308,8 +308,6 @@ export {
     getSizes,
     generateSrcSet,
     getFilenameWithoutExtension,
-    getFilenameAsThumbnail,
-    getThumbnailPath,
     getFilenameAsPng,
     getFilenameExtension,
     getFilenameMIMEType,
diff --git a/public/default-featured-image.png b/public/default-featured-image.png
new file mode 100644
index 0000000000000000000000000000000000000000..e1c4cdb52bbe98dbb6b7582cbf60612fa3973b27
GIT binary patch
literal 30731
zcmeFZXFFU`8#YX;L=Xf?v`B&=MvLBph#;cZ83a*>QAY1UB8ZacU5GZ!h?v2Q7IhMB
z)X|ALO0)>0d$;?3-aqhsdyeD&v~k#bt-aQ@u5zB|wWD-isnJ}&d!2%Uf=2ztGd&85
zOC$=4i`S^G0DpNAqt`=0;WMEAOv%8P^3RE80>@&y&|%~7Z2uAuj|Bbi@P~WP%qaQ&
z`>2c}xY=IFOIa9Q8x5C$Jrpr<z-ZsIlKA`D{nL+t&`HPw<6fBjQ*Ox)M(X6r^=4i7
zj|*`Ztp{F6F~5|!SIu=nP6;B1+L1SXcuP4I7iih&YIhn;&%|(B({P5nsXIg=wGutI
zY0m&milPsl-lTs1!&BxK>GSK)XHr+sujy34)F~+LG0w7`U*Fu%x(HlCUq-;se@%#T
zqdmWh()UsVm!~}cyZL_$_CF)}-@*95cLoQ~F90`xHwhlD8ITQ;OUOXm&%hnYzhgvw
zY4SY&>uq$U)$H4*-j9FR1ik74H7rBVdP>QP$A8J2L21Cv6dnw{y7g3JDVBb!cP$%4
z&AnIJhby{3*pln>Ddzs$Buf^-z4!`coJ>i~*2Yxxrgr_dk<7_2%fTo~`;g1P18!fQ
zWmAp%;c`MVQn+m>FgP4O6JOD|B*5fea41V4`xtOd-7A-s-j_LCT?@arDP-ty^+)-l
zF>Txwv_exWij{wt=GJ>&1?u@7Ntl1n$cnbY4p!<yj30=3t&P<+;FRK?*esiA`!7-v
zjilkQ8)LX-sve~z|F(R)s(s*kEfl`HIhVh+yqy^SZ9{uybbBOw=t6_{;UHlkkq+j1
ze4B%7s=rx8>dIXLJNU<OJG|OvVhO!lO{3X(N5X4i5$$?r;PoKp9qSTY#8OO5Y^6?d
zU;P5bUxwcP5~*!AORt`LAL>M0ut7GTtR@57$nurjMXLfsEFU6^Em0s1bjyVxJ>%Pw
zrt&QJe~kJcy<Zimj$N;GcUH>R3pyigu$tX82m!r1^)`ErdrIHAKE2&4M_D7xMDd-m
zSH#2XUX88Wwt<t^q+U<M(;K?-!r~_yGHz}%l>eG%n?)*C++ZjwiF_Kj2^4<nUV0=|
zc#i+p#*^#YrnMXIp=HsJDW~4GL&>wv#<cxFP+1^LUVHv<<EP^8kExYx#Z&%<f0+%2
zna^3mu~nt~SA)GR50~4T(IJ~b!#0$Cwux8czfR7Lvf?4Vu1U=hm-d>97a_i<l};R7
zq!h8V%=C1cVam|s2>1;{d7;HZ64~f2q}yRl^PZ2yc9q&?B{}BJ<L#&80|lWB%c*0g
zSqBsI_wy#OF8AHN=~LEWk8VVVZj3c3zRH@aZaz>#y@nBA%IvNFx<s+Sn`QIpzFRb7
zcgg3Nx@~E2rUnzTLRX7C-gNRE@kd9C!n3DR+0J;8My_*jL8S+@QNqk$%5j!aSy}n7
zPu|b6ScKP@T8bh`Nech@*^ejER2lb^x<r1~#;zWCZXO>|a<TXECBEw(g8<fi;Y-yA
zLZ->jp|4b5B*c$>s+GFcoSh!5jXl#`8~V3>=|4}&52Wv;xlm;C?_Ls^4Y-@T@<60f
zLzwI4VMeykq9b|AV?r>hqLY(@a7%yXIt3NUBo7y~i<vq5etq$FoXpn%lU=SpkA8mR
zFfCSBjlf~t%eM&{9Tm||Et~eV@iq!?_>^QQ?q%6fTK9+V4fjXmCF};;=cqy@GGz2R
z_V5mOy2m6;GD><mEQ7Q<m7r_J?a~GtWA#k|{V7HikD}b-sH5wqDo!SZ5UO;_*#68q
zDdjSOJ_$9;poTQA9W!v#lTX;sI?%OLjgtFW8O*(uPt_yfS^AgUwP`P4Q-iA{C#Lok
zSS=g=#uyogN=UnHz2I*yqA>$Qv8^IVWK~DUm5MI#-}fE7)4pI$0g7ACrSPUbMqMYO
z>yy>epN!GC#vS}c#BwO{Q6WYg=25cWJ27B3IBv$Oxh7hJ=8z2*rKGT>@7)&n!ep7s
zFMc2?GqLwE^G*kreIOD`h<7au|H}GkLbaf4_k=AlqH71k-Q6G0UoF8cPN*$=H%+kE
z3<c3utpRKk7$#p;*aw}k$_6KOUTa5JFXc+Ite1<hFi<>-af{O!?l?TM%n%&80Ct@b
z29G_;yLjEZHeoeO>zzUDqMouQ6uF5+ZtsLB?hr!$4J&d}<jJ*2BaD7g1#~Yu#ydp$
zt&?>Zr9M$;JP|+f;8$W3I+82;l9WO;%WcI<5zKPkry*$c>FRIK3lyCXvevL^LNya?
zRYuW!dAyvHFj{t<uVX}_=s4+ca@@@9HnWnWB^V4pn=Dp5czM2d8d4+r?&Lk-ykrQC
zP|~9m4u0%i(#fzk155s^!ibxhjZ_E<P{j~?2O5icZUp~9ucXu~t%x+UQQXp$8d0f=
z;S3(@N}NZH`;9!qJW_^=>U`ES1LKV={w!`+4iOGyUDxM{#7Z;>stK*<jOV4ud)b1`
ziF%DP<LR3}kTo|HjP{-W^E8ib*zV^AGqBB#ANz<?LAh~{iT4Ki3f0wd6=vxNlTaRZ
z(8I@9DH>l%jXVg$Zp6d}UXaOqSco3jb=iPK2_iATzb?@}c<?Y@I)UP8dIVgaD{YOA
zk{y^$igG!)j%QbWWp>2pbYpyoh5mW4qKy=rAo8k(uLvc@B17+P=xbES{k)hvo)p-2
z@1G3(-iH!Cs3BmHBO-&Og`!5xr@wi2h*D8Jnv`V7X6B8E%<(Hp<o)4Z>2sJ!7>JUb
zK?Mhq8|Vhr!b8a0zsZ<1pIg?`IzhVLW53C%bipCJzeS>ci=LkREki9&s!p_ZWFkUg
zfSY7|`sykzhq~<bQQAhYn<ny@5PmQ7U%=~>@Wha8$c-eukwuuJ{C3BLWfmP^v<$so
zlcx=50fwr>-t=v%yQ*k4RVtsko|^Z;`FCa^H*Q#p`PR?n^PFuh6~=JW7f+uFudg(>
z)9Ii}A5`3;?`^Mapqqt&m$18EFkT5tMOrm)oE_N%PgdWp0Io$#YQ&0ebKfdsbaa|>
zl)g<%t4R-Io#i`^eBxwzDKxwy=!nkn3>4NwwURGif^04Gp|iNEt2G))t(W)G3ku!1
zzUU=CcGJusFlv~~y0_toiCOB-v6Y?O*6EQxV4rqN5H;0z$`PV2jBh7<)pFHS<7ZM}
zr_Ct-htT_JvZ?!ZymYUOXEXz~CpJRr(`J{bw->@Es%nNQPP}~&7n8srrIrsXztIRH
zEpM}~9Wzf&8t&5vF3H7Tpjc9q8c}k$o-TR~Lh$9Ud%*4)w`^^RwUZ65dI>aEakJk(
zZq)KQBA@+fT*Xi(sGzG;^46?$G7<IoE0!}&h4TcpC1I0cHVSmO8_Fi%_K`$YwG~#0
zy%V|Ln?3w=nc*T99;E|YJBc^uGB+5+aD9!DCDZp&F1Y<0PE=(hjUdevapi)*)=@Fm
z;Z!A4ECLm6Zp(>@B?f!-)k{-2T%3jA<#vDU&86N(ODD-@mJ~rXU$C$!Y13LfpwNo3
z3A(oKHD6}zEpfxiP!qbogG8F&s;J5$sAVO#)vHnD1-4*mqY@_sYf^*4>Ndwzvac=n
z8r0MiyB=y_c2L)LNTH8uwNv}Y$A^VWVq;=(ljDd&CW<tnS%_NO)Za+z95I$*2FbHl
z6ndwa;0a2~6xh(iE60?46~IP=#=&)F(if7Te}8{62&;z8G$vGI&_vwmxQxULcFC#F
zRfU)=VK$0dVc=<U2RhjGa$P~66LRoS88Mn_2{<`>Qw;6U#o2&U5y~fgu->F^+y3TP
z%Ob&J17>S)plg5~>>i}?S*wUr2rB|F@_})jp@z_|YGN)pV%*=z8m|;(=s6C4%cfDX
zWD11AY}r!`_U^YBByzsY$gaVWKkZ_uH+?S#Qo3H=-{F5kKK*rXE(w9ZXV;&6yU)?}
za)yNA3kRJ!Eo9;7(BIr*C=w~%I^*D&ouQCJ5xRG?7c;q`By4OZ3j|St_V>EjHXC}Y
zMFXoH%Q;LHd}8TRUy>9@%GSX**m}kg6TOp`b3Gr%ED~^JR}{O*RqqSMR?;#HDEjzY
zu*@+C>_BxD$NswKcpy3Fl~9mLx$n!l$|!uvL)mIAg9`4@A~vbCGbyP?e_MNg437j_
zE=_aF$t8BguvcO}ZEg7q9|bzb4b@I7zoWyi{#bDox3=AO&~9U(_mrh7HNSx=kB|HD
zJ1TQ3jPeB73~KJ^(la&S|N9*aBSjym1)CC0jNcv}`KtG96kXTX^Oc)lFfWGseiv70
zQQPBQ2LAF9jBk`OlJWeIK!aY(NJvm=y7muTr+EC)4OOUNc7Yx~WY8@**_*3iF4+4>
zH7Z6mbVCLRvYkk3O)i|?3CsOa+zt_}R~Ktb69i<?)j;TT;F^U{s}4i>H1Ew_a+^3g
z%QC5Tx-zw=7A+lRB!BgZ<LZmk%hLVCnZ0=nV>2_TOYUW<MkiY${D~o)qVE;3Z2W~S
zd@Y5eolXa>bE?8Dl;(W#Usk2_`2G`iZDtNrYN{pr2gVn6(0>Lr&CF@ie5NNq`T;lV
z0k6zg>I5SdXhXAahdH=RRc%`8T{9q1YDN7ZZT;)wtML+4SQ2NlX5U}`)NuhPQBxg9
z(|E9HU;gGJ{QKt)TMCLD-YjUk9)Bhe-K*k@SG!Cd`n<K*bNTH8{xbz`Hu88q7dk54
zPdApS$~N;x(D>wdMis-(a#@H5#Z%d9B(sP785$)SF|t(w&UWlLmpTriqIS()w!Vnc
z3;ZNy@WdlYade@0_1Y;6hrRPwgxW38P?~jxB;cdDRx$bHawzfedA_)}bLI=~QF*E*
zbQSH4^YVev%CD<6#gqAW=S#i}e0%MFksH)!^XS+%)f{qiSE)69)n@sZ<g~_S{aNbj
zh(aT2?)@_Z!eY)5^Mp7rnA!PR-sm$gQ}Zcb!2j#(=ga@=osdAU%G0mcf<>$6b50kk
zEJ9%T0IoPpSH&@rMe;joy3fM<m+G*HbiFKzZLgqNWO=^Xh6TSM#gXlQcCji+7Gxnn
ze_CN0)Z?7I@f$;5kqi$q!UwD^{N867ZXK3bAe&#rn97}XRn+JEZ_N8O$>bdE)L&7q
zzcN>Qv#DddK*3eO)*Cd%l?9EG8cQ2ZJL_%qCiX|~5w*gpQIjkPFl;8l`|MbnQ_78U
zS3S7io|z$Kh$R+2v$h?aDf8DuJkrHU=8R{sh>hd892@WFu3`;#O0_dH8)Tura(_Q+
z#6f?(h>?|8#7TFG+6$zOHRN&y=?~)dIfqz?+a?vYe=`k#FyIHRyi<TmE`ZaZ`DKJC
zy-ppKYmM)eGuFk%YZCI4q;-PJ2%ur+nyPGu-tQf|?6nv}Qs^bj**UUFb{Gp4@gGg%
zQ~indSvBozEzqz+z<soBC@+ON+Os$KejKTo%JhhqRg<l8K_MPSp4nR_(aN8=Iq88_
z7D0+evR5i9tRkr4o7Nm0m%v)tx7vSA5y7r^B0N|lnT^_VtGsUhZ8y&P(|%MzC#k|i
z$DyvR;Oo=L7w4zDJzCUR0KBaIK&22zVmiOnG>`=iMc^<PLBg-eXk?M<2mjiFx4}Ud
zA1Vml{{X%Jv*NTDfmqGpPxAA{|7ofaD4r7^OO4q|&Ef1laF8?F4Cb&NQVL<5tL3Ol
ziafxTTC&P+j6*KhxKE=dzCMnjv0*7_l-9XgyPfd??x@5bbG~t2&>aFr%*9w><6`Lc
zYmY=fxzB??TyN};fU`(iaKp<Bd9}=g%TbmM9?Oao`r)Cx{Dh65f9apHZ^q6&J9D0U
z=K9y3Y$$1m;}}RD7{4150tS7{aB@VN)he7#Rv?yX8%Ir~MyiR#U1){Y!LtwkqF(Kj
z)N52q8m6>*k)pscXmc0n9m%K{8A9u_rOu}@jNB@ypKbDT`}2XYs(W>5IBThyX7|@j
z@2Ol%T78C$n(QW7r-27`l+W6-7WVGj&HT%A59P@BsWk6pcx@JF7f)I<hqvEEYfWMU
zS0n=>gGE?EEDU_wbEg*6E!hW>zuj<1(xB=a!7TfZ4E1D+<)#*akMc1X8pOSAqMdSA
zRa8O=wP31yFMYBZP(&IJ_oNI+^5MxWGbGuw;Jm}e2eq)Zlv$p3lIf(czwae;rR}@^
z>odWh_9Tx1Z{TvAy+Ci}Tz@rFK}|Ln$9g}G?ua~XY-rs2j*4XVy36I@%8e1)k_@PU
z9Fg0ga{)CS-u{8{uR|9{iZ5qd`<(Du_q)}@?HUW21pO7I9}q1xx?_(Z2IhW15nYWg
z8d~pgNmvVW+kpI#h$cfKo^WPM?YF=4V!epkZ=8Rw5olC<GdGuN`Ted`Ps7{l+H`A8
zpYP2!531&NX0sJJO2Yc}l!1y{1t&$kwk6Fu3z<c5rM!C_mS?JaKNoxhOXgB$ZTDU)
zZ1i4BJW(OYW$gytM7}d;LB?=jO3*E}z}4P%oZG!kz^4lq(vJeE<dQ;W{(TpHY8b;J
z%}skVY1|ju#rxgkQ(vf!hDE8X;9I5*1|o@Dn2;k|BCCVanl*fte}c+pV#xF+9_Ndc
z5a$Tnqwi%xMNnU^TKfATCVz7H;qFtILnbhV`7lI8;>p&=5$9Kh54IPv$-*<c%GDB{
zdgrxM_U?>igL-Ym#@n4c3z3dp$b&|_l(xg5w3)FAwu*khd^BYu)mtuRQLpgQlc3s9
zDPR=+gI0rhfvEYg3sk)ivjia5d_MMMbQMS7EuaD}n9&iK7t1NR>G2ZG+49wXaooa;
z#Mt|JbA8G=Y;_2cS}sE`7)Wlab$sl$cI#LsstU!!k`y95>=7zBUd~a_S6P+%CYB>p
zRxa1>V}V7?Eivgk*<*fTwv$iT-%Eko2=i$_AT8Li<i3INYT57RgA2F=xaq37)=%4m
z8kXP|M&y->lT#K|bE!sRq8ln=-h4$#C(u<Zq5~-3{$wS8>>od@yHZBdaCM2LE^}5o
z{f(6}erKZ&I}LmhqOPPtE4!KTB4j_%{gS0w)dzlZiOjfs*gJ+8CVV&Ou`QpWI@9OY
zTZ-CQaN2@~OxVp{Cg&3xs2<F&XR*fh>`Rh<<`s`t2(|odJay5p3pL1wi2`W}Zge%X
zyaDb@%po-f^{TP&4_4_H61g^Fk?9eYS<HK#L)o$>?}TeU;dG#Ue=k+gh2PE&S-YCK
zbLu)T&Q#S=&FnpIqPgbKwiC3x5?S`TsccSW4TyvBZvsTtA7lxbZ0u$1Oi33@7dneX
zRGYqd_q?<j!WOC7xX)3|z&u+nuy6NFe?5`KNrX5qBY-&Es28_<;pU5*Od&EE2bEpd
z#SMf>IMahpW)JX_$1fd~xNPf-G~{?OrC$51V@-^#M<N!y{7RgSYEMUefVE%bc**Y5
zo9sX`ZeecyEMznbnF|Y6pfm?YU7ncQPa8`-g7booHJlruh(d9;fZYYZGan?<vXkjn
z8(hapiiIiXOr*BNNYE!(pfO0*&~TI-o!$ki^R+lLH(*UU%=ljFReL{e&6;)XU6K*K
z#!dwMU8hXz0-XB>$&UE8d%eBTqP*qZ<EGW<ozu<A<1a(6LI2hx6vMC#{FgOHlY)zi
z%*+a`fhnyF#Q;Taxqoz~xBCw2iS9||nSJ%m-Vu|Gpza*s*8#4aRR_*S@q5dk!>L`6
zt%D=4X~W!5I^0RlP)9+vYrrO5PkT#6?X~MSZaa5rt51xs@bhk^VNrxr-emHc{ooMU
z(;-K43E@_PM<VGF&g0)C7WKyOf2gb+>*RqaGLxoFn77v&8nRS;zUYWr=oi+gO$^Df
zg-IX2k}@ut<jv!bPzo%K5PUB=li<26{+NipqGha72zI+Lim%)L4}RxC2$a`P6h!Vc
zh_JXM<L{PF@}n?bTPF*54}^V}W1Jitj=#qYh8(X6q2CDh@1Ct>IMJHVT);_HXA9)T
z*tn~MO$j^-#j%uTGR<sMq-c!YZf6qkyv1MUziK=F+%{W=ut;mme`{dk4GpSio%#3u
zZ51C<qpUQA=sU^c@yV}zb`|-#1uIp(kP+f_n5Z4I0{ifKgRUvKI}poNy41HT3=Ff8
zJ}2@)Fr_f2UF&h|Yg)T&r0chQ;yrQ~vH}PHL<}r6ny?etZns)zx%7FWe>yuVy;IBD
zBJaWiuNf+FyIgWc6ncG;T*|O8xy1r2j3`<gSt{dEH2PUC-8|{=Pb3cvPr<@nu0b{Y
z6st|UOK)|*bwj<_x${v*!(GXw<teO@pZuFtTecFOSS`KddzVGFu;%B`q1<bKL?|Lp
zui8MeuF%UWR}3ii7FzNhTm-qE#2z@!G;wP)S)$Rev^ce~?KWF~Y!+bz=Q^ro3*W=$
z>BmvE#~*XWVELHEtR3;Ldnpfd);`1DD*=i5g++ya_p2o@b+h~4ylWXt8d|!%<G%Dx
zYck3;MgbIF(q0K7YvrF0J2rqzBcv69!JGA%2*5%Zmdrjs(Qoq`ZzUfKYdJrLO4y7*
z&T>yjlqe48hpxiIYo$h<yR^_-FhVtgPCu{_vx0rE%h=20a3FmpO|o5P%VSZ2i_@|Y
zlkA-?>wwepnQJZ0$=yor8<(k^ElL8H0@ZX83v+Vcc@ly8?On;WD%`&G5^S0&vQ0k2
zvc&HW=Y~k&kNC~lCZ5&w&pqP}pQj2;c0)adiq>Gphs;ou%`1Ohq0qu0M9Lp#Ocn7k
zxZrC9As<L_BA*skql3RVxwybuVH*HKbt{ICSj3iJxch@zs3^+_;-%{Ux4Dk7=feot
zu+U`m%8FGPX>I-Xr6w0#R8gMQws*~+_l}bhh`Kb5WxM>$#!ru4ZB!E#U{{@ECOI!*
z!);7H`c5efx5WHv<cwL1F3&<1x+~QSE)E(@{MJKMUh&hFkqfHFmB2cEPC+xG?{8P9
zxN=xcrx2Ye+jim$KlfNX4H1?KZp>By68V3<0U@Qq@`JYFnGzzT$Nbf+J#~e>K4nWs
z>nH9q+YM*N_5z61kW)GII?s6BW=Mibt%JRwmxwW&O8(uy3%}X^EN?3slB`+G`k3(X
zWAi^dS9iWF%wMwwc7td7r}RvB&@}Dn6|4|ZFd{G38<y!X1(ghAz|R>Nz7fB3n8k+x
z75EE|DCcO=V1_v?<}Sn)g%6cv#gIMYSdF|A5>*UV7I5k;l>LckCmZ+U3+X}H0Csda
zRnt-ABT2l&$9ddWpGaJ+!XAIuM1*eC`5Zs=(yd3GSHMoJ$#808Cs`<)nsu}8<F97R
z2gYnZbI=XZGO72@?3WU@r9mY&jc5!r54p&QQ`A;qHq88~+63C2I?X%ERA22cA-ik$
zFe)LhbbftEk91_~;Ns$>+mTMJ=rP8S>sWRgI5o;Vqu^iUk8(8sf4~VKQoe8#PNUC4
zx-BMwG9EoA>r>=HR<szZ^gW4%A~LnihdX+jBrqU|<9hi~j{FnfCfCxq2ivEdL@%RB
z^tg=F`y}7TUx4V{(q?{`rEvPM>e<+<kk4dk1SyQ7V34GRgo`&g|91Ak2*X?+QQdhi
zZZtJM{*?`h)Ro^m0srkj&A4+ZPd`27>oeIk6>^g9%HRIqzHUIeYWxKNE2Jb5^D4(!
z_b(hQ>xB>#{4q9i1FORHO3B&DJgxTqBkqNG4Xkg-=JATygP@Sq|1*_^#>6}iR3NrS
zxil-hKVSvGlkEgCiyo!<9w2<Xo4z2j72%ti-8BeFFazpsffU_xb?LUt=5d5GnVbBx
zRcEF4bcM+?Sg~^?QoOYBTbxG2WPZbL)LEnaCrcFhO{V;T&gsa;3gO~uNfK1%QH+iH
zal=(+EPM9GxhavSgdKwqJZ1{vc;-fwf_l7c<*xDZj<s3;{8^%G0>An-Fqrr5^-d?P
zYBUGC-c2^csn|vszT@u9>vTBnSpUnn=Md=&S+U-r8=OJMrnm!6@4|qP!<R&j@sc4h
z76#peFCuGZ^ct8=)BGovCJ8J4cY3XJ^eMYq+Mp6-;;e7Z12(A4Z^fN}58fkGR6Wc~
zFPW8Z@sP9CXCVjQ30Z?g4MO{`<4Hk_9cfs{<)H3c=2eFoh&d93<zP4Jfn_vhmv-=X
z`L)=$Ug0F?@6FVeK=_R`JrEING>ohGDoE24788wf5OG<(FL2tZ1(c%aKEwD<Sg6B%
z(0-1r-mA^ygK(#7%6z2asu=?6U(1>Aqlu5`H0<r+k7}DgL+0}hb~}0;F2{?|?;!sm
ztDP-8ba$oMAJFuQ!~gwoEiU_(a?sUqDPN(9f6;^?*L?dhaOI!@_jw<P<-*3)3bmn=
zocyWgDL$b43paUpMcm{rWVF{`oj>E;8JrV1&C;>FG{kEQpeo>)Zqp$aQ)!lfwy9H>
zQt4P1M|sgnjT$yEcz)Aqp=kKt&0pdn!UzVq^9_sOMJ7{{N-}fz@btk><S=<R(o!)+
zFt5z@@51;)b40Blb8cl!wy{~r6+#eXUOJ9-aM#^MWJ2x;cH$S-%aa7$xVowNR830?
zZ=5AMiuT27Q-MZ^8u8t*OUJ2SU|WbF`nHCQ+R&1poqpDwT^Sj;o3QVNUVq=Q3<`^L
zd<|~IV4_yBwNeD8wwL1d&JUh>5vu}1vOM_2)5=uKTmnPRwkw)`dgvnkH_GlO#iWN8
zNIl1k^u$&b{=%5cwvqIrnju<G@esRnE6fxn^XPycli{9Y-29~F$RGlThJXU6!Uo9C
zB2mT6?AtA^%dZ$&GfOjA+l6-!Cx729jSH<2i9F?&6UW}8IyKaif-OHGZ++|IG-#Kc
zyq>16?R-JytX1)k?njy%)_#fp_7W?J-U$4+G8fP7^^^nwR5X^ec{+`gvk-%Xr>Vod
zN3vpcoFq*{u-j7mO)bn5n3Kcny%Nxy;=8n;Ge(P8t41=eQ#QeP*aLRoIO%Pe!sCyR
zN08}n*_eWT*8Sxcb&LtShHOyO*|g%d#p^Y)^X1rOe}}HQIH@I<#sKa786b_M4|L-y
zR_tMA9wlm|s&apl-LjQQIgoa|f63{)m*|y@c;$JeRT2{U;8gPp;VdJmb@s*%(xW#c
zU?n*b$%^I_`&lGvAPE#AyY9Ni=x@&xX0MnX5N#1ZV!uJPyW+SzG`X?_UiSWOEi%d@
z+}C;J2U4HWqVe-<wto51S62ndy9%!76>x9+&|G2CLRaTN>;9IgYC;EhmOPAl+My&=
zuH2__o}6M%djvXe6^pzBz5=f$_ZPcpxI{^LFWnuxRY6aJqhsA@L#Ja9S9cUTnJ1j#
zxeoET3qVy|^Off#PSo@7JG+Sw&rOGK&(0LlK=nDq?(jdye>cRv<Or<9unhK3o4L-x
z#^u41g^i=$XY;X-L#?Dd1j9bezW|S$T7dv{Qv)-yd}8B_^z0zNU8p#UzBhdBoOaVk
zBEuB}%!|GpZQqt)H(Eq^Mj^0j!P6T~B|(XPDOZOlzSe=vZt-3QA-|V?aoQ3qE&qxH
z)KUM8#6x|K9`G-jS+Bmx!M?)iT3qt^QivfI0tTcqh_$<7*%VMYHWGkF!?2k2)gCbn
z)(OQt0frk8RH19xHC}ZX@i6JPnssfrKd{YH81(ep0qQFMu8&ynC>=hZ1Q`H0zWWY^
zMiYxH{&f5oCNaHnp?4|u#z)&y&lTlih@kQAWZQd8w)rU2@Ol__FMTw@z7;ca-GwLX
zVqU6s3HmiEh?Y(6v&Z-o0KPH@z!yU%f350j+OR?^p+6rqzUvBQN~QW9d!W%vRKEG<
z4FdSN!Q4Ozsvp`#MXH9I`-mk0IW;5-RvhHfgX(S=V^2|*y83kUnZxT6PuWG73%lw&
z;^BLcwOx3)9SD+t7x63RE7iaTo4@AL=x?lPqKA~+RD24Njnz?&FE}T6QxV{Kk;qI@
zL;l#$v6<^n0BksAELnQVvqc!lt`m1cKSPJbpAJ?7rr-Yxa9#od&@~+Ed)85BM+Xao
zL6^^3S6}vf$aVjIV$5xNDKk<GjYi$k?b<uYI$ap-?TPFh4xYidfl?IH*om*OFej7S
z$`jW}dA9i{e7rti9qQya+G@-o|2l5uXTch+eBnRm(xwd-A%ljIz+iR#WI%BubjJ(|
zeVjguwsPtG5>?1<--+4J&lGeJGnLT9Ywdxi9A<31O`ym+E<*V$K_oicEv{mDRoFE2
zCQHNn%Qco8PSJujbQJ^0Un#_*i{T{{(7)KbPSCaAbYLHqoOE?H%M*R4ao_g{EDGRO
z=18543?E~iGd%|<pFwNblHmZGJpp}B{7)EF;=a<US3ODS$L9v8<RLG?r-YNg@Y|xC
z_74*f9|16}$57X;d^XR~1c}7*|GM9IY}h&rH@LP`>Y2XcT&TH|>22S-B3_n3XBsJp
zdY3aE@~Honh$~2~5??vrBV_&7>U@|DXA*#USZ=I##ETOA!`h=6gLj}fE;DfE)TKkO
zwaA-xPsRrP9}V7*Eh4!BrYmfB0cDw4ELirdklph3R~e|N^I>=8r)s|K48nF5a_#9N
zWb#>;ym3-HICz+eFEUlsfUWf#u)jOo#eRw(QH=w79|jh4c>kh4yPIhYLu%M^dh0M=
zgE#Fm#hJR_wPF!8WklkGQa)XI^icEuwte7Pid^e1-0-vbfmwNWpxEZ0pZ%TsOlbx3
zerdp}H9;gL;u;VhaeMz+H1@Wxo-6^24L6XF7w_W~##7j@sqwp39eM)knNE(euR+G#
zoiBIElCs9m)~(~*3X(Rac07w2%@R3Zm_#jD@G_7U2ErnMxWAHKaKLk<6kIv1u|V-d
zhEqI&3QZW>iruE|Ml9ndhhsPE$*GqTz?gnfICM>KocE}2zzo`m*_~@X=$;e0X;TuM
zL(gzf9Vh`yu*m*-%R-#Hnn}{N8!KnJDCKQ-Ny(TBFnZbDraz)$B#qR7rAa(LDO7oZ
zgC}H%VX0Sq?0H(ya_~G7X|vL+YQ){)5%Hfy<GypRJ4YHc>POV88qCtcK|Z&vPvqs3
zlmd^P1=cBrls--%8(mP)y<<5%t+(I!a|+eBo9LJ)?_t~vNP@OqO0_WP4x6MpM4lnw
z`#c}ubxs_@<+fU4N*%E+S+_s+?@FNe4?K=Pp3&_T{CXn??weWXha9R%8K+I|)TdbP
z_B_LCI2Z~KQa(~0T>os380TeiZ~Y3``!8iX!H(E$33PP_JdwmR`m*RczVh+B=&Ri~
z&pJxU3NN&PybI($*`ov&Fh36}sNpq?R0)5ikTGg^0fQn$QjQn@^8Qt2+5|{2EHLO`
z5KKWrT3gTz%mSzoMv9vE1ADwqQ_DP1M|R)kic?v2Rd}$tfL9?1x6pIo>XFZ3({m`a
zvcs6vz<RiG)H6eQMJl(nyNg!BrIt_7AQ#}I`m6nXabqMWAhbMQZi;6nY|eb&dg@x5
zzfLw5S}1etrti)6Z{kdbbJ|nUOupewg}^Jd)1=kZfX(t0-FaD2c%#-1?a|$wuDQsj
zlQD@zx(~kLVtE+k?1)?(9mfSL<!0K1lkB!xeOX)*ARIxv+NIj3o8-Eg_snlSQEqbN
zzru&=OrXcHK!u9Em>^ze*qh8x7X2_10e|{7!#P!MP}x3nx3Un!+zd%%qNR3miM=PJ
zRzgqt3e_3U#xkhOH=0Vl8ZR~_^;7&PCb;g;=cV{uJF7wN^C}+H(=#RWYpgwVX3|G_
zX1zHZmKWsV>XL2plw!z06WV*njwC83Ht2h_6bJ_6_0W$hw4@ixGr%dc)-nUwMu<-C
z=@V@#zN`n4Y!$Ly_m&xEA#Y#V(mrLLzM{<NVcgSh4ijS!WdJk*S-aLDgB=Gw*)gn-
zwG4X~Et1?p`ZR>>OtN&(s7Xpcz2WQh$`dK$4?CZnQa^Pv;4XZ72+UA?YR_E)LF%kZ
zL&96%Ota}ACUZ0U?@HzF{fJV19B)!yr1I?`nuPeJfj_9O?s)uzO|m(Eb>6{h9bX`s
zsIZ|9UMnRZR_<R2vwisONefnaF^93Lw3(V}iMK0ZRazs{{F3m<Y`4`=AmG4ozx1p%
zp@RJF!N$MOBk0cK*42soR2lB+)kgkv^V&d}D|-&anHS!2k(7{6elU`-iuE9PUXaTD
z)$NkSf-7ahZ$-uSOzz8gAHU%rd(#RhfrbD&JY@ja)YU(bp=jWZ8qrD(uvob!_}4QE
zz}fWgND_v53<yj%P?d{qgyIkv$)}l5ra*p0x39W4<`w)R4E<uUc*!kLf$@5b1ZUb1
zHvom1)AT(<K#*+<*f1gj3kP4PibzW)<<Dv&mO>?djs<fLo6eW@%2$<_rVxRWKFCko
z5s9p%k;j*RZB1uMk7#t(x*R$H_}G+yj#NPC^Gx8?24z_!b;-h|+Js*p!9uOrbB8kE
zzyCruZbV-w1vpN4hVuVX;~tE?UizhCyp&RsvykQ@0NzF$Da+c<B=-+Ey%yJLti9Lc
zr;A%+n@|{;>6=u})vH10l#c6-yFu3us|>#2>#>_NpKVwVKdNd{{9uWIUyiwBiQRM<
zAJ4GdNFhp~Ur-Kt7#-%6U4Z5{rx2^Vuf`IIMXjY(k#4{_0ho3)70(fP>WN+EBjH<J
z72Ol&ms-z3_zmxt+OEJx8vBn%20eiO1w(bgAu-F4G(3r|x+JeP^~P~x8@HlWNS~8)
zkbalNTPviu_eNtd+4>GsT=6u4@#daw=JMaN#&n9;3cx039=l8*NYBo)E52ONZLtZ-
z3mv)lBXAKVV;Rzlu{<F0q|%_*eS-iNH519f%6eqRWE1BH7jZ)guH(`AsJ`T2v9+5i
z&!voO8C@Hb8!+MsQqm2{iU`%4E>52=l(0+rK3w!zn#ArxGt(tUI_AC5)f^6PQTWl{
z(5bAgf88Ol&M3)g(9-?Af4sScMeSKllO#zktjyp6JdVWVvD{S|5e#fUC=8p$az}g^
z-Xkz8!qQFYl2nE93LG|W#cI*?WJ1@r4^3LBBZ)oi!y+%Dh~-Yf(-8HTdvkJPc&*=E
zpp{@SG@_|X6tg+rqDiZ4WpWoF>~B?KcK2uyq`S8a;Q$Jmy9>bj1{WMMfwk=CktT=L
zm)c%*VOQ$&Wc`~Cr_8jtLO&c9Ney-EaaWp(d3V#skDr8Q{@jJnl{mxJmGkZhtXu`2
zn)D4LE_d*ID#|Wt%S3G=RuK7=wcUQHf1Xz#)K!7YKNMf;5qF>MTcy8b2!)2TU$C*U
z?7r;0dXQe$M&egXV~h_X#~NC>4MxBhK0jEFC#QwRq0Twh#*;`r7$d9ecPxgo@(X4~
z_P~C}fU-h5w7t_b`=9FmU|(f@&jTuJ_{!|cd?_EC)V-Ky=!u?{n5NED-?TH~=u3@R
zVXLT&R~$Bb!GVodPucy#kZJ)u`q?FJZUaKPyre(3T!;I}E}$B?mWM17<!D_kys0(S
z$8UAquJ>e$>n5D!@i_cL3el4NaoLIQmY{7ZI=T-*M`<4C29n{t7YP9bszUutfF$8V
zB9Woxb6R*ceBzn)lly4`R%<$Z$RUat@rm(_;{0-p>y>u9%V2VTY{{;q{#}?$EPu@6
z%&F0Q*S$F`e`TkL+9IT6qN$EwZ4DNIthh${`EUdi9*gvR=Y~?{p}w;Rx%^^7=Z3jl
zQ5|*Z%gL%u?4>?$tQj~J2*U{elBjB8X-f+A<L84&Wd9`YbQ1*)jA%0`P@F$rbi}Z)
z9ZzEA-ZsCi{>Ef|N1wJu8mBBZa^Jm1+?eSH#2xPkh<!D0jA%BEWoiifxs3~3<uUSP
zLY@e#1-^RaT+1i^WgWm?c_jbD#r9NJON<%aVba21&!)MZd!S`p-v<9y)H(}^t6s^l
zwOIIU!}YAzOzJ#LniVBQ7dg0!hroQTWubgNK?XgP=AQsF##i^0Uc+1T)FgYSWxxni
z9!Kwo%G2{F;<X#dN>1ZAkkB30ukl(nT32_Le)1{6;gi2>z9pO+#Y?_nIG33)`;Al(
z=(o3oC%q3B;2BZB43ST!f7D~C0&t?7Px!lNeezVvkhw|ZD9LH-H_11*E#PaHCfD3^
z@4;8~Kv1h-8-@p&3agL-El0`M&LV)vd~-U<ko3eJRFZKKSCqtRR^V3h0C;H>=t1=F
z?Q;-Vuf4k|F<m)(`^K=X)=&2x+yc?@u(k3Mv$oWTGPfb29g>}v%##PM_3fUk6j*$v
zom#fkogaD{P3T5(Oqewl?%ts9_JUgwUv7U<k1M=sV`Jku_?}gNq^%x%p3f~MpUD&)
zd0>nrb&<3MJXz4v&-_{WNhVKgguR4~2fV)&S?G`3y)E(*Y`d;nqYfJA?tXbVOl|92
z#98Ev(m4AQvnhlpkG8vkmU<S`ic{C5Bd{J*ug8Y^7<g`T&q6d+xqlcaRheG$+%dKm
z9@#a8YfOEa!F})dL`lJXbk#``tv3Y=fLisk;^51icTDb}A<RL$dyZry?qDa5Z8+Yo
zXtX|CWyIcOfDRDw)B%-y3=Rs)tNX?fj-^`6K(#r`Q2n!_IU%;2+L^mpc44i29$xuk
z%&MG7MNg;AsjanU29!T|b-Ee2nv>ZG3!;w$D^cB1!Yw)PC_4*@X@BcFbE;DM@B$7V
zL-%nY4ErtMX17-ZO$#$`o+c9M;*ba_cW^l|k5qo|n=>w|Cd6;y5itse)fKAb_S-m4
zjk6_(ie)>`6lZ%($@$mjaR+?64V=sXr<=XW-eDX{KcP)$?Z4kZRjiHVn7OaOx5uRu
zzKHYV-$mCs_PHiDt-oS*Fa{J>iR>A&BSlU{Kn0w_{TtAqac8HqV7zWVS&|xI?AHC9
zrO7q<vA8D!F392|RWo(w%deHhtbO{YaeAit1KkH+&iXq4#~R1qY7ef~>CtkAj2~wo
z>_Y3r2d|i<K@61&`gUVK0xGWT(xqAqZ&nQP=f$g*FSTNf`UGpHKaYdVJUMa22RqZg
z(>!#iA&g1Z{Q4$rBe{US<dqA?X5!g7*28|Y%2NaCid^T2fS>Ewg(e_n5=0W2`G~8M
z*G3i^C+oB(BjI+}B#kO?e89q2!5rp@^aAA1ImHEn)Ozq9dq|VFR))jDA1uTWUOavD
zbP?!-u(3pCTDh!GMu(+HT#dOA>4tisk;BT&%MZxX-%cC!tG<IAm-mln+JHv_+n}~S
zt(y0GkB>5$li@A`UL$vDTZiAhT?xWc<vO*#AEb7e-|MD&4xikLUB&Wp)Yf4H9kGa|
zFhOL}qY-;Uh)?zUv2^3i)Y9Uo2za)xQ@|R;i^)9oV&twQB-P@m#*#TCv}d^2tP5k;
zpyl)R{_kBSnpSbYtrt#pr8&-T$`QS0ljGw{>*+^4#d@^oTq{&S%~}N-hrm+la~}9L
zW+L4{03E=7Htu=KHqtI~N(DfsD)~&a(`vb|xMLVor6^Qij3m!CaVcXRtOVUxTGQvm
zKi74N8e;>%VOGs-AD>Uyr?<ZdMb)5*_dOlR&JBAoLid4!pTkWLjLX}>=rYt#BKtt3
zgwOcOav5(Grn&=T!rEJK8J?vsH6j8i%ADHYsj)pN2Gqg3$)0c(ti)rs4>Td$clng!
z#<UAlacZ)J(+2XjrPmRF!puMKVsZ#|{}Kt&vyQJCHfee#{VZUaT3c~6V~^M+R3~*#
zVe8TAW@BCdx`i<;=Iq?<V$#U*1EtM70~UeyJIWzWs%C=KS$x<hzDech@R9qY!jab&
zmFsyl5an{|r2x)U!JvIOkKt6>Bu@0ChwElIxjPJ`rVz)YBqvPyZh!d&G!+cl^~Zi%
zvvWn)C~VKv6c5A}j%hSO*cq9XbZ|j;s4rN<*S^?uXmCfby=Z2$2Q=n+wfdEQM-Rp{
zqF4$*igE4q^g3-*5ud|wRB&(S2}qDDeP{CBtt`!YX6s&vdPP(Le&>d8+{igkXv42A
zUbY1&D!kuPd8$XqyW9vIKMWF5HE?5>lFA-0UKhmrm62Mi&s<de=iYw5h|8K_dO$Iq
zxP9>U;OE%*-MRY1Utw_%+}HOP!hO~fX0sYUEq{IVAdbKEMDXQe0Rs~CJSKO3^mng|
z0d*V0+alU6_pOiVylZm-*jXIW0H57eeRPJcjlu2z=(Q!8GY+rukyS0t-#L28JQ0{a
za+$any#GQ`;7uIHjnUS4DRg)kj_rNB!5(N7$$5sZ_v>_b&)&JsU<hBofm%tdg~hnv
zkQL1#bx5DBXe(+4>@AvSF{twD{vth>BLOS*EltSC@ES%cJN}}{dHc^^9*32A)>cm7
z&N?CFEY)-MgpQegTvdv}mH-G{i^?i+)>}Tv^5B`mi}r!HlSi)`(q;8}4V(@A?i~hz
ziQZ~y3FR3of~MuY3+A`*IgvhJjnV^W+lSQXZ?=<E!HD64{FSF_Ib}G15Q(OfYI&~y
z56V2Au9y7xYEG)9x32$Q<(WJnZWUQ%Aat46<-F*-Qi<_WTgvS7Dl|idf`U)0z05xW
zeqi34j#k-A(~f1xYO1ZH!qs2CYLNt_uQVG;fp^9Q>)uFwD7%O~B%3pHD%Xk4@X6%f
z-pgM5s+e<@8oXn&ds`g)@WDow>Z6f8r<V>@)t42v$5P<myp0T@YoD02@#v;PFH`|u
zy9iK}+XfxGHg4noMUu!x@`@oKC}y-LoUm?BUTP|p@Y`x%y?w<cq3%Kr^XzEbd)C3F
zI!?#O%kiw+x)0~Gat{FU{trM&e&>=tOR*q3=Mzp|O+-SYfxj>d&s7$PNB~zV)pAat
zTLA8`QveYYuN!PK!iAM))Ojy)Ss|$LX0E#X1ClQ^r;O1R4UcNaw#{=^^;Az*i$K#F
z<|eAB+vcn#dtEci^Xuf6o&mao4?D|aP95I~>%U)a=a@HnyLJj*m$NuJ5kh4CEhx`t
z?5s3lR{qyUG><R7*d(5rFEob*$)`~R;&_-y{C$bdj{BdjECbuF{+m?2|MX7&aFO8Q
z>4CYiOtn%fV#(>8^74N()AW_0?fH%gM|H@ivyP<3Ht9btQtOJRh&0y8e!Iz<c44$7
zTdStuR0qKPUz_E$kAKi=_Vo7U`@4UC)E3?BuDs1p@(03d-|lr>V@yo#Ar=;{w^7s{
z=`@+Fc=BtnS@o#PaIM=qC7~^sk@sKa%Qx1oT1%QwzpRpdRyO-<^HzeW!J1~^vi0xm
z*);n@3$y=Dn(fW_ShDB`+KuZKtxYw$iR>LmUr&!g?srCILr(LUBrRs0=K`C)s=jk?
zwBS@*y&O@+HD?KuipQ-I??(7T5$>7-W%KVg1m7!3jfh>q!JuGa7LCl4TQh1WR_se4
zt^<dypy1<Q_Lc{m^R4@<&BonNK6?0Z_V&@bPfE+3co>R+MXL(O2gk=3$3ll0!T@sN
zblx&V*C5Z_uxt`@5Yuj@8_Ovcxz=vAOH(a2@p`^R=Cmo*+~3{IeNj@e>1Sin=r;uf
zOH%+|n*lw%KmreF%4sXWDXl)(;8(<Y55ji>p96keg?_qCV+Hj%>a`K8U3a!-cYuIb
z+15cy0>wHr%iqFC_;bB(CzZnae&e$w+++S4*wpEZ!&ZQ@*Bc&&nICq?xydYbJK7hn
zR|A>C@ZYg3Rn(Wfn))7#k^K2np8e6iJ9Ec{cBw@l=ra)9i3r_D%LtZEeyO>Znjbdn
z)=V%qNI6-3O%5MQjmz~s9sLGyS5BT~avwDsuuM`w))cRr1_wxD-f_X4)@s7ND4^eg
zM3G_8sh0t#?+$WI2%>4hdZhY3^BqkkK?#K1GP`;ae_f>SrgpA+ACm>a4F>ez#K^jj
zglwv5EP@~9RQYb;JS2glwx0HFQ8L@UgX0O}b4~TRkR*s+X~n#bWAjg7gWfY?`(8G4
zMm&w=0)eor6LO7ILi<_r>~-ozrI;atY3i$w^I-yZx)e_w&zlJH6%4I=j00aK?PHDo
z4QC#;g@u97CJK7l)xOd$$u)ZFdLH|_<eGn^5thkoihvu;QDEm}!IQrn-loY93_Ia#
zZw~YCcrC$yEGLbRubS+80cbIcMmbNGI^IG){qT9{le=NsIFN#mq-)5-ZNuFg?uNfk
zxU=R3taYCm2uX82(%x0_259}N`Kr6XJ`hq=y6LU{EUgDH2+QEFm+NH8+|QEDWKij%
z@;N%ha_6z4sFvooJ>6f8v_mKV><IOkZ=AQ)m{ad20Wg2MoRm4{CC73zv9kID<Jnph
zS-YX+Yl+GWJH?U*A7k-t@8~}E4t@Gw9h%aZ{-k(-pS|F}IuZrOJ{mQ-xR4{u;D>1i
zlGd<l6tdz99HYM(l(5V>%Vy8SYXaU3fiRidxzjWFBp*sJ3Xg-26kKP!=~fv80`dgr
zKwj#2lT9)_hDe-Y@+xrZ*hyY}y^{OU%H$y>ZxE9?I7k7OC74F7V0@@9h4(AX@8ab+
zVw%BLiA|WW@GF!Y;!1@tjEO0h07`!E3(t$cYG42clmPvnhlRWA^68}S_Txj4y?1ED
zEYnggq)iRG{n-1BMH&m^nF@3-RUNV6HAyEY53}aOR{3!bWu9}w{_go9JBoi0w4*_}
zlHYcUwaKfkGC7;R8wBQ`9P-mmR`Y#dKikziI?6Wztzh=&beL{}e^KpdeV251{j-ES
zOmGf?!*ZFkb=_2*phiW%oH>^Dbzlga>HE#`u_!ZhH5(Z9nr>lt@?k5Ej#FnlCz|3I
zLO3ZUH;`T@%{3UeT=uvG2MrM_(ul-nvio`4TqEr4cfP*(C{~pf3d!0uvZYFHyyVFu
zGgD!Dy<fXUn%TK}O7Df_WB1>&vc*9#EBRc7OP-a>^UBGk+fubLR|*W3+cQ##2kHEI
z)`D?kaa|;4N`ovRC-@1XI7i;#aw@E?#kgHWJnoJ;JG9DmYufS!Zw4Xtl)kspK^a$=
z&f3|Yt?#4OE69-vm`6dcizlLt+eUUhFejwd$_mXxU3+g!AvafQ^XJsKf9+M)p-3wq
zFH}__c_+s5DA(0+*n=G0_>Ntw4hft$gA&W!%}vPffU||n7HlIh#v5hayD0o43C3%S
z%pi^$RG<l7)pk-I`~vfJ_M5O7?-kw_>G)qM)ZLaq1L6(Q`AwGI9!vSA+IUhlXHc*e
z%8YhN2=z%~=H$g%Jd2l4w>7RHi%gDpi~9lye`^IC>efbvV>sqSqOS{onVcK)`8{!H
z#ZCx-<UO`SbtG|Z3+rJg@Vr6Zpr3C63=?aR91xard2Ntp3a4USSjqkEk^3|&smrAv
z^>H2yA*%ud#Cz%6_3gz0Bg7;QQ*o{)Rw$6W@Xb=Mx<Q;xJ^7Jb2zxzrX*3MRx?`;^
zI!Cw}*y^wt81Lw4p0@w^C)1Y6rOGF86&!=aCar$ZMzP9;6ch^QqRC`F)p8eKQ)of%
z$su#9|BG~s`xJH2AuF)G{F}dpiDfmcL*3Mzo7Cp)IWCO18?CzRL#wcbX=q+vK<Eq)
z;N1GnGUoRc_n{axt$G%3M^BfO_D9n99+IY-rQZ~m^W%#^iByP}EaGyA`(t-lALq=A
zzEG+~?_iE@!KPKP<9Xw_V2#U*`LYUiphNu;#&qfmlh|eJ!Q6`uRjaa2+q0MeJYCs{
z;k7wsSqnyYJT#4Wd3SF-HD?CgkQzE0O*W|y8L4OhiK}a_&9QaqG<%=R5J&$^aJzFb
z<u3Bc=Ty@w;3Zw^`LvvCMUr6#xw}8c+U;!v+ui48oBcvI;ImR!o;{L8Y&-(a<^8Mz
zcSF^wfI&;hhi5u9b~gvw)lFDia55ib_6nr#kvQ)4mSefh>x+QilM)MUt>_Vzde9t3
zzB8d3wie5n$fn5aX>On@&fW_wd{*tfXu@wE0=t}XfuUt!WE4$!0&G6ku?LZ?8c1vh
z;B?<O!!KEWItiLVSs&o1$QsudYgd{im@LHEJB@eNu27mEmvdkG{IS=>Y?~~0?K;EN
ztZl=Q8?Rc7jJ{0$6=+Idk9bV`9$;K$8;+*04tHeLQt8|o;qXefn|#a3nKepx)LKsK
zIFI>s^f1UoaRTVBhc1vlP_NjgT4ZG`G;}FH3HrOXi}eLUQ-;i|zlPg#6-`!JUcn}o
zAL9Q8-6d?7HXm4?NYCKmKZ@eRgF;;W>Qi}o5A0iyq3^xJk)TeggC(%z>Q4dHTedfL
zyykYwABnX{n-$1htNRNczUG^i)~-Ho8$N??Dmx=%&(_Df<x3HC&(GT^gCJ+8JF^4Z
zn~+Cd+9!9T`+V9BXUY}o*Frce%ESbOR!5%J8@*~c@6@r$CA`xUxklmFPTB+1OeG2v
z6&!&nmJ0i%GR3p<3iIWxt?r#4wS3^94OzMfBi4#&xkf{C$zFL-mfy>gifh^-ha;<G
z`VPE^lI|56#{csH7O`r~`S%n4_a&D9hdy01^MXR~+v)qYfsEmi8^H|{v2?-bpR5S4
zh(VmK4+U@<S@O>K3a|(5?yj!=;|<XQ_E!h@-*5LkeS1G}qS6IE?mzJ!eT;AwTt1UM
zm{>XgX2#0U5hoAuuaAa4y3sz;i|_#Clv^>Ywe1W8|6hA=6&Cdyc8w09ptJ}m9Rf-W
z7^EO=Q^L?ArF54x2m;b5-J#UbH8hBnNJ=-714B#q_x$*O`*>g1d$3RT%Mn~N{Nl;`
zUiVt-0k#TC{Im2*F^lS+-0K%(9;RpGtNr}zjQ9=|(1(&zpwuYRrjCq!d)z(EuHKp4
zIrt@Z0F4Y!d`4jWIX(=M|6*$)AWXsQcyW7n>cEKGN`jXD;k3u5FLsnd7tDnpw)ik_
z{rD1c+`B)aj0}JS3f~?9rwKEsscwnU#h<iGpATA#^ANR#*H^B7L{@|>byorhj%nJ{
zbH0_9L~C{!OoK4mUef8$@8j`JFOkxq>W2*C=dM(JIAsPaFUunz(o+m3JI}A1+3$8V
z72!UH!FpsC=_Azf?Y~*P7f;L~cm4NqePufJNixje(tS^0Xk>UoNcDn#$dO_c6ez!j
zkyw#xDB;0?xI%<EZ}b-}ucQ0~5U7hnX~Y;V|4ZAD;3AU(GKxXD=Rz)9atKEl>^rbY
zikE%g5!1{4%C4`CV1c~7f#HLt0wlly_7sdcF}AW)_hB#)r{I;k{QFp|qM+PSx`=k4
zWtOB5$nZH#_L7Kr>*`r#cmpO$b`8jJ+tdqq3?47^SSC_RUYm;(J}Nswnbn-RZK}u<
z!1^e`qXidK#ws&BXmBOJF&!as2R}zn07=jGEkWTq_<{%Y1;;B_3@GWWUc=adq{PI<
zkqrlymI(R~vO7^0Ag{l<I$Zby#vU9q0{JE|xE`}aJHTKJY)N>uLJg=SJvh)6BwkA+
z;SikuK1BsfGi>+*qeZXv2dli8I|;n42#`R2oN}r1+P0AmkKRmiU%utUoS)%po0&-}
zfLc=qOb1@#dQU=kocl!UojFlIA7Hv_N!O1)VNwK!4&qWH$S1-9&Y(X`2ig*2+@Eas
zq)L$Y;3(l+7Qpbvo4wINzh~l}We-IcYTFJ`tw@}&$C`Go(@ieprKtcm6<+rANdNV6
z?eglU&yDlAk&i%ywfSID+3ydmPvECWnk`Vem~+W@CF7XX)&y-pMZ7+CNPma|l3@6a
z9-Pp}+e_NHcS;B|T7Ho0l^9S@nP2P^Sr$699b%)e!D?O#6Fe#`=U;oLug~&>KcuK3
z3zb2q>nQIdNJr;hP&+%04@0tpE){kKb>7x=Ho*#<shgICP`8_6(1G{`0)jEagz-4b
zU|vPEe)I)(0U!d|!|!{q_@ruzUQ~;hOA03~53~^VGhJ~_S@YF}rWI5-b=s-{=~N_{
zg<_u|h!b*-alH${(`w4{R~mx^Kgp;u0CPi9cdgExb$!N7*GKTa5QTRkSnS8d0QEN6
znGI0F0XUMIfahwwx=z>ss&^9+C~F>4RGLfWZ3VukX*sbc`<q3&X$sUsQnVWPYq-*U
z`$I!BcNr43aF(mA?|6r>-hn{-JpD!aK(p%Z38oj4x2?_tkYE8>R4suwf;|tI=hO=$
zJ%A<8V(i<f;rs>;-r9u>v%4PZTs?Effz%^F>Z+(zSYo!y4|9mOA^ioU;`6Lkf$}~S
zT~nvN$Z^edW{R%p-ITh%gB$5;_|A|JXgI$n3nguyXJSi&EBew%g&T(COu`FNs*DSJ
zkVe^s(@aj)xGezeEcSYpUsRs^3z!;!C}WCbq@wUQCvFYlbKYO+va8l6)`ujp9nd#H
z6gX2L7NEm-xDeh&mwap2E#i{FxBpSxx`ZLbVvDT+dVx@?Ttt)P@;Z@Og}93epFd@P
z81?Q5G4mSM=SVFLlM5tjhSD~fi8)%D?)w7@t@M3Sge&Oj3umqEWL|`TmUfu<{S%ew
z8|=5iuqXkI%m_wtYar1W6wa5gpSP;l$lax(Y2|LP&wfeH94zd)UKl2$9pfNo-Vav5
zV*{3}?}P-^x*hQ^yRkI^<c!F{HjZ}Ci^$>xINW{yqO1U=QN6PxIM&GFJ&B#yRQ(r2
z-`{GNLbzO0`Xy$+j2PGZ3BNt*-RVE-x<w6Uwiyj;U-|gxp@5*Nb%Vf1IL%qP<1v_$
z0`mof@eZ~j9?L0SuO-e`2CmuB>Q=l_B9`PM#CQ+i9u^bzrU#sFqkj2wCsAl4khA(Q
zRc)zqJhj`YTYVo_-h5)o5T?NcCMoQ;>=qS~O@?LTBT%7Q@yljXt&mlVk%INn09vB=
z>kI}j%(q_EvgMcdNAF|58#A5Q`p{oJDu!5_pow7bsLPfOUOAd}vT_KXV;+^vw&8cv
z4GdqGw1yn!u9NRPvIY(h8Mrk$ZvmuRTT$6x<=j0scwJKW@^gwN9aEgCAZuM^OKU%l
z(4re%IDp3lZtN3vtFLumP5+uat&laTHzVXkcQdQp8;%Az^$#!kzE39E=RG7N9I#~~
z!19#*_>yRO7zEY@jk7iQ-;8hL!$5S52fM3^Z=YBx@%1J7kUiOy{WBj9jjK44sh9Vr
z*4Ekd*j-V@9kPGa1WX!^p8_g|QdRc8VkTZ=vO;xk%C~D;U^3A`*C$##T^W$;N>veW
zzZ*)@FsunK)9VfvWTm=+)KdY=+KcVoe(U|LBrLZ2+lRW8LsZS2`4~G*Hi%vwhA)=D
zu1%WK*^9zNmffmr7|wrSU6?oLQ3BRtV=u3;gBNu|V9Sj^xYoxF-kzFWAt&}fm#fkm
z=6ctyinXu7sF@MYX=7BL=iJ;bFt?JRO>#(epD%C#Kt+;wvlu;yBOqNvIq-~%QbCH-
z%qZ$6t;bcK{<ik8?Ru<!>%)`#iu_?7wy(w97Z$MxVF58x<(hS5Z3MGsb$kX+fBzGn
zZ+>Y-bGM(|>0z3yo2?L<VN4RLL)I(8YJhRzkGhs?2QB`IsK_;79i%n*V*lt|!uFqs
zfz3}3V9<f}(bXU@u5<&wUY(Y7G*nkfUa9s@xvcst1lUvX=hJ<PplFjL7YPzEv6smy
zsI<)SEWoX4+P3-k*MU#wGohG$13JD@^t1LuXNIE2*>UWi80w%S{-b4`Vi==Dd{&n3
zi}tX_w^t@%5YM&L4e;U-R8LjrHdcc+Endh62G{7L(-|0&KDEhdQ*wT@onv760Rog~
z=k!CIGuqav^^yf%J$M8=WK98ITjWetd&TSK1MX!9hMEtAUxWvXQhtAyQ*3I3#~Sv*
zmghGWdFzZeg2U6ZD>Q9mi`hHwblrgu_cNi)J@ur4{F6F6bccQALxd19fzb7N?m-N(
zt#5C)cv@&%e^6uU3)t;z7-~+>u<j2M55A&;4pZiTN?-y%@Ot(LuS}P1ihO8$c8AMp
zAJ~yZy{cn+rQy)WVXJ=(ETtZtsC7E)K4sU{Zk?}uzjfTp@Tf~2-@&#ygNQ2FabkW*
zy&HYKeG|CK%*3Lq<KyGY?WTs+=uhU(DAM<0CWNRjPKAwOT4qld=_Oya`gOl*bm2i>
zT%7*tQ;=l)9;gIAxN@PhT`wzubZ_;`rL>AGNC`fW?oko|WJ@}2njQg73NeellC5M3
zueklw(`q$U>I3ml=6TMZ2I$3}CiTP=ZVa)c_B9Mli{~m&d+QMh`J!W3;crp_%C4L~
zIX1{SNpV$HJ9U`qm`AJ1E?{L(3@xZ?SCM;+kydj*(KfZSS(_<ww6AeINn!m-z@j4*
zr7F^>DlM8O58?sd%BX@sOYv(n;)f~Uep^qRg&&w{-$^o^InR|U_Wbahom$3%7XK}K
zBU$ZD!K9Vri}DBcJDUWh0c5tXd&Kd+WZo;W^VDEXOB{7J++%bxv+2UW`)B43Op6aC
zMa{}}d(P*H(QL(@k0ZL^LlKd*t0h1y*QmaOqB47QPQt;_>9iUXW{LY}fCRDUu%9Qj
z<R?3*-iq*>Y1J#FPQLnwg<Qhi0{`k=z*<kk8!kXT+`JHkYZykjcYRs$$r=4jWWzbJ
zt6X0#kX^MLI{)%sA&51srK_tmhW7l78J(JaTmla)n53&8w)R57uQIO>4zSDu*D`46
zbzeFj9I`_`rU)n6!eVap{gF`_;LA?J4i8UagZ^IJ(s4ex7nNwv(>+~$*j&UwCIalp
zW*t+()#v=ByDV<L!(#`lq=RgdP3kM1@2wrq>Zrw@EGv6Qsh2ar#%JAO*LgbL8W34W
zxsH06yoOc`C#5Id=N(tbdL@>ef6-vKjw=`gMvQ})PdW(DoZdIUDk;i}!t@+(&cj_4
z$7}H&c86wH)ZZv<Pj@Q&mCd2X=*SdFqzSa88qI(q8+o7d%D8Z_K4b<p-gwY}ACU;&
zjBPmo+;vfhm|#<T_2p?k@J{;WCt80an5C4K&fNXB6mjWAxYXaY>&uh)4rhWNj#PBD
zH85<{D8gkZ@PskgE=lg2?1=7mHP;j8wh>5Ws!<)^p_W;&ung5SUbU(c6i6qfH;AYw
zKmUpK?lBzV^SEVv|20LQh&ALF2%2M(s)(<_;FoQ=%bsSE$>yZsmoz@RN_3&Qp5ZE}
z>Gq{m5>oWlZ%Ht|+?BCl^;kb>%(qg#@AYTS>;-;AFn9wQg9e=>jSVL|O_zU7>lkDd
z4)Uv;xw(ZT{rlBP3p$`y#qjob3l+Xl%pu0s9iFDDB5F*w4+|Ql^2GYYX6YpZWb<P6
zHuAbszws&5AL#Ez_m2L8o6T2cg*vV{Sxww=Ud{mp-@71w*N@hfA;*v`J;Id-L7u~B
z>X@QnE;?SD-PYNVA$vo^dj*;m4@gwHN`n(gaRX*=(TTmV(r{3;;5~0HI>-WyMfm#_
zR1R)fA`VO*ynLU_W3+q~kpdso{ZRwOm>#*ioH|T}gp4U3Ywf0SKwMZ9D8_2zF}o5l
znM7AQipx-T0!siJXWGu3f$AcO2k<v?r_*kR=yd)oqreb_cm~*4`HxS#&UM$N+oX1P
zb-mNQI)EtAcoluG?<S<TAfM1i^!{<YZ@=Nt#+9Yd=O=uO?Qr<}*TJAFV;r0Aw(-3A
zM!L<kOTZc0+V1zf1g@=^N;T0VIiN7GUW0mPRRQ=m{x;?*xIO2;5Fa14aklbM6R*8c
ztI?^uZ+t()b#?e+KL>L!GW^Lo51?s1(LXfc@ds`)*FeT?gJau7MRN*)HuY{{p%Kcw
zl$^!3`iy1PFU8^^=27_xrnlPr`+!2jk(vPCz2K5t3KEmU!-S0c>k_J}=C1TIppT@6
zdXBaMUGKy6$*aB9czEsZoP!HJ4MBSgNUh6qs`W~K7`6`wrXx5S_9ZTgb}KIyQ~S%p
zr(!qvMhsO3ioSy=l@D7IZtv$Dp2S!uG&ec>t?6V*XERdRD$4mB$a~hO4|H$=Plq0+
zs}f*qTgo)SL^A-V+zBzTp9JoaBo*D3_mbWX5QxM|w>S;0s*y-|2che8{{4332{fD=
z{Hx(?LGH<u>G!bVLRhe^_l@*tkVwAYJ0mt%n*|j)ekeR2>J@1)n`L>0Uo8Kmy_&m6
zA(cHxD?jJ0`vRu1=eQ>5pyQ+Ov#Tt#si>IU)@j0EZ+J|nY=zr344Ja{!QkJkAL-nF
z+yzVhq4cC<xFlSmFxK@3EsfiD#m*n&{^2G+lK~ne=7xT{O&Gj$VmJXL5$AlSqpY$n
z3z*(a<Adqg1c%+|k%5$^88;B5_}l3-rcW=p4S*7ngQM7_xG;Qal2EfZ<*{qK4NYK@
z=rg}PzlPW>yivk-j>nG%ic|iKE|{Z87qY_Y9+XE2h3RioQI)YLNmP{(JZkC^fuWQ(
zmb^w02(dM~rm5MgLroCMn=0aPq8&2{9fnpEcho-QYYHR`cX#;mskNh&gXeYW^8ozJ
zJLTS9$Ypa&uJ!dNbx?m1v!ruhq+eo+R?AcsDtjc~V-hlAQKzWpj_JX2Oy&s6#oC=m
zJd`CkmJ%lDGqkls2H1TQElJ_t5N)4{trchyyHmq+Fx;lx9gLdTf0_yGE-XG9B2?OQ
z37Hxm6XMt-#GbZ}t2N0O4?d)QmPs1T#&7=5<A&GB-pq+IdR}|#D=9zMPZ4iM6rXev
z5PS*T_}xwArTgil2%hMNA1gIUILLDEP_DGRiG6>|3+rq;vc;t!P0N}3dCoE1n#b1l
z?0*>UGg*$ddskyf2p&}6wx6(Jj+#N}L-`{IEa9#k3Rd$Aq9bx9XW|w>JocM?!`pm5
zqtjo+#PdFD8l9hh<$CMu>YSx|^O5;6Zr5*fD`0+^#ONVFR@GuIGM*Xm9$m59laC>(
zK+SoP_brms&EPx*^R<r+NMoZac;6M~q(P~s3Vg$R;Qf)d_A|;JKdzSX^XFPYIjX_K
zb*@=D_kgmH03kV2ZelsKF~hrE^A?+gc4f50_h7f=3Z-)w0Rd+fN6XdA>*CqIVc-OX
z<>S{}9V#c;w70iB1>v$QrQr|x{4|_8Ovbg$`4}WLuQ(8q5Mzhy8qfHSw07VN6&FWd
z?{9lvBsbOy{^3<#LC1}}5mztFbtw=2vU=JSDz2vr?I<*yV<JYK-RgxT7ORtIS<U~@
z6=4GXf}YF2I(;K7J)?h6{BDf^8qu?z3Tr#m_U3&njSw?6=A)KXj|RGruj05X$-&bO
z=QDN-nt5B_fr)Y-Y%Lsp?&II^6hd}Tuiv9!j_R8uYF2YSe8ltTDy=pfr{H81z+mDE
z8~$~=e5FuIao$;Xu&{BDPw=cpguke_-GPve?%Q;e<r<NsWQ^Q3>_%;^>K2Pr<=a{1
zAcFV&<I1@C<-^Pgvpj=K=4hfb=Ii`vI%&y?UC5OL0QW5CKp6{YFb8f0=J}0-;|e#G
z0RyM51-C_Y0vLv7c0#pXIx{E5{6P{OU9jO?#m{QeJeeB!Sfv+gJJD@Euh0}3aV<(w
zn_H3qg3!>^#U3^db9aQ=56ld?k<n$WkE9tl3o?TZ4F(=o4Ciabr^$ykxR!431Z)pY
zbN<)@tAyzC)|Y+66M8_17FajK!Bxru;puK|Q)mpwH3pN!G4hjlW?!rAf7}IQ@~(7O
zt*KUd7A(pP+iDaZd_SP;4dM6_w86;RZNNf&KzhlV<h)ZbSiY$4@en79YdkX1Y77z<
zT^s+t@>>K$`hTyZ<1Hx8nK!LQpp+Hw?;B9^$ZCV0my*sn@%zu4klin=RX9ffB)(}+
zvc%|(>%rNQm6pbml(v9}y`tYeehZLn1=#`@$2SA2y?^9H@M5G=q895X<+e2%PNsF=
zM8a!j<;d6V=R%F18R~dslGELSG=;6gLtAnt8cWhQ{mnT9o^Td)DtL`s^tr^-QJ41t
zzO-9cwT?D7|2ydF>El=b<|Q<k+8$+Iyz)Vt))Y|bje=o#lkHhW=+R3D<>`^V5TZru
z+O-?e_BJd%4BkMUg`-3qZO>1?<nP#?dvGNgpcqh29M)04ESrW8<M;aSuPM9C>(ns4
zb8s~nL!?AfSpgMHui^5q(zX7&oh7i5I^q65UwF`fO^AvFZf@RwP%`cC{QNz+7chtK
zN(E-`X)+*r7F^u*ni#weD`o~8Da@fQA;hxa;lq3NMoW_!UC6nT)8BkvjdK$&v2K$0
z3{s4cx9dP!+W0`%UVh2R(>oIc959Dphu9>V+=na3X!~fw3D$SPx_or_*SQN%jcV3P
zrP6GG0a;_7jQ?b!BTKBP1)Xk1>2ZatF7Y(e_LIN^g|o(9&qbsI9>3Y;8|Ltt*o$tr
zY3K5>zSi(+c0?QsHn=XTOJCI!^wtKVW!*XnR_9>dSY1cIA0&FDpl2kXEfgdK>lG&Q
z7C8O@etwR+pNM~6IYc>2w4j#-eCPX)=?V+Np81%0A6+(r?8bX?&gnHk?++jbNNc{2
zKjCeB+bzU)O5CW83YD7mxN{^ksou5AMlIR!Uws2FA)Xt}E6PR(@x!_1StBUhn#Sbl
zKGZ!k%6rbM54%MTJp}<E`A&8+E1>i33Q1{I&wh*zAwZTfqlD<VR)F(V1^^9xIFK_)
z0uews^Qk(Sv65B*7rjDaL%RKh;up@NXO~||y!uf^fxWW)X;tweIuvm?_HoOnH?1e{
z0HfLz^Y;}qK_AcM?ecYNITjy8vL>CVaLJb+Kivy2#_8cjEig`R%QOi{K80E{W&#uw
z>ShPJUW;le3DfAyh;dMK;TUs9;oS{@M!=#S(090QHnT2u%Vh!&f>GuuUwg{mI8m36
zVnFd6vPE2ssx|A$=cy_dR$BwOlC+37E|~ft89eaYza%I(tweQp`=(xu)gNSnsmqOH
zOf&1K8hyP8=Qn`PVJ0Oeik<hgw8D)>2WeSkPS=!q36he{M7*6KFsWRXNBkG^ehlDG
z90QL-niS9H74%5~;N$)OKHfl81LszX=TDCQI(@`TYL6tFE<oK(lY_d4R~1NO2Y3sV
zuS7kL`1BR&IVQK_cd=b8sOB95^>w+@KB~HDq?a@MjY`eUF1Z{R$h|f9;Ns2M@y6d&
ziQ|Q$m3d$qPUe|>HuEI^e1b|H`Q?1;)bJYoT`O~bxYH)&yNEuS^Wb;3ZgETZv~H0I
z;PX5?^(X}*fT1>`KDEnczL#zW@9z4Z3lb&Daq6yae?q43KstiFVoh<UWplMypQWv>
z?S{^;#aN^mq3r?MjMT7B5ej*!ib2(5=iv7VliFtT;SBY$F-|!EU14c*Sl-NPc}92J
zCaD2~D8??iyW|D+n@?{E5#E|RkQak11;Y-2iB0~pUZK^;BAKdhMJYFPaJpEa_Woir
z_1lADdXV+=EfZZWewvRz2X{LWzigbh@|eStG7A3%5}cdc7UXX?2%jFE+?nR{5%%5z
z3lOZl1(a+Nh_8#oEv%p8D%4)`(=`1A@nZkr7j;^sHxA7WeUE$En&FII;tX_k5*!3g
z^?kH@`j<Vi4IyEZMn-SOcXo8Ml~LonDPH+zv)wDp+(l%b!x((Ko4KE0+BPKo^iY#g
ze-7TdVf3=Kcps0=%5=(gf>+aPIOkMkYr<3?uQf=V1)`9nVUMM&0h*ebeN|UW4JSt7
z608d(5u*OnGcG%%qlzc)pqP@1$fUO{fk0(2o8FL8yq!5&9sr}11zMbL@+@_UAN}1|
z_2ED*q2HkrCV;M@+->VhW-xja7;LZ!@cyjo{;)~$7B9pbYIvnTrPTIIFHMXs&4wpq
zCK3v+9xu=L_7_YrQ3&_Zu3A^Y3v}I(W^Z_$A@VnmE9@2pG#%65x;BL9!5wUeC%c$!
zPd6AOUI2M7w-jAVel<k;PPh|?cdH&$oM1PNFQ!lW53%NNu3^c|qcY4kdbAVs5)yB_
zpB-lR5-yoU1Nd-qIltQEJyjP@NDA~&{1jc5-H+DJEI7y-g#QKa#1)LZ%bOm&z+A+p
zj7vnP$s35gjx=D)(<9Z}EeBQOo2*7%Ahn!r!@NlD1*rkE_`jV$d@nT`_s0jLa`4?3
zF3#M21OsD+H)r~FglW=~*zdu*q3L#$nXCP!=DAW{tYk=y9fx#)qt}QIv&&p)Wkp%P
zv|%W^M*AynA3X#j$G7gc0tUa$?qSClzK?MNF~j+9;}gismOS^QDJ3Y0M-EZZp^R+%
zrYBcTLVklT4*@GvGiZ850+hr}?L~6FQK8KvOo-3r!lYRykZvMkaWB`v2&wXt4G6*R
zj!ooV>Jktje8T0E;DGhO+b~TPHhLuIP4eFw=xeaj9A=p~06?nK2H8l0Y`Up;HBhN5
z(jxVHDBOI@8QSM>z`CKe;1QrahC=?EG(y_Iw!U!xQC)h;V8mA|^MO@(OjeZpBuvi~
z8p>?cL`()~om}30dnls{RgV#1_$vGBPYm|5CvS!3jE0O%uPB};9HO%FG-Fv)n&o}z
zm@Xko*sYIMdXsh&ZNS1`J3-s2SoYw_ad}LyPfJEb0Fe%LKRbxKfH2%cd>dhz%N4S@
z1AMsAOSgz@;LxmK3F4|Y(FG}Mn_5M;9JhI-{nC=?9tcY8+xiovm{nW}#~SslvbIHx
z0dS8HFz5bR9dCsBA?Ikig77P0o(B$J*Ot5$pq}JWX82_ZOnA64(ol5gBqU}GkBytE
zIQKUnm|clg34}A@vnq-ei(A%v$Y2x0B`lv19-s3Hq30?jel5|G{eD@<6{5G1IkP4Z
zK(<T_#`q6hS%DWi<%OCa@>Ku8?vph{L;|g0<4zY6*+~lZGZs`62?%bLKs90?f0~pH
zQ}({sDJ1E@;#h6gl@5h@VkMl!U4h~cYgE3^8HWd<%do9#!ZEDWvT{5HjaMwmxl3#G
z%xiTrPp0%2v2em~74|#(&q^x`0og=$SxJl8{_JlBRg;b`UO*19TjihqB~4(5w>Hg`
z4YC0V+TSN>q?_|2l-70PgMW{9v%4D<0SD%8A<719orum#l3vLX5Qlo_Pan;Hl-*&C
z>nw@ivtYd$Sd;~?VvDHW8767{WRDx5DX*?H3~<Y!-4?Hzl#Sz#dDDC7X>@u5r3OJh
zg>V~BySU8tD%LggH<LM|4-Vr=>5~+yTiw_gCz5>+u1nIK$>YM()L&j-G6S_%W&zXH
z^-9$tdl5iWvq*5qHq|0<Ns^q)#<olgEiWegA-fnG<zAV(usN5>i?Wl3H%G#PhY2K6
z9R2(YgnaWAw-GHOt@9@UD1O6F;E(_<2hUy-FZF{xeb|OdTeY`-Yu8uPC!pr~vc%Po
zGUcNWxZg&KXy*%EoOvlg9xC~$R`{Ki<{ak`B{(%@(yB{{_eLOrKc!8p;lS<*5a=2-
zXoqc8jkg`|Hd9N$>eE0-nZ{{wB-0hg%@y~mY~73Vp(-!{9b<=3!<dcnJy|y1LdP^p
zDoL)z9{AgDB6yutK<AclI_9yG3;b;X&0DRg^Z4vdZ)(VU{`+2b4ZZr}BbOdfyxkU`
z>rYWeLPu@Av@8n{wfnnk?+N}g8?=a$(TkrSGsjItdK@)ZgW`tby?{6&>S&S3#^gdH
z-%wU}a>1^Ft}bR`x4h40Kb=!Rex>R`(tJ!eqPkuH#27Dw1)QDxJK`RH&^FVd>LZ!v
zEMYcKeYl+AA+WS>Nh`KA%_%u!Vtxg-Tm?wBC@sxbBumn&oQwI(6X0l!T>#F;?{C&y
z-z{6tAStqPJ6&#(B4S!%;kpZHn~*ox3qU!k{i`mX3SYxlyTB0#RjRfdsU~L(PxGwm
zMlxC-pLY>npoymgz-^dv!A`tf?8fBb`eH~_9;8LNTy}HP;<1ERSic7s5nlf`&L49#
z2^4eqxUdRd|Hfz%-y1Tje~w`F3I6Yx65Wv^B%7WF6h{m#FHLjE(e23qImPj|VyZ$g
zq7iPdMl;NU{4BU&nA)g_@;=)+c)?IUQZ^TZv;&6pGxT*5g&L~n{E{P3uqJvJ9tP={
z*vba|7q^0o-jQIIf|OXKMH9e$+NiewR&GC$wOhLqOLNu`LVogLpy=k#VTc!FDNgaD
zaV;E}C<m8$Mreh6la4U3rXM;`@RB>+{nhK0T*DP3BL)@cUfn<X>F|da3*$+GhA7*d
zkNCI-TO79~+p4>Rc$~f`tLlc`;iGfl7H1~XVvu}(SOx&XFZhxlz?_7MGHc<mMVU9d
zSMLPsJ>8oek<$=B@y2HcMmRx&u{`V|c`!1EJow?hJfng;lAd6mD9!RR?x0TZP60dy
zsAj966NO4Ssrhhz+VuD6EZYGhKzo#ce12fazJz`bI_o3Y(QGSW+0MKA7C`J&h3@WG
zoL;@s2iT$@Rt~yeMri2-gl}*Fg=LPMW3*QQ&*r<CN?0+9FTC>^lUEGm*a2T|r$H_l
za@3WhEGW!Av9v`Q#%SGbUkUOC$8JO1ZXC$q2A1}oHK!W5SyecpC;epiCXo^@83#?x
zD!xBvYd^Rj(YMdr<-dRRBxWwRqdD11Ib@MsS-cW#Ui}8L-Yz4B?J6^^N!`izsFx=<
z4e)@$G6?JfU1ys?;mdT2W7sc9t*203A^DZ6T<Z?KWxny%sP?yKD%fB`Hm}oxi-(S5
zpuqYCAk9hC+^81PQ#4Z<VXx}Ucj1Yo?k9eul0s0cUsvyq*4|EjtlhY!&oXDcKA}@U
z$liEDhIza8XHP!M*mdQwV|QLkY3zLoy@C6Xfa(3KNAGJ6E}XL>smd{w(YDGW?uCgr
zRi2fjao7JVz3SL(y6?twMFm&ed6@6ybN%u>_S(;qThCNi$bwdBQ7^;-b0~De2R1UB
zBO9fEfkbpup6-^FYXD=PUiLNLIKB_*G3Q{^Pu2doVIl;r3;HNj1VH^Nik>cNq#75=
zna>wotbbAHWjtBlaattQfbZ%&({ph?cE(2LkOq&LA>B#nfwwf(FSx*S6c_w4W8aWv
z{$osa#bI$Pxn%I=tCOd{#<$(e2q^50(*8X5I}MqfpW?a#pvxK0%~a~aLU#aPy3&je
z59uSXEn_A3hu6c2*Q-Ok3-ewXWN5(!RrnUFgdM-v4#h|wKo@+FTY0@ltz$~FqWJn^
z&&Id#iv+=$`s{@Ikt@1toxEbNMb0{m>+`RpWX92zB77VX$wjD|HG*}o5HpIl;UPOB
zlKUrusTBXcurEjrK_N{2qYfapvf6nX>`xbbkmw)Brny$P|7Pbo_$=59NeVq~vRKv`
zkKgK7i?;MlGrj+DO?nUqndrOb`fv|GjeovcY3y326ZgG^lKT)<RWEuv9lfWC2qx_t
z0qcFcohubh^HqSoIuJ7<_#GVw2n<&^nhA{{n8$1<dDO-b`)w*!B8-geEna8Qu^QJH
z1T(K69ohRzI*JP1WBlga4Z_UyM-8sF6MBhil?M_6-!&7rF)jBqc1H-Icv|oCoX>-w
zRgu11%a9=<OAx=+A#2>2>%}|*rfm0IXstM1jqk;+ixJ&jLFdnZP0h#$+jbg3JzF*5
zTT$IxKRXfap?QxRL&n+!o8e!5yAGeQ)zR;t+&RyO*e!hGjY7P&yBYXOTu^|*+9Edt
zd5-|TsT+A)eeyJej?PnrPHZK6OwM2gTr2il>H3c*HZ~$-!>ig|a5qreDL^sPXE|FK
zsu`9Ow(m5WHp^?u#EHH`<-L1FA!Xz)_nf9E8n{-!s&2KXnZ<sbQ3!wZBP5Z%<h22a
z;)4#Wae4rQ;N1s18~uszDw{%Xv-G~TiHu#7)0(dt^XRd+P25*@v%L!5hO<al-kQGH
z{+l|#ccVSxa7MK``n}b2z=c_*C1b`0btn_q83&CRolZUmTgH}s(e2Z&5l9}!3Zz%I
zIEaDNj^;NK7oBhqQF&tA8jjQpVb7-%uBTeZ(y^l7gRj>RVu9~T$)A`J(TK-lgnWtl
zT!ome)?S8ofYxyjBp`w>s*@kXngwIjPS0NB0$?fdI%>P=%3(_zT^`XkA&Wl(K}Cb1
zXptRS=#aW=9HZyL`uXVJk*-J-IaU?H^7tg_*{u;jOuc6k>nKv?Of*Sprwcnb%Fi>1
zE1Y*5v_7m}nZW6iTqI7&4re;u8N$Rj3sl;bqQVAhCe0}Ncme%LSL|ThwaQ{kOIYR1
zz1<#pc6=Uy=o^fMp|6+nfkVAEup*8a*VMsq#MzTT{*7HsbQ`P-6yyN;5%wVdC=nm}
z<sGyb{_n|!P*eQxX^sDTyygEtkM#U|F;mDui37vMAvT0v^k|g$25)}-wJg92a$i7u
zmi=#u_zZGP@IzsHxq`6HU7ma@+j4m>>gUgw2cMEtfZZFk;s5v_OE+DJpew{-{=d8D
j|M+45_aFb?hrj|Jr7Pb<K|*46s9RsiDaaN|>-qd2H%9cf

literal 0
HcmV?d00001

diff --git a/site/search/SearchPanel.tsx b/site/search/SearchPanel.tsx
index b6f8b9eddf5..26833ed4bf5 100644
--- a/site/search/SearchPanel.tsx
+++ b/site/search/SearchPanel.tsx
@@ -11,7 +11,6 @@ import {
     groupBy,
     uniqBy,
     Region,
-    DEFAULT_GDOC_FEATURED_IMAGE,
 } from "@ourworldindata/utils"
 import {
     InstantSearch,
@@ -66,12 +65,6 @@ import { ChartHit } from "./ChartHit.js"
 const siteAnalytics = new SiteAnalytics()
 
 function PagesHit({ hit }: { hit: IPageHit }) {
-    // a temporary fix for articles that have been indexed without the directory
-    const src =
-        hit.thumbnailUrl === `/${DEFAULT_GDOC_FEATURED_IMAGE}`
-            ? `/images/published/${DEFAULT_GDOC_FEATURED_IMAGE}`
-            : hit.thumbnailUrl
-
     return (
         <a
             href={`${BAKED_BASE_URL}/${hit.slug}`}
@@ -83,7 +76,7 @@ function PagesHit({ hit }: { hit: IPageHit }) {
             {hit.thumbnailUrl && (
                 <div className="search-results__page-hit-img-container">
                     <img
-                        src={src}
+                        src={hit.thumbnailUrl}
                         role="presentation"
                         className="search-results__page-hit-img"
                     />