laantungir/blossom
1
0
Fork 0
mirror of https://github.com/hzrd149/blossom.git synced 2026-01-24 22:28:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

M ove authorization to BUD-11 and clarify

Browse Source
This commit is contained in:
hzrd149
2026-01-13 19:48:31 -08:00
parent 1305788e98
commit 6fbc2e05da
7 changed files with 117 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
buds/02.md
View File

@@ -53,12 +53,12 @@ servers may rely on the file extension to serve the blob correctly.
### Upload Authorization (Optional)
Servers MAY accept an authorization event when uploading blobs and SHOULD perform additional checks
Servers MAY require an authorization token when uploading blobs. The server MUST first perform the base validation checks defined in [BUD-11](./11.md#base-validation), then perform the following additional checks:
1. The `t` tag MUST be set to `upload`
2. The authorization event MUST contain at least one `x` tag matching the sha256 hash of the body of the request
2. The authorization token MUST contain at least one `x` tag matching the sha256 hash of the body of the request. The `x` tag scopes the token to specific blob hashes (see [BUD-11](./11.md#tag-scoping)).
Example Authorization event:
Example authorization token:
```json
{
@@ -88,15 +88,13 @@ The endpoint MAY support `since` and `until` query parameters to filter the list
Servers MAY reject a list request for any reason and MUST respond with the appropriate HTTP `4xx` status code and an error message explaining the reason for the rejection
### List Authorization (optional)
### List Authorization
The server MAY optionally require Authorization when listing blobs uploaded by the pubkey
In this case the server MUST perform additional checks on the authorization event
The server MAY require a `list` authorization token when listing blobs uploaded by the pubkey. If a server requires authorization it MUST first perform the base validation checks defined in [BUD-11](./11.md#base-validation), then it MUST perform the following additional checks:
1. The `t` tag MUST be set to `list`
Example Authorization event:
Example authorization token:
```json
{
@@ -119,20 +117,16 @@ Servers MUST accept `DELETE` requests to the `/<sha256>` endpoint
Servers MAY reject a delete request for any reason and SHOULD respond with the appropriate HTTP `4xx` status code and an error message explaining the reason for the rejection
### Delete Authorization (required)
### Delete Authorization
Servers MUST accept an authorization event when deleting blobs
Servers SHOULD perform additional checks on the authorization event
Servers MAY require a `delete` authorization token when deleting blobs. If a server requires authorization it MUST first perform the base validation checks defined in [BUD-11](./11.md#base-validation), then MUST perform the following additional checks:
1. The `t` tag MUST be set to `delete`
2. The authorization event MUST contain at least one `x` tag matching the sha256 hash of the blob being deleted
2. MUST contain at least one `x` tag matching the sha256 hash of the blob being deleted.
When multiple `x` tags are present on the authorization event the server MUST only delete the blob listed in the URL.
**Multiple `x` tags in the authorization token MUST NOT be interpreted as the user requesting to delete multiple blobs.**
**Multiple `x` tags MUST NOT be interpreted as the user requesting a bulk delete.**
Example Authorization event:
Example authorization token:
```json
{