laantungir/blossom
1
0
Fork 0
mirror of https://github.com/hzrd149/blossom.git synced 2026-01-24 22:28:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

M ove authorization to BUD-11 and clarify

Browse Source
This commit is contained in:
hzrd149
2026-01-13 19:48:31 -08:00
parent 1305788e98
commit 6fbc2e05da
7 changed files with 117 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
buds/05.md
View File

@@ -18,12 +18,10 @@ Servers MAY reject media uploads for any reason and should respond with the appr
### Upload Authorization
Servers MAY require a `media` [authorization event](./02.md#upload-authorization-required) to identify the uploader
If a server requires a `media` authorization event it MUST perform the following checks
Servers MAY require a `media` authorization token to identify the uploader. If a server requires a `media` authorization token it MUST first perform the base validation checks defined in [BUD-11](./11.md#base-validation), then MUST perform the following additional checks:
1. The `t` tag MUST be set to `media`
2. MUST contain at least one `x` tag matching the sha256 hash of the body of the request
2. The authorization token MUST contain at least one `x` tag matching the sha256 hash of the body of the request.
## HEAD /media
@@ -45,4 +43,4 @@ Clients MAY let a user selected a "trusted processing" server for uploading imag
Once a server has been selected, the client uploads the original media to the `/media` endpoint of the trusted server and get the optimized blob back
Then the client can ask the user to sign another `upload` authorization event for the new optimized blob and call the `/mirror` endpoint on other servers to distribute the blob
Then the client can ask the user to sign another `upload` authorization token for the new optimized blob and call the `/mirror` endpoint on other servers to distribute the blob