laantungir
/
blossom
mirror of https://github.com/hzrd149/blossom.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #24 from hzrd149/allow-multiple-hashes 

Allow authorization events to include multiple x tags
This commit is contained in:
hzrd149 2024-08-31 14:55:29 +03:00 committed by GitHub
parent 4f650d799f 3d3b1b6e2f
commit b1b6ff4ea4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 26 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
buds/01.md
View File

@ -1,8 +1,6 @@
BUD-01
======
# BUD-01
Server requirements and blob retrieval
--------------------------------------
## Server requirements and blob retrieval
`draft` `mandatory`
@ -24,6 +22,8 @@ Events MUST have the `content` set to a human readable string explaining to the
All events MUST have a [NIP-40](https://github.com/nostr-protocol/nips/blob/master/40.md) `expiration` tag set to a unix timestamp at which the event should be considered expired.
Authorization events MAY have multiple `x` tags for endpoints that require a sha256 hash.
Example event:
```json
@ -35,6 +35,7 @@ Example event:
"created_at": 1708773959,
"tags": [
["t", "upload"],
// Authorization events MAY have multiple "x" tags
["x", "b1674191a88ec5cdd733e4240a81803105dc412d6c6708d53ab94fc248f4f553"],
["expiration", "1708858680"]
],
@ -69,6 +70,7 @@ For HTTP `4xx` and `5xx` status codes servers MUST repond with `Content-Type: ap
The `message` field MUST be human readable and should explain the reason for the error. Optionally servers may include other fields for the client with more information about the error
Example Error response:
```
HTTP/2 401
content-type: application/json; charset=utf-8
@ -97,7 +99,7 @@ The server may optionally require authorization when retrieving blobs from the `
In this case the server MUST perform additional checks on the authorization event
1. A `t` tag MUST be present and set to `get`
2. The event MUST contain either a `server` tag containing the full URL to the server or MUST contain an `x` tag with the sha256 of the blob being retrieved
2. The event MUST contain either a `server` tag containing the full URL to the server or MUST contain at least one `x` tag matching the sha256 hash of the blob being retrieved
If the client did not send an `Authorization` header the server must respond with the appropriate HTTP status code `401` (Unauthorized)

14
buds/02.md
View File

@ -1,8 +1,6 @@
BUD-02
======
# BUD-02
Blob upload and management
--------------------------
## Blob upload and management
`draft` `optional`
@ -37,7 +35,7 @@ Servers MAY reject an upload for any reason and should respond with the appropri
Servers MUST accept an authorization event when uploading blobs and should perform additional checks
1. The `t` tag MUST be set to `upload`
2. The `x` tag MUST be present and set to the sha256 hash of the blob
2. MUST contain at least one `x` tag matching the sha256 hash of the blob being uploaded
Example Authorization event:
@ -103,7 +101,11 @@ Servers MUST accept an authorization event when deleting blobs
Servers should perform additional checks on the authorization event
1. The `t` tag must be set to `delete`
2. A `x` tag must be present and set to the sha256 hash of the blob being deleted
2. MUST contain at least one `x` tag matching the sha256 hash of the blob being deleted
When multiple `x` tags are present on the authorization event the server MUST only delete the blob listed in the URL.
**Multiple `x` tags MUST NOT be interpreted as the user requesting a bulk delete.**
Example Authorization event:

8
buds/03.md
View File

@ -1,8 +1,6 @@
BUD-03
======
# BUD-03
User Server List
-------------------------
## User Server List
`draft` `optional`
@ -73,6 +71,6 @@ Once the client discovers that the URL `https://cdn.broken-domain.com/b1674191a8
1. Get the SHA256 has from the URL
2. Look for the authors server list `kind:10063`
3. If found, Attempt to retrieve the blob from each `server` listed started with the first
3. If not found, the client MAY fallback to using a well-known popular blossom server to retrieve the blob
4. If not found, the client MAY fallback to using a well-known popular blossom server to retrieve the blob
This ensures clients can quickly find missing blobs using the users list of trusted servers.

14
buds/04.md
View File

@ -1,8 +1,6 @@
BUD-04
======
# BUD-04
Mirroring blobs
---------------
## Mirroring blobs
`draft` `optional`
@ -16,12 +14,16 @@ Clients MUST pass the URL of the remote blob as a stringified JSON object in the
```json
// request body
{ "url": "https://cdn.satellite.earth/b1674191a88ec5cdd733e4240a81803105dc412d6c6708d53ab94fc248f4f553.pdf" }
{
"url": "https://cdn.satellite.earth/b1674191a88ec5cdd733e4240a81803105dc412d6c6708d53ab94fc248f4f553.pdf"
}
```
Clients MUST set the `Authorization` header to an upload authorization event defined in [BUD-02](./02.md#upload-authorization-required)
The `/mirror` endpoint MUST download the blob from the specified URL and verify the sha256 hash matches the `x` tag in the upload authorization event
The `/mirror` endpoint MUST download the blob from the specified URL and verify that there is at least one `x` tag in the authorization event matching the sha256 hash of the download blob
**Multiple `x` tags MUST NOT be interpreted as the user requesting a bulk mirror.**
The endpoint MUST return a [Blob Descriptor](#blob-descriptor) if the mirroring was successful or an error object if it was not