simplify media endpoint

README.md

@@ -16,10 +16,9 @@ Blossom Servers expose four endpoints for managing blobs
 
 - `GET /<sha256>` (optional file `.ext`) [BUD-01](./buds/01.md#get-sha256---get-blob)
 - `HEAD /<sha256>` (optional file `.ext`) [BUD-01](./buds/01.md#head-sha256---has-blob)
-- `PUT /upload` [BUD-02](./buds/02.md#put-upload---upload-blob)
+- `PUT /upload` [BUD-2](./buds/02.md#put-upload---upload-blob)
   - `Authentication`: Signed [nostr event](./buds/02.md#upload-authorization-required)
   - Return a blob descriptor
-- `HEAD /upload` [BUD-06](./buds/06.md#head-upload---upload-requirements)
 - `GET /list/<pubkey>` [BUD-02](./buds/02.md#get-listpubkey---list-blobs)
   - Returns an array of blob descriptors
   - `Authentication` _(optional)_: Signed [nostr event](./buds/02.md#list-authorization-optional)
@@ -40,9 +39,6 @@ See the [BUDs](./buds) folder and specifically [BUD-01](./buds/01.md) and [BUD-0
 - [BUD-02: Blob upload and management](./buds/02.md)
 - [BUD-03: User Server List](./buds/03.md)
 - [BUD-04: Mirroring blobs](./buds/04.md)
-- [BUD-06: Upload requirements](./buds/06.md)
-- [BUD-07: Paid upload and download](./buds/07.md)
-- [BUD-08: Nostr File Metadata Tags](./buds/08.md)
 
 ## Event kinds
 

buds/02.md

@@ -47,7 +47,7 @@ Servers MAY reject an upload for any reason and should respond with the appropri
 Servers MUST accept an authorization event when uploading blobs and should perform additional checks
 
 1. The `t` tag MUST be set to `upload`
-2. MUST contain at least one `x` tag matching the sha256 hash of the blob being uploaded
+2. MUST contain at least one `x` tag matching the sha256 hash of the body of the request
 
 Example Authorization event:
 

buds/05.md

@@ -0,0 +1,41 @@
+# BUD-05
+
+Media optimization endpoints
+
+`draft` `optional`
+
+Defines the `PUT /media` endpoint for processing and optimizing media
+
+## PUT /media
+
+The `PUT /media` endpoint MUST accept binary data in the body of the request and MAY use the `Content-Type` and `Content-Length` headers to get the MIME type and size of the media
+
+The server should preform any optimizations or conversions it deems necessary in order to make the media more suitable for distribution
+
+The endpoint MUST respond with a `2xx` status and a [blob descriptor](./02.md#blob-descriptor) of the new processed blob
+
+Servers MAY reject media uploads for any reason and should respond with the appropriate HTTP `4xx` status code and an error message explaining the reason for the rejection
+
+### Upload Authorization
+
+Servers MAY require an `upload` [authorization event](./02.md#upload-authorization-required) to identify the uploader
+
+If a server requires an `upload` authorization event it MUST preform all the checks outlined in the [`/upload`](./02.md#upload-authorization-required) endpoint
+
+## Limitations
+
+This endpoint is intentionally limited to optimizing a single blob with the goal of making it easier to distribute
+
+How the blob is optimized is the sole respirability of the server and the client should have no say in what optimization process is used
+
+The goal of this endpoint is to provide a simple "trusted" optimization endpoint clients can use to optimize media for distribution
+
+If a longer optimization or transformation process is needed, or if the client needs to specify how a blob should be transformed. there are other tools and protocol that should be used.
+
+## Client Implementation
+
+Clients MAY let a user selected a "trusted processing" server for uploading images or short videos
+
+Once a server has been selected, the client can upload the original media to the `/media` endpoint of the trusted server and get the optimized blob back
+
+Then optionally the client can ask the user to sign another `upload` authorization event for the new optimized blob and call the `/mirror` endpoint on other servers to distribute the blob

buds/06.md

@@ -1,74 +0,0 @@
-# BUD-06
-
-## Upload requirements
-
-`draft` `optional`
-
-Defines how clients can verify if the upload can be completed before sending the blob to the server. This mechanism helps prevent unnecessary traffic to other endpoints by rejecting files based on their hash, size, MIME type or other server-specific requirements.
-
-## HEAD /upload - Upload requirements
-
-The `HEAD /upload` endpoint `MUST` use the `X-SHA-256`, `X-Content-Type` and `X-Content-Length` headers sent by client to get the SHA-256 hash, MIME type and size of the blob that will be uploaded, returning a HTTP status code and a custom header `X-Upload-Message` to indicate some human readable message about the upload requirements.
-
-### Headers
-
-- `X-SHA-256`: A string that represents the blob's SHA-256 hash.
-- `X-Content-Length`: An integer that represents the blob size in bytes.
-- `X-Content-Type`: A string that specifies the blob's MIME type, like `application/pdf` or `image/png`.
-- `X-Upload-Message`: A human readable message that explains the reason why the upload cannot proceed.
-
-### Upload Authorization
-
-The `HEAD /upload` endpoint MAY accept an `upload` authorization event using the `Authorization` header similar to what is used in the [`PUT /upload`](./02.md#upload-authorization-required) endpoint
-
-If the server requires authorization to upload it may respond with the `401` status code, or if authorization was provided and is invalid or not permitted it may respond with `403` status code
-
-### Examples
-
-Example request from the client:
-
-```http
-X-Content-Type: application/pdf
-X-Content-Length: 184292
-X-SHA-256: 88a74d0b866c8ba79251a11fe5ac807839226870e77355f02eaf68b156522576
-```
-
-Example response from the server if the upload can be done:
-
-```http
-HTTP/1.1 200 OK
-```
-
-If the upload cannot proceed, the server `MUST` return an appropriate `4xx` HTTP status code and a custom header `X-Upload-Message` with a human readable error message.
-
-Some examples of error messages:
-
-```http
-HTTP/1.1 400 Bad Request
-X-Upload-Message: Invalid X-SHA-256 header format. Expected a string.
-```
-
-```http
-HTTP/1.1 401 Unauthorized
-X-Upload-Message: Authorization required for uploading video files.
-```
-
-```http
-HTTP/1.1 403 Forbidden
-X-Upload-Message: SHA-256 hash banned.
-```
-
-```http
-HTTP/1.1 411 Length Required
-X-Upload-Message: Missing X-Content-Length header.
-```
-
-```http
-HTTP/1.1 413 Content Too Large
-X-Upload-Message: File too large. Max allowed size is 100MB.
-```
-
-```http
-HTTP/1.1 415 Unsupported Media Type
-X-Upload-Message: Unsupported file type.
-```

buds/07.md

@@ -1,36 +0,0 @@
-BUD-07
-======
-
-Paid upload and download
-------------------------
-
-`draft` `optional`
-
-Cashu payments for uploads and downloads
-
-## Paid Upload
-
-The server may require payment for uploading blob by returning a `402` status code the `PUT /upload` endpoint (and `HEAD /upload` if [BUD-06](./06.md) is supported)
-
-## Paid Downloads
-
-The server may also require payment for downloads by responding with a `402` status code for `GET /<sha256` and `HEAD /<sha256>` endpoints
-
-## Payment Flow
-
-When the server is requesting payment for an endpoint it MUST respond with `402` and a `X-Cashu` header containing a base64 encoded json object (payment request)
-
-The payment request should contain an `amount`, `mints`, `unit`, and `pubkey` fields
-
- - `amount` The amount of ecash being requested
- - `mints` An array of mints that this server uses
- - `unit` The cashu `unit` from the `mints`
- - `pubkey` (optional) a 33 byte pubkey to lock the tokens too. see [NUT-11](https://github.com/cashubtc/nuts/blob/main/11.md)
-
-When the client receives a `402` response and with a `X-Cashu` header it may retry the request with a payment
-
-The payment should be a serialized cashu token according to [NUT-00](https://github.com/cashubtc/nuts/blob/main/00.md#v4-tokens)
-
-## Payment Checks
-
-Optionally a server may respond with `402` to the `HEAD /upload`, `HEAD /<sha156>` if it supports [BUD-06](./06.md)

buds/08.md

@@ -1,33 +0,0 @@
-# Nostr File Metadata Tags
-
-`draft` `optional`
-
-Describes how a server could return nostr [NIP-94 File Metadata](https://github.com/nostr-protocol/nips/blob/master/94.md) tags from the `/upload` and `/mirror` endpoints
-
-## Returning tags
-
-As described in [BUD-02](./02.md#blob-descriptor) servers MAY add any additional fields to a blob descriptor
-
-Servers MAY return an additional `nip94` field in the [blob descriptor](./02.md#blob-descriptor) from the `/upload` or `/mirror` endpoints
-
-The `nip94` field should contain a JSON object with the keys being the tag names defined in [NIP-94](https://github.com/nostr-protocol/nips/blob/master/94.md)
-
-An example response would look like:
-
-```json
-{
-	"url": "https://cdn.example.com/b1674191a88ec5cdd733e4240a81803105dc412d6c6708d53ab94fc248f4f553.pdf",
-	"sha256": "b1674191a88ec5cdd733e4240a81803105dc412d6c6708d53ab94fc248f4f553",
-	"size": 184292,
-	"type": "application/pdf",
-	"uploaded": 1725909682,
-	"nip94": {
-		"url": "https://cdn.example.com/b1674191a88ec5cdd733e4240a81803105dc412d6c6708d53ab94fc248f4f553.pdf",
-		"m": "application/pdf",
-		"x": "b1674191a88ec5cdd733e4240a81803105dc412d6c6708d53ab94fc248f4f553",
-		"size": 184292,
-		"magnet": "magnet:?xt=urn:btih:9804c5286a3fb07b2244c968b39bc3cc814313bc&dn=bitcoin.pdf",
-		"i": "9804c5286a3fb07b2244c968b39bc3cc814313bc"
-	}
-}
-```