laantungir/ginxsom
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bud-09 implemented

Browse Source
This commit is contained in:
Your Name
2025-09-03 15:21:48 -04:00
parent 17bb57505e
commit 21fc43167c
13 changed files with 25814 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
56.md Normal file
View File

@@ -0,0 +1,108 @@
NIP-56
======
Reporting
---------
`optional`
A report is a `kind 1984` event that signals to users and relays that
some referenced content is objectionable. The definition of objectionable is
obviously subjective and all agents on the network (users, apps, relays, etc.)
may consume and take action on them as they see fit.
The `content` MAY contain additional information submitted by the entity
reporting the content.
Tags
----
The report event MUST include a `p` tag referencing the pubkey of the user you
are reporting.
If reporting a note, an `e` tag MUST also be included referencing the note id.
A `report type` string MUST be included as the 3rd entry to the `e`, `p` or `x` tag
being reported, which consists of the following report types:
- `nudity` - depictions of nudity, porn, etc.
- `malware` - virus, trojan horse, worm, robot, spyware, adware, back door, ransomware, rootkit, kidnapper, etc.
- `profanity` - profanity, hateful speech, etc.
- `illegal` - something which may be illegal in some jurisdiction
- `spam` - spam
- `impersonation` - someone pretending to be someone else
- `other` - for reports that don't fit in the above categories
Some report tags only make sense for profile reports, such as `impersonation`.
- `x` tags SHOULD be info hash of a blob which is intended to be report. when the `x` tag is represented client MUST include an `e` tag which is the id of the event that contains the mentioned blob. also, additionally these events can contain a `server` tag to point to media servers which may contain the mentioned media.
`l` and `L` tags MAY be also be used as defined in [NIP-32](32.md) to support
further qualification and querying.
Example events
--------------
```jsonc
{
"kind": 1984,
"tags": [
["p", "<pubkey>", "nudity"],
["L", "social.nos.ontology"],
["l", "NS-nud", "social.nos.ontology"]
],
"content": "",
// other fields...
}
```
```jsonc
{
"kind": 1984,
"tags": [
["e", "<eventId>", "illegal"],
["p", "<pubkey>"]
],
"content": "He's insulting the king!",
// other fields...
}
```
```jsonc
{
"kind": 1984,
"tags": [
["p", "<impersonator pubkey>", "impersonation"]
],
"content": "Profile is impersonating nostr:<victim bech32 pubkey>",
// other fields...
}
```
```jsonc
{
"kind": 1984,
"tags": [
["x", "<blob hash>", "malware"],
["e", "<event id which contains the blob on x tag>", "malware"],
["server", "https://you-may-find-the-blob-here.com/path-to-url.ext"]
],
"content": "This file contains malware software in it.",
// other fields...
}
```
Client behavior
---------------
Clients can use reports from friends to make moderation decisions if they
choose to. For instance, if 3+ of your friends report a profile for `nudity`,
clients can have an option to automatically blur photos from said account.
Relay behavior
--------------
It is not recommended that relays perform automatic moderation using reports,
as they can be easily gamed. Admins could use reports from trusted moderators to
takedown illegal or explicit content if the relay does not allow such things.

58
94.md
View File

@@ -1,58 +0,0 @@
NIP-94
======
File Metadata
-------------
`draft` `optional`
The purpose of this NIP is to allow an organization and classification of shared files. So that relays can filter and organize in any way that is of interest. With that, multiple types of filesharing clients can be created. NIP-94 support is not expected to be implemented by "social" clients that deal with `kind:1` notes or by longform clients that deal with `kind:30023` articles.
## Event format
This NIP specifies the use of the `1063` event kind, having in `content` a description of the file content, and a list of tags described below:
* `url` the url to download the file
* `m` a string indicating the data type of the file. The [MIME types](https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types) format must be used, and they should be lowercase.
* `x` containing the SHA-256 hexencoded string of the file.
* `ox` containing the SHA-256 hexencoded string of the original file, before any transformations done by the upload server
* `size` (optional) size of file in bytes
* `dim` (optional) size of file in pixels in the form `<width>x<height>`
* `magnet` (optional) URI to magnet file
* `i` (optional) torrent infohash
* `blurhash`(optional) the [blurhash](https://github.com/woltapp/blurhash) to show while the file is being loaded by the client
* `thumb` (optional) url of thumbnail with same aspect ratio
* `image` (optional) url of preview image with same dimensions
* `summary` (optional) text excerpt
* `alt` (optional) description for accessibility
* `fallback` (optional) zero or more fallback file sources in case `url` fails
* `service` (optional) service type which is serving the file (eg. [NIP-96](96.md))
```jsonc
{
"kind": 1063,
"tags": [
["url",<string with URI of file>],
["m", <MIME type>],
["x", <Hash SHA-256>],
["ox", <Hash SHA-256>],
["size", <size of file in bytes>],
["dim", <size of file in pixels>],
["magnet", <magnet URI> ],
["i", <torrent infohash>],
["blurhash", <value>],
["thumb", <string with thumbnail URI>, <Hash SHA-256>],
["image", <string with preview URI>, <Hash SHA-256>],
["summary", <excerpt>],
["alt", <description>]
],
"content": "<caption>",
// other fields...
}
```
## Suggested use cases
* A relay for indexing shared files. For example, to promote torrents.
* A pinterest-like client where people can share their portfolio and inspire others.
* A simple way to distribute configurations and software updates.

73
IMPLEMENTATION.md
View File

@@ -218,13 +218,70 @@ This document tracks the implementation status of ginxsom, a high-performance Fa
---
## BUD-09: Content Reporting **PARTIAL**
## BUD-09: Content Reporting **COMPLETE**
### Current Status
- [x] nginx endpoint configured (`PUT /report`)
- [x] FastCGI routing established
- [ ] NIP-56 report event handling
- [ ] Moderation interface
- [ ] Content filtering implementation
- [ ] Reporting workflow testing
### NIP-56 Report Event System
- [x] Full NIP-56 kind 1984 report event implementation
- [x] Report event structure validation (kind, required fields, x tags)
- [x] SHA-256 blob hash extraction from x tags [`extract_blob_hashes_from_report()`](src/main.c:2408)
- [x] Report type validation (nudity, malware, profanity, illegal, spam, impersonation, other)
- [x] Nostr cryptographic signature verification
- [x] Event timestamp and expiration validation
### PUT /report Endpoint
- [x] nginx endpoint configuration (`PUT /report`)
- [x] FastCGI routing and request handling [`handle_report_request()`](src/main.c:2516)
- [x] JSON request body parsing and validation
- [x] Content-Type enforcement (application/json required)
- [x] Request size limits (1 byte to 10KB)
- [x] HTTP method validation (PUT only, 405 for others)
### Report Validation Features
- [x] Event structure validation [`validate_report_event_structure()`](src/main.c:2355)
- [x] NIP-56 compliance checking (kind 1984, x tags required)
- [x] SHA-256 hash format validation (64-char hex)
- [x] Report type extensibility (accepts unknown types per NIP-56)
- [x] Multiple blob reporting (multiple x tags supported)
- [x] Optional tag support (e, p, server tags)
### Report Storage System
- [x] Optional report storage in database [`store_blob_report()`](src/main.c:2485)
- [x] Reporter pubkey extraction and storage
- [x] Report type and content preservation
- [x] Timestamp tracking for moderation review
- [x] Configurable storage policy (server MAY store reports)
### Error Handling & Security
- [x] Comprehensive error responses with specific error codes:
- `invalid_json` - Malformed JSON requests
- `invalid_content_length` - Size limit violations
- `invalid_report_event` - NIP-56 structure violations
- `no_blob_hashes` - Missing or invalid SHA-256 hashes
- `unsupported_media_type` - Non-JSON Content-Type
- [x] HTTP status code compliance (200, 400, 405, 415)
- [x] Detailed error messages with troubleshooting information
### NIP-56 Compliance Features
- [x] Report types: nudity, malware, profanity, illegal, spam, impersonation, other
- [x] Extensible report type system (unknown types accepted)
- [x] Multiple blob reporting via multiple x tags
- [x] Optional metadata tags (e, p, server)
- [x] Content field support (reports may include descriptions)
- [x] Cryptographic signature verification via nostr event validation
### Testing Status
- [x] Comprehensive test suite with 22 test cases [`tests/report_test_bud09.sh`](tests/report_test_bud09.sh)
- [x] All NIP-56 report types tested (nudity, malware, profanity, illegal, spam, impersonation, other)
- [x] Event validation testing (missing x tags, wrong kind, invalid JSON)
- [x] Error handling testing (empty body, wrong Content-Type, unsupported methods)
- [x] Multiple blob reporting functionality
- [x] Optional tag support with comprehensive NIP-56 structure
- [x] Unknown report type extensibility
- [x] Edge cases (empty content, long content, invalid hashes)
### Integration Points
- [x] Full integration with existing nostr authentication system
- [x] Database integration for optional report storage
- [x] nginx FastCGI routing configuration
- [x] Error response standardization with existing endpoints

74
README.md
View File

@@ -47,7 +47,7 @@ ginxsom implements the following Blossom Upgrade Documents (BUDs):
- [x] **BUD-06**: Upload Requirements
- [ ] **BUD-07**: Payment Integration *(Not implemented)*
- [x] **BUD-08**: NIP-94 File Metadata Tags
- [ ] **BUD-09**: Content Reporting *(Partial)*
- [x] **BUD-09**: Content Reporting
### Supported Endpoints
@@ -56,9 +56,11 @@ ginxsom implements the following Blossom Upgrade Documents (BUDs):
| `/<sha256>` | GET | Retrieve blob | nginx → disk | ✅ **Implemented** |
| `/<sha256>` | HEAD | Check blob exists | nginx → FastCGI ginxsom | ✅ **Implemented** |
| `/upload` | PUT | Upload new blob | nginx → FastCGI ginxsom | ✅ **Implemented** |
| `/upload` | HEAD | Check upload requirements | nginx → FastCGI ginxsom | **BUD-06 Planned** |
| `/upload` | HEAD | Check upload requirements | nginx → FastCGI ginxsom | **Implemented** |
| `/list/<pubkey>` | GET | List user's blobs | nginx → FastCGI ginxsom | ✅ **Implemented** |
| `/<sha256>` | DELETE | Delete blob | nginx → FastCGI ginxsom | ✅ **Recently Added** |
| `/<sha256>` | DELETE | Delete blob | nginx → FastCGI ginxsom | ✅ **Implemented** |
| `/mirror` | PUT | Mirror blob from URL | nginx → FastCGI ginxsom | ✅ **Implemented** |
| `/report` | PUT | Report blob content | nginx → FastCGI ginxsom | ✅ **Implemented** |
## Installation
@@ -301,6 +303,72 @@ Successful uploads return blob descriptors with optional NIP-94 metadata:
The `nip94` field is included by default but can be disabled via server configuration.
### Content Reporting (BUD-09)
ginxsom implements BUD-09 Content Reporting using NIP-56 report events for moderating inappropriate content. Users can submit cryptographically signed reports about blobs containing objectionable material.
#### Report Event Structure
Reports use NIP-56 kind 1984 events with the following structure:
```json
{
"kind": 1984,
"content": "This content violates community guidelines",
"tags": [
["x", "b1674191a88ec5cdd733e4240a81803105dc412d6c6708d53ab94fc248f4f553", "nudity"],
["x", "a8472f6d93e42c1e5b4e6f9a1b3c8d4e6f9a1b3c5d7e8f0a1b2c3d4e5f6a7b8", "spam"]
],
"created_at": 1725105921,
"pubkey": "reporter_public_key",
"id": "event_id",
"sig": "cryptographic_signature"
}
```
#### Supported Report Types
- **nudity**: Adult or sexually explicit content
- **malware**: Malicious software or files
- **profanity**: Offensive language or content
- **illegal**: Content that violates laws
- **spam**: Unwanted promotional content
- **impersonation**: Content impersonating others
- **other**: Any other inappropriate content
- **extensible**: Unknown types are accepted per NIP-56
#### Report Submission
Submit reports to the `/report` endpoint:
```bash
# Generate report with nak tool
REPORT=$(nak event -k 1984 -c "Report description" -t "x=deadbeef...;nudity")
# Submit report
curl -X PUT http://localhost:9001/report \
-H "Content-Type: application/json" \
-d "$REPORT"
```
#### Response Format
Successful reports return confirmation:
```json
{
"message": "Report received",
"reported_blobs": 2,
"reporter": "reporter_pubkey_bytes"
}
```
Error responses include specific error codes:
- `invalid_json`: Malformed JSON
- `invalid_report_event`: Invalid NIP-56 structure
- `no_blob_hashes`: Missing valid SHA-256 hashes
- `unsupported_media_type`: Non-JSON Content-Type
## File Storage
### Current (Flat) Structure

BIN
build/ginxsom-fcgi
View File

Binary file not shown.

BIN
build/main.o
View File

Binary file not shown.

BIN
db/ginxsom.db
View File

Binary file not shown.

88
logs/access.log
View File

@@ -170,3 +170,91 @@
127.0.0.1 - - [03/Sep/2025:14:29:56 -0400] "PUT /upload HTTP/1.1" 200 260 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:14:29:56 -0400] "PUT /upload HTTP/1.1" 200 534 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:14:29:57 -0400] "PUT /mirror HTTP/1.1" 200 535 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:14:58:16 -0400] "PUT /report HTTP/1.1" 501 38 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:14:58:17 -0400] "PUT /report HTTP/1.1" 501 38 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:14:58:17 -0400] "PUT /report HTTP/1.1" 501 38 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:14:58:17 -0400] "PUT /report HTTP/1.1" 501 38 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:14:58:17 -0400] "PUT /report HTTP/1.1" 501 38 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:14:58:18 -0400] "PUT /report HTTP/1.1" 501 38 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:14:58:18 -0400] "PUT /report HTTP/1.1" 501 38 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:14:58:18 -0400] "PUT /report HTTP/1.1" 501 38 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:14:58:19 -0400] "PUT /report HTTP/1.1" 501 38 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:14:58:19 -0400] "PUT /report HTTP/1.1" 501 38 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:14:58:19 -0400] "PUT /report HTTP/1.1" 501 38 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:14:58:19 -0400] "PUT /report HTTP/1.1" 501 38 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:14:58:20 -0400] "PUT /report HTTP/1.1" 501 38 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:14:58:20 -0400] "PUT /report HTTP/1.1" 501 38 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:14:58:20 -0400] "GET /report HTTP/1.1" 405 166 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:14:58:20 -0400] "POST /report HTTP/1.1" 405 166 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:14:58:20 -0400] "DELETE /report HTTP/1.1" 405 166 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:14:58:20 -0400] "PUT /report HTTP/1.1" 501 38 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:14:58:20 -0400] "PUT /report HTTP/1.1" 501 38 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:14:58:20 -0400] "PUT /report HTTP/1.1" 501 38 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:14:58:21 -0400] "PUT /report HTTP/1.1" 501 38 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:14:58:21 -0400] "PUT /report HTTP/1.1" 501 38 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:01 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:02 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:02 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:02 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:02 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:03 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:03 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:03 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:04 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:04 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:04 -0400] "PUT /report HTTP/1.1" 400 162 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:04 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:05 -0400] "PUT /report HTTP/1.1" 400 162 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:05 -0400] "PUT /report HTTP/1.1" 400 125 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:05 -0400] "GET /report HTTP/1.1" 405 166 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:05 -0400] "POST /report HTTP/1.1" 405 166 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:05 -0400] "DELETE /report HTTP/1.1" 405 166 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:05 -0400] "PUT /report HTTP/1.1" 400 152 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:05 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:05 -0400] "PUT /report HTTP/1.1" 415 150 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:06 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:06 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:45 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:46 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:46 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:46 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:46 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:47 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:47 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:47 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:48 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:48 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:48 -0400] "PUT /report HTTP/1.1" 400 162 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:48 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:49 -0400] "PUT /report HTTP/1.1" 400 162 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:49 -0400] "PUT /report HTTP/1.1" 400 125 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:49 -0400] "GET /report HTTP/1.1" 405 166 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:49 -0400] "POST /report HTTP/1.1" 405 166 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:49 -0400] "DELETE /report HTTP/1.1" 405 166 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:49 -0400] "PUT /report HTTP/1.1" 400 152 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:49 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:49 -0400] "PUT /report HTTP/1.1" 415 150 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:50 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:10:50 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:17:44 -0400] "PUT /report HTTP/1.1" 200 93 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:17:44 -0400] "PUT /report HTTP/1.1" 200 93 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:17:44 -0400] "PUT /report HTTP/1.1" 200 92 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:17:45 -0400] "PUT /report HTTP/1.1" 200 93 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:17:45 -0400] "PUT /report HTTP/1.1" 200 93 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:17:45 -0400] "PUT /report HTTP/1.1" 200 93 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:17:45 -0400] "PUT /report HTTP/1.1" 200 92 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:17:46 -0400] "PUT /report HTTP/1.1" 200 92 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:17:46 -0400] "PUT /report HTTP/1.1" 200 93 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:17:46 -0400] "PUT /report HTTP/1.1" 200 93 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:17:46 -0400] "PUT /report HTTP/1.1" 400 162 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:17:47 -0400] "PUT /report HTTP/1.1" 400 164 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:17:47 -0400] "PUT /report HTTP/1.1" 400 162 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:17:47 -0400] "PUT /report HTTP/1.1" 400 125 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:17:47 -0400] "GET /report HTTP/1.1" 405 166 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:17:47 -0400] "POST /report HTTP/1.1" 405 166 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:17:47 -0400] "DELETE /report HTTP/1.1" 405 166 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:17:47 -0400] "PUT /report HTTP/1.1" 400 152 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:17:47 -0400] "PUT /report HTTP/1.1" 200 93 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:17:48 -0400] "PUT /report HTTP/1.1" 415 150 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:17:48 -0400] "PUT /report HTTP/1.1" 200 93 "-" "curl/8.15.0"
127.0.0.1 - - [03/Sep/2025:15:17:48 -0400] "PUT /report HTTP/1.1" 200 93 "-" "curl/8.15.0"

24856
logs/error.log
View File

File diff suppressed because it is too large Load Diff

2
logs/fcgi-stderr.log
View File

@@ -1 +1 @@
FastCGI starting at Wed Sep 3 02:29:47 PM EDT 2025
FastCGI starting at Wed Sep 3 03:09:53 PM EDT 2025

2
logs/nginx.pid
View File

@@ -1 +1 @@
244696
253420

318
src/main.c
View File

@@ -62,6 +62,13 @@ int parse_webp_dimensions(const unsigned char* data, size_t size, int* width, in
int nip94_get_dimensions(const unsigned char* data, size_t size, const char* mime_type, int* width, int* height);
void nip94_emit_field(const char* url, const char* mime, const char* sha256, long size, int width, int height);
// BUD-09 Blob Report function declarations
int validate_report_event_structure(cJSON* event);
int extract_blob_hashes_from_report(cJSON* event, char blob_hashes[][65], int max_hashes);
int validate_report_types(cJSON* event);
int store_blob_report(const char* event_json, const char* reporter_pubkey);
void handle_report_request(void);
// Blob metadata structure
typedef struct {
char sha256[MAX_SHA256_LEN];
@@ -2393,6 +2400,314 @@ void handle_list_request(const char* pubkey) {
log_request("GET", "/list", auth_status, 200);
}
/////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////
// BUD 09 - Blob Report (NIP-56 Report Events)
/////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////
// Validate NIP-56 report event structure
int validate_report_event_structure(cJSON* event) {
if (!event) {
return 0;
}
// Must be kind 1984
cJSON* kind_json = cJSON_GetObjectItem(event, "kind");
if (!kind_json || !cJSON_IsNumber(kind_json)) {
return 0;
}
if (cJSON_GetNumberValue(kind_json) != 1984) {
return 0;
}
// Must have tags array
cJSON* tags = cJSON_GetObjectItem(event, "tags");
if (!tags || !cJSON_IsArray(tags)) {
return 0;
}
// Must have at least one 'x' tag
int has_x_tag = 0;
cJSON* tag = NULL;
cJSON_ArrayForEach(tag, tags) {
if (!cJSON_IsArray(tag)) continue;
cJSON* tag_name = cJSON_GetArrayItem(tag, 0);
if (tag_name && cJSON_IsString(tag_name)) {
const char* tag_name_str = cJSON_GetStringValue(tag_name);
if (tag_name_str && strcmp(tag_name_str, "x") == 0) {
has_x_tag = 1;
break;
}
}
}
return has_x_tag;
}
// Extract SHA-256 blob hashes from 'x' tags
int extract_blob_hashes_from_report(cJSON* event, char blob_hashes[][65], int max_hashes) {
if (!event || !blob_hashes) {
return 0;
}
cJSON* tags = cJSON_GetObjectItem(event, "tags");
if (!tags || !cJSON_IsArray(tags)) {
return 0;
}
int hash_count = 0;
cJSON* tag = NULL;
cJSON_ArrayForEach(tag, tags) {
if (hash_count >= max_hashes) break;
if (!cJSON_IsArray(tag)) continue;
cJSON* tag_name = cJSON_GetArrayItem(tag, 0);
if (!tag_name || !cJSON_IsString(tag_name)) continue;
const char* tag_name_str = cJSON_GetStringValue(tag_name);
if (tag_name_str && strcmp(tag_name_str, "x") == 0) {
cJSON* hash_value = cJSON_GetArrayItem(tag, 1);
if (hash_value && cJSON_IsString(hash_value)) {
const char* hash = cJSON_GetStringValue(hash_value);
if (hash && validate_sha256_format(hash)) {
strncpy(blob_hashes[hash_count], hash, 64);
blob_hashes[hash_count][64] = '\0';
hash_count++;
}
}
}
}
return hash_count;
}
// Validate NIP-56 report types in x tags
int validate_report_types(cJSON* event) {
if (!event) {
return 0;
}
cJSON* tags = cJSON_GetObjectItem(event, "tags");
if (!tags || !cJSON_IsArray(tags)) {
return 0;
}
// Valid NIP-56 report types
const char* valid_types[] = {
"nudity", "malware", "profanity", "illegal",
"spam", "impersonation", "other", NULL
};
cJSON* tag = NULL;
cJSON_ArrayForEach(tag, tags) {
if (!cJSON_IsArray(tag)) continue;
cJSON* tag_name = cJSON_GetArrayItem(tag, 0);
if (!tag_name || !cJSON_IsString(tag_name)) continue;
const char* tag_name_str = cJSON_GetStringValue(tag_name);
if (tag_name_str && strcmp(tag_name_str, "x") == 0) {
// Check if report type is provided and valid (optional)
cJSON* report_type = cJSON_GetArrayItem(tag, 2);
if (report_type && cJSON_IsString(report_type)) {
const char* type_str = cJSON_GetStringValue(report_type);
if (type_str) {
// Validate against known types (but allow unknown types per spec)
for (int i = 0; valid_types[i] != NULL; i++) {
if (strcmp(type_str, valid_types[i]) == 0) {
break;
}
}
// Note: Allow unknown types as per NIP-56 spec flexibility
}
}
}
}
return 1; // Always return success - report types are informational
}
// Store blob report in database (optional server behavior)
int store_blob_report(const char* event_json, const char* reporter_pubkey) {
// Optional implementation - servers MAY store reports
sqlite3* db;
sqlite3_stmt* stmt;
int rc;
rc = sqlite3_open_v2(DB_PATH, &db, SQLITE_OPEN_READWRITE, NULL);
if (rc) {
return 0;
}
// Check if blob_reports table exists, create if not
const char* create_table_sql =
"CREATE TABLE IF NOT EXISTS blob_reports ("
"id INTEGER PRIMARY KEY AUTOINCREMENT, "
"report_event TEXT NOT NULL, "
"reporter_pubkey TEXT, "
"reported_at INTEGER NOT NULL, "
"created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP"
")";
rc = sqlite3_exec(db, create_table_sql, NULL, NULL, NULL);
if (rc != SQLITE_OK) {
sqlite3_close(db);
return 0;
}
const char* sql = "INSERT INTO blob_reports (report_event, reporter_pubkey, reported_at) VALUES (?, ?, strftime('%s', 'now'))";
rc = sqlite3_prepare_v2(db, sql, -1, &stmt, NULL);
if (rc != SQLITE_OK) {
sqlite3_close(db);
return 0;
}
sqlite3_bind_text(stmt, 1, event_json, -1, SQLITE_STATIC);
sqlite3_bind_text(stmt, 2, reporter_pubkey, -1, SQLITE_STATIC);
rc = sqlite3_step(stmt);
int success = (rc == SQLITE_DONE);
sqlite3_finalize(stmt);
sqlite3_close(db);
return success;
}
// Handle PUT /report requests (BUD-09)
void handle_report_request(void) {
// Log the incoming request
log_request("PUT", "/report", "pending", 0);
// Validate HTTP method (only PUT allowed)
const char* request_method = getenv("REQUEST_METHOD");
if (!request_method || strcmp(request_method, "PUT") != 0) {
send_error_response(405, "method_not_allowed", "Only PUT method allowed", "The /report endpoint only accepts PUT requests");
log_request(request_method ? request_method : "NULL", "/report", "none", 405);
return;
}
// Validate Content-Type
const char* content_type = getenv("CONTENT_TYPE");
if (!content_type || strstr(content_type, "application/json") == NULL) {
send_error_response(415, "unsupported_media_type", "Content-Type must be application/json", "Report requests must be JSON");
log_request("PUT", "/report", "none", 415);
return;
}
// Validate Content-Length
const char* content_length_str = getenv("CONTENT_LENGTH");
if (!content_length_str) {
send_error_response(400, "missing_content_length", "Content-Length header required", "Request body size must be specified");
log_request("PUT", "/report", "none", 400);
return;
}
long content_length = atol(content_length_str);
if (content_length <= 0 || content_length > 10240) { // 10KB limit for report events
send_error_response(400, "invalid_content_length", "Invalid content length", "Report events must be between 1 byte and 10KB");
log_request("PUT", "/report", "none", 400);
return;
}
// Read JSON request body
char* json_body = malloc(content_length + 1);
if (!json_body) {
send_error_response(500, "memory_error", "Failed to allocate memory", "Internal server error");
log_request("PUT", "/report", "none", 500);
return;
}
size_t bytes_read = fread(json_body, 1, content_length, stdin);
if (bytes_read != (size_t)content_length) {
free(json_body);
send_error_response(400, "incomplete_body", "Failed to read complete request body", "The request body was incomplete");
log_request("PUT", "/report", "none", 400);
return;
}
json_body[content_length] = '\0';
// Parse JSON event
cJSON* event = cJSON_Parse(json_body);
if (!event) {
free(json_body);
send_error_response(400, "invalid_json", "Invalid JSON format", "Request body must be valid JSON");
log_request("PUT", "/report", "none", 400);
return;
}
// Validate event structure (NIP-56 kind 1984 with x tags)
if (!validate_report_event_structure(event)) {
cJSON_Delete(event);
free(json_body);
send_error_response(400, "invalid_report_event", "Invalid report event structure", "Report must be NIP-56 kind 1984 event with x tags");
log_request("PUT", "/report", "none", 400);
return;
}
// Validate nostr event signature and structure
int structure_result = nostr_validate_event_structure(event);
if (structure_result != NOSTR_SUCCESS) {
cJSON_Delete(event);
free(json_body);
send_error_response(400, "invalid_event_structure", "Invalid nostr event structure", "Event does not conform to nostr event format");
log_request("PUT", "/report", "structure_invalid", 400);
return;
}
int crypto_result = nostr_verify_event_signature(event);
if (crypto_result != NOSTR_SUCCESS) {
cJSON_Delete(event);
free(json_body);
send_error_response(400, "invalid_signature", "Invalid event signature", "Event signature verification failed");
log_request("PUT", "/report", "signature_invalid", 400);
return;
}
// Extract blob hashes from x tags
char blob_hashes[10][65]; // Support up to 10 blob hashes per report
int hash_count = extract_blob_hashes_from_report(event, blob_hashes, 10);
if (hash_count == 0) {
cJSON_Delete(event);
free(json_body);
send_error_response(400, "no_blob_hashes", "No valid blob hashes found", "Report must contain at least one valid SHA-256 hash in x tags");
log_request("PUT", "/report", "no_hashes", 400);
return;
}
// Validate report types (optional validation)
validate_report_types(event);
// Extract reporter pubkey
cJSON* pubkey_json = cJSON_GetObjectItem(event, "pubkey");
const char* reporter_pubkey = NULL;
if (pubkey_json && cJSON_IsString(pubkey_json)) {
reporter_pubkey = cJSON_GetStringValue(pubkey_json);
}
// Optional: Store report in database (server behavior)
if (reporter_pubkey) {
store_blob_report(json_body, reporter_pubkey);
}
// Clean up
cJSON_Delete(event);
free(json_body);
// Return success response
printf("Status: 200 OK\r\n");
printf("Content-Type: application/json\r\n\r\n");
printf("{\n");
printf(" \"message\": \"Report received\",\n");
printf(" \"reported_blobs\": %d,\n", hash_count);
printf(" \"reporter\": \"%s\"\n", reporter_pubkey ? reporter_pubkey : "anonymous");
printf("}\n");
log_request("PUT", "/report", reporter_pubkey ? "authenticated" : "anonymous", 200);
}
// Handle DELETE /<sha256> requests
void handle_delete_request(const char* sha256) {
@@ -2983,6 +3298,9 @@ int main(void) {
} else if (strcmp(request_method, "PUT") == 0 && strcmp(request_uri, "/mirror") == 0) {
// Handle PUT /mirror requests (BUD-04)
handle_mirror_request();
} else if (strcmp(request_method, "PUT") == 0 && strcmp(request_uri, "/report") == 0) {
// Handle PUT /report requests (BUD-09)
handle_report_request();
} else if (strcmp(request_method, "GET") == 0 && strncmp(request_uri, "/list/", 6) == 0) {
// Handle GET /list/<pubkey> requests
const char* pubkey = request_uri + 6; // Skip "/list/"

306
tests/report_test_bud09.sh Executable file
View File

@@ -0,0 +1,306 @@
#!/bin/bash
# BUD-09 Blob Report Test Suite
# This test is created FIRST (TDD) and will FAIL until implementation is added to src/main.c.
#
# Expected implementation in src/main.c (BUD-09 section):
# - handle_report_request() -> Parse and validate NIP-56 kind 1984 report events
# - validate_report_event() -> Verify event structure, signature, and required tags
# - process_blob_report() -> Store report, optionally take action on reported blobs
# - report_get_blob_hashes() -> Extract SHA-256 hashes from x tags
# - report_validate_hash() -> Validate SHA-256 format in x tags
#
# Integration points expected:
# - PUT /report endpoint accepts NIP-56 report events
# - Server validates event structure and signatures
# - Server responds with appropriate HTTP status codes
#
# Requirements:
# - curl, jq, nak (nostr army knife) must be available
# - Server should be running at http://localhost:9001 (restart-all.sh)
set -e
SERVER_URL="http://localhost:9001"
REPORT_ENDPOINT="${SERVER_URL}/report"
WORKDIR="tests/tmp_bud09"
# Test counters
TESTS_TOTAL=0
TESTS_PASSED=0
TESTS_FAILED=0
echo "=== BUD-09 Blob Report Test Suite ==="
# Prereq checks
if ! command -v curl >/dev/null 2>&1; then
echo "ERROR: curl not found"
exit 1
fi
if ! command -v jq >/dev/null 2>&1; then
echo "ERROR: jq not found (required for JSON parsing)"
exit 1
fi
if ! command -v nak >/dev/null 2>&1; then
echo "ERROR: nak not found (required for nostr event generation)"
echo "Install with: go install github.com/fiatjaf/nak@latest"
exit 1
fi
# Helper functions
log_test() {
echo ""
echo "=== Test $1: $2 ==="
TESTS_TOTAL=$((TESTS_TOTAL + 1))
}
validate_response() {
local response="$1"
local expected_code="$2"
local test_name="$3"
local http_code=$(echo "$response" | tail -n1 | grep "HTTP_CODE:" | cut -d: -f2)
if [ "$http_code" = "$expected_code" ]; then
echo "$test_name PASSED (HTTP $http_code)"
TESTS_PASSED=$((TESTS_PASSED + 1))
else
echo "$test_name FAILED (Expected HTTP $expected_code, got $http_code)"
TESTS_FAILED=$((TESTS_FAILED + 1))
fi
# Show response body for debugging
local body=$(echo "$response" | head -n -1)
if [ -n "$body" ]; then
echo "Response: $body"
fi
}
generate_report_event() {
local blob_hash="$1"
local report_type="$2"
local content="$3"
nak event -k 1984 -c "$content" -t "x=$blob_hash;$report_type"
}
generate_multi_report_event() {
local content="$1"
shift
local tags=""
for arg in "$@"; do
local hash=$(echo "$arg" | cut -d'=' -f1)
local type=$(echo "$arg" | cut -d'=' -f2)
tags="$tags -t x=$hash;$type"
done
nak event -k 1984 -c "$content" $tags
}
submit_report() {
local event_json="$1"
curl -s -w "\nHTTP_CODE:%{http_code}\n" \
-X PUT \
-H "Content-Type: application/json" \
-d "$event_json" \
"$REPORT_ENDPOINT"
}
# Create temporary working directory
mkdir -p "$WORKDIR"
# Test data - valid SHA-256 hashes
HASH1="deadbeefcafebabe0123456789abcdef0123456789abcdef0123456789abcdef"
HASH2="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
HASH3="abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789"
INVALID_HASH="invalid_hash_format"
echo ""
echo "Test Configuration:"
echo " Server: $SERVER_URL"
echo " Report endpoint: $REPORT_ENDPOINT"
echo " Working directory: $WORKDIR"
echo " Test hashes: $HASH1, $HASH2, $HASH3"
# Test 1: Valid Single Blob Report (nudity)
log_test 1 "Valid Single Blob Report (nudity)"
EVENT1=$(generate_report_event "$HASH1" "nudity" "This image contains inappropriate content")
echo "Event: $EVENT1"
RESPONSE1=$(submit_report "$EVENT1")
validate_response "$RESPONSE1" "200" "Test 1"
# Test 2: Multiple Blob Report (malware)
log_test 2 "Multiple Blob Report (malware)"
EVENT2=$(generate_multi_report_event "Multiple files contain malware" "${HASH1}=malware" "${HASH2}=malware")
echo "Event: $EVENT2"
RESPONSE2=$(submit_report "$EVENT2")
validate_response "$RESPONSE2" "200" "Test 2"
# Test 3: Report Types Coverage - nudity
log_test 3a "Report Type: nudity"
EVENT3A=$(generate_report_event "$HASH1" "nudity" "Nudity content reported")
RESPONSE3A=$(submit_report "$EVENT3A")
validate_response "$RESPONSE3A" "200" "Test 3a (nudity)"
# Test 3: Report Types Coverage - malware
log_test 3b "Report Type: malware"
EVENT3B=$(generate_report_event "$HASH2" "malware" "Malware content reported")
RESPONSE3B=$(submit_report "$EVENT3B")
validate_response "$RESPONSE3B" "200" "Test 3b (malware)"
# Test 3: Report Types Coverage - profanity
log_test 3c "Report Type: profanity"
EVENT3C=$(generate_report_event "$HASH3" "profanity" "Profanity content reported")
RESPONSE3C=$(submit_report "$EVENT3C")
validate_response "$RESPONSE3C" "200" "Test 3c (profanity)"
# Test 3: Report Types Coverage - illegal
log_test 3d "Report Type: illegal"
EVENT3D=$(generate_report_event "$HASH1" "illegal" "Illegal content reported")
RESPONSE3D=$(submit_report "$EVENT3D")
validate_response "$RESPONSE3D" "200" "Test 3d (illegal)"
# Test 3: Report Types Coverage - spam
log_test 3e "Report Type: spam"
EVENT3E=$(generate_report_event "$HASH2" "spam" "Spam content reported")
RESPONSE3E=$(submit_report "$EVENT3E")
validate_response "$RESPONSE3E" "200" "Test 3e (spam)"
# Test 3: Report Types Coverage - impersonation
log_test 3f "Report Type: impersonation"
EVENT3F=$(generate_report_event "$HASH3" "impersonation" "Impersonation content reported")
RESPONSE3F=$(submit_report "$EVENT3F")
validate_response "$RESPONSE3F" "200" "Test 3f (impersonation)"
# Test 3: Report Types Coverage - other
log_test 3g "Report Type: other"
EVENT3G=$(generate_report_event "$HASH1" "other" "Other type of inappropriate content")
RESPONSE3G=$(submit_report "$EVENT3G")
validate_response "$RESPONSE3G" "200" "Test 3g (other)"
# Test 4: Report with Optional Tags (comprehensive NIP-56 structure)
log_test 4 "Report with Optional Tags"
EVENT4=$(nak event -k 1984 -c "Comprehensive report with all tags" \
-t "x=${HASH1};spam" \
-t "e=1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef" \
-t "p=abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" \
-t "server=https://example.com/blob.jpg")
echo "Event: $EVENT4"
RESPONSE4=$(submit_report "$EVENT4")
validate_response "$RESPONSE4" "200" "Test 4"
# Test 5: Missing x Tags Error
log_test 5 "Missing x Tags Error"
EVENT5=$(nak event -k 1984 -c "Report without x tags" -t "p=somekey")
echo "Event: $EVENT5"
RESPONSE5=$(submit_report "$EVENT5")
validate_response "$RESPONSE5" "400" "Test 5"
# Test 6: Invalid SHA-256 Format
log_test 6 "Invalid SHA-256 Format"
EVENT6=$(generate_report_event "$INVALID_HASH" "nudity" "Invalid hash format test")
echo "Event: $EVENT6"
RESPONSE6=$(submit_report "$EVENT6")
validate_response "$RESPONSE6" "400" "Test 6"
# Test 7: Wrong Event Kind
log_test 7 "Wrong Event Kind"
EVENT7=$(nak event -k 1 -c "Wrong kind test" -t "x=${HASH1};nudity")
echo "Event: $EVENT7"
RESPONSE7=$(submit_report "$EVENT7")
validate_response "$RESPONSE7" "400" "Test 7"
# Test 8: Invalid JSON Structure
log_test 8 "Invalid JSON Structure"
INVALID_JSON='{"invalid":"json","missing":}'
echo "Invalid JSON: $INVALID_JSON"
RESPONSE8=$(curl -s -w "\nHTTP_CODE:%{http_code}\n" \
-X PUT \
-H "Content-Type: application/json" \
-d "$INVALID_JSON" \
"$REPORT_ENDPOINT")
validate_response "$RESPONSE8" "400" "Test 8"
# Test 9: Unsupported HTTP Method - GET
log_test 9a "Unsupported Method: GET"
RESPONSE9A=$(curl -s -w "\nHTTP_CODE:%{http_code}\n" \
-X GET \
"$REPORT_ENDPOINT")
validate_response "$RESPONSE9A" "405" "Test 9a (GET)"
# Test 9: Unsupported HTTP Method - POST
log_test 9b "Unsupported Method: POST"
RESPONSE9B=$(curl -s -w "\nHTTP_CODE:%{http_code}\n" \
-X POST \
-H "Content-Type: application/json" \
-d '{"test":"post"}' \
"$REPORT_ENDPOINT")
validate_response "$RESPONSE9B" "405" "Test 9b (POST)"
# Test 9: Unsupported HTTP Method - DELETE
log_test 9c "Unsupported Method: DELETE"
RESPONSE9C=$(curl -s -w "\nHTTP_CODE:%{http_code}\n" \
-X DELETE \
"$REPORT_ENDPOINT")
validate_response "$RESPONSE9C" "405" "Test 9c (DELETE)"
# Test 10: Empty Request Body
log_test 10 "Empty Request Body"
RESPONSE10=$(curl -s -w "\nHTTP_CODE:%{http_code}\n" \
-X PUT \
-H "Content-Type: application/json" \
"$REPORT_ENDPOINT")
validate_response "$RESPONSE10" "400" "Test 10"
# Test 11: Unknown Report Type (should be accepted per spec)
log_test 11 "Unknown Report Type"
EVENT11=$(generate_report_event "$HASH1" "unknown_type" "Unknown report type test")
echo "Event: $EVENT11"
RESPONSE11=$(submit_report "$EVENT11")
validate_response "$RESPONSE11" "200" "Test 11"
# Test 12: Invalid Content-Type
log_test 12 "Invalid Content-Type"
EVENT12=$(generate_report_event "$HASH1" "nudity" "Content type test")
RESPONSE12=$(curl -s -w "\nHTTP_CODE:%{http_code}\n" \
-X PUT \
-H "Content-Type: text/plain" \
-d "$EVENT12" \
"$REPORT_ENDPOINT")
validate_response "$RESPONSE12" "415" "Test 12"
# Test 13: Valid report with empty content field
log_test 13 "Empty Content Field"
EVENT13=$(generate_report_event "$HASH1" "spam" "")
echo "Event: $EVENT13"
RESPONSE13=$(submit_report "$EVENT13")
validate_response "$RESPONSE13" "200" "Test 13"
# Test 14: Very long content field
log_test 14 "Long Content Field"
LONG_CONTENT=$(printf 'A%.0s' {1..1000})
EVENT14=$(generate_report_event "$HASH1" "other" "$LONG_CONTENT")
RESPONSE14=$(submit_report "$EVENT14")
validate_response "$RESPONSE14" "200" "Test 14"
# Cleanup
rm -rf "$WORKDIR"
# Test Summary
echo ""
echo "=== BUD-09 Test Summary ==="
echo "Total tests: $TESTS_TOTAL"
echo "Passed: $TESTS_PASSED"
echo "Failed: $TESTS_FAILED"
echo ""
if [ "$TESTS_FAILED" -eq 0 ]; then
echo "🎉 All tests passed! BUD-09 implementation is working correctly."
exit 0
else
echo "$TESTS_FAILED test(s) failed. BUD-09 implementation needs fixes."
exit 1
fi
echo "=== End of BUD-09 Blob Report Test Suite ==="