Generally working.
This commit is contained in:
Your Name
21
src/bud06.c
21
src/bud06.c
@@ -204,14 +204,7 @@ void handle_head_upload_request(void) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Check if blob already exists (duplicate detection)
|
||||
if (check_blob_exists(sha256)) {
|
||||
send_upload_error_response(409, "blob_exists", "Blob with this hash already exists", XREASON_BLOB_EXISTS);
|
||||
log_request("HEAD", "/upload", "none", 409);
|
||||
return;
|
||||
}
|
||||
|
||||
// Check for optional authorization
|
||||
// Check for authorization first (before duplicate detection)
|
||||
const char* auth_header = getenv("HTTP_AUTHORIZATION");
|
||||
const char* auth_status = "none";
|
||||
|
||||
@@ -220,6 +213,18 @@ void handle_head_upload_request(void) {
|
||||
// This handler receives pre-validated requests, so if we reach here with auth_header,
|
||||
// the authentication was already successful
|
||||
auth_status = "authenticated";
|
||||
} else {
|
||||
// Check if server requires authorization for uploads
|
||||
// If auth is required but not provided, return 401 before checking for duplicates
|
||||
// TODO: This should check server configuration for auth requirements
|
||||
// For now, assume auth is optional unless configured otherwise
|
||||
}
|
||||
|
||||
// Check if blob already exists (duplicate detection - after auth validation)
|
||||
if (check_blob_exists(sha256)) {
|
||||
send_upload_error_response(409, "blob_exists", "Blob with this hash already exists", XREASON_BLOB_EXISTS);
|
||||
log_request("HEAD", "/upload", auth_status, 409);
|
||||
return;
|
||||
}
|
||||
|
||||
// All validations passed - return success
|
||||
|
||||
105
src/main.c
105
src/main.c
@@ -28,16 +28,6 @@
|
||||
// Database path
|
||||
#define DB_PATH "db/ginxsom.db"
|
||||
|
||||
// ===== COMMENTED OUT UNUSED CODE =====
|
||||
// Forward declarations for config system (all commented out)
|
||||
/*
|
||||
int initialize_server_config(void);
|
||||
int apply_config_from_event(cJSON *event);
|
||||
int get_config_file_path(char *path, size_t path_size);
|
||||
int load_server_config(const char *config_path);
|
||||
int run_interactive_setup(const char *config_path);
|
||||
*/
|
||||
// ===== END COMMENTED OUT CODE =====
|
||||
|
||||
// Configuration system implementation
|
||||
#include <stdlib.h>
|
||||
@@ -536,15 +526,6 @@ const char *extract_sha256_from_uri(const char *uri) {
|
||||
/////////////////////////////////////////////////////////////////////////////////////////
|
||||
/////////////////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
// ===== COMMENTED OUT UNUSED CODE =====
|
||||
// Forward declarations for detailed validation functions (all commented out)
|
||||
/*
|
||||
int detailed_structure_validation(cJSON *event);
|
||||
int detailed_signature_validation(cJSON *event);
|
||||
void analyze_event_fields(cJSON *event);
|
||||
void hex_dump(const char *label, const unsigned char *data, size_t len);
|
||||
*/
|
||||
// ===== END COMMENTED OUT CODE =====
|
||||
|
||||
/////////////////////////////////////////////////////////////////////////////////////////
|
||||
/////////////////////////////////////////////////////////////////////////////////////////
|
||||
@@ -1024,38 +1005,7 @@ void handle_upload_request(void) {
|
||||
|
||||
fflush(stderr);
|
||||
|
||||
// Legacy authentication check - now handled by centralized validation system
|
||||
/*
|
||||
// Check if authentication rules are enabled using nostr_core_lib system
|
||||
int auth_required = nostr_auth_rules_enabled();
|
||||
fprintf(stderr, "AUTH: auth_rules_enabled = %d, auth_header present: %s\r\n",
|
||||
auth_required, auth_header ? "YES" : "NO");
|
||||
|
||||
// If authentication is required but no auth header provided, fail immediately
|
||||
if (auth_required && !auth_header) {
|
||||
free(file_data);
|
||||
send_error_response(401, "authorization_required",
|
||||
"Authorization required for upload operations",
|
||||
"This server requires authentication for all uploads");
|
||||
log_request("PUT", "/upload", "missing_auth", 401);
|
||||
return;
|
||||
}
|
||||
|
||||
// If auth rules are completely disabled, skip all validation and allow upload
|
||||
if (!auth_required) {
|
||||
fprintf(stderr, "AUTH: Authentication rules disabled - skipping all "
|
||||
"validation and allowing upload\n");
|
||||
// Skip validation and proceed to file processing
|
||||
goto process_file_upload;
|
||||
}
|
||||
*/
|
||||
|
||||
// Authentication is handled by centralized validation system
|
||||
// TODO: Get uploader_pubkey from centralized validation result
|
||||
// For now, keep existing uploader_pubkey extraction for compatibility
|
||||
|
||||
// Legacy goto label - no longer needed with centralized validation
|
||||
// process_file_upload:
|
||||
// Get dimensions from in-memory buffer before saving file
|
||||
int width = 0, height = 0;
|
||||
nip94_get_dimensions(file_data, content_length, content_type, &width,
|
||||
@@ -1299,37 +1249,7 @@ void handle_upload_request_with_validation(nostr_request_result_t* validation_re
|
||||
|
||||
fflush(stderr);
|
||||
|
||||
// Legacy authentication check - now handled by centralized validation system
|
||||
/*
|
||||
// Check if authentication rules are enabled using nostr_core_lib system
|
||||
int auth_required = nostr_auth_rules_enabled();
|
||||
fprintf(stderr, "AUTH: auth_rules_enabled = %d, auth_header present: %s\r\n",
|
||||
auth_required, auth_header ? "YES" : "NO");
|
||||
|
||||
// If authentication is required but no auth header provided, fail immediately
|
||||
if (auth_required && !auth_header) {
|
||||
if (should_free_file_data) free(file_data);
|
||||
send_error_response(401, "authorization_required",
|
||||
"Authorization required for upload operations",
|
||||
"This server requires authentication for all uploads");
|
||||
log_request("PUT", "/upload", "missing_auth", 401);
|
||||
return;
|
||||
}
|
||||
|
||||
// If auth rules are completely disabled, skip all validation and allow upload
|
||||
if (!auth_required) {
|
||||
fprintf(stderr, "AUTH: Authentication rules disabled - skipping all "
|
||||
"validation and allowing upload\n");
|
||||
// Skip validation and proceed to file processing
|
||||
goto process_file_upload;
|
||||
}
|
||||
*/
|
||||
|
||||
// Authentication was handled by centralized validation system
|
||||
// uploader_pubkey should be set from validation result
|
||||
|
||||
// Legacy goto label - no longer needed with centralized validation
|
||||
// process_file_upload:
|
||||
// Get dimensions from in-memory buffer before saving file
|
||||
int width = 0, height = 0;
|
||||
nip94_get_dimensions(file_data, file_size, content_type, &width,
|
||||
@@ -1523,23 +1443,6 @@ int main(void) {
|
||||
// Try file-based config first, then fall back to database config
|
||||
int config_loaded = 0;
|
||||
|
||||
// All file-based config and interactive setup are commented out
|
||||
/*
|
||||
char config_path[512];
|
||||
|
||||
if (get_config_file_path(config_path, sizeof(config_path))) {
|
||||
fprintf(stderr, "STARTUP: Checking for config file at: %s\n", config_path);
|
||||
if (load_server_config(config_path)) {
|
||||
fprintf(stderr,
|
||||
"STARTUP: File-based configuration loaded successfully\n");
|
||||
config_loaded = 1;
|
||||
} else {
|
||||
fprintf(stderr, "STARTUP: No valid file-based config found, trying "
|
||||
"database config\n");
|
||||
}
|
||||
}
|
||||
*/
|
||||
|
||||
// Fall back to database configuration if file config failed
|
||||
if (!config_loaded /* && !initialize_server_config() */) {
|
||||
fprintf(
|
||||
@@ -1547,13 +1450,7 @@ if (!config_loaded /* && !initialize_server_config() */) {
|
||||
"STARTUP: No configuration found - server starting in setup mode\n");
|
||||
fprintf(stderr, "STARTUP: Run interactive setup with: ginxsom --setup\n");
|
||||
// For interactive mode (when stdin is available), offer setup
|
||||
/*
|
||||
char config_path[512];
|
||||
if (isatty(STDIN_FILENO) &&
|
||||
get_config_file_path(config_path, sizeof(config_path))) {
|
||||
return run_interactive_setup(config_path);
|
||||
}
|
||||
*/
|
||||
|
||||
} else if (!config_loaded) {
|
||||
fprintf(stderr, "STARTUP: Database configuration loaded successfully\n");
|
||||
}
|
||||
|
||||
@@ -283,7 +283,17 @@ int nostr_validate_unified_request(const nostr_unified_request_t *request,
|
||||
// PHASE 2: NOSTR EVENT VALIDATION (CPU Intensive ~2ms)
|
||||
/////////////////////////////////////////////////////////////////////
|
||||
|
||||
// Check if authentication header is provided
|
||||
// Check if this is a BUD-09 report request - allow anonymous reporting
|
||||
if (request->operation && strcmp(request->operation, "report") == 0) {
|
||||
// BUD-09 allows anonymous reporting - pass through to bud09.c for validation
|
||||
result->valid = 1;
|
||||
result->error_code = NOSTR_SUCCESS;
|
||||
strcpy(result->reason, "BUD-09 report request - bypassing auth for anonymous reporting");
|
||||
validator_debug_log("VALIDATOR_DEBUG: BUD-09 report detected, bypassing authentication\n");
|
||||
return NOSTR_SUCCESS;
|
||||
}
|
||||
|
||||
// Check if authentication header is provided (required for non-report operations)
|
||||
if (!request->auth_header) {
|
||||
|
||||
result->valid = 0;
|
||||
|
||||
Reference in New Issue
Block a user