laantungir/ginxsom
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Stuck on a bug with auth, but got to push anyway.

Browse Source
This commit is contained in:
Your Name
2025-08-20 06:20:32 -04:00
parent b2b1240136
commit 8c3d2b1aac
18 changed files with 10443 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
README.md
View File

@@ -41,19 +41,52 @@ ginxsom is a Blossom protocol server implemented as a FastCGI application that i
ginxsom implements the following Blossom Upgrade Documents (BUDs):
- **BUD-01**: Server requirements and blob retrieval ✅
- **BUD-02**: Blob upload and management ✅
- **BUD-06**: Upload requirements
- **BUD-02**: Blob upload and management ✅ *(newly completed - includes DELETE endpoint)*
- **BUD-06**: Upload requirements *(planned - not yet implemented)*
### Supported Endpoints
| Endpoint | Method | Description | Handler |
|----------|---------|-------------|---------|
| `/<sha256>` | GET | Retrieve blob | nginx → disk |
| `/<sha256>` | HEAD | Check blob exists | nginx → disk |
| `/upload` | PUT | Upload new blob | nginx → FastCGI ginxsom |
| `/upload` | HEAD | Check upload requirements | nginx → FastCGI ginxsom |
| `/list/<pubkey>` | GET | List user's blobs | nginx → FastCGI ginxsom |
| `/<sha256>` | DELETE | Delete blob | nginx → FastCGI ginxsom |
| Endpoint | Method | Description | Handler | Status |
|----------|---------|-------------|---------|---------|
| `/<sha256>` | GET | Retrieve blob | nginx → disk |**Implemented** |
| `/<sha256>` | HEAD | Check blob exists | nginx → FastCGI ginxsom | ✅ **Implemented** |
| `/upload` | PUT | Upload new blob | nginx → FastCGI ginxsom |**Implemented** |
| `/upload` | HEAD | Check upload requirements | nginx → FastCGI ginxsom |**BUD-06 Planned** |
| `/list/<pubkey>` | GET | List user's blobs | nginx → FastCGI ginxsom |**Implemented** |
| `/<sha256>` | DELETE | Delete blob | nginx → FastCGI ginxsom |**Recently Added** |
## Recent Updates
### BUD-02 Completion: DELETE Endpoint Implementation
ginxsom now fully implements **BUD-02: Blob upload and management** with the recent addition of the DELETE endpoint. This completes the core blob management functionality:
**New DELETE Endpoint Features:**
- **Authenticated Deletion**: Requires valid nostr kind 24242 event with `t` tag set to `"delete"`
- **Hash Validation**: Must include `x` tag matching the blob's SHA-256 hash
- **Ownership Verification**: Only the original uploader can delete their blobs
- **Complete Cleanup**: Removes both file from disk and metadata from database
- **Error Handling**: Proper HTTP status codes for various failure scenarios
**Technical Implementation:**
```bash
# Delete a blob (requires nostr authorization)
curl -X DELETE http://localhost:9001/b1674191a88ec5cdd733e4240a81803105dc412d6c6708d53ab94fc248f4f553 \
-H "Authorization: Nostr eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..."
# Successful deletion returns 200 OK
# Failed authorization returns 401 Unauthorized
# Blob not found returns 404 Not Found
# Wrong ownership returns 403 Forbidden
```
**Security Features:**
- Event signature validation using nostr cryptographic verification
- Expiration checking to prevent replay attacks
- Ownership validation via uploader_pubkey matching
- Atomic operations (both filesystem and database cleanup succeed or fail together)
This implementation makes ginxsom a fully functional Blossom server for core blob operations (upload, retrieve, list, delete) with the remaining BUD-06 (upload requirements) planned for the next development phase.
## Installation
@@ -111,6 +144,8 @@ rate_limit_uploads = 10 # per minute
### nginx Configuration
#### Production Configuration
Add to your nginx configuration:
```nginx
@@ -155,6 +190,72 @@ server {
}
```
#### Local Development Configuration
For local development, use the provided `config/local-nginx.conf`:
```nginx
# Local development server (runs on port 9001)
server {
listen 9001;
server_name localhost;
root blobs; # Relative to project directory
# FastCGI backend
upstream fastcgi_backend {
server unix:/tmp/ginxsom-fcgi.sock;
}
# DELETE endpoint - requires authentication
location ~ "^/([a-f0-9]{64}).*$" {
if ($request_method != DELETE) {
return 404;
}
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/ginxsom.fcgi;
fastcgi_pass fastcgi_backend;
}
# Static blob serving with extension fallback
location ~ "^/([a-f0-9]{64})(\.[a-zA-Z0-9]+)?$" {
limit_except HEAD GET { deny all; }
# HEAD requests go to FastCGI
if ($request_method = HEAD) {
rewrite ^/(.*)$ /fcgi-head/$1 last;
}
# GET requests served directly with extension fallback
try_files /$1.jpg /$1.jpeg /$1.png /$1.webp /$1.gif /$1.pdf /$1.mp4 /$1.mp3 /$1.txt /$1.md =404;
}
# Upload endpoint
location /upload {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/ginxsom.fcgi;
fastcgi_pass fastcgi_backend;
if ($request_method !~ ^(PUT)$ ) { return 405; }
}
# List blobs endpoint
location ~ "^/list/([a-f0-9]{64}).*$" {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/ginxsom.fcgi;
fastcgi_pass fastcgi_backend;
if ($request_method !~ ^(GET)$ ) { return 405; }
}
}
```
Start local development with:
```bash
# Start FastCGI daemon
./start-fcgi.sh
# Start nginx (uses local config)
./restart-nginx.sh
```
## Usage
### Starting the Server