List Blob Endpoint

IMPLEMENTATION.md

@@ -92,16 +92,43 @@ This document outlines the implementation plan for ginxsom, a FastCGI-based Blos
   - [x] Add optional server-specific fields (uploader_pubkey, filename)
 
 ### 2.4 Error Handling
-- [ ] Implement proper HTTP status codes
-  - [ ] 400 Bad Request for invalid data
-  - [ ] 401 Unauthorized for auth failures
-  - [ ] 409 Conflict for hash mismatches
-  - [ ] 413 Payload Too Large for size limits
-  - [ ] 500 Internal Server Error for system issues
-- [ ] Add detailed error messages
-- [ ] Implement request logging
+- [x] Implement proper HTTP status codes
+  - [x] 400 Bad Request for invalid data
+  - [x] 401 Unauthorized for auth failures
+  - [x] 409 Conflict for hash mismatches
+  - [x] 413 Payload Too Large for size limits
+  - [x] 500 Internal Server Error for system issues
+- [x] Add detailed error messages
+- [x] Implement request logging
 
-### 2.5 Testing & Validation
+### 2.5 List Blobs Endpoint
+- [ ] Implement `GET /list/<pubkey>` endpoint
+  - [ ] Extract pubkey from URL path
+  - [ ] Query database for blobs uploaded by specified pubkey
+  - [ ] Support `since` and `until` query parameters for date filtering
+  - [ ] Return JSON array of blob descriptors
+  - [ ] Handle empty results gracefully
+  - [ ] Implement optional authorization with kind 24242 event validation
+    - [ ] Validate `t` tag is set to "list"
+    - [ ] Check authorization expiration
+    - [ ] Verify event signature and structure
+
+### 2.6 Delete Blob Endpoint
+- [ ] Implement `DELETE /<sha256>` endpoint
+  - [ ] Extract SHA-256 hash from URL path
+  - [ ] Require authorization with kind 24242 event validation
+    - [ ] Validate `t` tag is set to "delete"
+    - [ ] Verify at least one `x` tag matches the requested hash
+    - [ ] Check authorization expiration
+    - [ ] Verify event signature and structure
+  - [ ] Check blob exists in database
+  - [ ] Verify uploader_pubkey matches authorized pubkey (ownership check)
+  - [ ] Remove blob file from filesystem
+  - [ ] Remove blob metadata from database
+  - [ ] Handle file deletion errors gracefully
+  - [ ] Return appropriate success/error responses
+
+### 2.7 Testing & Validation
 - [x] Test uploads without authentication
 - [x] Test uploads with valid nostr auth
 - [x] Test uploads with invalid auth
@@ -195,7 +222,7 @@ This document outlines the implementation plan for ginxsom, a FastCGI-based Blos
 - [x] HEAD requests return metadata from database
 - [x] Database stores blob information with proper schema
 
-### Milestone 2: Full Upload Support (Phase 2 Complete)
+### Milestone 2: Full Upload Support (Phase 2 Pending)
 - [x] Basic upload functionality working (PUT requests accepted)
 - [x] SHA-256 hash calculation during upload
 - [x] File storage to blobs/ directory
@@ -203,6 +230,8 @@ This document outlines the implementation plan for ginxsom, a FastCGI-based Blos
 - [x] Authenticated uploads working (Nostr kind 24242 event validation)
 - [x] Proper error handling for upload scenarios
 - [x] Database metadata storage during upload (with uploader_pubkey and filename)
+- [ ] List blobs endpoint implemented (GET /list/<pubkey>)
+- [ ] Delete blob endpoint implemented (DELETE /<sha256>)
 
 ### Milestone 3: Policy Compliance (Phase 3 Pending)
 - [ ] Upload requirements implemented