Bud 2 mostly done

IMPLEMENTATION.md

@@ -59,50 +59,37 @@ This document outlines the implementation plan for ginxsom, a FastCGI-based Blos
 ## Phase 2: Upload & Authentication (BUD-02)
 
 ### 2.1 Nostr Authentication Setup
-- [ ] Integrate nostr_core_lib submodule
-  - [ ] Update Makefile to include nostr_core_lib paths and static library
-  - [ ] Build libnostr_core_x64.a using provided build.sh script
-  - [ ] Add system dependencies: -lsecp256k1 -lssl -lcrypto -lcurl -lz -ldl -lpthread -lm
+- [x] Integrate nostr_core_lib submodule
+  - [x] Update Makefile to include nostr_core_lib paths and static library
+  - [x] Build libnostr_core_x64.a using provided build.sh script
+  - [x] Add system dependencies: -lsecp256k1 -lssl -lcrypto -lcurl -lz -ldl -lpthread -lm
 
-- [ ] Implement authentication functions in main.c (BUD-02 section):
-  - [ ] `parse_authorization_header()` - Extract JSON from "Nostr base64(event)" header
-  - [ ] `validate_blossom_event()` - Validate Blossom-specific requirements (kind 24242, content hash, method, expiration)
-  - [ ] `authenticate_request()` - Main orchestrator function
+- [x] Implement authentication functions in main.c (BUD-02 section):
+  - [x] `parse_authorization_header()` - Extract JSON from "Nostr base64(event)" header
+  - [x] `validate_blossom_event()` - Validate Blossom-specific requirements (kind 24242, content hash, method, expiration)
+  - [x] `authenticate_request()` - Main orchestrator function
 
-- [ ] Leverage existing nostr_core_lib functions:
-  - [ ] Use `nostr_validate_event()` for structure + signature validation (from nip001.h)
-  - [ ] Use standardized error codes from nostr_common.h (NOSTR_SUCCESS, NOSTR_ERROR_EVENT_INVALID_SIGNATURE, etc.)
-  - [ ] Use `nostr_strerror()` for error message translation
-
-**Function Specifications:**
-```c
-// Custom functions to implement:
-int parse_authorization_header(const char* auth_header, char* event_json, size_t json_size);
-int validate_blossom_event(struct cJSON* event, const char* expected_hash, const char* method);
-int authenticate_request(const char* auth_header, const char* method, const char* file_hash);
-
-// Existing nostr_core_lib functions to use directly:
-// - nostr_validate_event(cJSON* event) - handles structure + signature validation
-// - nostr_validate_event_structure(cJSON* event) - if separate validation needed
-// - nostr_verify_event_signature(cJSON* event) - if separate signature check needed
-```
+- [x] Leverage existing nostr_core_lib functions:
+  - [x] Use `nostr_validate_event()` for structure + signature validation (from nip001.h)
+  - [x] Use standardized error codes from nostr_common.h (NOSTR_SUCCESS, NOSTR_ERROR_EVENT_INVALID_SIGNATURE, etc.)
+  - [x] Use `nostr_strerror()` for error message translation
 
 ### 2.2 Upload Endpoint Implementation
-- [ ] Implement `PUT /upload` endpoint
-  - [ ] Parse Authorization header (optional but recommended)
-  - [ ] Stream file upload to temporary location
-  - [ ] Calculate SHA-256 hash during upload
-  - [ ] Validate hash matches authorization if provided
-  - [ ] Move file to permanent location
-  - [ ] Store metadata in database
-  - [ ] Return blob descriptor JSON response
+- [x] Implement `PUT /upload` endpoint
+  - [x] Parse Authorization header (Nostr base64 event extraction)
+  - [x] Stream file upload to temporary location
+  - [x] Calculate SHA-256 hash during upload
+  - [x] Validate hash matches authorization if provided
+  - [x] Move file to permanent location
+  - [x] Store metadata in database (including uploader_pubkey and filename)
+  - [x] Return blob descriptor JSON response
 
 ### 2.3 Blob Descriptor Response
-- [ ] Implement blob descriptor structure
-  - [ ] Required fields: url, sha256, size, type, uploaded
-  - [ ] Handle MIME type detection
-  - [ ] Generate proper blob URLs
-  - [ ] Add optional server-specific fields
+- [x] Implement blob descriptor structure
+  - [x] Required fields: url, sha256, size, type, uploaded
+  - [x] Handle MIME type detection
+  - [x] Generate proper blob URLs
+  - [x] Add optional server-specific fields (uploader_pubkey, filename)
 
 ### 2.4 Error Handling
 - [ ] Implement proper HTTP status codes
@@ -115,12 +102,13 @@ int authenticate_request(const char* auth_header, const char* method, const char
 - [ ] Implement request logging
 
 ### 2.5 Testing & Validation
-- [ ] Test uploads without authentication
-- [ ] Test uploads with valid nostr auth
-- [ ] Test uploads with invalid auth
-- [ ] Test hash mismatch scenarios
+- [x] Test uploads without authentication
+- [x] Test uploads with valid nostr auth
+- [x] Test uploads with invalid auth
+- [x] Test hash mismatch scenarios
 - [ ] Test file size limits
-- [ ] Verify blob descriptors are correct
+- [x] Verify blob descriptors are correct
+- [x] Verify database metadata storage (uploader_pubkey and filename)
 
 ---
 
@@ -208,14 +196,18 @@ int authenticate_request(const char* auth_header, const char* method, const char
 - [x] Database stores blob information with proper schema
 
 ### Milestone 2: Full Upload Support (Phase 2 Complete)
-- Authenticated uploads working
-- Proper error handling
-- Blob descriptors returned correctly
+- [x] Basic upload functionality working (PUT requests accepted)
+- [x] SHA-256 hash calculation during upload
+- [x] File storage to blobs/ directory
+- [x] Blob descriptor JSON response
+- [x] Authenticated uploads working (Nostr kind 24242 event validation)
+- [x] Proper error handling for upload scenarios
+- [x] Database metadata storage during upload (with uploader_pubkey and filename)
 
-### Milestone 3: Policy Compliance (Phase 3 Complete)
-- Upload requirements implemented
-- Server policies configurable
-- Spec compliance verified
+### Milestone 3: Policy Compliance (Phase 3 Pending)
+- [ ] Upload requirements implemented
+- [ ] Server policies configurable
+- [ ] Spec compliance verified
 
 ### Milestone 4: Production Ready (Phase 4 Complete)
 - Optional features implemented as needed