# Ginxsom Blossom Server Implementation Status This document tracks the implementation status of ginxsom, a high-performance FastCGI-based Blossom server designed to work with nginx. ## Architecture Overview - **nginx**: Handles static file serving (GET /) for maximum performance - **FastCGI Application**: Handles authenticated operations, metadata queries, uploads - **SQLite Database**: Stores blob metadata and server configuration - **File Storage**: Flat directory structure in `blobs/` directory --- ## BUD-01: Blob Retrieval ✅ **COMPLETE** ### Infrastructure & Database - [x] Create directory structure (`blobs/`, `db/`, `logs/`) - [x] SQLite schema with `blobs` table (sha256, size, type, uploaded_at, uploader_pubkey, filename) - [x] Database initialization scripts and proper indexes ### GET / Endpoint - [x] nginx static file serving with extension support (.txt, .jpg, .png, etc.) - [x] Extension fallback via `try_files` directive - [x] Proper MIME type detection and headers - [x] Cache headers (Cache-Control, immutable) - [x] 404 handling for missing blobs ### HEAD / Endpoint - [x] FastCGI metadata handler - [x] Database metadata queries - [x] Proper HTTP headers (Content-Type, Content-Length) - [x] SHA-256 extraction from URL paths - [x] 404 responses for missing blobs ### Testing Status - [x] File serving works with all supported extensions - [x] HEAD requests return correct metadata - [x] 404 responses for missing files - [ ] Performance testing with large files --- ## BUD-02: File Upload & Authentication ✅ **COMPLETE** ### Nostr Authentication System - [x] nostr_core_lib integration and compilation - [x] secp256k1 context initialization (CRITICAL BUG FIXED) - [x] Authentication functions: - [x] `parse_authorization_header()` - Extract JSON from "Nostr base64(event)" - [x] `validate_blossom_event()` - Validate kind 24242 events - [x] `authenticate_request()` - Main authentication orchestrator - [x] Enhanced error handling with specific error types (event_expired, invalid_signature, etc.) - [x] API refactoring - upgraded from low-level crypto to `nostr_crypto_init()` API ### PUT /upload Endpoint - [x] Authorization header parsing and validation - [x] File upload streaming to temporary location - [x] SHA-256 hash calculation during upload - [x] Hash validation against authorization - [x] File permissions (644) for nginx serving - [x] Database metadata storage (uploader_pubkey, filename) - [x] Blob descriptor JSON response ### GET /list/ Endpoint - [x] Extract pubkey from URL path - [x] Database queries for user's blobs - [x] Optional authorization with kind 24242 event validation - [x] Support for `since`/`until` query parameters - [x] JSON array responses with blob descriptors ### DELETE / Endpoint - [x] SHA-256 extraction from URL - [x] Required authorization with kind 24242 validation - [x] Ownership verification (uploader_pubkey matching) - [x] File and database cleanup - [x] Proper error handling for missing files ### Testing Status - [x] Upload with valid nostr authentication (HTTP 200) - [x] Upload without authentication (proper error responses) - [x] Hash mismatch validation (409 Conflict) - [x] List endpoint returns proper JSON - [x] Delete endpoint with ownership checks - [x] File retrieval after upload working - [ ] File size limit testing --- ## BUD-03: Server List (User Server Lists) ⚪ **FOR CLIENTS, NOT SERVERS** ## BUD-04: Blob Mirroring ⚪ **PARTIAL** ### Current Status - [x] nginx endpoint configured (`PUT /mirror`) - [x] FastCGI routing established - [ ] URL downloading implementation - [ ] Hash verification after download - [ ] Authorization handling for mirroring - [ ] Inter-server mirroring testing --- ## BUD-05: Media Optimization ⚪ **PARTIAL** ### Current Status - [x] nginx endpoint configured (`HEAD/PUT /media`) - [x] FastCGI routing established - [ ] Media processing libraries integration - [ ] Optimization algorithms implementation - [ ] Multi-format media handling - [ ] Optimization pipeline testing --- ## BUD-06: Upload Requirements ⚪ **NOT IMPLEMENTED** ### HEAD /upload Pre-flight Validation - [ ] `HEAD /upload` endpoint implementation - [ ] Client header parsing (X-SHA-256, X-Content-Length, X-Content-Type) - [ ] Pre-flight validation without file transfer: - [ ] SHA-256 format validation - [ ] File size limit checking - [ ] MIME type restrictions - [ ] Authentication validation - [ ] Duplicate detection - [ ] Banned hash checking - [ ] Proper HTTP status codes (200, 400, 401, 403, 411, 413, 415) - [ ] X-Reason headers for error messages ### Upload Policy Configuration - [ ] Server configuration system - [ ] Maximum file size limits - [ ] Allowed MIME type restrictions - [ ] Rate limiting implementation - [ ] DOS protection benefits --- ## BUD-07: Payment Integration ⚪ **NOT IMPLEMENTED** *Optional feature - not currently planned* - [ ] 402 Payment Required responses - [ ] Lightning payment support - [ ] Cashu payment integration - [ ] Payment verification flows --- ## BUD-08: NIP-94 Metadata ⚪ **NOT IMPLEMENTED** *Optional feature - not currently planned* - [ ] NIP-94 tag generation - [ ] Extended blob descriptor responses - [ ] Magnet link generation - [ ] Metadata compatibility testing --- ## BUD-09: Content Reporting ⚪ **PARTIAL** ### Current Status - [x] nginx endpoint configured (`PUT /report`) - [x] FastCGI routing established - [ ] NIP-56 report event handling - [ ] Moderation interface - [ ] Content filtering implementation - [ ] Reporting workflow testing