Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove unauthenticated uploads from the API (will be merged on {postponed again}) #70

Merged
merged 2 commits into from
Dec 22, 2024
Merged

remove unauthenticated uploads from the API (will be merged on {postponed again}) #70

merged 2 commits into from
Dec 22, 2024

Conversation

fishcakeday
Copy link
Collaborator

To combat spam and illegal uploads, we will deprecate unauthenticated uploads.

@AnthonyRonning
Copy link

I'm pretty sure we're using the pfp endpoint unauthenticated for mutiny profile image uploads. Need to double check with @benthecarman next week.

@fishcakeday
Copy link
Collaborator Author

fishcakeday commented May 24, 2024
edited
Loading

I'm pretty sure we're using the pfp endpoint unauthenticated for mutiny profile image uploads. Need to double check with @benthecarman next week.

If it will be a problem, I will exclude pfp from the auth path and allow for unauthenticated uploads - /api/v2/upload/profile

@fishcakeday fishcakeday mentioned this pull request Jun 5, 2024
Merged
@joshuatbrown
Copy link

Nos is currently using unauthenticated uploads to /api/v2/upload/files. We'd appreciate a little bit of time to add auth.

@AnthonyRonning
Copy link

Mutiny has deployed this change.

@fishcakeday fishcakeday changed the title remove unauthenticated uploads from the API (will be merged on 6/6 UTC) remove unauthenticated uploads from the API (will be merged on 7/1 UTC) Jun 6, 2024
@fishcakeday
Copy link
Collaborator Author

Nos is currently using unauthenticated uploads to /api/v2/upload/files. We'd appreciate a little bit of time to add auth.

I pushed it to 7/1 to allow you time to plan. Sorry about that, didn’t mean to put unnecessary pressure

@joshuatbrown joshuatbrown mentioned this pull request Jun 7, 2024
Closed
@mplorentz
Copy link

@fishcakeday thank you. We deployed a production build of Nos that uses NIP-98 authentication today.

@fishcakeday
Copy link
Collaborator Author

@v0l is snort authenticating to nostr.build with nip98?

@v0l
Copy link

v0l commented Jul 1, 2024
edited
Loading

Yes
https://git.v0l.io/Kieran/snort/src/commit/40aa21cb4b29348a017f9854e82ab7273511cc76/packages/app/src/Utils/Upload/NostrBuild.ts#L26

@fishcakeday
Copy link
Collaborator Author

@mattn are you also good with this one? Do you know anyone else who might get affected? I am still delaying to make sure I do not break anyone.

@fishcakeday
Copy link
Collaborator Author

@syusui-s are you using nip98 for uploads at https://rabbit.syusui.net/ ? Do you know anyone else who might get affected?

@fishcakeday fishcakeday changed the title remove unauthenticated uploads from the API (will be merged on 7/1 UTC) remove unauthenticated uploads from the API (will be merged on 7/10 UTC) Jul 1, 2024
@mattn
Copy link

mattn commented Jul 2, 2024

Currently, I have two bots posts images to nostr.build. But I don't mind you will change the APIs.

@fishcakeday
Copy link
Collaborator Author

Currently, I have two bots posts images to nostr.build. But I don't mind you will change the APIs.

Can you please add nip98 to the bots? The API is the same, just add the nip98 auth header and you are good.

@syusui-s
Copy link

syusui-s commented Jul 2, 2024

@syusui-s are you using nip98 for uploads at https://rabbit.syusui.net/ ?

Thank you for letting me know. Rabbit doesn't support NIP-98 as for now. I will support NIP-98 soon.

Do you know anyone else who might get affected?

I don't know... Most of all Japanese clients support NIP-98 as far as I know.

@syusui-s syusui-s mentioned this pull request Jul 2, 2024
Open
@mattn
Copy link

mattn commented Jul 2, 2024

@fishcakeday Now I fixed two bots to use NIP-98.

@mattn
Copy link

mattn commented Jul 4, 2024

BTW, nostr.build will be possible to delete image which was posted by same pubkey with NIP-98?

@fishcakeday
Copy link
Collaborator Author

BTW, nostr.build will be possible to delete image which was posted by same pubkey with NIP-98?

Yes, I just need to implement it. Probably in 2-3 weeks.

@fishcakeday
Copy link
Collaborator Author

@mattn I have deployed the initial implementation on staging.nostr.build that (should) support deletion using standard nip96 approach. Do you mind testing it and letting me know if it works? Thank you in advance.

@fishcakeday
Copy link
Collaborator Author

@mattn I have deployed the initial implementation on staging.nostr.build that (should) support deletion using standard nip96 approach. Do you mind testing it and letting me know if it works? Thank you in advance.

It's deployed now and ready to use.

@fishcakeday fishcakeday changed the title remove unauthenticated uploads from the API (will be merged on 7/10 UTC) remove unauthenticated uploads from the API (will be merged on {postponed again}) Jul 28, 2024
@fishcakeday fishcakeday merged commit c8de51e into main Dec 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@fishcakeday @AnthonyRonning @joshuatbrown @mplorentz @v0l @mattn @syusui-s