Add media endpoints, require nip98 proof to upload them
This commit is contained in:
parent
2c943872a8
commit
969d8bfe7f
|
@ -29,6 +29,7 @@ import {
|
||||||
import { appCredentialsController, createAppController } from './controllers/api/apps.ts';
|
import { appCredentialsController, createAppController } from './controllers/api/apps.ts';
|
||||||
import { emptyArrayController, emptyObjectController } from './controllers/api/fallback.ts';
|
import { emptyArrayController, emptyObjectController } from './controllers/api/fallback.ts';
|
||||||
import { instanceController } from './controllers/api/instance.ts';
|
import { instanceController } from './controllers/api/instance.ts';
|
||||||
|
import { mediaController } from './controllers/api/media.ts';
|
||||||
import { notificationsController } from './controllers/api/notifications.ts';
|
import { notificationsController } from './controllers/api/notifications.ts';
|
||||||
import { createTokenController, oauthAuthorizeController, oauthController } from './controllers/api/oauth.ts';
|
import { createTokenController, oauthAuthorizeController, oauthController } from './controllers/api/oauth.ts';
|
||||||
import { frontendConfigController, updateConfigController } from './controllers/api/pleroma.ts';
|
import { frontendConfigController, updateConfigController } from './controllers/api/pleroma.ts';
|
||||||
|
@ -56,7 +57,7 @@ import { nodeInfoController, nodeInfoSchemaController } from './controllers/well
|
||||||
import { nostrController } from './controllers/well-known/nostr.ts';
|
import { nostrController } from './controllers/well-known/nostr.ts';
|
||||||
import { webfingerController } from './controllers/well-known/webfinger.ts';
|
import { webfingerController } from './controllers/well-known/webfinger.ts';
|
||||||
import { auth19, requirePubkey } from './middleware/auth19.ts';
|
import { auth19, requirePubkey } from './middleware/auth19.ts';
|
||||||
import { auth98, requireAdmin } from './middleware/auth98.ts';
|
import { auth98, requireRole } from './middleware/auth98.ts';
|
||||||
|
|
||||||
interface AppEnv extends HonoEnv {
|
interface AppEnv extends HonoEnv {
|
||||||
Variables: {
|
Variables: {
|
||||||
|
@ -121,6 +122,9 @@ app.get('/api/v1/statuses/:id{[0-9a-f]{64}}', statusController);
|
||||||
app.post('/api/v1/statuses/:id{[0-9a-f]{64}}/favourite', favouriteController);
|
app.post('/api/v1/statuses/:id{[0-9a-f]{64}}/favourite', favouriteController);
|
||||||
app.post('/api/v1/statuses', requirePubkey, createStatusController);
|
app.post('/api/v1/statuses', requirePubkey, createStatusController);
|
||||||
|
|
||||||
|
app.post('/api/v1/media', requireRole('user'), mediaController);
|
||||||
|
app.post('/api/v2/media', requireRole('user'), mediaController);
|
||||||
|
|
||||||
app.get('/api/v1/timelines/home', requirePubkey, homeTimelineController);
|
app.get('/api/v1/timelines/home', requirePubkey, homeTimelineController);
|
||||||
app.get('/api/v1/timelines/public', publicTimelineController);
|
app.get('/api/v1/timelines/public', publicTimelineController);
|
||||||
app.get('/api/v1/timelines/tag/:hashtag', hashtagTimelineController);
|
app.get('/api/v1/timelines/tag/:hashtag', hashtagTimelineController);
|
||||||
|
@ -137,7 +141,7 @@ app.get('/api/v1/trends', trendingTagsController);
|
||||||
app.get('/api/v1/notifications', requirePubkey, notificationsController);
|
app.get('/api/v1/notifications', requirePubkey, notificationsController);
|
||||||
app.get('/api/v1/favourites', requirePubkey, favouritesController);
|
app.get('/api/v1/favourites', requirePubkey, favouritesController);
|
||||||
|
|
||||||
app.post('/api/v1/pleroma/admin/config', requireAdmin, updateConfigController);
|
app.post('/api/v1/pleroma/admin/config', requireRole('admin'), updateConfigController);
|
||||||
|
|
||||||
// Not (yet) implemented.
|
// Not (yet) implemented.
|
||||||
app.get('/api/v1/bookmarks', emptyArrayController);
|
app.get('/api/v1/bookmarks', emptyArrayController);
|
||||||
|
|
|
@ -3,7 +3,7 @@ import { HTTPException } from '@/deps.ts';
|
||||||
import { buildAuthEventTemplate, parseAuthRequest, type ParseAuthRequestOpts } from '@/utils/nip98.ts';
|
import { buildAuthEventTemplate, parseAuthRequest, type ParseAuthRequestOpts } from '@/utils/nip98.ts';
|
||||||
import { localRequest } from '@/utils/web.ts';
|
import { localRequest } from '@/utils/web.ts';
|
||||||
import { signNostrConnect } from '@/sign.ts';
|
import { signNostrConnect } from '@/sign.ts';
|
||||||
import { findUser } from '@/db/users.ts';
|
import { findUser, User } from '@/db/users.ts';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* NIP-98 auth.
|
* NIP-98 auth.
|
||||||
|
@ -23,20 +23,36 @@ function auth98(opts: ParseAuthRequestOpts = {}): AppMiddleware {
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Require the user to prove they're an admin before invoking the controller. */
|
type UserRole = 'user' | 'admin';
|
||||||
const requireAdmin: AppMiddleware = async (c, next) => {
|
|
||||||
|
/** Require the user to prove their role before invoking the controller. */
|
||||||
|
function requireRole(role: UserRole): AppMiddleware {
|
||||||
|
return async (c, next) => {
|
||||||
const header = c.req.headers.get('x-nostr-sign');
|
const header = c.req.headers.get('x-nostr-sign');
|
||||||
const proof = c.get('proof') || header ? await obtainProof(c) : undefined;
|
const proof = c.get('proof') || header ? await obtainProof(c) : undefined;
|
||||||
const user = proof ? await findUser({ pubkey: proof.pubkey }) : undefined;
|
const user = proof ? await findUser({ pubkey: proof.pubkey }) : undefined;
|
||||||
|
|
||||||
if (proof && user?.admin) {
|
if (proof && user && matchesRole(user, role)) {
|
||||||
c.set('pubkey', proof.pubkey);
|
c.set('pubkey', proof.pubkey);
|
||||||
c.set('proof', proof);
|
c.set('proof', proof);
|
||||||
await next();
|
await next();
|
||||||
} else {
|
} else {
|
||||||
throw new HTTPException(401);
|
throw new HTTPException(401);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Check whether the user fulfills the role. */
|
||||||
|
function matchesRole(user: User, role: UserRole): boolean {
|
||||||
|
switch (role) {
|
||||||
|
case 'user':
|
||||||
|
return true;
|
||||||
|
case 'admin':
|
||||||
|
return user.admin;
|
||||||
|
default:
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/** Get the proof over Nostr Connect. */
|
/** Get the proof over Nostr Connect. */
|
||||||
async function obtainProof(c: AppContext) {
|
async function obtainProof(c: AppContext) {
|
||||||
|
@ -45,4 +61,4 @@ async function obtainProof(c: AppContext) {
|
||||||
return signNostrConnect(event, c);
|
return signNostrConnect(event, c);
|
||||||
}
|
}
|
||||||
|
|
||||||
export { auth98, requireAdmin };
|
export { auth98, requireRole };
|
||||||
|
|
Loading…
Reference in New Issue