remove unauthenticated uploads from the API (will be merged on {postponed again})

[fishcakeday]

To combat spam and illegal uploads, we will deprecate unauthenticated uploads.

[TonyGiorgio]

I'm pretty sure we're using the pfp endpoint unauthenticated for mutiny profile image uploads. Need to double check with @benthecarman next week.

[fishcakeday]

I'm pretty sure we're using the pfp endpoint unauthenticated for mutiny profile image uploads. Need to double check with @benthecarman next week.

If it will be a problem, I will exclude pfp from the auth path and allow for unauthenticated uploads - /api/v2/upload/profile

[joshuatbrown]

Nos is currently using unauthenticated uploads to /api/v2/upload/files. We'd appreciate a little bit of time to add auth.

[TonyGiorgio]

Mutiny has deployed this change.

[fishcakeday]

Nos is currently using unauthenticated uploads to /api/v2/upload/files. We'd appreciate a little bit of time to add auth.

I pushed it to 7/1 to allow you time to plan. Sorry about that, didn’t mean to put unnecessary pressure

[mplorentz]

@fishcakeday thank you. We deployed a production build of Nos that uses NIP-98 authentication today.

[fishcakeday]

@v0l is snort authenticating to nostr.build with nip98?

[v0l]

Yes https://git.v0l.io/Kieran/snort/src/commit/40aa21cb4b29348a017f9854e82ab7273511cc76/packages/app/src/Utils/Upload/NostrBuild.ts#L26

[fishcakeday]

@mattn are you also good with this one? Do you know anyone else who might get affected? I am still delaying to make sure I do not break anyone.

[fishcakeday]

@syusui-s are you using nip98 for uploads at https://rabbit.syusui.net/ ? Do you know anyone else who might get affected?

[mattn]

Currently, I have two bots posts images to nostr.build. But I don't mind you will change the APIs.

[fishcakeday]

Currently, I have two bots posts images to nostr.build. But I don't mind you will change the APIs.

Can you please add nip98 to the bots? The API is the same, just add the nip98 auth header and you are good.

[syusui-s]

@syusui-s are you using nip98 for uploads at https://rabbit.syusui.net/ ?

Thank you for letting me know. Rabbit doesn't support NIP-98 as for now. I will support NIP-98 soon.

Do you know anyone else who might get affected?

I don't know... Most of all Japanese clients support NIP-98 as far as I know.

[mattn]

@fishcakeday Now I fixed two bots to use NIP-98.

[mattn]

BTW, nostr.build will be possible to delete image which was posted by same pubkey with NIP-98?

[fishcakeday]

BTW, nostr.build will be possible to delete image which was posted by same pubkey with NIP-98?

Yes, I just need to implement it. Probably in 2-3 weeks.

[fishcakeday]

@mattn I have deployed the initial implementation on staging.nostr.build that (should) support deletion using standard nip96 approach. Do you mind testing it and letting me know if it works? Thank you in advance.

[fishcakeday]

@mattn I have deployed the initial implementation on staging.nostr.build that (should) support deletion using standard nip96 approach. Do you mind testing it and letting me know if it works? Thank you in advance.

It's deployed now and ready to use.