Authorization events should have a human readable description in content
Authorization events must have a NIP-40 expiration tag. this helps prevents they from being leaked and used by malicious actors
upload and delete authorization events must contain an x tag with the sha256 of the blob. This ensures the user is aware of what blob they are uploading or deleting
I presume your not done implementing blossom, but I looked over the code out of curiosity and noticed a few things
A few points on the client side implementation in https://github.com/servuscms/servus/blob/master/admin/index.html
content
expiration
tag. this helps prevents they from being leaked and used by malicious actorsupload
anddelete
authorization events must contain anx
tag with the sha256 of the blob. This ensures the user is aware of what blob they are uploading or deletingFor computing the sha256 has of files on the client side you can use the
window.crypto
API or the@noble/hashes
library. There is also some example code here https://github.com/hzrd149/blossom-server/blob/master/public/utils.js#L4-L32If you like you can also use the
blossom-client-sdk
library I made https://www.npmjs.com/package/blossom-client-sdk