Replying to Avatar Ademan

#nostrdev #asknostr #nostr-tools

I'm unable to complete nip96 uploads across nostrcheck, nostr.build, and files.v0l.io I suspect it's my fault somehow, but I'm burning more time than I'd like troubleshooting. I'm using nostr-tools and afaict based on reading nip-96, examining the nostr-tools code, and looking at the requests, I'm not certain what's wrong here.

Afaict the Authorization form field is non-standard but harmless (hacking it out did not change the responses I'm getting, and reading the void-cat-rs source it looks like it should be ignored anyway).

```

POST /n96 HTTP/2

Host: files.v0l.io

User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0

Accept: */*

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate, br, zstd

Referer: http://localhost:5000/

Authorization: Nostr REDACTED

Content-Type: multipart/form-data

Content-Length: 24052

Origin: http://localhost:5000

Connection: keep-alive

Sec-Fetch-Dest: empty

Sec-Fetch-Mode: cors

Sec-Fetch-Site: cross-site

Priority: u=4

TE: trailers

-----------------------------11234029581503681683701650224

Content-Disposition: form-data; name="Authorization"

Nostr REDACTED

-----------------------------11234029581503681683701650224

Content-Disposition: form-data; name="size"

22933

-----------------------------11234029581503681683701650224

Content-Disposition: form-data; name="file"; filename="2024-07-06-152337_1000x175_scrot.png"

Content-Type: image/png

... snip ...

-----------------------------11234029581503681683701650224--

```

You can see from the size field that the file is quite small.

I get a 400 response from all three services. (Not a 401 or 403 or anything) I'm pretty sure I'm generating the authorization token correctly (also using nostr-tools) and I glanced at the nostr.build source code and I'm reasonably confident the response I'm getting back is generated before the auth header is checked.

Both nostr.build and nostrcheck have some kind of message indicating a problem with the file upload portion. (files.v0l.io gives me a generic 400 html response)

nostr.build example

```

'{"status":"error","message":"Either no file or more than one file posted. Only one file is expected."}'

```

I'm not a web guy so nothing is jumping out at me, but does anyone notice something obviously wrong with the request?

Avatar
Ademan 1y ago

*possibly* related, although I don't think so:

https://github.com/nostr-protocol/nips/blob/master/96.md says payload should be base64 encoded, but

https://github.com/nostr-protocol/nips/blob/master/98.md says the payload should be hex encoded

This seems to be contradictory?

nostr-tools uses the hex encoding, so if the server is expecting base64 that could be a problem, although like I said, I don't *think* these servers are processing the Auth header at all by the time they send me back a 400.

I'll at least try changing it to a base64 encoded payload hash once I get back from mowing the lawn...

Reply to this note

Please Login to reply.

Discussion

Avatar
Ademan 1y ago

OK I've created a simple sample page for making NIP-96 uploads the way I am in my larger project. I've also included a variation that generates the Auth header differently (according to NIP-96 where it contradicts NIP-98).

Not sure what I'm doing wrong here...

https://github.com/Ademan/nip96-test

You can run it with

```

npx webpack serve -c webpack.dev.js

```

the "My version" checkbox activates the variant upload, rather than only using stock nostr-tools functions.

nostr:nprofile1qy88wumn8ghj7mn0wvhxcmmv9uq3vamnwvaz7tmjv4kxz7fwd4hhxarj9ec82c30qy2hwumn8ghj7un9d3shjtnyv9kh2uewd9hj7qgkwaehxw309ajkgetw9ehx7um5wghxcctwvshszythwden5te0dehhxarj9emkjmn99uq3wamnwvaz7tmjv4kxz7fwdehhxarj9e3xzmny9uq36amnwvaz7tmwdaehgu3wvf5hgcm0d9hx2u3wwdhkx6tpdshszymhwden5te0wp6hyurvv4cxzeewv4ej7qgawaehxw309ahx7um5wghx6at5d9h8jampd3kx2apwvdhk6tcpr9mhxue69uhhyetvv9ujuumwdae8gtnnda3kjctv9uqzpxvf2qzp87m4dkzr0yfvcv47qucdhcdlc66a9mhht8s52mprn7g9q9v296 any ideas? To the extent I am able as a non-web dev who's very unfamiliar with modern PHP, reviewing the nostr.build source it wasn't obvious to me what is going wrong either.

nostr:nprofile1qythwumn8ghj7un9d3shjtnwdaehgu3wvfskuep0qyfhwumn8ghj7ur4wfcxcetsv9njuetn9uq32amnwvaz7tmjv4kxz7fwv3sk6atn9e5k7tcpz9mhxue69uhkummnw3ezuamfdejj7qgnwaehxw309ahkvenrdpskjm3wwp6kytcppemhxue69uhkummn9ekx7mp0qyghwumn8ghj7vf5xqhxvdm69e5k7tcprfmhxue69uhhyetvv9ujumn0wd68ycmgv43kktndv5hszxnhwden5te0dehhxarj9e6xsetnv9kk2cmpwshxjme0qqsgnc2tuj0dqpea4qak0qnee55m5kkcdncqpd4r6xjv8hz25n7aqtq3clwv4 I get approximately the same 400 response with nostrcheck, does anything jump out at you?

I appreciate any help y'all can give, and sorry for the noise. At least, if you're aware of clients that work with your nip96 endpoints specifically, I'd love to see them and compare...

Avatar
Ademan 1y ago

Hodlbod confirmed he's using nip-96 after all, so I can reference his code to figure out what's going wrong on my end. Don't waste your time reading this garbage until I've looked over his code lol

Avatar
Quentin 1y ago

Hello Ademan. I'll check it and get back to you, we can do some tests together. As far as I know NIP96 and NIP98 are not contradictory.

Avatar
Ademan 1y ago

Thanks! Don't worry about it for the moment, I will review coracle before I waste anybody else's time. Sorry for the noise!

Avatar
Quentin 1y ago

The first implementation of NIP96 was done by me in Coracle, if I can help you in any way I will be happy to do so.

Avatar
Ademan 1y ago

BTW if you're curious about the contradiction I'm seeing, I (try to) explain it here https://github.com/nostr-protocol/nips/issues/1376