Do you mean that the image I posted is not signed by NIP-98. right?
Discussion
Correct! The signature is invalid πΆπΎπ«‘
But API returned succeeded.
API is resilient in this way, because many clients make mistakes and we just upload to a free pull with no ownership πΆπΎπ«‘
How to validate my signature?
Use nip98 library or construct the event as per specs. You can try POST to https://nostr.build/api/v2/account/verify and see what you get πΆπΎπ«‘
empty description?
Try looking here: https://github.com/nbd-wtf/nostr-tools/blob/master/nip98.ts
πΆπΎπ«‘
This is JSON that it is attached to the uploaded image. Something wrong?
https://gist.github.com/mattn/76e46d388476a3e6424217a7d5d92e55
I set this JSON with base64 encoding like:
header("Authorization", "Nostr " + base64(jsonstring)
As I mentioned, it seems that there is signature mismatch. Your sig: does not get verified πΆπΎπ«‘
Please check https://github.com/nbd-wtf/go-nostr and see how the signature is done πΆπΎπ«‘
Yes, I fixed small bug. Now I get 200 status via delete. But image does not deleted.
Which image? URL? πΆπΎπ«‘
Also note that if you upload duplicate, we will only delete associations as per spec:
Deletion
DELETE $api_url/
AUTH required
Note that the /
The extension is optional as the file hash is the only needed file identification.
The server should reject deletes from users other than the original uploader with the appropriate http response code (403 Forbidden).
It should be noted that more than one user may have uploaded the same file (with the same hash). In this case, a delete must not really delete the file but just remove the user's pubkey from the file owners list (considering the server keeps just one copy of the same file, because multiple uploads of the same file results in the same file hash).
The successful response is a 200 OK one with just basic JSON fields:
{
status: "success",
message: "File deleted."
}
πΆπΎπ«‘
Ah!!! probaby, I tried many tries with same images. (it should be failed once before)
I'm guessing this is right JSON.
What about this?
https://gist.github.com/mattn/48754d7ac306f00aba75cb6989427daa
No idea. Try it and see if it works πΆπΎπ€·ββοΈ
I can't debut because verify API does not what is wrong. π€·ββοΈ
Are you using correct URL? It must match perfectly, so is method, should be uppercase πΆπΎπ«‘
I already said that this is not right! πΆπΎπ«‘
; PHP message: Invalid url tag: https://nostr.build/api/v2/upload/files != https://nostr.build/api/v2/account/verify
SignedNostrEvent Object
(
[pubkey] => 2c7cc62a697ea3a7826521f3fd34f0cb273693cbe5e9310f35449f43622a5cdc
[id] => 8ace7829068e2b7b8d645f94bbc520fc1b672adff1da7d29a350a5defb42573b
[sig] => 41e318ec82e808fd4d41b7f8b5243947a225f7511f101501834c829b3f1b8e3708a63bd7cb206af09ffcd203e74a99c339b03c0128e6c2ab5dc377577a9245a4
[kind] => NostrEventKind Enum:int
(
[name] => HttpAuth
[value] => 27235
)
[content] =>
[tags] => Array
(
[0] => Array
(
[0] => u
[1] => https://nostr.build/api/v2/upload/files
)
[1] => Array
(
[0] => method
[1] => POST
)
)
[created_at] => 1720171338
)
Thanks. BTW, I refered code of snort.
https://github.com/nostrbuild/nostr.build/pull/70#issuecomment-2199684661
Great! Make sure that tags always match the url. πΆπΎπ«‘
Yes, it should be same because I copyed & pasted from the code.
Now I could delete image which posted via my lib.
Great! I still see some errors with mismatched signatures but probably not you πΆπΎπ€·ββοΈ
Actually it was you πΆπΎπ€£πππ
2c7cc62a697ea3a7826521f3fd34f0cb273693cbe5e9310f35449f43622a5cdc
; PHP message: Invalid url tag: https://nostr.build/api/v2/upload/files != https://nostr.build/api/v2/account/verify
Not sure if itβs you or someone else, but fyi πΆπΎπ«‘
// Sign signs an event with a given privateKey.
func (evt *Event) Sign(privateKey string, signOpts ...schnorr.SignOption) error {
s, err := hex.DecodeString(privateKey)
if err != nil {
return fmt.Errorf("Sign called with invalid private key '%s': %w", privateKey, err)
}
if evt.Tags == nil {
evt.Tags = make(Tags, 0)
}
sk, pk := btcec.PrivKeyFromBytes(s)
pkBytes := pk.SerializeCompressed()
evt.PubKey = hex.EncodeToString(pkBytes[1:])
h := sha256.Sum256(evt.Serialize())
sig, err := schnorr.Sign(sk, h[:], signOpts...)
if err != nil {
return err
}
evt.ID = hex.EncodeToString(h[:])
evt.Sig = hex.EncodeToString(sig.Serialize())
return nil
}
πΆπΎπ«‘
I can verify it since I have no tools to do it, but I suspect that signing is not done correctly, hence the signature mismatch πΆπΎπ«‘
Since I see that the signature is invalid, it means that JSON event is not constructed correctly before signing. Could be encoding (UTF8) or quote escaping πΆπΎπ€·ββοΈ
Check nostr:npub180cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsyjh6w6 nak that is written in golang, I think thatβs what you use πΆπΎπ«‘
