feat(uploads): tokenless draft/FILEHOST + origin-based media trust#237
Open
ValwareIRC wants to merge 3 commits into
Open
feat(uploads): tokenless draft/FILEHOST + origin-based media trust#237ValwareIRC wants to merge 3 commits into
ValwareIRC wants to merge 3 commits into
Conversation
Implement the standard IRCv3 draft/FILEHOST: the server advertises a
space-separated list of upload endpoints; the client POSTs the file
directly (multipart 'file' field, no auth) and takes the returned URL.
- isupport.ts: draft/FILEHOST -> server.fileHosts[] (split the already
\x20-unescaped value, keep http(s) URIs).
- mediaUpload.ts: uploadFileTokenless() -- POST to the endpoint, resolve
from the Location header (spec), else a JSON {url}/{saved_url} body,
else a plain-text URL.
- ChatArea: prefer tokenless when offered, else the vendor token path;
no token mint / policy preflight on the tokenless path. canUpload now
gates the picker + drag-drop on either filehost mechanism.
Browser uploads to an external host need CORS on that host; native
clients are unrestricted.
Extract parseFilehostUploadResponse from uploadFileTokenless so the Location-header / JSON-body / plain-text-URL precedence is unit-tested without XHR mocking.
Uploaded files are served from the filehost's domain root, but the trust check matched the full filehost value including its path — so when draft/FILEHOST advertises a path endpoint (e.g. https://host/api/), files at https://host/xyz failed the check and wouldn't render. Match on origin only. Also fold the tokenless draft/FILEHOST list (server.fileHosts) into the trust set alongside the vendor server.filehost via a new serverFilehosts() helper, and thread it through every media/avatar trust call site (the old !!server?.filehost && ... guards short-circuited when only fileHosts was set). isUrlFromFilehost now accepts a single host or a list.
Contributor
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Stacked on #219 (the
draft/authtoken+obby.world/FILEHOSTvendor rename). Adds support for the standard tokenlessdraft/FILEHOSTand fixes filehost media trust to be origin-based.Tokenless
draft/FILEHOSTisupport.ts—draft/FILEHOST→server.fileHosts[](a space-separated list of upload endpoints;parseIsupporthas already un-escaped\x20).mediaUpload.ts—uploadFileTokenless()POSTs the file (multipartfilefield) directly to an advertised endpoint, no auth. Resolves the URL from the spec'sLocationheader, else a JSON{url}/{saved_url}body, else a plain-text URL body (covers girafiles/s.h4ks.com, which returns200 + {"url":…}).ChatArea— prefer the tokenless endpoint when offered, else the vendor token path; no token mint / policy pre-flight on the tokenless path.canUploadnow gates the picker + drag-drop on either mechanism. A server is expected to advertise one mechanism or the other, not both.Browser uploads to an external host require CORS (
Access-Control-Allow-Origin) on that host; native clients are unrestricted.Media-trust fix
Uploaded files are served from the filehost's domain root, but the trust check matched the full filehost value including its path — so when
draft/FILEHOSTadvertises a path endpoint (e.g.https://host/api/), files athttps://host/xyzfailed and wouldn't render.isUrlFromFilehostnow matches on origin only (path ignored) and accepts a single host or a list.serverFilehosts(server)folds the tokenlessfileHostsin alongside the vendorfilehost, threaded through every media/avatar trust site (the old!!server?.filehost &&guards short-circuited when onlyfileHostswas set; one site even used a rawstartsWith).Server companion
draft/FILEHOSTis advertised by obbyircd via a newexternalconfig directive (ObbyIRCd branchfeat/obby-world-filehost):Tests
parseFilehostUploadResponse:Location/ JSON{url},{saved_url}/ plain-text precedence./api/filehost, host lists,serverFilehosts.tsc+vite buildclean.Test plan