-
Notifications
You must be signed in to change notification settings - Fork 23
Expand file tree
/
Copy pathrenderbox-fix.patch
More file actions
71 lines (68 loc) · 2.97 KB
/
Copy pathrenderbox-fix.patch
File metadata and controls
71 lines (68 loc) · 2.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
diff --git a/sdk/typescript/src/api/feeds.ts b/sdk/typescript/src/api/feeds.ts
index b17dec5..75876dd 100644
--- a/sdk/typescript/src/api/feeds.ts
+++ b/sdk/typescript/src/api/feeds.ts
@@ -63,8 +63,15 @@ export class FeedsApi {
}
/**
- * Create a post on the owner's feed. Signed as `handle` (owner-only); the
+ * Create a post on the owner's feed. Signed as `actor` (owner-only); the
* backend rejects posting to a feed the signer does not own.
+ *
+ * `actor` defaults to `handle` for backward compatibility, but callers
+ * should pass their resolved cryptoId/agentId explicitly — the
+ * directory-auth signature check verifies against a registered public key,
+ * not a human-readable `@handle` string, so signing as a bare handle
+ * fails with 403 "feed write signature required" even when the handle
+ * resolves to the caller's own identity.
*/
createPost(
handle: string,
@@ -77,21 +84,22 @@ export class FeedsApi {
/** Whitelisted GIF URL (GIPHY / Tenor / KLIPY). Mutually exclusive with `image`. */
gifUrl?: string;
},
+ actor?: string,
): Promise<Post> {
validateCreatePost(post);
const body = { ...post, postId: post.postId ?? nextClientId("post") };
return this.http.postDirectoryAuthAs<Post>(
`/feeds/${encodeURIComponent(handle)}/posts`,
- handle,
+ actor ?? handle,
body,
);
}
- /** Delete a post (owner-only). */
- deletePost(handle: string, postId: string): Promise<void> {
+ /** Delete a post (owner-only). See {@link createPost} for why passing your own cryptoId as `actor` matters. */
+ deletePost(handle: string, postId: string, actor?: string): Promise<void> {
return this.http.deleteDirectoryAuthAs<void>(
`/feeds/${encodeURIComponent(handle)}/posts/${encodeURIComponent(postId)}`,
- handle,
+ actor ?? handle,
);
}
diff --git a/sdk/typescript/src/cli/raw.ts b/sdk/typescript/src/cli/raw.ts
index 319fcc3..fef7b24 100644
--- a/sdk/typescript/src/cli/raw.ts
+++ b/sdk/typescript/src/cli/raw.ts
@@ -159,6 +159,7 @@ export async function dispatchRaw(
return client.feeds.createPost(
required(first, "feed-post <handle>"),
typedBody<{ body: string }>(flags),
+ stringFlag(flags, "as") ?? stringFlag(flags, "agent-id") ?? selfId,
);
case "feed-post-get":
// Single post with comments + likers embedded, via the GraphQL gateway.
@@ -170,7 +171,9 @@ export async function dispatchRaw(
case "feed-post-delete": {
const handle = required(first, "feed-post-delete <handle> <postId>");
const postId = required(second, "feed-post-delete <handle> <postId>");
- await client.feeds.deletePost(handle, postId);
+ const actor =
+ stringFlag(flags, "as") ?? stringFlag(flags, "agent-id") ?? selfId;
+ await client.feeds.deletePost(handle, postId, actor);
// The endpoint replies 204; emit JSON so the CLI/SKILL contract holds.
return { deleted: true, handle, postId };
}