v0.3.11 - Working on admin api

2025-09-25 11:25:50 -04:00
parent be99595bde
commit 036b0823b9
9 changed files with 1635 additions and 201 deletions
--- a/src/request_validator.c
+++ b/src/request_validator.c
@@ -629,28 +629,26 @@ static int check_database_auth_rules(const char *pubkey, const char *operation,

  // Step 1: Check pubkey blacklist (highest priority)
  const char *blacklist_sql =
-      "SELECT rule_type, description FROM auth_rules WHERE rule_type = "
-      "'pubkey_blacklist' AND rule_target = ? AND operation = ? AND enabled = "
-      "1 ORDER BY priority LIMIT 1";
+      "SELECT rule_type, action FROM auth_rules WHERE rule_type = "
+      "'blacklist' AND pattern_type = 'pubkey' AND pattern_value = ? LIMIT 1";
  rc = sqlite3_prepare_v2(db, blacklist_sql, -1, &stmt, NULL);
  if (rc == SQLITE_OK) {
    sqlite3_bind_text(stmt, 1, pubkey, -1, SQLITE_STATIC);
-    sqlite3_bind_text(stmt, 2, operation ? operation : "", -1, SQLITE_STATIC);

    if (sqlite3_step(stmt) == SQLITE_ROW) {
-      const char *description = (const char *)sqlite3_column_text(stmt, 1);
+      const char *action = (const char *)sqlite3_column_text(stmt, 1);
      validator_debug_log("VALIDATOR_DEBUG: RULES ENGINE - STEP 1 FAILED - "
                          "Pubkey blacklisted\n");
      char blacklist_msg[256];
      sprintf(blacklist_msg,
-              "VALIDATOR_DEBUG: RULES ENGINE - Blacklist rule matched: %s\n",
-              description ? description : "Unknown");
+              "VALIDATOR_DEBUG: RULES ENGINE - Blacklist rule matched: action=%s\n",
+              action ? action : "deny");
      validator_debug_log(blacklist_msg);

      // Set specific violation details for status code mapping
      strcpy(g_last_rule_violation.violation_type, "pubkey_blacklist");
-      sprintf(g_last_rule_violation.reason, "%s: Public key blacklisted",
-              description ? description : "TEST_PUBKEY_BLACKLIST");
+      sprintf(g_last_rule_violation.reason, "Public key blacklisted: %s",
+              action ? action : "PUBKEY_BLACKLIST");

      sqlite3_finalize(stmt);
      sqlite3_close(db);
@@ -664,29 +662,27 @@ static int check_database_auth_rules(const char *pubkey, const char *operation,
  // Step 2: Check hash blacklist
  if (resource_hash) {
    const char *hash_blacklist_sql =
-        "SELECT rule_type, description FROM auth_rules WHERE rule_type = "
-        "'hash_blacklist' AND rule_target = ? AND operation = ? AND enabled = "
-        "1 ORDER BY priority LIMIT 1";
+        "SELECT rule_type, action FROM auth_rules WHERE rule_type = "
+        "'blacklist' AND pattern_type = 'hash' AND pattern_value = ? LIMIT 1";
    rc = sqlite3_prepare_v2(db, hash_blacklist_sql, -1, &stmt, NULL);
    if (rc == SQLITE_OK) {
      sqlite3_bind_text(stmt, 1, resource_hash, -1, SQLITE_STATIC);
-      sqlite3_bind_text(stmt, 2, operation ? operation : "", -1, SQLITE_STATIC);

      if (sqlite3_step(stmt) == SQLITE_ROW) {
-        const char *description = (const char *)sqlite3_column_text(stmt, 1);
+        const char *action = (const char *)sqlite3_column_text(stmt, 1);
        validator_debug_log("VALIDATOR_DEBUG: RULES ENGINE - STEP 2 FAILED - "
                            "Hash blacklisted\n");
        char hash_blacklist_msg[256];
        sprintf(
            hash_blacklist_msg,
-            "VALIDATOR_DEBUG: RULES ENGINE - Hash blacklist rule matched: %s\n",
-            description ? description : "Unknown");
+            "VALIDATOR_DEBUG: RULES ENGINE - Hash blacklist rule matched: action=%s\n",
+            action ? action : "deny");
        validator_debug_log(hash_blacklist_msg);

        // Set specific violation details for status code mapping
        strcpy(g_last_rule_violation.violation_type, "hash_blacklist");
-        sprintf(g_last_rule_violation.reason, "%s: File hash blacklisted",
-                description ? description : "TEST_HASH_BLACKLIST");
+        sprintf(g_last_rule_violation.reason, "File hash blacklisted: %s",
+                action ? action : "HASH_BLACKLIST");

        sqlite3_finalize(stmt);
        sqlite3_close(db);
@@ -703,22 +699,20 @@ static int check_database_auth_rules(const char *pubkey, const char *operation,

  // Step 3: Check pubkey whitelist
  const char *whitelist_sql =
-      "SELECT rule_type, description FROM auth_rules WHERE rule_type = "
-      "'pubkey_whitelist' AND rule_target = ? AND operation = ? AND enabled = "
-      "1 ORDER BY priority LIMIT 1";
+      "SELECT rule_type, action FROM auth_rules WHERE rule_type = "
+      "'whitelist' AND pattern_type = 'pubkey' AND pattern_value = ? LIMIT 1";
  rc = sqlite3_prepare_v2(db, whitelist_sql, -1, &stmt, NULL);
  if (rc == SQLITE_OK) {
    sqlite3_bind_text(stmt, 1, pubkey, -1, SQLITE_STATIC);
-    sqlite3_bind_text(stmt, 2, operation ? operation : "", -1, SQLITE_STATIC);

    if (sqlite3_step(stmt) == SQLITE_ROW) {
-      const char *description = (const char *)sqlite3_column_text(stmt, 1);
+      const char *action = (const char *)sqlite3_column_text(stmt, 1);
      validator_debug_log("VALIDATOR_DEBUG: RULES ENGINE - STEP 3 PASSED - "
                          "Pubkey whitelisted\n");
      char whitelist_msg[256];
      sprintf(whitelist_msg,
-              "VALIDATOR_DEBUG: RULES ENGINE - Whitelist rule matched: %s\n",
-              description ? description : "Unknown");
+              "VALIDATOR_DEBUG: RULES ENGINE - Whitelist rule matched: action=%s\n",
+              action ? action : "allow");
      validator_debug_log(whitelist_msg);
      sqlite3_finalize(stmt);
      sqlite3_close(db);
@@ -731,12 +725,10 @@ static int check_database_auth_rules(const char *pubkey, const char *operation,

  // Step 4: Check if any whitelist rules exist - if yes, deny by default
  const char *whitelist_exists_sql =
-      "SELECT COUNT(*) FROM auth_rules WHERE rule_type = 'pubkey_whitelist' "
-      "AND operation = ? AND enabled = 1 LIMIT 1";
+      "SELECT COUNT(*) FROM auth_rules WHERE rule_type = 'whitelist' "
+      "AND pattern_type = 'pubkey' LIMIT 1";
  rc = sqlite3_prepare_v2(db, whitelist_exists_sql, -1, &stmt, NULL);
  if (rc == SQLITE_OK) {
-    sqlite3_bind_text(stmt, 1, operation ? operation : "", -1, SQLITE_STATIC);
-
    if (sqlite3_step(stmt) == SQLITE_ROW) {
      int whitelist_count = sqlite3_column_int(stmt, 0);
      if (whitelist_count > 0) {