laantungir/c-relay
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 7 Wiki Activity

v0.3.13 - Working on admin system

Browse Source
This commit is contained in:
Your Name
2025-09-27 13:32:21 -04:00
parent c0f9bf9ef5
commit ab378e14d1
6 changed files with 1311 additions and 362 deletions
Download Patch File Download Diff File Expand all files Collapse all files

975
api/index.html
View File

File diff suppressed because it is too large Load Diff

2
relay.pid
View File

@@ -1 +1 @@
301669
645989

485
src/config.c
View File

@@ -2066,21 +2066,42 @@ extern int is_authorized_admin_event(cJSON* event);
// Process admin events (updated for new Kind 23455/23456)
int process_admin_event_in_config(cJSON* event, char* error_message, size_t error_size, struct lws* wsi) {
log_info("DEBUG: Entering process_admin_event_in_config()");
cJSON* kind_obj = cJSON_GetObjectItem(event, "kind");
if (!kind_obj || !cJSON_IsNumber(kind_obj)) {
log_error("DEBUG: Missing or invalid kind in admin event");
snprintf(error_message, error_size, "invalid: missing or invalid kind");
return -1;
}
int kind = (int)cJSON_GetNumberValue(kind_obj);
log_info("DEBUG: Processing admin event");
printf(" Event kind: %d\n", kind);
// Extract and log event details for debugging
cJSON* pubkey_obj = cJSON_GetObjectItem(event, "pubkey");
cJSON* content_obj = cJSON_GetObjectItem(event, "content");
cJSON* tags_obj = cJSON_GetObjectItem(event, "tags");
const char* event_pubkey = pubkey_obj ? cJSON_GetStringValue(pubkey_obj) : "unknown";
const char* event_content = content_obj ? cJSON_GetStringValue(content_obj) : "unknown";
log_info("DEBUG: Event details");
printf(" Pubkey: %.16s...\n", event_pubkey ? event_pubkey : "null");
printf(" Content length: %zu\n", event_content ? strlen(event_content) : 0);
printf(" Has tags: %s\n", tags_obj ? "yes" : "no");
if (tags_obj && cJSON_IsArray(tags_obj)) {
printf(" Tags count: %d\n", cJSON_GetArraySize(tags_obj));
}
// DEFENSE-IN-DEPTH: Use comprehensive admin authorization validation
log_info("DEBUG: Checking admin authorization");
if (!is_authorized_admin_event(event)) {
// Log the unauthorized attempt for security monitoring
cJSON* pubkey_obj = cJSON_GetObjectItem(event, "pubkey");
const char* event_pubkey = pubkey_obj ? cJSON_GetStringValue(pubkey_obj) : "unknown";
char log_msg[256];
snprintf(log_msg, sizeof(log_msg),
"Unauthorized admin event attempt in config processing - pubkey: %.16s...",
"DEBUG: Unauthorized admin event attempt in config processing - pubkey: %.16s...",
event_pubkey ? event_pubkey : "null");
log_warning(log_msg);
@@ -2089,20 +2110,26 @@ int process_admin_event_in_config(cJSON* event, char* error_message, size_t erro
}
// Log successful admin authorization for audit trail
log_info("Admin event authorized successfully in config processing");
int kind = (int)cJSON_GetNumberValue(kind_obj);
log_info("DEBUG: Admin event authorized successfully in config processing");
// Route to appropriate handler based on kind
log_info("DEBUG: Routing to kind-specific handler");
switch (kind) {
case 23455: // New ephemeral configuration management
log_info("DEBUG: Routing to process_admin_config_event (kind 23455)");
return process_admin_config_event(event, error_message, error_size);
case 23456: // New ephemeral auth rules management
log_info("DEBUG: Routing to process_admin_auth_event (kind 23456)");
return process_admin_auth_event(event, error_message, error_size, wsi);
case 33334: // Legacy addressable config events (backward compatibility)
log_info("DEBUG: Routing to process_admin_config_event (legacy kind 33334)");
return process_admin_config_event(event, error_message, error_size);
case 33335: // Legacy addressable auth events (backward compatibility)
log_info("DEBUG: Routing to process_admin_auth_event (legacy kind 33335)");
return process_admin_auth_event(event, error_message, error_size, wsi);
default:
log_error("DEBUG: Unsupported admin event kind");
printf(" Unsupported kind: %d\n", kind);
snprintf(error_message, error_size, "invalid: unsupported admin event kind %d", kind);
return -1;
}
@@ -2213,24 +2240,43 @@ int process_admin_config_event(cJSON* event, char* error_message, size_t error_s
// Handle Kind 23456 auth rules management and legacy Kind 33335
int process_admin_auth_event(cJSON* event, char* error_message, size_t error_size, struct lws* wsi) {
log_info("DEBUG: Entering process_admin_auth_event()");
cJSON* kind_obj = cJSON_GetObjectItem(event, "kind");
int kind = kind_obj ? (int)cJSON_GetNumberValue(kind_obj) : 0;
log_info("Processing admin auth rule event through unified handler");
log_info("DEBUG: Processing admin auth rule event through unified handler");
printf(" Kind: %d\n", kind);
// Extract and log additional event details for debugging
cJSON* content_obj = cJSON_GetObjectItem(event, "content");
cJSON* tags_obj = cJSON_GetObjectItem(event, "tags");
const char* event_content = content_obj ? cJSON_GetStringValue(content_obj) : "unknown";
log_info("DEBUG: Auth event details");
printf(" Content length: %zu\n", event_content ? strlen(event_content) : 0);
printf(" Has tags: %s\n", tags_obj ? "yes" : "no");
if (tags_obj && cJSON_IsArray(tags_obj)) {
printf(" Tags count: %d\n", cJSON_GetArraySize(tags_obj));
}
// Route all Kind 23456 events through the unified handler
if (kind == 23456) {
log_info("DEBUG: Routing Kind 23456 to unified handler");
return handle_kind_23456_unified(event, error_message, error_size, wsi);
}
// Legacy Kind 33335 events use the unified handler as well
if (kind == 33335) {
log_info("DEBUG: Routing legacy Kind 33335 to unified handler");
// For legacy events, we still use the unified handler but may need special processing
// The unified handler already supports all the functionality
return handle_kind_23456_unified(event, error_message, error_size, wsi);
}
log_error("DEBUG: Unsupported auth event kind in process_admin_auth_event");
printf(" Unsupported kind: %d\n", kind);
snprintf(error_message, error_size, "invalid: unsupported auth event kind %d", kind);
return -1;
}
@@ -2363,62 +2409,220 @@ int parse_auth_query_parameters(cJSON* event, char** query_type, char** pattern_
}
// ================================
// WEBSOCKET RESPONSE SYSTEM
// ADMIN RESPONSE EVENT SYSTEM
// ================================
// Send WebSocket response data back to client
int send_websocket_response_data(cJSON* event, cJSON* response_data, struct lws* wsi) {
if (!event || !response_data || !wsi) return -1;
// Create signed kind 23457 admin response event
cJSON* create_admin_response_event(const char* encrypted_content, const char* recipient_pubkey) {
if (!encrypted_content || !recipient_pubkey) {
log_error("Invalid parameters for admin response event creation");
return NULL;
}
log_info("Sending WebSocket response data to client");
log_info("Creating signed kind 23457 admin response event");
printf(" Recipient pubkey: %.16s...\n", recipient_pubkey);
printf(" Encrypted content length: %zu\n", strlen(encrypted_content));
// Serialize response data to JSON string
char* json_string = cJSON_Print(response_data);
if (!json_string) {
log_error("Failed to serialize response data to JSON");
// Get relay private key for signing
char* relay_privkey = get_relay_private_key();
if (!relay_privkey) {
log_error("Relay private key not available for admin response signing");
return NULL;
}
// Convert relay private key from hex to bytes
unsigned char relay_privkey_bytes[32];
if (nostr_hex_to_bytes(relay_privkey, relay_privkey_bytes, 32) != NOSTR_SUCCESS) {
log_error("Failed to convert relay private key from hex for admin response");
free(relay_privkey);
return NULL;
}
// Clean up private key string immediately
free(relay_privkey);
// Create tags array for kind 23457 event
cJSON* tags = cJSON_CreateArray();
if (!tags) {
log_error("Failed to create tags array for admin response event");
memset(relay_privkey_bytes, 0, 32);
return NULL;
}
// Add p tag with recipient pubkey (admin who sent the query)
cJSON* p_tag = cJSON_CreateArray();
cJSON_AddItemToArray(p_tag, cJSON_CreateString("p"));
cJSON_AddItemToArray(p_tag, cJSON_CreateString(recipient_pubkey));
cJSON_AddItemToArray(tags, p_tag);
// Create and sign the kind 23457 event using nostr_core_lib
cJSON* response_event = nostr_create_and_sign_event(
23457, // kind: admin response
encrypted_content, // content: NIP-44 encrypted response
tags, // tags: p tag with recipient
relay_privkey_bytes, // private key bytes for signing
time(NULL) // created_at timestamp
);
// Clean up private key bytes immediately after use
memset(relay_privkey_bytes, 0, 32);
cJSON_Delete(tags); // Clean up tags as they were duplicated in nostr_create_and_sign_event
if (!response_event) {
log_error("Failed to create and sign kind 23457 admin response event");
return NULL;
}
// Log success information
cJSON* id_obj = cJSON_GetObjectItem(response_event, "id");
cJSON* pubkey_obj = cJSON_GetObjectItem(response_event, "pubkey");
if (id_obj && pubkey_obj) {
log_success("Kind 23457 admin response event created and signed successfully");
printf(" Event ID: %s\n", cJSON_GetStringValue(id_obj));
printf(" Relay pubkey: %.16s...\n", cJSON_GetStringValue(pubkey_obj));
}
return response_event;
}
// Encrypt admin response content using NIP-44
char* encrypt_admin_response_content(const cJSON* response_data, const char* recipient_pubkey) {
if (!response_data || !recipient_pubkey) {
log_error("Invalid parameters for admin response encryption");
return NULL;
}
log_info("Encrypting admin response content with NIP-44");
printf(" Recipient pubkey: %.16s...\n", recipient_pubkey);
// Convert response data to JSON string
char* response_json = cJSON_Print(response_data);
if (!response_json) {
log_error("Failed to serialize response data for encryption");
return NULL;
}
log_info("Response data serialized for encryption");
printf(" JSON length: %zu\n", strlen(response_json));
printf(" JSON preview: %.100s%s\n", response_json,
strlen(response_json) > 100 ? "..." : "");
// Get relay private key for encryption
char* relay_privkey = get_relay_private_key();
if (!relay_privkey) {
log_error("Relay private key not available for admin response encryption");
free(response_json);
return NULL;
}
// Convert relay private key from hex to bytes
unsigned char relay_privkey_bytes[32];
if (nostr_hex_to_bytes(relay_privkey, relay_privkey_bytes, 32) != NOSTR_SUCCESS) {
log_error("Failed to convert relay private key from hex for encryption");
free(relay_privkey);
free(response_json);
return NULL;
}
// Clean up private key string immediately
free(relay_privkey);
// Convert recipient public key from hex to bytes
unsigned char recipient_pubkey_bytes[32];
if (nostr_hex_to_bytes(recipient_pubkey, recipient_pubkey_bytes, 32) != NOSTR_SUCCESS) {
log_error("Failed to convert recipient public key from hex for encryption");
memset(relay_privkey_bytes, 0, 32);
free(response_json);
return NULL;
}
// Perform NIP-44 encryption (relay as sender, admin as recipient)
char encrypted_content[8192]; // Buffer for encrypted content
int encrypt_result = nostr_nip44_encrypt(relay_privkey_bytes, recipient_pubkey_bytes,
response_json, encrypted_content, sizeof(encrypted_content));
// Clean up sensitive data immediately after use
memset(relay_privkey_bytes, 0, 32);
free(response_json);
if (encrypt_result != NOSTR_SUCCESS) {
log_error("NIP-44 encryption failed for admin response");
printf(" Encryption result code: %d\n", encrypt_result);
return NULL;
}
log_success("Admin response content encrypted successfully with NIP-44");
printf(" Encrypted content length: %zu\n", strlen(encrypted_content));
printf(" Encrypted preview: %.50s...\n", encrypted_content);
// Return encrypted content as allocated string
return strdup(encrypted_content);
}
// Send admin response event using relay's standard event distribution system
int send_admin_response_event(const cJSON* response_data, const char* recipient_pubkey) {
if (!response_data || !recipient_pubkey) {
log_error("Invalid parameters for admin response event transmission");
return -1;
}
printf("WebSocket Response Data: %s\n", json_string);
log_info("Sending admin response as signed kind 23457 event through relay distribution system");
printf(" Recipient pubkey: %.16s...\n", recipient_pubkey);
// Calculate buffer size needed (LWS_PRE + JSON length)
size_t json_len = strlen(json_string);
size_t buf_size = 512 + json_len; // LWS_PRE is typically ~512 bytes
// Allocate buffer with LWS_PRE space
unsigned char* buf = malloc(buf_size);
if (!buf) {
log_error("Failed to allocate WebSocket transmission buffer");
free(json_string);
// Step 1: Encrypt response data using NIP-44
char* encrypted_content = encrypt_admin_response_content(response_data, recipient_pubkey);
if (!encrypted_content) {
log_error("Failed to encrypt admin response content");
return -1;
}
// Copy JSON data to buffer at LWS_PRE offset
memcpy(buf + 512, json_string, json_len); // Using 512 as LWS_PRE equivalent
// Step 2: Create signed kind 23457 event
cJSON* response_event = create_admin_response_event(encrypted_content, recipient_pubkey);
free(encrypted_content); // Clean up encrypted content after use
// Implement actual WebSocket transmission using LibWebSockets
int write_result = lws_write(wsi, buf + LWS_PRE, json_len, LWS_WRITE_TEXT);
if (write_result < 0) {
log_error("Failed to write WebSocket response data");
free(buf);
free(json_string);
if (!response_event) {
log_error("Failed to create admin response event");
return -1;
} else if ((size_t)write_result != json_len) {
log_warning("Partial WebSocket write - not all data transmitted");
printf(" Expected: %zu bytes, Written: %d bytes\n", json_len, write_result);
}
log_info("Admin response event created successfully");
cJSON* id_obj = cJSON_GetObjectItem(response_event, "id");
if (id_obj) {
printf(" Event ID: %s\n", cJSON_GetStringValue(id_obj));
}
// Step 3: Store event in database for persistence
extern int store_event(cJSON* event);
if (store_event(response_event) != 0) {
log_warning("Failed to store admin response event in database (continuing with broadcast)");
} else {
log_success("WebSocket response data transmitted successfully");
printf(" JSON length: %zu bytes\n", json_len);
printf(" Bytes written: %d\n", write_result);
log_info("Admin response event stored in database successfully");
}
// Clean up
free(buf);
free(json_string);
// Step 4: Broadcast event to all matching subscriptions using relay's standard system
extern int broadcast_event_to_subscriptions(cJSON* event);
int broadcast_count = broadcast_event_to_subscriptions(response_event);
if (broadcast_count >= 0) {
log_success("Admin response event distributed through relay subscription system");
printf(" Event kind: 23457 (admin response)\n");
printf(" Subscriptions notified: %d\n", broadcast_count);
// Clean up and return success - event creation succeeded regardless of broadcast count
cJSON_Delete(response_event);
return 0;
} else {
log_error("Failed to broadcast admin response event to subscriptions");
cJSON_Delete(response_event);
return -1;
}
}
// ================================
// WEBSOCKET RESPONSE SYSTEM (LEGACY)
// ================================
// Build standardized query response
cJSON* build_query_response(const char* query_type, cJSON* results_array, int total_count) {
@@ -2442,36 +2646,49 @@ cJSON* build_query_response(const char* query_type, cJSON* results_array, int to
// Single unified handler for all Kind 23456 requests
int handle_kind_23456_unified(cJSON* event, char* error_message, size_t error_size, struct lws* wsi) {
if (!event) {
log_error("DEBUG: Null event passed to handle_kind_23456_unified");
snprintf(error_message, error_size, "invalid: null event");
return -1;
}
log_info("Processing Kind 23456 event through unified handler");
log_info("DEBUG: Processing Kind 23456 event through unified handler");
// Check if content is encrypted (NIP-44)
cJSON* content_obj = cJSON_GetObjectItem(event, "content");
if (!content_obj || !cJSON_IsString(content_obj)) {
log_error("DEBUG: Missing or invalid content in Kind 23456 event");
snprintf(error_message, error_size, "invalid: missing or invalid content");
return -1;
}
const char* content = cJSON_GetStringValue(content_obj);
log_info("DEBUG: Event content analysis");
printf(" Content length: %zu\n", content ? strlen(content) : 0);
printf(" Content preview: %.50s%s\n", content ? content : "null",
(content && strlen(content) > 50) ? "..." : "");
cJSON* decrypted_content = NULL;
// Check if content looks like NIP-44 encrypted content (base64 string, not JSON)
if (content && strlen(content) > 10 && content[0] != '[' && content[0] != '{') {
log_info("Detected NIP-44 encrypted content, attempting decryption");
log_info("DEBUG: Detected NIP-44 encrypted content, attempting decryption");
printf(" Content appears to be base64 encrypted\n");
// Get relay private key for decryption
log_info("DEBUG: Retrieving relay private key for decryption");
char* relay_privkey = get_relay_private_key();
if (!relay_privkey) {
log_error("DEBUG: Relay private key not available for decryption");
snprintf(error_message, error_size, "error: relay private key not available for decryption");
return -1;
}
log_info("DEBUG: Relay private key retrieved successfully");
printf(" Relay privkey length: %zu\n", strlen(relay_privkey));
// Get sender's pubkey from the event for NIP-44 decryption
cJSON* pubkey_obj = cJSON_GetObjectItem(event, "pubkey");
if (!pubkey_obj || !cJSON_IsString(pubkey_obj)) {
log_error("DEBUG: Missing sender pubkey in event");
free(relay_privkey);
snprintf(error_message, error_size, "invalid: missing sender pubkey in event");
return -1;
@@ -2479,28 +2696,42 @@ int handle_kind_23456_unified(cJSON* event, char* error_message, size_t error_si
const char* sender_pubkey = cJSON_GetStringValue(pubkey_obj);
if (!sender_pubkey || strlen(sender_pubkey) != 64) {
log_error("DEBUG: Invalid sender pubkey format");
printf(" Sender pubkey: %s\n", sender_pubkey ? sender_pubkey : "null");
printf(" Sender pubkey length: %zu\n", sender_pubkey ? strlen(sender_pubkey) : 0);
free(relay_privkey);
snprintf(error_message, error_size, "invalid: invalid sender pubkey format");
return -1;
}
log_info("DEBUG: Sender pubkey validated");
printf(" Sender pubkey: %.16s...\n", sender_pubkey);
// Convert relay private key from hex to bytes
log_info("DEBUG: Converting relay private key from hex to bytes");
unsigned char relay_privkey_bytes[32];
if (nostr_hex_to_bytes(relay_privkey, relay_privkey_bytes, 32) != NOSTR_SUCCESS) {
log_error("DEBUG: Failed to convert relay private key from hex");
free(relay_privkey);
snprintf(error_message, error_size, "error: failed to convert relay private key");
return -1;
}
log_info("DEBUG: Relay private key converted successfully");
// Convert sender public key from hex to bytes
log_info("DEBUG: Converting sender public key from hex to bytes");
unsigned char sender_pubkey_bytes[32];
if (nostr_hex_to_bytes(sender_pubkey, sender_pubkey_bytes, 32) != NOSTR_SUCCESS) {
log_error("DEBUG: Failed to convert sender public key from hex");
free(relay_privkey);
snprintf(error_message, error_size, "error: failed to convert sender public key");
return -1;
}
log_info("DEBUG: Sender public key converted successfully");
// Perform NIP-44 decryption (relay as recipient, admin as sender)
log_info("DEBUG: Performing NIP-44 decryption");
printf(" Encrypted content length: %zu\n", strlen(content));
char decrypted_text[4096]; // Buffer for decrypted content
int decrypt_result = nostr_nip44_decrypt(relay_privkey_bytes, sender_pubkey_bytes, content, decrypted_text, sizeof(decrypted_text));
@@ -2509,36 +2740,57 @@ int handle_kind_23456_unified(cJSON* event, char* error_message, size_t error_si
free(relay_privkey);
if (decrypt_result != NOSTR_SUCCESS) {
log_error("DEBUG: NIP-44 decryption failed");
printf(" Decryption result code: %d\n", decrypt_result);
snprintf(error_message, error_size, "error: NIP-44 decryption failed");
return -1;
}
log_info("NIP-44 decryption successful");
log_info("DEBUG: NIP-44 decryption successful");
printf(" Decrypted content: %s\n", decrypted_text);
printf(" Decrypted length: %zu\n", strlen(decrypted_text));
// Parse decrypted content as JSON array
log_info("DEBUG: Parsing decrypted content as JSON");
decrypted_content = cJSON_Parse(decrypted_text);
if (!decrypted_content || !cJSON_IsArray(decrypted_content)) {
log_error("DEBUG: Decrypted content is not valid JSON array");
printf(" Decrypted content type: %s\n",
decrypted_content ? (cJSON_IsArray(decrypted_content) ? "array" : "other") : "null");
snprintf(error_message, error_size, "error: decrypted content is not valid JSON array");
return -1;
}
log_info("DEBUG: Decrypted content parsed successfully as JSON array");
printf(" Array size: %d\n", cJSON_GetArraySize(decrypted_content));
// Replace event content with decrypted command array for processing
log_info("DEBUG: Replacing event content with decrypted marker");
cJSON_DeleteItemFromObject(event, "content");
cJSON_AddStringToObject(event, "content", "decrypted");
// Create synthetic tags from decrypted command array
log_info("DEBUG: Creating synthetic tags from decrypted command array");
cJSON* tags_obj = cJSON_GetObjectItem(event, "tags");
if (!tags_obj) {
log_info("DEBUG: No existing tags, creating new tags array");
tags_obj = cJSON_CreateArray();
cJSON_AddItemToObject(event, "tags", tags_obj);
} else {
log_info("DEBUG: Using existing tags array");
printf(" Existing tags count: %d\n", cJSON_GetArraySize(tags_obj));
}
// Add decrypted command as first tag
if (cJSON_GetArraySize(decrypted_content) > 0) {
log_info("DEBUG: Adding decrypted command as synthetic tag");
cJSON* first_item = cJSON_GetArrayItem(decrypted_content, 0);
if (cJSON_IsString(first_item)) {
const char* command_name = cJSON_GetStringValue(first_item);
log_info("DEBUG: Creating command tag");
printf(" Command: %s\n", command_name ? command_name : "null");
cJSON* command_tag = cJSON_CreateArray();
cJSON_AddItemToArray(command_tag, cJSON_Duplicate(first_item, 1));
@@ -2546,56 +2798,91 @@ int handle_kind_23456_unified(cJSON* event, char* error_message, size_t error_si
for (int i = 1; i < cJSON_GetArraySize(decrypted_content); i++) {
cJSON* item = cJSON_GetArrayItem(decrypted_content, i);
if (item) {
if (cJSON_IsString(item)) {
printf(" Arg %d: %s\n", i, cJSON_GetStringValue(item));
} else {
printf(" Arg %d: (non-string)\n", i);
}
cJSON_AddItemToArray(command_tag, cJSON_Duplicate(item, 1));
}
}
// Insert at beginning of tags array
cJSON_InsertItemInArray(tags_obj, 0, command_tag);
log_info("DEBUG: Synthetic command tag created and inserted");
printf(" Final tag array size: %d\n", cJSON_GetArraySize(tags_obj));
} else {
log_error("DEBUG: First item in decrypted array is not a string");
}
} else {
log_error("DEBUG: Decrypted array is empty");
}
cJSON_Delete(decrypted_content);
} else {
log_info("DEBUG: Content does not appear to be NIP-44 encrypted");
printf(" Content starts with: %c\n", content ? content[0] : '?');
printf(" Content length: %zu\n", content ? strlen(content) : 0);
}
// Parse first tag to determine action type (now from decrypted content if applicable)
log_info("DEBUG: Parsing first tag to determine action type");
const char* action_type = get_first_tag_name(event);
if (!action_type) {
log_error("DEBUG: Missing or invalid first tag after processing");
cJSON* tags_obj = cJSON_GetObjectItem(event, "tags");
if (tags_obj && cJSON_IsArray(tags_obj)) {
printf(" Tags array size: %d\n", cJSON_GetArraySize(tags_obj));
} else {
printf(" No tags array found\n");
}
snprintf(error_message, error_size, "invalid: missing or invalid first tag");
return -1;
}
log_info("DEBUG: Action type determined");
printf(" Action type: %s\n", action_type);
// Route to appropriate handler based on action type
log_info("DEBUG: Routing to action-specific handler");
if (strcmp(action_type, "auth_query") == 0) {
log_info("DEBUG: Routing to auth_query handler");
const char* query_type = get_tag_value(event, action_type, 1);
if (!query_type) {
log_error("DEBUG: Missing auth_query type parameter");
snprintf(error_message, error_size, "invalid: missing auth_query type");
return -1;
}
return handle_auth_query_unified(event, query_type, error_message, error_size, wsi);
printf(" Query type: %s\n", query_type);
return handle_auth_query_unified(event, query_type, error_message, error_size);
}
else if (strcmp(action_type, "system_command") == 0) {
log_info("DEBUG: Routing to system_command handler");
const char* command = get_tag_value(event, action_type, 1);
if (!command) {
log_error("DEBUG: Missing system_command type parameter");
snprintf(error_message, error_size, "invalid: missing system_command type");
return -1;
}
return handle_system_command_unified(event, command, error_message, error_size, wsi);
printf(" Command: %s\n", command);
return handle_system_command_unified(event, command, error_message, error_size);
}
else if (strcmp(action_type, "whitelist") == 0 || strcmp(action_type, "blacklist") == 0) {
log_info("DEBUG: Routing to auth rule modification handler");
printf(" Rule type: %s\n", action_type);
// Handle auth rule modifications (existing logic from process_admin_auth_event)
return handle_auth_rule_modification_unified(event, error_message, error_size);
}
else {
log_error("DEBUG: Unknown Kind 23456 action type");
printf(" Unknown action: %s\n", action_type);
snprintf(error_message, error_size, "invalid: unknown Kind 23456 action type '%s'", action_type);
return -1;
}
}
// Unified auth query handler
int handle_auth_query_unified(cJSON* event, const char* query_type, char* error_message, size_t error_size, struct lws* wsi) {
int handle_auth_query_unified(cJSON* event, const char* query_type, char* error_message, size_t error_size) {
if (!g_db) {
snprintf(error_message, error_size, "database not available");
return -1;
@@ -2684,10 +2971,21 @@ int handle_auth_query_unified(cJSON* event, const char* query_type, char* error_
// Build and send response
cJSON* response = build_query_response(query_type, results_array, rule_count);
if (response) {
// Send response data via WebSocket
if (send_websocket_response_data(event, response, wsi) == 0) {
// Get admin pubkey from event for response
cJSON* pubkey_obj = cJSON_GetObjectItem(event, "pubkey");
const char* admin_pubkey = pubkey_obj ? cJSON_GetStringValue(pubkey_obj) : NULL;
if (!admin_pubkey) {
cJSON_Delete(response);
cJSON_Delete(results_array);
snprintf(error_message, error_size, "missing admin pubkey for response");
return -1;
}
// Send response as signed kind 23457 event
if (send_admin_response_event(response, admin_pubkey) == 0) {
printf("Total results: %d\n", rule_count);
log_success("Auth query completed successfully with WebSocket response");
log_success("Auth query completed successfully with signed response");
cJSON_Delete(response);
cJSON_Delete(results_array);
return 0;
@@ -2701,7 +2999,7 @@ int handle_auth_query_unified(cJSON* event, const char* query_type, char* error_
}
// Unified system command handler
int handle_system_command_unified(cJSON* event, const char* command, char* error_message, size_t error_size, struct lws* wsi) {
int handle_system_command_unified(cJSON* event, const char* command, char* error_message, size_t error_size) {
if (!g_db) {
snprintf(error_message, error_size, "database not available");
return -1;
@@ -2745,9 +3043,19 @@ int handle_system_command_unified(cJSON* event, const char* command, char* error
printf("Cleared %d auth rules from database\n", rule_count);
// Send response via WebSocket
if (send_websocket_response_data(event, response, wsi) == 0) {
log_success("Clear auth rules command completed successfully");
// Get admin pubkey from event for response
cJSON* pubkey_obj = cJSON_GetObjectItem(event, "pubkey");
const char* admin_pubkey = pubkey_obj ? cJSON_GetStringValue(pubkey_obj) : NULL;
if (!admin_pubkey) {
cJSON_Delete(response);
snprintf(error_message, error_size, "missing admin pubkey for response");
return -1;
}
// Send response as signed kind 23457 event
if (send_admin_response_event(response, admin_pubkey) == 0) {
log_success("Clear auth rules command completed successfully with signed response");
cJSON_Delete(response);
return 0;
}
@@ -2797,9 +3105,19 @@ int handle_system_command_unified(cJSON* event, const char* command, char* error
printf("Database: %s\n", g_db ? "Connected" : "Not available");
printf("Cache status: %s\n", g_unified_cache.cache_valid ? "Valid" : "Invalid");
// Send response via WebSocket
if (send_websocket_response_data(event, response, wsi) == 0) {
log_success("System status query completed successfully");
// Get admin pubkey from event for response
cJSON* pubkey_obj = cJSON_GetObjectItem(event, "pubkey");
const char* admin_pubkey = pubkey_obj ? cJSON_GetStringValue(pubkey_obj) : NULL;
if (!admin_pubkey) {
cJSON_Delete(response);
snprintf(error_message, error_size, "missing admin pubkey for response");
return -1;
}
// Send response as signed kind 23457 event
if (send_admin_response_event(response, admin_pubkey) == 0) {
log_success("System status query completed successfully with signed response");
cJSON_Delete(response);
return 0;
}
@@ -2830,6 +3148,12 @@ int handle_auth_rule_modification_unified(cJSON* event, char* error_message, siz
}
int rules_processed = 0;
cJSON* processed_rules = cJSON_CreateArray();
if (!processed_rules) {
sqlite3_exec(g_db, "ROLLBACK", NULL, NULL, NULL);
snprintf(error_message, error_size, "failed to create response array");
return -1;
}
// Process each tag as an auth rule specification
cJSON* auth_tag = NULL;
@@ -2856,6 +3180,15 @@ int handle_auth_rule_modification_unified(cJSON* event, char* error_message, siz
if (strcmp(rule_type, "blacklist") == 0 || strcmp(rule_type, "whitelist") == 0) {
if (add_auth_rule_from_config(rule_type, pattern_type, pattern_value, "allow") == 0) {
rules_processed++;
// Add processed rule to response array
cJSON* rule_obj = cJSON_CreateObject();
cJSON_AddStringToObject(rule_obj, "rule_type", rule_type);
cJSON_AddStringToObject(rule_obj, "pattern_type", pattern_type);
cJSON_AddStringToObject(rule_obj, "pattern_value", pattern_value);
cJSON_AddStringToObject(rule_obj, "action", "allow");
cJSON_AddStringToObject(rule_obj, "status", "added");
cJSON_AddItemToArray(processed_rules, rule_obj);
}
}
}
@@ -2867,9 +3200,39 @@ int handle_auth_rule_modification_unified(cJSON* event, char* error_message, siz
snprintf(success_msg, sizeof(success_msg), "Processed %d auth rule updates", rules_processed);
log_success(success_msg);
// Build and send response
cJSON* response = cJSON_CreateObject();
cJSON_AddStringToObject(response, "command", "auth_rule_modification");
cJSON_AddNumberToObject(response, "rules_processed", rules_processed);
cJSON_AddStringToObject(response, "status", "success");
cJSON_AddNumberToObject(response, "timestamp", (double)time(NULL));
cJSON_AddItemToObject(response, "processed_rules", processed_rules);
printf("Processed %d auth rule modifications\n", rules_processed);
// Get admin pubkey from event for response
cJSON* pubkey_obj = cJSON_GetObjectItem(event, "pubkey");
const char* admin_pubkey = pubkey_obj ? cJSON_GetStringValue(pubkey_obj) : NULL;
if (!admin_pubkey) {
cJSON_Delete(response);
snprintf(error_message, error_size, "missing admin pubkey for response");
return -1;
}
// Send response as signed kind 23457 event
if (send_admin_response_event(response, admin_pubkey) == 0) {
log_success("Auth rule modification completed successfully with signed response");
cJSON_Delete(response);
return 0;
}
cJSON_Delete(response);
snprintf(error_message, error_size, "failed to send auth rule modification response");
return -1;
} else {
sqlite3_exec(g_db, "ROLLBACK", NULL, NULL, NULL);
cJSON_Delete(processed_rules);
snprintf(error_message, error_size, "no valid auth rules found");
return -1;
}

8
src/config.h
View File

@@ -170,12 +170,12 @@ int process_admin_auth_event(cJSON* event, char* error_message, size_t error_siz
// Unified Kind 23456 handler functions
int handle_kind_23456_unified(cJSON* event, char* error_message, size_t error_size, struct lws* wsi);
int handle_auth_query_unified(cJSON* event, const char* query_type, char* error_message, size_t error_size, struct lws* wsi);
int handle_system_command_unified(cJSON* event, const char* command, char* error_message, size_t error_size, struct lws* wsi);
int handle_auth_query_unified(cJSON* event, const char* query_type, char* error_message, size_t error_size);
int handle_system_command_unified(cJSON* event, const char* command, char* error_message, size_t error_size);
int handle_auth_rule_modification_unified(cJSON* event, char* error_message, size_t error_size);
// WebSocket response functions
int send_websocket_response_data(cJSON* event, cJSON* response_data, struct lws* wsi);
// Admin response functions
int send_admin_response_event(const cJSON* response_data, const char* recipient_pubkey);
cJSON* build_query_response(const char* query_type, cJSON* results_array, int total_count);
// Auth rules management functions

13
src/main.c
View File

@@ -3203,11 +3203,18 @@ static int nostr_relay_callback(struct lws *wsi, enum lws_callback_reasons reaso
memcpy(message, in, len);
message[len] = '\0';
log_info("Received WebSocket message");
// Parse JSON message
// Parse JSON message (this is the normal program flow)
cJSON* json = cJSON_Parse(message);
if (json && cJSON_IsArray(json)) {
// Log the complete parsed JSON message once
char* complete_message = cJSON_Print(json);
if (complete_message) {
char debug_msg[2048];
snprintf(debug_msg, sizeof(debug_msg),
"Received complete WebSocket message: %s", complete_message);
log_info(debug_msg);
free(complete_message);
}
// Get message type
cJSON* type = cJSON_GetArrayItem(json, 0);
if (type && cJSON_IsString(type)) {

118
tests/white_black_list_test.sh
View File

@@ -117,7 +117,7 @@ generate_test_keypair() {
echo "$pubkey" > "$pubkey_file"
log_info "Generated keypair for $name: pubkey=${pubkey:0:16}..."
log_info "Generated keypair for $name: pubkey=$pubkey"
# Export for use in calling functions
eval "${name}_PRIVKEY=\"$privkey\""
@@ -135,7 +135,9 @@ encrypt_nip44_content() {
return 1
fi
# log_info "DEBUG: Encrypting content: $content"
log_info "DEBUG: About to encrypt content: '$content'" >&2
log_info "DEBUG: Sender privkey: $sender_privkey" >&2
log_info "DEBUG: Receiver pubkey: $receiver_pubkey" >&2
# Use nak to perform NIP-44 encryption with correct syntax:
# nak encrypt --recipient-pubkey <pubkey> --sec <private_key> [plaintext]
@@ -145,13 +147,24 @@ encrypt_nip44_content() {
if [ $? -ne 0 ] || [ -z "$encrypted_content" ]; then
log_error "Failed to encrypt content with NIP-44"
log_error "Content: $content"
log_error "Sender privkey: ${sender_privkey:0:16}..."
log_error "Receiver pubkey: ${receiver_pubkey:0:16}..."
log_error "Sender privkey: $sender_privkey"
log_error "Receiver pubkey: $receiver_pubkey"
return 1
fi
# log_info "DEBUG: Encrypted content: $encrypted_content"
# log_info "Successfully encrypted content with NIP-44"
# Validate that encrypted content is valid base64 and doesn't contain problematic characters
if ! echo "$encrypted_content" | grep -q '^[A-Za-z0-9+/]*=*$'; then
log_error "Encrypted content contains invalid characters for JSON: $encrypted_content"
return 1
fi
# Check if encrypted content is valid UTF-8/base64
if ! echo "$encrypted_content" | base64 -d >/dev/null 2>&1; then
log_warning "Encrypted content may not be valid base64: $encrypted_content"
fi
log_info "DEBUG: Encrypted content: $encrypted_content" >&2
log_info "Successfully encrypted content with NIP-44" >&2
echo "$encrypted_content"
return 0
}
@@ -167,7 +180,7 @@ decrypt_nip44_content() {
return 1
fi
log_info "DEBUG: Decrypting content: ${encrypted_content:0:32}..."
log_info "DEBUG: Decrypting content: $encrypted_content"
# Use nak to perform NIP-44 decryption with correct syntax:
# nak decrypt --sender-pubkey <pubkey> --sec <private_key> [encrypted_content]
@@ -176,9 +189,9 @@ decrypt_nip44_content() {
if [ $? -ne 0 ] || [ -z "$decrypted_content" ]; then
log_error "Failed to decrypt content with NIP-44"
log_error "Encrypted content: ${encrypted_content:0:32}..."
log_error "Receiver privkey: ${receiver_privkey:0:16}..."
log_error "Sender pubkey: ${sender_pubkey:0:16}..."
log_error "Encrypted content: $encrypted_content"
log_error "Receiver privkey: $receiver_privkey"
log_error "Sender pubkey: $sender_pubkey"
return 1
fi
@@ -196,7 +209,7 @@ send_websocket_message() {
# Use websocat to send message and capture response (following pattern from tests/1_nip_test.sh)
local response=""
if command -v websocat &> /dev/null; then
response=$(echo "$message" | timeout "$timeout" websocat "$RELAY_URL" 2>&1 || echo "Connection failed")
response=$(printf '%s\n' "$message" | timeout "$timeout" websocat "$RELAY_URL" 2>&1 || echo "Connection failed")
# Check if connection failed
if [[ "$response" == *"Connection failed"* ]]; then
@@ -220,22 +233,54 @@ send_admin_event() {
local timeout_seconds="${3:-10}"
log_info "Sending admin event: $description"
log_info "DEBUG: Full event JSON: $event_json"
# Create EVENT message
local event_message="[\"EVENT\",$event_json]"
log_info "DEBUG: Full EVENT message: $event_message"
# Create EVENT message using jq to properly handle special characters
local event_message
event_message=$(jq -n --argjson event "$event_json" '["EVENT", $event]')
# Send event using websocat (following 1_nip_test.sh pattern)
# Validate that the event message is valid UTF-8 (temporarily disabled for debugging)
# if ! echo "$event_message" | iconv -f utf-8 -t utf-8 >/dev/null 2>&1; then
# log_error "Event message contains invalid UTF-8 characters"
# return 1
# fi
# Use websocat to send event and capture OK response
local response=""
if command -v websocat &> /dev/null; then
log_info "DEBUG: About to send to relay: $event_message"
response=$(echo "$event_message" | timeout "$timeout_seconds" websocat "$RELAY_URL" 2>&1 || echo "Connection failed")
log_info "Sending event using websocat..."
# Check if connection failed
if [[ "$response" == *"Connection failed"* ]]; then
# Debug: Show what we're sending
log_info "DEBUG: Event message being sent: $event_message"
# Write to temporary file to avoid shell interpretation issues
local temp_file="${TEMP_DIR}/event_message_$$"
printf '%s\n' "$event_message" > "$temp_file"
# Send via websocat using file input with delay to receive response
response=$(timeout "$timeout_seconds" sh -c "cat '$temp_file'; sleep 0.5" | websocat "$RELAY_URL" 2>&1)
local websocat_exit_code=$?
# Clean up temp file
rm -f "$temp_file"
log_info "DEBUG: Websocat exit code: $websocat_exit_code"
log_info "DEBUG: Websocat response: $response"
# Check for specific websocat errors
if [[ "$response" == *"UTF-8 failure"* ]]; then
log_error "UTF-8 encoding error in event data for $description"
log_error "Event message: $event_message"
return 1
elif [[ "$response" == *"Connection failed"* ]] || [[ "$response" == *"Connection refused"* ]] || [[ "$response" == *"timeout"* ]]; then
log_error "Failed to connect to relay for $description"
return 1
elif [[ "$response" == *"error running"* ]]; then
log_error "Websocat error for $description: $response"
return 1
elif [ $websocat_exit_code -eq 0 ]; then
log_info "Event sent successfully via websocat"
else
log_warning "Websocat returned exit code $websocat_exit_code"
fi
else
@@ -254,8 +299,9 @@ send_admin_query() {
log_info "Sending admin query: $description"
# Create EVENT message
local event_message="[\"EVENT\",$event_json]"
# Create EVENT message using jq to properly handle special characters
local event_message
event_message=$(jq -n --argjson event "$event_json" '["EVENT", $event]')
# For queries, we need to also send a REQ to get the response
local sub_id="admin_query_$(date +%s)"
@@ -265,7 +311,7 @@ send_admin_query() {
# Send query event and subscription in sequence
local response=""
if command -v websocat &> /dev/null; then
response=$(echo -e "$event_message\n$req_message\n$close_message" | timeout "$timeout_seconds" websocat "$RELAY_URL" 2>&1 || echo "Connection failed")
response=$(printf '%s\n%s\n%s\n' "$event_message" "$req_message" "$close_message" | timeout "$timeout_seconds" websocat "$RELAY_URL" 2>&1 || echo "Connection failed")
# Check if connection failed
if [[ "$response" == *"Connection failed"* ]]; then
@@ -321,7 +367,7 @@ send_auth_rule_event() {
local pattern_value="$4" # actual pubkey or hash value
local description="$5" # optional description
log_info "Creating auth rule event: $action $rule_type $pattern_type ${pattern_value:0:16}..."
log_info "Creating auth rule event: $action $rule_type $pattern_type $pattern_value"
# Create command array according to README.md API specification
# Format: ["blacklist", "pubkey", "abc123..."] or ["whitelist", "pubkey", "def456..."]
@@ -430,7 +476,7 @@ test_event_publishing() {
log_info "Testing event publishing: $description"
# Create a simple test event (kind 1 - text note) using nak like NIP-42 test
local test_content="Test message from ${test_pubkey:0:16}... at $(date)"
local test_content="Test message from $test_pubkey at $(date)"
local test_event
test_event=$(nak event -k 1 --content "$test_content" --sec "$test_privkey" 2>/dev/null)
@@ -442,7 +488,7 @@ test_event_publishing() {
# Send the event using nak directly (more reliable than websocat)
log_info "Publishing test event to relay..."
local result
result=$(echo "$test_event" | timeout 10s nak event "$RELAY_URL" 2>&1)
result=$(printf '%s\n' "$test_event" | timeout 10s nak event "$RELAY_URL" 2>&1)
local exit_code=$?
log_info "Event publishing result: $result"
@@ -545,15 +591,17 @@ test_admin_authentication() {
return
fi
# Send admin event
local message="[\"EVENT\",$config_event]"
# Send admin event using the proper admin event function
local response
response=$(send_websocket_message "$message" 10)
response=$(send_admin_event "$config_event" "admin authentication test")
local exit_code=$?
if echo "$response" | grep -q '"OK".*true'; then
log_info "Admin authentication result: $response"
if [ $exit_code -eq 0 ] && echo "$response" | grep -q '"OK".*true'; then
pass_test "Admin authentication successful"
else
fail_test "Admin authentication failed: $response"
fail_test "Admin authentication failed: $response (exit code: $exit_code)"
fi
}
@@ -786,14 +834,14 @@ test_hash_blacklist() {
return
fi
log_info "Testing hash blacklist with event ID: ${event_id:0:16}..."
log_info "Testing hash blacklist with event ID: $event_id"
# Add the event ID to hash blacklist
if send_auth_rule_event "add" "blacklist" "hash" "$event_id" "Test hash blacklist"; then
# Try to publish the same event using nak - should be blocked
log_info "Attempting to publish blacklisted event..."
local result
result=$(echo "$test_event" | timeout 10s nak event "$RELAY_URL" 2>&1)
result=$(printf '%s\n' "$test_event" | timeout 10s nak event "$RELAY_URL" 2>&1)
local exit_code=$?
if [ $exit_code -ne 0 ] || echo "$result" | grep -q -i "blocked\|denied\|rejected\|blacklist"; then
@@ -922,7 +970,7 @@ run_all_tests() {
clear_all_auth_rules
# test_admin_authentication
test_admin_authentication
# test_auth_rules_storage_query
# test_basic_whitelist
# test_basic_blacklist
@@ -980,7 +1028,7 @@ main() {
echo ""
# Check if relay is running - using websocat like the working tests
if ! echo '["REQ","connection_test",{}]' | timeout 5 websocat "$RELAY_URL" >/dev/null 2>&1; then
if ! printf '%s\n' '["REQ","connection_test",{}]' | timeout 5 websocat "$RELAY_URL" >/dev/null 2>&1; then
log_error "Cannot connect to relay at $RELAY_URL"
log_error "Please ensure the C-Relay server is running in test mode"
exit 1