v0.7.16 - Fixed blacklist authentication system - removed redundant action/parameters columns, added active=1 filtering, added comprehensive debug tracing, and identified that auth must be enabled for blacklist to work

src/request_validator.c

@@ -15,6 +15,7 @@
 #include "../nostr_core_lib/nostr_core/nip013.h"  // NIP-13: Proof of Work
 #include "../nostr_core_lib/nostr_core/nostr_common.h"
 #include "../nostr_core_lib/nostr_core/utils.h"
+#include "debug.h"  // C-relay debug system
 #include "config.h"  // C-relay configuration system
 #include <sqlite3.h>
 #include <stdio.h>
@@ -531,6 +532,8 @@ int check_database_auth_rules(const char *pubkey, const char *operation __attrib
   sqlite3_stmt *stmt = NULL;
   int rc;
 
+  DEBUG_TRACE("Checking auth rules for pubkey: %s", pubkey);
+
   if (!pubkey) {
     return NOSTR_ERROR_INVALID_INPUT;
   }
@@ -547,19 +550,21 @@ int check_database_auth_rules(const char *pubkey, const char *operation __attrib
 
   // Step 1: Check pubkey blacklist (highest priority)
   const char *blacklist_sql =
-      "SELECT rule_type, action FROM auth_rules WHERE rule_type = "
-      "'blacklist' AND pattern_type = 'pubkey' AND pattern_value = ? LIMIT 1";
+      "SELECT rule_type FROM auth_rules WHERE rule_type = "
+      "'blacklist' AND pattern_type = 'pubkey' AND pattern_value = ? AND active = 1 LIMIT 1";
+  DEBUG_TRACE("Blacklist SQL: %s", blacklist_sql);
   rc = sqlite3_prepare_v2(db, blacklist_sql, -1, &stmt, NULL);
   if (rc == SQLITE_OK) {
     sqlite3_bind_text(stmt, 1, pubkey, -1, SQLITE_STATIC);
 
-    if (sqlite3_step(stmt) == SQLITE_ROW) {
-      const char *action = (const char *)sqlite3_column_text(stmt, 1);
+    int step_result = sqlite3_step(stmt);
+    DEBUG_TRACE("Blacklist query result: %s", step_result == SQLITE_ROW ? "FOUND" : "NOT_FOUND");
 
+    if (step_result == SQLITE_ROW) {
+      DEBUG_TRACE("BLACKLIST HIT: Denying access for pubkey: %s", pubkey);
       // Set specific violation details for status code mapping
       strcpy(g_last_rule_violation.violation_type, "pubkey_blacklist");
-      sprintf(g_last_rule_violation.reason, "Public key blacklisted: %s",
-              action ? action : "PUBKEY_BLACKLIST");
+      sprintf(g_last_rule_violation.reason, "Public key blacklisted");
 
       sqlite3_finalize(stmt);
       sqlite3_close(db);
@@ -571,19 +576,16 @@ int check_database_auth_rules(const char *pubkey, const char *operation __attrib
   // Step 2: Check hash blacklist
   if (resource_hash) {
     const char *hash_blacklist_sql =
-        "SELECT rule_type, action FROM auth_rules WHERE rule_type = "
-        "'blacklist' AND pattern_type = 'hash' AND pattern_value = ? LIMIT 1";
+        "SELECT rule_type FROM auth_rules WHERE rule_type = "
+        "'blacklist' AND pattern_type = 'hash' AND pattern_value = ? AND active = 1 LIMIT 1";
     rc = sqlite3_prepare_v2(db, hash_blacklist_sql, -1, &stmt, NULL);
     if (rc == SQLITE_OK) {
       sqlite3_bind_text(stmt, 1, resource_hash, -1, SQLITE_STATIC);
 
       if (sqlite3_step(stmt) == SQLITE_ROW) {
-        const char *action = (const char *)sqlite3_column_text(stmt, 1);
-
         // Set specific violation details for status code mapping
         strcpy(g_last_rule_violation.violation_type, "hash_blacklist");
-        sprintf(g_last_rule_violation.reason, "File hash blacklisted: %s",
-                action ? action : "HASH_BLACKLIST");
+        sprintf(g_last_rule_violation.reason, "File hash blacklisted");
 
         sqlite3_finalize(stmt);
         sqlite3_close(db);
@@ -595,8 +597,8 @@ int check_database_auth_rules(const char *pubkey, const char *operation __attrib
 
   // Step 3: Check pubkey whitelist
   const char *whitelist_sql =
-      "SELECT rule_type, action FROM auth_rules WHERE rule_type = "
-      "'whitelist' AND pattern_type = 'pubkey' AND pattern_value = ? LIMIT 1";
+      "SELECT rule_type FROM auth_rules WHERE rule_type = "
+      "'whitelist' AND pattern_type = 'pubkey' AND pattern_value = ? AND active = 1 LIMIT 1";
   rc = sqlite3_prepare_v2(db, whitelist_sql, -1, &stmt, NULL);
   if (rc == SQLITE_OK) {
     sqlite3_bind_text(stmt, 1, pubkey, -1, SQLITE_STATIC);
@@ -612,7 +614,7 @@ int check_database_auth_rules(const char *pubkey, const char *operation __attrib
   // Step 4: Check if any whitelist rules exist - if yes, deny by default
   const char *whitelist_exists_sql =
       "SELECT COUNT(*) FROM auth_rules WHERE rule_type = 'whitelist' "
-      "AND pattern_type = 'pubkey' LIMIT 1";
+      "AND pattern_type = 'pubkey' AND active = 1 LIMIT 1";
   rc = sqlite3_prepare_v2(db, whitelist_exists_sql, -1, &stmt, NULL);
   if (rc == SQLITE_OK) {
     if (sqlite3_step(stmt) == SQLITE_ROW) {