Refactored code by breaking the main.c up into BUD files.

2025-09-08 09:42:45 -04:00
parent 67154164f1
commit 20792871f8
32 changed files with 21472 additions and 104170 deletions
--- a/tests/auth_test.sh
+++ b/tests/auth_test.sh
@@ -9,13 +9,49 @@ UPLOAD_ENDPOINT="${SERVER_URL}/upload"
 DB_PATH="db/ginxsom.db"
 TEST_DIR="tests/auth_test_tmp"

+# Test results tracking
+TESTS_PASSED=0
+TESTS_FAILED=0
+TOTAL_TESTS=0
+
 # Test keys for different scenarios
-TEST_USER1_PRIVKEY="5c0c523f52a5b6fad39ed2403092df8cebc36318b39383bca6c00808626fab3a"  
-TEST_USER1_PUBKEY="79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"
+TEST_USER1_PRIVKEY="5c0c523f52a5b6fad39ed2403092df8cebc36318b39383bca6c00808626fab3a"
+TEST_USER1_PUBKEY="87d3561f19b74adbe8bf840682992466068830a9d8c36b4a0c99d36f826cb6cb"

 TEST_USER2_PRIVKEY="182c3a5e3b7a1b7e4f5c6b7c8b4a5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2"
 TEST_USER2_PUBKEY="c95195e5e7de1ad8c4d3c0ac4e8b5c0c4e0c4d3c1e5c8d4c2e7e9f4a5b6c7d8e"

+# Helper function to record test results
+record_test_result() {
+    local test_name="$1"
+    local expected="$2"
+    local actual="$3"
+    local success="${4:-}"  # Optional success override
+    
+    TOTAL_TESTS=$((TOTAL_TESTS + 1))
+    
+    if [[ -n "$success" ]]; then
+        # Use explicit success value
+        if [[ "$success" == "true" ]]; then
+            echo "✅ $test_name - PASSED"
+            TESTS_PASSED=$((TESTS_PASSED + 1))
+        else
+            echo "❌ $test_name - FAILED"
+            TESTS_FAILED=$((TESTS_FAILED + 1))
+        fi
+    elif [[ "$expected" == "ANY" ]]; then
+        # Any result is acceptable
+        echo "✅ $test_name - PASSED (HTTP $actual)"
+        TESTS_PASSED=$((TESTS_PASSED + 1))
+    elif [[ "$actual" == "$expected" ]]; then
+        echo "✅ $test_name - PASSED"
+        TESTS_PASSED=$((TESTS_PASSED + 1))
+    else
+        echo "❌ $test_name - FAILED (Expected: $expected, Got: $actual)"
+        TESTS_FAILED=$((TESTS_FAILED + 1))
+    fi
+}
+
 echo "=== Ginxsom Authentication System Test Suite ==="
 echo "Testing unified nostr_core_lib authentication integration"
 echo "Timestamp: $(date -Iseconds)"
@@ -115,12 +151,7 @@ test_upload() {
    local file_path="$3"
    local expected_status="${4:-ANY}"
    
-    echo "=== $test_name ==="
-    
    local file_hash=$(sha256sum "$file_path" | cut -d' ' -f1)
-    echo "File: $(basename "$file_path")"
-    echo "Hash: $file_hash"
-    echo "User pubkey: $(echo "$privkey" | nak key public)"
    
    # Create auth event
    local event=$(create_auth_event "$privkey" "upload" "$file_hash")
@@ -133,23 +164,12 @@ test_upload() {
        -H "Content-Type: text/plain" \
        --data-binary "@$file_path" \
        -X PUT "$UPLOAD_ENDPOINT" \
-        -o "$response_file")
-    
-    echo "HTTP Status: $http_status"
-    echo "Server Response:"
-    cat "$response_file" | jq . 2>/dev/null || cat "$response_file"
-    echo
+        -o "$response_file" 2>/dev/null)
    
    rm -f "$response_file"
    
-    if [[ "$expected_status" != "ANY" ]]; then
-        if [[ "$http_status" == "$expected_status" ]]; then
-            echo "✓ Expected HTTP $expected_status - PASSED"
-        else
-            echo "✗ Expected HTTP $expected_status, got $http_status - FAILED"
-        fi
-    fi
-    echo
+    # Record result
+    record_test_result "$test_name" "$expected_status" "$http_status"
 }

 # Run the tests
@@ -196,8 +216,6 @@ test_failure_mode() {
    local file_content="${3:-failure_test_content}"
    local expected_status="${4:-401}"
    
-    echo "=== $test_name ==="
-    
    local test_file=$(mktemp)
    echo "$file_content" > "$test_file"
    
@@ -207,21 +225,12 @@ test_failure_mode() {
        -H "Content-Type: text/plain" \
        --data-binary "@$test_file" \
        -X PUT "$UPLOAD_ENDPOINT" \
-        -o "$response_file")
-    
-    echo "HTTP Status: $http_status"
-    echo "Server Response:"
-    cat "$response_file" | jq . 2>/dev/null || cat "$response_file"
-    echo
+        -o "$response_file" 2>/dev/null)
    
    rm -f "$test_file" "$response_file"
    
-    if [[ "$http_status" == "$expected_status" ]]; then
-        echo "✓ Expected HTTP $expected_status - PASSED"
-    else
-        echo "✗ Expected HTTP $expected_status, got $http_status - FAILED"
-    fi
-    echo
+    # Record result
+    record_test_result "$test_name" "$expected_status" "$http_status"
 }

 # Test 6a: Missing Authorization Header
@@ -259,8 +268,8 @@ short_key_event=$(cat << EOF
  "created_at": $(date +%s),
  "pubkey": "$short_pubkey",
  "tags": [["t", "upload"], ["x", "$file_hash"]],
-  "id": "invalid_id",
-  "sig": "invalid_signature"
+  "id": "0000000000000000000000000000000000000000000000000000000000000000",
+  "sig": "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
 }
 EOF
 )
@@ -279,8 +288,8 @@ nonhex_key_event=$(cat << EOF
  "created_at": $(date +%s),
  "pubkey": "$nonhex_pubkey",
  "tags": [["t", "upload"], ["x", "$file_hash"]],
-  "id": "invalid_id",
-  "sig": "invalid_signature"
+  "id": "0000000000000000000000000000000000000000000000000000000000000000",
+  "sig": "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
 }
 EOF
 )
@@ -345,16 +354,151 @@ corrupted_event=$(echo "$valid_event" | sed 's/.\{1\}$/x/')  # Replace last char
 corrupted_b64=$(echo -n "$corrupted_event" | base64 -w 0)
 test_failure_mode "Test 12a: Corrupted Signature" "Nostr $corrupted_b64"

-# Show final state
-echo "=== Final Database State ==="
-echo "Authentication rules left in database:"
-sqlite3 "$DB_PATH" -header -column "SELECT rule_type, rule_target, operation, priority, enabled, description FROM auth_rules WHERE description LIKE 'TEST_%' ORDER BY priority;"
-echo
-echo "Auth config:"
-sqlite3 "$DB_PATH" -header -column "SELECT key, value FROM auth_config WHERE key = 'auth_rules_enabled';"
-echo

-echo "=== Test Suite Completed ==="
-echo "Comprehensive authentication and failure mode testing completed."
-echo "Auth rules have been left in the database for inspection."
-echo "To clean up, run: sqlite3 $DB_PATH \"DELETE FROM auth_rules WHERE description LIKE 'TEST_%';\""
+echo "=== Test 13: NIP-42 Authentication Support ==="
+
+# Helper function to create NIP-42 challenge request
+test_nip42_challenge() {
+    local response_file=$(mktemp)
+    local http_status=$(curl -s -w "%{http_code}" -o "$response_file" \
+        -X GET "${SERVER_URL}/auth" 2>/dev/null)
+    
+    if [[ "$http_status" == "200" ]]; then
+        local challenge=$(cat "$response_file" | jq -r '.challenge' 2>/dev/null)
+        if [[ -n "$challenge" && "$challenge" != "null" ]]; then
+            echo "$challenge" > "$TEST_DIR/nip42_challenge"
+            record_test_result "NIP-42 Challenge Generation" "200" "$http_status"
+            rm -f "$response_file"
+            return 0
+        else
+            record_test_result "NIP-42 Challenge Generation" "200" "INVALID_FORMAT"
+            rm -f "$response_file"
+            return 1
+        fi
+    elif [[ "$http_status" == "404" ]]; then
+        record_test_result "NIP-42 Challenge Generation" "DISABLED" "DISABLED" "true"
+        rm -f "$response_file"
+        return 2  # Disabled, not an error
+    else
+        record_test_result "NIP-42 Challenge Generation" "200" "$http_status"
+        rm -f "$response_file"
+        return 1
+    fi
+}
+
+# Helper function to create NIP-42 authentication event
+create_nip42_auth_event() {
+    local challenge="$1"
+    local privkey="$2"
+    
+    # Create NIP-42 authentication event (kind 22242) using nak for proper signing
+    nak event -k 22242 -c "" \
+        --tag "relay=ws://localhost:9001" \
+        --tag "challenge=$challenge" \
+        --sec "$privkey"
+}
+
+test_nip42_authentication() {
+    # First, try to get a challenge
+    test_nip42_challenge
+    local challenge_result=$?
+    
+    if [[ $challenge_result -eq 2 ]]; then
+        record_test_result "NIP-42 Authentication Flow" "DISABLED" "DISABLED" "true"
+        return 0
+    elif [[ $challenge_result -ne 0 ]]; then
+        record_test_result "NIP-42 Authentication Flow" "SUCCESS" "NO_CHALLENGE"
+        return 1
+    fi
+    
+    local challenge=$(cat "$TEST_DIR/nip42_challenge" 2>/dev/null)
+    if [[ -z "$challenge" ]]; then
+        record_test_result "NIP-42 Authentication Flow" "SUCCESS" "NO_CHALLENGE"
+        return 1
+    fi
+    
+    # Create NIP-42 auth event
+    local nip42_event=$(create_nip42_auth_event "$challenge" "$TEST_USER1_PRIVKEY")
+    local nip42_auth_header="Nostr $(echo "$nip42_event" | base64 -w 0)"
+    
+    # Test upload with NIP-42 authentication
+    local test_file=$(create_test_file "nip42_test.txt" "NIP-42 authentication test content")
+    local response_file=$(mktemp)
+    local http_status=$(curl -s -w "%{http_code}" \
+        -H "Authorization: $nip42_auth_header" \
+        -H "Content-Type: text/plain" \
+        --data-binary "@$test_file" \
+        -X PUT "$UPLOAD_ENDPOINT" \
+        -o "$response_file" 2>/dev/null)
+    
+    rm -f "$response_file"
+    
+    # Record result
+    record_test_result "NIP-42 Authentication Flow" "200" "$http_status"
+}
+
+# Test NIP-42 configuration modes
+test_nip42_configuration() {
+    # Check NIP-42 mode in database using correct table/column
+    local nip42_mode=$(sqlite3 "$DB_PATH" "SELECT value FROM server_config WHERE key = 'require_nip42_auth';" 2>/dev/null || echo "")
+    
+    if [[ -n "$nip42_mode" ]]; then
+        case "$nip42_mode" in
+            "true"|"false")
+                record_test_result "NIP-42 Configuration Check" "VALID" "VALID" "true"
+                ;;
+            *)
+                record_test_result "NIP-42 Configuration Check" "VALID" "INVALID"
+                ;;
+        esac
+    else
+        record_test_result "NIP-42 Configuration Check" "VALID" "DEFAULT" "true"
+    fi
+}
+
+# Test dual authentication capability
+test_dual_authentication_detection() {
+    # Check if both authentication methods can be detected
+    local blossom_event=$(create_auth_event "$TEST_USER1_PRIVKEY" "upload" "")
+    local blossom_kind=$(echo "$blossom_event" | jq -r '.kind')
+    
+    local nip42_event=$(create_nip42_auth_event "test_challenge" "$TEST_USER1_PRIVKEY")
+    local nip42_kind=$(echo "$nip42_event" | jq -r '.kind')
+    
+    if [[ "$blossom_kind" == "24242" && "$nip42_kind" == "22242" ]]; then
+        record_test_result "Dual Authentication System Detection" "SUCCESS" "SUCCESS" "true"
+    else
+        record_test_result "Dual Authentication System Detection" "SUCCESS" "FAILED"
+    fi
+}
+
+# Run NIP-42 tests
+echo "Running NIP-42 authentication tests..."
+test_nip42_configuration
+test_dual_authentication_detection
+test_nip42_challenge
+test_nip42_authentication
+
+echo
+echo "=========================================="
+echo "         TEST SUITE RESULTS"
+echo "=========================================="
+echo
+echo "Total Tests: $TOTAL_TESTS"
+echo "✅ Passed: $TESTS_PASSED"
+echo "❌ Failed: $TESTS_FAILED"
+echo
+if [[ $TESTS_FAILED -eq 0 ]]; then
+    echo "🎉 ALL TESTS PASSED!"
+    echo "Authentication system fully operational:"
+    echo "- Blossom authentication (kind 24242): Working"
+    echo "- NIP-42 authentication (kind 22242): Working"
+    echo "- Dual authentication support: Available"
+    echo "- Challenge/response system: Ready"
+else
+    echo "⚠️  Some tests failed. Check output above for details."
+    echo "Success rate: $(( (TESTS_PASSED * 100) / TOTAL_TESTS ))%"
+fi
+echo
+echo "To clean up test data: sqlite3 $DB_PATH \"DELETE FROM auth_rules WHERE description LIKE 'TEST_%';\""
+echo "=========================================="