Fixed a killer bug with upload verification

2025-09-02 12:06:13 -04:00
parent eb7a9413ca
commit 9f51886d9e
15 changed files with 52980 additions and 44836 deletions
--- a/src/main.c
+++ b/src/main.c
@@ -2373,8 +2373,51 @@ void handle_upload_request(void) {
        fprintf(stderr, "AUTH: authenticate_request returned: %d\r\n", auth_result);
        if (auth_result != NOSTR_SUCCESS) {
            free(file_data);
-            send_error_response(401, "authentication_failed", "Authentication failed", 
-                              "The request failed basic nostr authentication");
+            
+            // Provide specific error messages based on the authentication failure type
+            const char* error_type = "authentication_failed";
+            const char* message = "Authentication failed";
+            const char* details = "The request failed nostr authentication";
+            
+            switch (auth_result) {
+                case NOSTR_ERROR_EVENT_INVALID_CONTENT:
+                    error_type = "event_expired";
+                    message = "Authentication event expired";
+                    details = "The provided nostr event has expired and is no longer valid";
+                    break;
+                case NOSTR_ERROR_EVENT_INVALID_SIGNATURE:
+                    error_type = "invalid_signature";
+                    message = "Invalid cryptographic signature";
+                    details = "The event signature verification failed";
+                    break;
+                case NOSTR_ERROR_EVENT_INVALID_PUBKEY:
+                    error_type = "invalid_pubkey";
+                    message = "Invalid public key";
+                    details = "The event contains an invalid or malformed public key";
+                    break;
+                case NOSTR_ERROR_EVENT_INVALID_ID:
+                    error_type = "invalid_event_id";
+                    message = "Invalid event ID";
+                    details = "The event ID does not match the calculated hash";
+                    break;
+                case NOSTR_ERROR_INVALID_INPUT:
+                    error_type = "invalid_format";
+                    message = "Invalid authorization format";
+                    details = "The authorization header format is invalid or malformed";
+                    break;
+                default:
+                    error_type = "authentication_failed";
+                    message = "Authentication failed";
+                    // Use C-style string formatting for error details
+                    static char error_details_buffer[256];
+                    snprintf(error_details_buffer, sizeof(error_details_buffer),
+                            "The request failed nostr authentication (error code: %d - %s)",
+                            auth_result, nostr_strerror(auth_result));
+                    details = error_details_buffer;
+                    break;
+            }
+            
+            send_error_response(401, error_type, message, details);
            log_request("PUT", "/upload", "auth_failed", 401);
            return;
        }
@@ -2554,6 +2597,15 @@ void handle_upload_request(void) {
 int main(void) {
    fprintf(stderr, "STARTUP: FastCGI application starting up\r\n");
    fflush(stderr);
+    
+    // CRITICAL: Initialize nostr crypto system for cryptographic operations
+    fprintf(stderr, "STARTUP: Initializing nostr crypto system...\r\n");
+    if (nostr_crypto_init() != 0) {
+        fprintf(stderr, "FATAL ERROR: Failed to initialize nostr crypto system\r\n");
+        return 1;
+    }
+    fprintf(stderr, "STARTUP: nostr crypto system initialized successfully\r\n");
+    fflush(stderr);
    while (FCGI_Accept() >= 0) {
        // DEBUG: Log every request received
        fprintf(stderr, "DEBUG: FastCGI received request\r\n");