v0.0.10 - Working on auth system

src/request_validator.c

@@ -166,19 +166,20 @@ int nostr_validate_request(const nostr_request_t* request, nostr_request_result_
     sprintf(config_msg, "VALIDATOR_DEBUG: STEP 3 PASSED - Configuration loaded (auth_required=%d)\n", g_auth_cache.auth_required);
     validator_debug_log(config_msg);
 
-    // If no auth header provided and auth not required, allow
+    // Check if authentication is disabled first (regardless of header presence)
+    if (!g_auth_cache.auth_required) {
+        validator_debug_log("VALIDATOR_DEBUG: STEP 4 PASSED - Authentication disabled, allowing request\n");
+        strcpy(result->reason, "Authentication disabled");
+        return NOSTR_SUCCESS;
+    }
+    
+    // If no auth header provided but auth is required, fail
     if (!request->auth_header) {
-        if (!g_auth_cache.auth_required) {
-            validator_debug_log("VALIDATOR_DEBUG: STEP 4 PASSED - No auth required, allowing request\n");
-            strcpy(result->reason, "Authentication not required");
-            return NOSTR_SUCCESS;
-        } else {
-            validator_debug_log("VALIDATOR_DEBUG: STEP 4 FAILED - Auth required but no header provided\n");
-            result->valid = 0;
-            result->error_code = NOSTR_ERROR_AUTH_REQUIRED;
-            strcpy(result->reason, "Authentication required but not provided");
-            return NOSTR_SUCCESS;
-        }
+        validator_debug_log("VALIDATOR_DEBUG: STEP 4 FAILED - Auth required but no header provided\n");
+        result->valid = 0;
+        result->error_code = NOSTR_ERROR_AUTH_REQUIRED;
+        strcpy(result->reason, "Authentication required but not provided");
+        return NOSTR_SUCCESS;
     }
     char header_msg[110];
     sprintf(header_msg, "VALIDATOR_DEBUG: STEP 4 PASSED - Auth header provided: %.50s...\n", request->auth_header);
@@ -345,14 +346,6 @@ int nostr_validate_request(const nostr_request_t* request, nostr_request_result_
     // STEP 12 PASSED: Protocol validation complete - continue to database rule evaluation
     validator_debug_log("VALIDATOR_DEBUG: STEP 12 PASSED - Protocol validation complete, proceeding to rule evaluation\n");
 
-    // Check if auth rules are enabled
-    if (!g_auth_cache.auth_required) {
-        validator_debug_log("VALIDATOR_DEBUG: STEP 13 PASSED - Auth rules disabled, allowing request\n");
-        result->valid = 1;
-        result->error_code = NOSTR_SUCCESS;
-        strcpy(result->reason, "Authentication rules disabled");
-        return NOSTR_SUCCESS;
-    }
     validator_debug_log("VALIDATOR_DEBUG: STEP 13 PASSED - Auth rules enabled, checking database rules\n");
 
     // Check database rules for authorization
@@ -432,7 +425,35 @@ void nostr_request_validator_cleanup(void) {
 //=============================================================================
 
 /**
- * Reload authentication configuration from database
+ * Get cache timeout from environment variable or default
+ */
+static int get_cache_timeout(void) {
+    char* no_cache = getenv("GINX_NO_CACHE");
+    char* cache_timeout = getenv("GINX_CACHE_TIMEOUT");
+    
+    if (no_cache && strcmp(no_cache, "1") == 0) {
+        return 0; // No caching
+    }
+    
+    if (cache_timeout) {
+        int timeout = atoi(cache_timeout);
+        return (timeout >= 0) ? timeout : 300; // Use provided value or default
+    }
+    
+    return 300; // Default 5 minutes
+}
+
+/**
+ * Force cache refresh - invalidates current cache
+ */
+void nostr_request_validator_force_cache_refresh(void) {
+    g_auth_cache.cache_valid = 0;
+    g_auth_cache.cache_expires = 0;
+    validator_debug_log("VALIDATOR: Cache forcibly invalidated\n");
+}
+
+/**
+ * Reload authentication configuration from unified config table
  */
 static int reload_auth_config(void) {
     sqlite3* db = NULL;
@@ -451,14 +472,15 @@ static int reload_auth_config(void) {
         g_auth_cache.max_file_size = 104857600; // 100MB
         g_auth_cache.admin_enabled = 0;
         g_auth_cache.nip42_mode = 1; // Optional
-        g_auth_cache.cache_expires = time(NULL) + 300; // 5 minutes
+        int cache_timeout = get_cache_timeout();
+        g_auth_cache.cache_expires = time(NULL) + cache_timeout;
         g_auth_cache.cache_valid = 1;
         return NOSTR_SUCCESS;
     }
     
-    // Load configuration values from server_config table
-    const char* server_sql = "SELECT key, value FROM server_config WHERE key IN ('require_auth', 'max_file_size', 'admin_enabled', 'admin_pubkey')";
-    rc = sqlite3_prepare_v2(db, server_sql, -1, &stmt, NULL);
+    // Load configuration values from unified config table
+    const char* config_sql = "SELECT key, value FROM config WHERE key IN ('require_auth', 'auth_rules_enabled', 'max_file_size', 'admin_enabled', 'admin_pubkey', 'require_nip42_auth')";
+    rc = sqlite3_prepare_v2(db, config_sql, -1, &stmt, NULL);
     
     if (rc == SQLITE_OK) {
         while (sqlite3_step(stmt) == SQLITE_ROW) {
@@ -469,31 +491,15 @@ static int reload_auth_config(void) {
             
             if (strcmp(key, "require_auth") == 0) {
                 g_auth_cache.auth_required = (strcmp(value, "true") == 0) ? 1 : 0;
+            } else if (strcmp(key, "auth_rules_enabled") == 0) {
+                // Override auth_required with auth_rules_enabled if present (higher priority)
+                g_auth_cache.auth_required = (strcmp(value, "true") == 0) ? 1 : 0;
             } else if (strcmp(key, "max_file_size") == 0) {
                 g_auth_cache.max_file_size = atol(value);
             } else if (strcmp(key, "admin_enabled") == 0) {
                 g_auth_cache.admin_enabled = (strcmp(value, "true") == 0) ? 1 : 0;
             } else if (strcmp(key, "admin_pubkey") == 0) {
                 strncpy(g_auth_cache.admin_pubkey, value, sizeof(g_auth_cache.admin_pubkey) - 1);
-            }
-        }
-        sqlite3_finalize(stmt);
-    }
-    
-    // Load auth-specific configuration from auth_config table
-    const char* auth_sql = "SELECT key, value FROM auth_config WHERE key IN ('auth_rules_enabled', 'require_nip42_auth')";
-    rc = sqlite3_prepare_v2(db, auth_sql, -1, &stmt, NULL);
-    
-    if (rc == SQLITE_OK) {
-        while (sqlite3_step(stmt) == SQLITE_ROW) {
-            const char* key = (const char*)sqlite3_column_text(stmt, 0);
-            const char* value = (const char*)sqlite3_column_text(stmt, 1);
-            
-            if (!key || !value) continue;
-            
-            if (strcmp(key, "auth_rules_enabled") == 0) {
-                // Override auth_required with auth_rules_enabled if present
-                g_auth_cache.auth_required = (strcmp(value, "true") == 0) ? 1 : 0;
             } else if (strcmp(key, "require_nip42_auth") == 0) {
                 if (strcmp(value, "false") == 0) {
                     g_auth_cache.nip42_mode = 0;
@@ -509,8 +515,9 @@ static int reload_auth_config(void) {
     
     sqlite3_close(db);
     
-    // Set cache expiration (5 minutes from now)
-    g_auth_cache.cache_expires = time(NULL) + 300;
+    // Set cache expiration with environment variable support
+    int cache_timeout = get_cache_timeout();
+    g_auth_cache.cache_expires = time(NULL) + cache_timeout;
     g_auth_cache.cache_valid = 1;
     
     // Set defaults for missing values
@@ -518,9 +525,9 @@ static int reload_auth_config(void) {
         g_auth_cache.max_file_size = 104857600; // 100MB
     }
     
-    // Note: This is the final debug statement, no need to log it to our debug file as it's just informational
-    fprintf(stderr, "VALIDATOR: Configuration loaded - auth_required: %d, max_file_size: %ld, nip42_mode: %d\n",
-            g_auth_cache.auth_required, g_auth_cache.max_file_size, g_auth_cache.nip42_mode);
+    // Debug logging
+    fprintf(stderr, "VALIDATOR: Configuration loaded from unified config table - auth_required: %d, max_file_size: %ld, nip42_mode: %d, cache_timeout: %d\n",
+            g_auth_cache.auth_required, g_auth_cache.max_file_size, g_auth_cache.nip42_mode, cache_timeout);
     
     return NOSTR_SUCCESS;
 }