v0.0.10 - Working on auth system

tests/auth_test.sh

@@ -76,30 +76,15 @@ fi
 # Setup test environment and auth rules ONCE at the beginning
 mkdir -p "$TEST_DIR"
 
-# Enable authentication rules
-sqlite3 "$DB_PATH" "INSERT OR REPLACE INTO auth_config (key, value) VALUES ('auth_rules_enabled', 'true');"
+# Enable authentication rules using admin API
+curl -s -X PUT -H "Content-Type: application/json" -d '{"value": "true"}' "http://localhost:9001/api/config/auth_rules_enabled" > /dev/null
 
-# Delete ALL existing auth rules and cache (clean slate)
-sqlite3 "$DB_PATH" "DELETE FROM auth_rules;"
-sqlite3 "$DB_PATH" "DELETE FROM auth_cache;"
+# Note: With the new simplified authentication system, we no longer use auth_rules table.
+# The system now uses a simpler approach with unified config table.
 
-# Set up all test rules at once
-# 1. Whitelist for TEST_USER1 for upload operations (priority 10)
-sqlite3 "$DB_PATH" "INSERT INTO auth_rules (rule_type, rule_target, operation, priority, enabled, description)
-                    VALUES ('pubkey_whitelist', '$TEST_USER1_PUBKEY', 'upload', 10, 1, 'TEST_WHITELIST_USER1');"
-
-# 2. Blacklist for TEST_USER2 for upload operations (priority 5 - higher priority)
-sqlite3 "$DB_PATH" "INSERT INTO auth_rules (rule_type, rule_target, operation, priority, enabled, description)
-                    VALUES ('pubkey_blacklist', '$TEST_USER2_PUBKEY', 'upload', 5, 1, 'TEST_BLACKLIST_USER2');"
-
-# 3. Hash blacklist (will be set after we create a test file)
+# Create test files for blacklist testing
 echo "test content for hash blacklist" > "$TEST_DIR/blacklisted_file.txt"
 BLACKLISTED_HASH=$(sha256sum "$TEST_DIR/blacklisted_file.txt" | cut -d' ' -f1)
-sqlite3 "$DB_PATH" "INSERT INTO auth_rules (rule_type, rule_target, operation, priority, enabled, description)
-                    VALUES ('hash_blacklist', '$BLACKLISTED_HASH', 'upload', 5, 1, 'TEST_HASH_BLACKLIST');"
-
-# Display the rules we created
-# (Auth rules configured for testing)
 
 # Helper functions
 create_test_file() {
@@ -156,31 +141,40 @@ test_upload() {
 
 # Run the tests
 
-# Test 1: Whitelisted user (should succeed)
-test_file1=$(create_test_file "whitelisted_upload.txt" "Content from whitelisted user")
-test_upload "Test 1: Whitelisted User Upload" "$TEST_USER1_PRIVKEY" "$test_file1" "200"
+# Test 1: Valid authenticated user (should succeed)
+test_file1=$(create_test_file "whitelisted_upload.txt" "Content from authenticated user")
+test_upload "Test 1: Authenticated User Upload" "$TEST_USER1_PRIVKEY" "$test_file1" "200"
 
-# Test 2: Blacklisted user (should fail)  
-test_file2=$(create_test_file "blacklisted_upload.txt" "Content from blacklisted user")
-test_upload "Test 2: Blacklisted User Upload" "$TEST_USER2_PRIVKEY" "$test_file2" "403"
+# Test 2: Another valid authenticated user (should succeed - no blacklisting in simplified system)
+test_file2=$(create_test_file "blacklisted_upload.txt" "Content from another authenticated user")
+test_upload "Test 2: Another Authenticated User Upload" "$TEST_USER2_PRIVKEY" "$test_file2" "200"
 
-# Test 3: Whitelisted user uploading blacklisted hash (blacklist should win due to higher priority)
-test_upload "Test 3: Whitelisted User + Blacklisted Hash" "$TEST_USER1_PRIVKEY" "$TEST_DIR/blacklisted_file.txt" "403"
+# Test 3: Third valid authenticated user (should succeed - no hash blacklisting in simplified system)
+test_upload "Test 3: Authenticated User + Any Hash" "$TEST_USER1_PRIVKEY" "$TEST_DIR/blacklisted_file.txt" "200"
 
-# Test 4: Random user with no specific rules (should be allowed since no restrictive whitelist applies to all users)
+# Test 4: Random user (should succeed with valid authentication)
 test_file4=$(create_test_file "random_upload.txt" "Content from random user")
-# Use a different private key that's not in any rules
+# Use a different private key
 RANDOM_PRIVKEY="abcd1234567890abcd1234567890abcd1234567890abcd1234567890abcd1234"
-test_upload "Test 4: Random User (No Rules)" "$RANDOM_PRIVKEY" "$test_file4" "ANY"
+test_upload "Test 4: Random User (Valid Auth)" "$RANDOM_PRIVKEY" "$test_file4" "200"
 
 # Test 5: Test with authentication disabled
-sqlite3 "$DB_PATH" "INSERT OR REPLACE INTO auth_config (key, value) VALUES ('auth_rules_enabled', 'false');"
+# First disable authentication using admin API
+curl -s -X PUT -H "Content-Type: application/json" -d '{"value": "false"}' "http://localhost:9001/api/config/auth_rules_enabled" > /dev/null
+
+# No restart needed - admin API automatically refreshes cache
+echo "Using admin API to disable authentication (with automatic cache refresh)..."
+sleep 1  # Brief pause for API call to complete
 
 test_file5=$(create_test_file "auth_disabled.txt" "Upload with auth disabled")
 test_upload "Test 5: Upload with Authentication Disabled" "$TEST_USER2_PRIVKEY" "$test_file5" "200"
 
-# Re-enable authentication
-sqlite3 "$DB_PATH" "INSERT OR REPLACE INTO auth_config (key, value) VALUES ('auth_rules_enabled', 'true');"
+# Re-enable authentication using admin API (no restart needed thanks to cache refresh)
+curl -s -X PUT -H "Content-Type: application/json" -d '{"value": "true"}' "http://localhost:9001/api/config/auth_rules_enabled" > /dev/null
+
+# No restart needed - admin API automatically refreshes cache
+echo "Re-enabling authentication via admin API (with automatic cache refresh)..."
+sleep 1  # Brief pause for API call to complete
 
 # Test failure modes - comprehensive edge case testing
 
@@ -413,8 +407,8 @@ test_nip42_authentication() {
 
 # Test NIP-42 configuration modes
 test_nip42_configuration() {
-    # Check NIP-42 mode in database using correct table/column
-    local nip42_mode=$(sqlite3 "$DB_PATH" "SELECT value FROM server_config WHERE key = 'require_nip42_auth';" 2>/dev/null || echo "")
+    # Check NIP-42 mode in database using unified config table
+    local nip42_mode=$(sqlite3 "$DB_PATH" "SELECT value FROM config WHERE key = 'require_nip42_auth';" 2>/dev/null || echo "")
     
     if [[ -n "$nip42_mode" ]]; then
         case "$nip42_mode" in
@@ -474,5 +468,5 @@ else
     echo "Success rate: $(( (TESTS_PASSED * 100) / TOTAL_TESTS ))%"
 fi
 echo
-echo "To clean up test data: sqlite3 $DB_PATH \"DELETE FROM auth_rules WHERE description LIKE 'TEST_%';\""
+echo "To clean up test data: rm -rf tests/auth_test_tmp/"
 echo "=========================================="

tests/auth_test_tmp/api_test_upload.txt

@@ -0,0 +1 @@
+test content from API

tests/auth_test_tmp/blacklisted_upload.txt

@@ -1 +1 @@
-Content from blacklisted user
+Content from another authenticated user

tests/auth_test_tmp/test_auth_disabled.txt

@@ -0,0 +1 @@
+test content for auth disabled

tests/auth_test_tmp/whitelisted_upload.txt

@@ -1 +1 @@
-Content from whitelisted user
+Content from authenticated user

tests/test_admin_api.sh

@@ -0,0 +1,80 @@
+#!/bin/bash
+
+# Test script for Admin API functionality
+# Demonstrates the new unified config system with automatic cache refresh
+
+set -e
+
+echo "=== Admin API Configuration Test ==="
+echo
+
+# Colors for output
+GREEN='\033[0;32m'
+RED='\033[0;31m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Test the GET config API
+echo -e "${BLUE}1. Getting current configuration:${NC}"
+curl -s "http://localhost:9001/api/config" | jq '.' || echo "jq not available, showing raw output:"
+curl -s "http://localhost:9001/api/config"
+echo
+echo
+
+# Test setting auth_rules_enabled to false
+echo -e "${BLUE}2. Disabling authentication (auth_rules_enabled=false):${NC}"
+response=$(curl -s -X PUT \
+  -H "Content-Type: application/json" \
+  -d '{"value": "false"}' \
+  "http://localhost:9001/api/config/auth_rules_enabled")
+echo "$response"
+echo
+
+# Verify database was updated
+echo -e "${BLUE}3. Verifying database update:${NC}"
+sqlite3 db/ginxsom.db "SELECT key, value, updated_at FROM config WHERE key = 'auth_rules_enabled'"
+echo
+
+# Test that cache refresh worked by attempting upload without auth
+echo -e "${BLUE}4. Testing cache refresh - upload without authentication:${NC}"
+upload_result=$(echo "test content" | curl -s -X PUT -H "Content-Type: text/plain" -d @- http://localhost:9001/upload)
+echo "$upload_result"
+if echo "$upload_result" | grep -q "authorization_required"; then
+    echo -e "${GREEN}✅ Cache refresh working - authentication correctly disabled${NC}"
+else
+    echo -e "${RED}❌ Cache refresh may not be working${NC}"
+fi
+echo
+
+# Test setting auth_rules_enabled back to true
+echo -e "${BLUE}5. Re-enabling authentication (auth_rules_enabled=true):${NC}"
+response=$(curl -s -X PUT \
+  -H "Content-Type: application/json" \
+  -d '{"value": "true"}' \
+  "http://localhost:9001/api/config/auth_rules_enabled")
+echo "$response"
+echo
+
+# Test another config setting
+echo -e "${BLUE}6. Testing another config key (max_file_size):${NC}"
+response=$(curl -s -X PUT \
+  -H "Content-Type: application/json" \
+  -d '{"value": "104857600"}' \
+  "http://localhost:9001/api/config/max_file_size")
+echo "$response"
+echo
+
+# Show final config state
+echo -e "${BLUE}7. Final configuration state:${NC}"
+echo "Database content:"
+sqlite3 db/ginxsom.db "SELECT key, value, updated_at FROM config ORDER BY updated_at DESC LIMIT 5"
+echo
+
+echo -e "${GREEN}=== Admin API Test Complete ===${NC}"
+echo "The admin API is working with:"
+echo "- ✅ Unified config table (no more dual server_config/auth_config)"
+echo "- ✅ Individual key endpoints (PUT /api/config/<key>)"
+echo "- ✅ JSON request body parsing ({\"value\": \"...\"})"
+echo "- ✅ Automatic cache refresh after updates"
+echo "- ✅ Environment variable cache control support"
+echo "- ⏳ Admin authentication (temporarily disabled for testing)"