Moved auth system from nostr_core_lib back into ginxsom. Still debugging but so many changes I wanted to commit.

tests/auth_test.sh

@@ -52,72 +52,54 @@ record_test_result() {
     fi
 }
 
-echo "=== Ginxsom Authentication System Test Suite ==="
-echo "Testing unified nostr_core_lib authentication integration"
-echo "Timestamp: $(date -Iseconds)"
-echo
-
 # Check prerequisites
-echo "[INFO] Checking prerequisites..."
 for cmd in nak curl jq sqlite3; do
     if ! command -v $cmd &> /dev/null; then
-        echo "[ERROR] $cmd command not found"
+        echo "$cmd command not found"
         exit 1
     fi
 done
 
 # Check if server is running
 if ! curl -s -f "${SERVER_URL}/" > /dev/null 2>&1; then
-    echo "[ERROR] Server not running at $SERVER_URL"
-    echo "[INFO] Start with: ./restart-all.sh"
+    echo "Server not running at $SERVER_URL"
+    echo "Start with: ./restart-all.sh"
     exit 1
 fi
 
 # Check if database exists
 if [[ ! -f "$DB_PATH" ]]; then
-    echo "[ERROR] Database not found at $DB_PATH"
+    echo "Database not found at $DB_PATH"
     exit 1
 fi
 
-echo "[SUCCESS] All prerequisites met"
-echo
-
 # Setup test environment and auth rules ONCE at the beginning
-echo "=== Setting up authentication rules ==="
 mkdir -p "$TEST_DIR"
 
 # Enable authentication rules
 sqlite3 "$DB_PATH" "INSERT OR REPLACE INTO auth_config (key, value) VALUES ('auth_rules_enabled', 'true');"
 
 # Delete ALL existing auth rules and cache (clean slate)
-echo "Deleting all existing auth rules..."
 sqlite3 "$DB_PATH" "DELETE FROM auth_rules;"
 sqlite3 "$DB_PATH" "DELETE FROM auth_cache;"
 
 # Set up all test rules at once
-echo "Creating test auth rules..."
-
 # 1. Whitelist for TEST_USER1 for upload operations (priority 10)
-sqlite3 "$DB_PATH" "INSERT INTO auth_rules (rule_type, rule_target, operation, priority, enabled, description) 
-                   VALUES ('pubkey_whitelist', '$TEST_USER1_PUBKEY', 'upload', 10, 1, 'TEST_WHITELIST_USER1');"
+sqlite3 "$DB_PATH" "INSERT INTO auth_rules (rule_type, rule_target, operation, priority, enabled, description)
+                    VALUES ('pubkey_whitelist', '$TEST_USER1_PUBKEY', 'upload', 10, 1, 'TEST_WHITELIST_USER1');"
 
 # 2. Blacklist for TEST_USER2 for upload operations (priority 5 - higher priority)
-sqlite3 "$DB_PATH" "INSERT INTO auth_rules (rule_type, rule_target, operation, priority, enabled, description) 
-                   VALUES ('pubkey_blacklist', '$TEST_USER2_PUBKEY', 'upload', 5, 1, 'TEST_BLACKLIST_USER2');"
+sqlite3 "$DB_PATH" "INSERT INTO auth_rules (rule_type, rule_target, operation, priority, enabled, description)
+                    VALUES ('pubkey_blacklist', '$TEST_USER2_PUBKEY', 'upload', 5, 1, 'TEST_BLACKLIST_USER2');"
 
 # 3. Hash blacklist (will be set after we create a test file)
 echo "test content for hash blacklist" > "$TEST_DIR/blacklisted_file.txt"
 BLACKLISTED_HASH=$(sha256sum "$TEST_DIR/blacklisted_file.txt" | cut -d' ' -f1)
-sqlite3 "$DB_PATH" "INSERT INTO auth_rules (rule_type, rule_target, operation, priority, enabled, description) 
-                   VALUES ('hash_blacklist', '$BLACKLISTED_HASH', 'upload', 5, 1, 'TEST_HASH_BLACKLIST');"
-
-echo "Hash blacklisted: $BLACKLISTED_HASH"
+sqlite3 "$DB_PATH" "INSERT INTO auth_rules (rule_type, rule_target, operation, priority, enabled, description)
+                    VALUES ('hash_blacklist', '$BLACKLISTED_HASH', 'upload', 5, 1, 'TEST_HASH_BLACKLIST');"
 
 # Display the rules we created
-echo
-echo "Auth rules created:"
-sqlite3 "$DB_PATH" -header -column "SELECT rule_type, rule_target, operation, priority, enabled, description FROM auth_rules WHERE description LIKE 'TEST_%' ORDER BY priority;"
-echo
+# (Auth rules configured for testing)
 
 # Helper functions
 create_test_file() {
@@ -173,8 +155,6 @@ test_upload() {
 }
 
 # Run the tests
-echo "=== Running Authentication Tests ==="
-echo
 
 # Test 1: Whitelisted user (should succeed)
 test_file1=$(create_test_file "whitelisted_upload.txt" "Content from whitelisted user")
@@ -194,20 +174,15 @@ RANDOM_PRIVKEY="abcd1234567890abcd1234567890abcd1234567890abcd1234567890abcd1234
 test_upload "Test 4: Random User (No Rules)" "$RANDOM_PRIVKEY" "$test_file4" "ANY"
 
 # Test 5: Test with authentication disabled
-echo "=== Test 5: Authentication Disabled ==="
-echo "Disabling authentication rules..."
 sqlite3 "$DB_PATH" "INSERT OR REPLACE INTO auth_config (key, value) VALUES ('auth_rules_enabled', 'false');"
 
 test_file5=$(create_test_file "auth_disabled.txt" "Upload with auth disabled")
 test_upload "Test 5: Upload with Authentication Disabled" "$TEST_USER2_PRIVKEY" "$test_file5" "200"
 
 # Re-enable authentication
-echo "Re-enabling authentication rules..."
 sqlite3 "$DB_PATH" "INSERT OR REPLACE INTO auth_config (key, value) VALUES ('auth_rules_enabled', 'true');"
-echo
 
 # Test failure modes - comprehensive edge case testing
-echo "=== Test 6: Invalid Authorization Header Formats ==="
 
 # Helper function for failure mode tests
 test_failure_mode() {
@@ -242,7 +217,7 @@ test_failure_mode "Test 6b: Invalid Authorization Prefix" "Bearer invalidtoken12
 # Test 6c: Invalid Base64 in Authorization
 test_failure_mode "Test 6c: Invalid Base64 in Authorization" "Nostr invalid!@#base64"
 
-echo "=== Test 7: Malformed JSON Events ==="
+# Test malformed JSON events
 
 # Test 7a: Invalid JSON Structure
 malformed_json='{"kind":24242,"content":"","created_at":'  # Incomplete JSON
@@ -254,10 +229,9 @@ missing_fields_json='{"kind":24242,"content":"","created_at":1234567890,"tags":[
 missing_fields_b64=$(echo -n "$missing_fields_json" | base64 -w 0)
 test_failure_mode "Test 7b: Missing Required Fields (no pubkey)" "Nostr $missing_fields_b64"
 
-echo "=== Test 8: Invalid Key Formats ==="
+# Test invalid key formats
 
 # Test 8a: Short Public Key
-echo "Test 8a: Short Public Key (32 chars instead of 64)"
 echo "short_key_test" > "$TEST_DIR/short_key.txt"
 file_hash=$(sha256sum "$TEST_DIR/short_key.txt" | cut -d' ' -f1)
 short_pubkey="1234567890abcdef1234567890abcdef"  # 32 chars instead of 64

tests/auth_test_tmp/debug_whitelisted.txt

@@ -0,0 +1 @@
+Content from whitelisted user for test

tests/auth_test_tmp/nip42_challenge

@@ -1 +1 @@
-3fb6a0ea1d337bd09f1f88f65f124174ad7161dd5ea0fae74c0dd0b0db43a24e
+1c4c3b202bbe84869d7e688fd4abccf9f46a57073df1c0e3b515d4810d9b6525

tests/debug_auth.sh

@@ -0,0 +1,127 @@
+#!/bin/bash
+
+# debug_auth.sh - Simplified authentication test for Test 1: Whitelisted User Upload
+# Isolates the first failing test case to debug the pubkey extraction issue
+
+# Configuration
+SERVER_URL="http://localhost:9001"
+UPLOAD_ENDPOINT="${SERVER_URL}/upload"
+DB_PATH="db/ginxsom.db"
+TEST_DIR="tests/auth_test_tmp"
+
+# Test keys (same as Test 1)
+TEST_USER1_PRIVKEY="5c0c523f52a5b6fad39ed2403092df8cebc36318b39383bca6c00808626fab3a"
+TEST_USER1_PUBKEY="87d3561f19b74adbe8bf840682992466068830a9d8c36b4a0c99d36f826cb6cb"
+
+echo "=== Debug Authentication Test ==="
+echo "Testing: Whitelisted User Upload"
+echo "Expected: HTTP 200 (Allowed)"
+echo "Server: $SERVER_URL"
+echo
+
+# Check prerequisites
+echo "Checking prerequisites..."
+for cmd in nak curl jq sqlite3; do
+    if ! command -v $cmd &> /dev/null; then
+        echo "[ERROR] $cmd command not found"
+        exit 1
+    fi
+done
+
+# Check if server is running
+if ! curl -s -f "${SERVER_URL}/" > /dev/null 2>&1; then
+    echo "Server not running at $SERVER_URL"
+    echo "Start with: ./restart-all.sh"
+    exit 1
+fi
+
+# Check if database exists
+if [[ ! -f "$DB_PATH" ]]; then
+    echo "Database not found at $DB_PATH"
+    exit 1
+fi
+
+echo "Prerequisites OK"
+echo
+
+# Setup test environment
+echo "=== Setting up authentication rules ==="
+mkdir -p "$TEST_DIR"
+
+# Enable authentication rules
+sqlite3 "$DB_PATH" "INSERT OR REPLACE INTO auth_config (key, value) VALUES ('auth_rules_enabled', 'true');"
+
+# Clean slate
+sqlite3 "$DB_PATH" "DELETE FROM auth_rules;"
+sqlite3 "$DB_PATH" "DELETE FROM auth_cache;"
+
+# Create the whitelist rule (same as Test 1)
+echo "Creating whitelist rule for pubkey: $TEST_USER1_PUBKEY"
+sqlite3 "$DB_PATH" "INSERT INTO auth_rules (rule_type, rule_target, operation, priority, enabled, description)
+                   VALUES ('pubkey_whitelist', '$TEST_USER1_PUBKEY', 'upload', 10, 1, 'TEST_WHITELIST_USER1');"
+
+# Verify rule creation
+echo
+echo "Current auth rules:"
+sqlite3 "$DB_PATH" -header -column "SELECT rule_type, rule_target, operation, priority, enabled, description FROM auth_rules ORDER BY priority;"
+
+# Helper function to create auth event (exactly like auth_test.sh)
+create_auth_event() {
+    local privkey="$1"
+    local operation="$2"
+    local hash="$3"
+    local expiration_offset="${4:-3600}"  # 1 hour default
+
+    local expiration=$(date -d "+${expiration_offset} seconds" +%s)
+
+    local event_args=(-k 24242 -c "" --tag "t=$operation" --tag "expiration=$expiration" --sec "$privkey")
+
+    if [[ -n "$hash" ]]; then
+        event_args+=(--tag "x=$hash")
+    fi
+
+    nak event "${event_args[@]}"
+}
+
+# Create test file
+echo
+echo "=== Running Test 1: Whitelisted User Upload ==="
+test_file="$TEST_DIR/debug_whitelisted.txt"
+echo "Content from whitelisted user for test" > "$test_file"
+
+# Get file hash
+file_hash=$(sha256sum "$test_file" | cut -d' ' -f1)
+
+# Create auth event
+event=$(create_auth_event "$TEST_USER1_PRIVKEY" "upload" "$file_hash")
+
+# Base64 encode for Authorization header
+auth_header="Nostr $(echo "$event" | base64 -w 0)"
+
+# Make the upload request
+response_file=$(mktemp)
+http_status=$(curl -s -w "%{http_code}" \
+    -H "Authorization: $auth_header" \
+    -H "Content-Type: text/plain" \
+    --data-binary "@$test_file" \
+    -X PUT "$UPLOAD_ENDPOINT" \
+    -o "$response_file" 2>/dev/null)
+
+echo "HTTP Status: $http_status"
+if [[ "$http_status" == "200" ]]; then
+    echo "✅ PASSED - Upload allowed as expected"
+else
+    echo "❌ FAILED - Expected 200, got $http_status"
+fi
+
+echo
+echo "Clean up: rm -f \"$test_file\""
+
+# Cleanup
+rm -f "$response_file"
+
+echo
+echo "=== Debug Test Complete ==="
+echo "1. Check ./restart-all.sh --follow for detailed logs"
+echo "2. Verify pubkey extraction in logs/app/debug.log"
+echo "3. Clean up: sqlite3 db/ginxsom.db \"DELETE FROM auth_rules WHERE description LIKE 'TEST_%';\""

tests/simple_auth_test.sh

@@ -1,49 +0,0 @@
-#!/bin/bash
-
-# Simple authentication test
-set -e
-
-SERVER_URL="http://localhost:9001"
-UPLOAD_ENDPOINT="${SERVER_URL}/upload"
-TEST_USER1_PRIVKEY="5c0c523f52a5b6fad39ed2403092df8cebc36318b39383bca6c00808626fab3a"
-
-echo "=== Simple Authentication Test ==="
-
-# Create a small test file
-echo "Test file content $(date)" > /tmp/simple_test.txt
-FILE_HASH=$(sha256sum /tmp/simple_test.txt | cut -d' ' -f1)
-
-echo "Test file hash: $FILE_HASH"
-
-# Create auth event
-EVENT=$(nak event -k 24242 -c "" \
-    --tag "t=upload" \
-    --tag "x=${FILE_HASH}" \
-    --tag "expiration=$(date -d '+1 hour' +%s)" \
-    --sec "$TEST_USER1_PRIVKEY")
-
-echo "Generated event: $EVENT"
-
-# Create auth header
-AUTH_HEADER="Nostr $(echo "$EVENT" | base64 -w 0)"
-
-echo "Auth header length: ${#AUTH_HEADER}"
-
-# Test upload
-echo "Testing upload..."
-HTTP_STATUS=$(curl -s -w "%{http_code}" \
-    -H "Authorization: $AUTH_HEADER" \
-    -H "Content-Type: text/plain" \
-    --data-binary "@/tmp/simple_test.txt" \
-    -X PUT "$UPLOAD_ENDPOINT" \
-    -o /tmp/upload_response.txt)
-
-echo "HTTP Status: $HTTP_STATUS"
-echo "Response:"
-cat /tmp/upload_response.txt
-echo
-
-# Cleanup
-rm -f /tmp/simple_test.txt /tmp/upload_response.txt
-
-echo "Test completed with status: $HTTP_STATUS"

tests/simple_comprehensive_test.sh

@@ -1,62 +0,0 @@
-#!/bin/bash
-
-# Simple comprehensive auth test
-SERVER_URL="http://localhost:9001"
-UPLOAD_ENDPOINT="${SERVER_URL}/upload"
-DB_PATH="../db/ginxsom.db"
-
-# Test keys
-TEST_USER1_PRIVKEY="5c0c523f52a5b6fad39ed2403092df8cebc36318b39383bca6c00808626fab3a"  
-TEST_USER1_PUBKEY="79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"
-
-echo "=== Simple Authentication Test ==="
-
-# Test 1: Basic upload
-echo "Test 1: Basic upload"
-echo "test content" > test1.txt
-file_hash=$(sha256sum test1.txt | cut -d" " -f1)
-
-# Create auth event
-event=$(nak event -k 24242 -c "" --tag "t=upload" --tag "expiration=$(date -d "+1 hour" +%s)" --tag "x=$file_hash" --sec "$TEST_USER1_PRIVKEY")
-auth_header="Nostr $(echo "$event" | base64 -w 0)"
-
-# Make upload request
-response=$(curl -s -w "%{http_code}" -H "Authorization: $auth_header" -H "Content-Type: text/plain" --data-binary "@test1.txt" -X PUT "$UPLOAD_ENDPOINT" -o response1.json)
-
-if [ "$response" = "200" ]; then
-    echo "✓ Basic upload test PASSED (HTTP $response)"
-else
-    echo "✗ Basic upload test FAILED (HTTP $response)"
-    cat response1.json
-fi
-
-# Test 2: Whitelist rule
-echo
-echo "Test 2: Pubkey whitelist"
-
-# Clear rules and add whitelist
-sqlite3 "$DB_PATH" "DELETE FROM auth_rules WHERE description LIKE %TEST_%;"
-sqlite3 "$DB_PATH" "DELETE FROM auth_cache;"
-sqlite3 "$DB_PATH" "INSERT INTO auth_rules (rule_type, rule_target, operation, priority, enabled, description) VALUES (pubkey_whitelist, , upload, 10, 1, TEST_WHITELIST);"
-
-echo "test content 2" > test2.txt
-file_hash2=$(sha256sum test2.txt | cut -d" " -f1)
-
-event2=$(nak event -k 24242 -c "" --tag "t=upload" --tag "expiration=$(date -d "+1 hour" +%s)" --tag "x=$file_hash2" --sec "$TEST_USER1_PRIVKEY")
-auth_header2="Nostr $(echo "$event2" | base64 -w 0)"
-
-response2=$(curl -s -w "%{http_code}" -H "Authorization: $auth_header2" -H "Content-Type: text/plain" --data-binary "@test2.txt" -X PUT "$UPLOAD_ENDPOINT" -o response2.json)
-
-if [ "$response2" = "200" ]; then
-    echo "✓ Whitelist test PASSED (HTTP $response2)"
-else
-    echo "✗ Whitelist test FAILED (HTTP $response2)"
-    cat response2.json
-fi
-
-# Cleanup
-rm -f test1.txt test2.txt response1.json response2.json
-sqlite3 "$DB_PATH" "DELETE FROM auth_rules WHERE description LIKE %TEST_%;"
-sqlite3 "$DB_PATH" "DELETE FROM auth_cache;"
-
-echo "=== Tests completed ==="

tests/tests/auth_test_tmp/auth_disabled.txt

@@ -1 +0,0 @@
-Upload with auth disabled

tests/tests/auth_test_tmp/blacklisted_file.txt

@@ -1 +0,0 @@
-test content for hash blacklist

tests/tests/auth_test_tmp/blacklisted_upload.txt

@@ -1 +0,0 @@
-Content from blacklisted user

tests/tests/auth_test_tmp/corrupted_sig.txt

@@ -1 +0,0 @@
-corrupted_sig_test

tests/tests/auth_test_tmp/expired_event.txt

@@ -1 +0,0 @@
-expired_event_test

tests/tests/auth_test_tmp/hash_mismatch.txt

@@ -1 +0,0 @@
-hash_mismatch_test

tests/tests/auth_test_tmp/missing_t_tag.txt

@@ -1 +0,0 @@
-missing_t_tag_test

tests/tests/auth_test_tmp/missing_x_tag.txt

@@ -1 +0,0 @@
-missing_x_tag_test

tests/tests/auth_test_tmp/nonhex_key.txt

@@ -1 +0,0 @@
-nonhex_key_test

tests/tests/auth_test_tmp/random_upload.txt

@@ -1 +0,0 @@
-Content from random user

tests/tests/auth_test_tmp/short_key.txt

@@ -1 +0,0 @@
-short_key_test

tests/tests/auth_test_tmp/whitelisted_upload.txt

@@ -1 +0,0 @@
-Content from whitelisted user

tests/tests/auth_test_tmp/wrong_kind.txt

@@ -1 +0,0 @@
-wrong_kind_test