Moved auth system from nostr_core_lib back into ginxsom. Still debugging but so many changes I wanted to commit.

tests/debug_auth.sh

@@ -0,0 +1,127 @@
+#!/bin/bash
+
+# debug_auth.sh - Simplified authentication test for Test 1: Whitelisted User Upload
+# Isolates the first failing test case to debug the pubkey extraction issue
+
+# Configuration
+SERVER_URL="http://localhost:9001"
+UPLOAD_ENDPOINT="${SERVER_URL}/upload"
+DB_PATH="db/ginxsom.db"
+TEST_DIR="tests/auth_test_tmp"
+
+# Test keys (same as Test 1)
+TEST_USER1_PRIVKEY="5c0c523f52a5b6fad39ed2403092df8cebc36318b39383bca6c00808626fab3a"
+TEST_USER1_PUBKEY="87d3561f19b74adbe8bf840682992466068830a9d8c36b4a0c99d36f826cb6cb"
+
+echo "=== Debug Authentication Test ==="
+echo "Testing: Whitelisted User Upload"
+echo "Expected: HTTP 200 (Allowed)"
+echo "Server: $SERVER_URL"
+echo
+
+# Check prerequisites
+echo "Checking prerequisites..."
+for cmd in nak curl jq sqlite3; do
+    if ! command -v $cmd &> /dev/null; then
+        echo "[ERROR] $cmd command not found"
+        exit 1
+    fi
+done
+
+# Check if server is running
+if ! curl -s -f "${SERVER_URL}/" > /dev/null 2>&1; then
+    echo "Server not running at $SERVER_URL"
+    echo "Start with: ./restart-all.sh"
+    exit 1
+fi
+
+# Check if database exists
+if [[ ! -f "$DB_PATH" ]]; then
+    echo "Database not found at $DB_PATH"
+    exit 1
+fi
+
+echo "Prerequisites OK"
+echo
+
+# Setup test environment
+echo "=== Setting up authentication rules ==="
+mkdir -p "$TEST_DIR"
+
+# Enable authentication rules
+sqlite3 "$DB_PATH" "INSERT OR REPLACE INTO auth_config (key, value) VALUES ('auth_rules_enabled', 'true');"
+
+# Clean slate
+sqlite3 "$DB_PATH" "DELETE FROM auth_rules;"
+sqlite3 "$DB_PATH" "DELETE FROM auth_cache;"
+
+# Create the whitelist rule (same as Test 1)
+echo "Creating whitelist rule for pubkey: $TEST_USER1_PUBKEY"
+sqlite3 "$DB_PATH" "INSERT INTO auth_rules (rule_type, rule_target, operation, priority, enabled, description)
+                   VALUES ('pubkey_whitelist', '$TEST_USER1_PUBKEY', 'upload', 10, 1, 'TEST_WHITELIST_USER1');"
+
+# Verify rule creation
+echo
+echo "Current auth rules:"
+sqlite3 "$DB_PATH" -header -column "SELECT rule_type, rule_target, operation, priority, enabled, description FROM auth_rules ORDER BY priority;"
+
+# Helper function to create auth event (exactly like auth_test.sh)
+create_auth_event() {
+    local privkey="$1"
+    local operation="$2"
+    local hash="$3"
+    local expiration_offset="${4:-3600}"  # 1 hour default
+
+    local expiration=$(date -d "+${expiration_offset} seconds" +%s)
+
+    local event_args=(-k 24242 -c "" --tag "t=$operation" --tag "expiration=$expiration" --sec "$privkey")
+
+    if [[ -n "$hash" ]]; then
+        event_args+=(--tag "x=$hash")
+    fi
+
+    nak event "${event_args[@]}"
+}
+
+# Create test file
+echo
+echo "=== Running Test 1: Whitelisted User Upload ==="
+test_file="$TEST_DIR/debug_whitelisted.txt"
+echo "Content from whitelisted user for test" > "$test_file"
+
+# Get file hash
+file_hash=$(sha256sum "$test_file" | cut -d' ' -f1)
+
+# Create auth event
+event=$(create_auth_event "$TEST_USER1_PRIVKEY" "upload" "$file_hash")
+
+# Base64 encode for Authorization header
+auth_header="Nostr $(echo "$event" | base64 -w 0)"
+
+# Make the upload request
+response_file=$(mktemp)
+http_status=$(curl -s -w "%{http_code}" \
+    -H "Authorization: $auth_header" \
+    -H "Content-Type: text/plain" \
+    --data-binary "@$test_file" \
+    -X PUT "$UPLOAD_ENDPOINT" \
+    -o "$response_file" 2>/dev/null)
+
+echo "HTTP Status: $http_status"
+if [[ "$http_status" == "200" ]]; then
+    echo "✅ PASSED - Upload allowed as expected"
+else
+    echo "❌ FAILED - Expected 200, got $http_status"
+fi
+
+echo
+echo "Clean up: rm -f \"$test_file\""
+
+# Cleanup
+rm -f "$response_file"
+
+echo
+echo "=== Debug Test Complete ==="
+echo "1. Check ./restart-all.sh --follow for detailed logs"
+echo "2. Verify pubkey extraction in logs/app/debug.log"
+echo "3. Clean up: sqlite3 db/ginxsom.db \"DELETE FROM auth_rules WHERE description LIKE 'TEST_%';\""