#!/bin/bash # debug_auth.sh - Simplified authentication test for Test 1: Whitelisted User Upload # Isolates the first failing test case to debug the pubkey extraction issue # Configuration SERVER_URL="http://localhost:9001" UPLOAD_ENDPOINT="${SERVER_URL}/upload" DB_PATH="db/ginxsom.db" TEST_DIR="tests/auth_test_tmp" # Test keys (same as Test 1) TEST_USER1_PRIVKEY="5c0c523f52a5b6fad39ed2403092df8cebc36318b39383bca6c00808626fab3a" TEST_USER1_PUBKEY="87d3561f19b74adbe8bf840682992466068830a9d8c36b4a0c99d36f826cb6cb" echo "=== Debug Authentication Test ===" echo "Testing: Whitelisted User Upload" echo "Expected: HTTP 200 (Allowed)" echo "Server: $SERVER_URL" echo # Check prerequisites echo "Checking prerequisites..." for cmd in nak curl jq sqlite3; do if ! command -v $cmd &> /dev/null; then echo "[ERROR] $cmd command not found" exit 1 fi done # Check if server is running if ! curl -s -f "${SERVER_URL}/" > /dev/null 2>&1; then echo "Server not running at $SERVER_URL" echo "Start with: ./restart-all.sh" exit 1 fi # Check if database exists if [[ ! -f "$DB_PATH" ]]; then echo "Database not found at $DB_PATH" exit 1 fi echo "Prerequisites OK" echo # Setup test environment echo "=== Setting up authentication rules ===" mkdir -p "$TEST_DIR" # Enable authentication rules sqlite3 "$DB_PATH" "INSERT OR REPLACE INTO auth_config (key, value) VALUES ('auth_rules_enabled', 'true');" # Clean slate sqlite3 "$DB_PATH" "DELETE FROM auth_rules;" sqlite3 "$DB_PATH" "DELETE FROM auth_cache;" # Create the whitelist rule (same as Test 1) echo "Creating whitelist rule for pubkey: $TEST_USER1_PUBKEY" sqlite3 "$DB_PATH" "INSERT INTO auth_rules (rule_type, rule_target, operation, priority, enabled, description) VALUES ('pubkey_whitelist', '$TEST_USER1_PUBKEY', 'upload', 10, 1, 'TEST_WHITELIST_USER1');" # Verify rule creation echo echo "Current auth rules:" sqlite3 "$DB_PATH" -header -column "SELECT rule_type, rule_target, operation, priority, enabled, description FROM auth_rules ORDER BY priority;" # Helper function to create auth event (exactly like auth_test.sh) create_auth_event() { local privkey="$1" local operation="$2" local hash="$3" local expiration_offset="${4:-3600}" # 1 hour default local expiration=$(date -d "+${expiration_offset} seconds" +%s) local event_args=(-k 24242 -c "" --tag "t=$operation" --tag "expiration=$expiration" --sec "$privkey") if [[ -n "$hash" ]]; then event_args+=(--tag "x=$hash") fi nak event "${event_args[@]}" } # Create test file echo echo "=== Running Test 1: Whitelisted User Upload ===" test_file="$TEST_DIR/debug_whitelisted.txt" echo "Content from whitelisted user for test" > "$test_file" # Get file hash file_hash=$(sha256sum "$test_file" | cut -d' ' -f1) # Create auth event event=$(create_auth_event "$TEST_USER1_PRIVKEY" "upload" "$file_hash") # Base64 encode for Authorization header auth_header="Nostr $(echo "$event" | base64 -w 0)" # Make the upload request response_file=$(mktemp) http_status=$(curl -s -w "%{http_code}" \ -H "Authorization: $auth_header" \ -H "Content-Type: text/plain" \ --data-binary "@$test_file" \ -X PUT "$UPLOAD_ENDPOINT" \ -o "$response_file" 2>/dev/null) echo "HTTP Status: $http_status" if [[ "$http_status" == "200" ]]; then echo "✅ PASSED - Upload allowed as expected" else echo "❌ FAILED - Expected 200, got $http_status" fi echo echo "Clean up: rm -f \"$test_file\"" # Cleanup rm -f "$response_file" echo echo "=== Debug Test Complete ===" echo "1. Check ./restart-all.sh --follow for detailed logs" echo "2. Verify pubkey extraction in logs/app/debug.log" echo "3. Clean up: sqlite3 db/ginxsom.db \"DELETE FROM auth_rules WHERE description LIKE 'TEST_%';\""