mleku
28ab665285
- Refactored the HandleReq function to improve the handling of privileged events, ensuring that only authorized users can access them based on their authentication status and associated tags. - Introduced a new test suite for privileged event filtering, covering various scenarios including authorized access, unauthorized access, and edge cases with malformed tags. - Enhanced the publisher logic to deny delivery of privileged events to unauthenticated subscribers. - Bumped version to v0.17.18.
499 lines
14 KiB
Go
499 lines
14 KiB
Go
package app
|
|
|
|
import (
|
|
"bytes"
|
|
"testing"
|
|
"time"
|
|
|
|
"next.orly.dev/pkg/encoders/event"
|
|
"next.orly.dev/pkg/encoders/hex"
|
|
"next.orly.dev/pkg/encoders/kind"
|
|
"next.orly.dev/pkg/encoders/tag"
|
|
)
|
|
|
|
// Test helper to create a test event
|
|
func createTestEvent(id, pubkey, content string, eventKind uint16, tags ...*tag.T) (ev *event.E) {
|
|
ev = &event.E{
|
|
ID: []byte(id),
|
|
Kind: eventKind,
|
|
Pubkey: []byte(pubkey),
|
|
Content: []byte(content),
|
|
Tags: &tag.S{},
|
|
CreatedAt: time.Now().Unix(),
|
|
}
|
|
for _, t := range tags {
|
|
*ev.Tags = append(*ev.Tags, t)
|
|
}
|
|
return ev
|
|
}
|
|
|
|
// Test helper to create a p tag
|
|
func createPTag(pubkey string) (t *tag.T) {
|
|
t = tag.New()
|
|
t.T = append(t.T, []byte("p"), []byte(pubkey))
|
|
return t
|
|
}
|
|
|
|
// Test helper to simulate privileged event filtering logic
|
|
func testPrivilegedEventFiltering(events event.S, authedPubkey []byte, aclMode string, accessLevel string) (filtered event.S) {
|
|
var tmp event.S
|
|
for _, ev := range events {
|
|
if aclMode != "none" &&
|
|
kind.IsPrivileged(ev.Kind) && accessLevel != "admin" {
|
|
|
|
if authedPubkey == nil {
|
|
// Not authenticated - cannot see privileged events
|
|
continue
|
|
}
|
|
|
|
// Check if user is authorized to see this privileged event
|
|
authorized := false
|
|
if bytes.Equal(ev.Pubkey, []byte(hex.Enc(authedPubkey))) {
|
|
authorized = true
|
|
} else {
|
|
// Check p tags
|
|
pTags := ev.Tags.GetAll([]byte("p"))
|
|
for _, pTag := range pTags {
|
|
var pt []byte
|
|
var err error
|
|
if pt, err = hex.Dec(string(pTag.Value())); err != nil {
|
|
continue
|
|
}
|
|
if bytes.Equal(pt, authedPubkey) {
|
|
authorized = true
|
|
break
|
|
}
|
|
}
|
|
}
|
|
if authorized {
|
|
tmp = append(tmp, ev)
|
|
}
|
|
} else {
|
|
tmp = append(tmp, ev)
|
|
}
|
|
}
|
|
return tmp
|
|
}
|
|
|
|
func TestPrivilegedEventFiltering(t *testing.T) {
|
|
// Test pubkeys
|
|
authorPubkey := []byte("author-pubkey-12345")
|
|
recipientPubkey := []byte("recipient-pubkey-67")
|
|
unauthorizedPubkey := []byte("unauthorized-pubkey")
|
|
|
|
// Test events
|
|
tests := []struct {
|
|
name string
|
|
event *event.E
|
|
authedPubkey []byte
|
|
accessLevel string
|
|
shouldAllow bool
|
|
description string
|
|
}{
|
|
{
|
|
name: "privileged event - author can see own event",
|
|
event: createTestEvent(
|
|
"event-id-1",
|
|
hex.Enc(authorPubkey),
|
|
"private message",
|
|
kind.EncryptedDirectMessage.K,
|
|
),
|
|
authedPubkey: authorPubkey,
|
|
accessLevel: "read",
|
|
shouldAllow: true,
|
|
description: "Author should be able to see their own privileged event",
|
|
},
|
|
{
|
|
name: "privileged event - recipient in p tag can see event",
|
|
event: createTestEvent(
|
|
"event-id-2",
|
|
hex.Enc(authorPubkey),
|
|
"private message to recipient",
|
|
kind.EncryptedDirectMessage.K,
|
|
createPTag(hex.Enc(recipientPubkey)),
|
|
),
|
|
authedPubkey: recipientPubkey,
|
|
accessLevel: "read",
|
|
shouldAllow: true,
|
|
description: "Recipient in p tag should be able to see privileged event",
|
|
},
|
|
{
|
|
name: "privileged event - unauthorized user cannot see event",
|
|
event: createTestEvent(
|
|
"event-id-3",
|
|
hex.Enc(authorPubkey),
|
|
"private message",
|
|
kind.EncryptedDirectMessage.K,
|
|
createPTag(hex.Enc(recipientPubkey)),
|
|
),
|
|
authedPubkey: unauthorizedPubkey,
|
|
accessLevel: "read",
|
|
shouldAllow: false,
|
|
description: "Unauthorized user should not be able to see privileged event",
|
|
},
|
|
{
|
|
name: "privileged event - unauthenticated user cannot see event",
|
|
event: createTestEvent(
|
|
"event-id-4",
|
|
hex.Enc(authorPubkey),
|
|
"private message",
|
|
kind.EncryptedDirectMessage.K,
|
|
),
|
|
authedPubkey: nil,
|
|
accessLevel: "none",
|
|
shouldAllow: false,
|
|
description: "Unauthenticated user should not be able to see privileged event",
|
|
},
|
|
{
|
|
name: "privileged event - admin can see all events",
|
|
event: createTestEvent(
|
|
"event-id-5",
|
|
hex.Enc(authorPubkey),
|
|
"private message",
|
|
kind.EncryptedDirectMessage.K,
|
|
),
|
|
authedPubkey: unauthorizedPubkey,
|
|
accessLevel: "admin",
|
|
shouldAllow: true,
|
|
description: "Admin should be able to see all privileged events",
|
|
},
|
|
{
|
|
name: "non-privileged event - anyone can see",
|
|
event: createTestEvent(
|
|
"event-id-6",
|
|
hex.Enc(authorPubkey),
|
|
"public message",
|
|
kind.TextNote.K,
|
|
),
|
|
authedPubkey: unauthorizedPubkey,
|
|
accessLevel: "read",
|
|
shouldAllow: true,
|
|
description: "Non-privileged events should be visible to anyone with read access",
|
|
},
|
|
{
|
|
name: "privileged event - multiple p tags, user in second tag",
|
|
event: createTestEvent(
|
|
"event-id-7",
|
|
hex.Enc(authorPubkey),
|
|
"message to multiple recipients",
|
|
kind.EncryptedDirectMessage.K,
|
|
createPTag(hex.Enc(unauthorizedPubkey)),
|
|
createPTag(hex.Enc(recipientPubkey)),
|
|
),
|
|
authedPubkey: recipientPubkey,
|
|
accessLevel: "read",
|
|
shouldAllow: true,
|
|
description: "User should be found even if they're in the second p tag",
|
|
},
|
|
{
|
|
name: "privileged event - gift wrap kind",
|
|
event: createTestEvent(
|
|
"event-id-8",
|
|
hex.Enc(authorPubkey),
|
|
"gift wrapped message",
|
|
kind.GiftWrap.K,
|
|
createPTag(hex.Enc(recipientPubkey)),
|
|
),
|
|
authedPubkey: recipientPubkey,
|
|
accessLevel: "read",
|
|
shouldAllow: true,
|
|
description: "Gift wrap events should also be filtered as privileged",
|
|
},
|
|
{
|
|
name: "privileged event - application specific data",
|
|
event: createTestEvent(
|
|
"event-id-9",
|
|
hex.Enc(authorPubkey),
|
|
"app config data",
|
|
kind.ApplicationSpecificData.K,
|
|
),
|
|
authedPubkey: authorPubkey,
|
|
accessLevel: "read",
|
|
shouldAllow: true,
|
|
description: "Application specific data should be privileged",
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
// Create event slice
|
|
events := event.S{tt.event}
|
|
|
|
// Test the filtering logic
|
|
filtered := testPrivilegedEventFiltering(events, tt.authedPubkey, "managed", tt.accessLevel)
|
|
|
|
// Check result
|
|
if tt.shouldAllow {
|
|
if len(filtered) != 1 {
|
|
t.Errorf("%s: Expected event to be allowed, but it was filtered out. %s", tt.name, tt.description)
|
|
}
|
|
} else {
|
|
if len(filtered) != 0 {
|
|
t.Errorf("%s: Expected event to be filtered out, but it was allowed. %s", tt.name, tt.description)
|
|
}
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestAllPrivilegedKinds(t *testing.T) {
|
|
// Test that all defined privileged kinds are properly filtered
|
|
authorPubkey := []byte("author-pubkey-12345")
|
|
unauthorizedPubkey := []byte("unauthorized-pubkey")
|
|
|
|
privilegedKinds := []uint16{
|
|
kind.EncryptedDirectMessage.K,
|
|
kind.GiftWrap.K,
|
|
kind.GiftWrapWithKind4.K,
|
|
kind.JWTBinding.K,
|
|
kind.ApplicationSpecificData.K,
|
|
kind.Seal.K,
|
|
kind.PrivateDirectMessage.K,
|
|
}
|
|
|
|
for _, k := range privilegedKinds {
|
|
t.Run("kind_"+hex.Enc([]byte{byte(k >> 8), byte(k)}), func(t *testing.T) {
|
|
// Verify the kind is actually marked as privileged
|
|
if !kind.IsPrivileged(k) {
|
|
t.Fatalf("Kind %d should be privileged but IsPrivileged returned false", k)
|
|
}
|
|
|
|
// Create test event of this kind
|
|
ev := createTestEvent(
|
|
"test-event-id",
|
|
hex.Enc(authorPubkey),
|
|
"test content",
|
|
k,
|
|
)
|
|
|
|
// Test filtering with unauthorized user
|
|
events := event.S{ev}
|
|
filtered := testPrivilegedEventFiltering(events, unauthorizedPubkey, "managed", "read")
|
|
|
|
// Unauthorized user should not see the event
|
|
if len(filtered) != 0 {
|
|
t.Errorf("Privileged kind %d should be filtered out for unauthorized user", k)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestPrivilegedEventEdgeCases(t *testing.T) {
|
|
authorPubkey := []byte("author-pubkey-12345")
|
|
recipientPubkey := []byte("recipient-pubkey-67")
|
|
|
|
tests := []struct {
|
|
name string
|
|
event *event.E
|
|
authedUser []byte
|
|
shouldAllow bool
|
|
description string
|
|
}{
|
|
{
|
|
name: "malformed p tag - should not crash",
|
|
event: func() *event.E {
|
|
ev := createTestEvent(
|
|
"event-id-1",
|
|
hex.Enc(authorPubkey),
|
|
"message with malformed p tag",
|
|
kind.EncryptedDirectMessage.K,
|
|
)
|
|
// Add malformed p tag (invalid hex)
|
|
malformedTag := tag.New()
|
|
malformedTag.T = append(malformedTag.T, []byte("p"), []byte("invalid-hex-string"))
|
|
*ev.Tags = append(*ev.Tags, malformedTag)
|
|
return ev
|
|
}(),
|
|
authedUser: recipientPubkey,
|
|
shouldAllow: false,
|
|
description: "Malformed p tags should not cause crashes and should not grant access",
|
|
},
|
|
{
|
|
name: "empty p tag - should not crash",
|
|
event: func() *event.E {
|
|
ev := createTestEvent(
|
|
"event-id-2",
|
|
hex.Enc(authorPubkey),
|
|
"message with empty p tag",
|
|
kind.EncryptedDirectMessage.K,
|
|
)
|
|
// Add empty p tag
|
|
emptyTag := tag.New()
|
|
emptyTag.T = append(emptyTag.T, []byte("p"), []byte(""))
|
|
*ev.Tags = append(*ev.Tags, emptyTag)
|
|
return ev
|
|
}(),
|
|
authedUser: recipientPubkey,
|
|
shouldAllow: false,
|
|
description: "Empty p tags should not grant access",
|
|
},
|
|
{
|
|
name: "p tag with wrong length - should not match",
|
|
event: func() *event.E {
|
|
ev := createTestEvent(
|
|
"event-id-3",
|
|
hex.Enc(authorPubkey),
|
|
"message with wrong length p tag",
|
|
kind.EncryptedDirectMessage.K,
|
|
)
|
|
// Add p tag with wrong length (too short)
|
|
wrongLengthTag := tag.New()
|
|
wrongLengthTag.T = append(wrongLengthTag.T, []byte("p"), []byte("1234"))
|
|
*ev.Tags = append(*ev.Tags, wrongLengthTag)
|
|
return ev
|
|
}(),
|
|
authedUser: recipientPubkey,
|
|
shouldAllow: false,
|
|
description: "P tags with wrong length should not match",
|
|
},
|
|
{
|
|
name: "case sensitivity - hex should be case insensitive",
|
|
event: func() *event.E {
|
|
ev := createTestEvent(
|
|
"event-id-4",
|
|
hex.Enc(authorPubkey),
|
|
"message with mixed case p tag",
|
|
kind.EncryptedDirectMessage.K,
|
|
)
|
|
// Add p tag with mixed case hex
|
|
mixedCaseHex := hex.Enc(recipientPubkey)
|
|
// Convert some characters to uppercase
|
|
mixedCaseBytes := []byte(mixedCaseHex)
|
|
for i := 0; i < len(mixedCaseBytes); i += 2 {
|
|
if mixedCaseBytes[i] >= 'a' && mixedCaseBytes[i] <= 'f' {
|
|
mixedCaseBytes[i] = mixedCaseBytes[i] - 'a' + 'A'
|
|
}
|
|
}
|
|
mixedCaseTag := tag.New()
|
|
mixedCaseTag.T = append(mixedCaseTag.T, []byte("p"), mixedCaseBytes)
|
|
*ev.Tags = append(*ev.Tags, mixedCaseTag)
|
|
return ev
|
|
}(),
|
|
authedUser: recipientPubkey,
|
|
shouldAllow: true,
|
|
description: "Hex encoding should be case insensitive",
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
// Test filtering
|
|
events := event.S{tt.event}
|
|
filtered := testPrivilegedEventFiltering(events, tt.authedUser, "managed", "read")
|
|
|
|
// Check result
|
|
if tt.shouldAllow {
|
|
if len(filtered) != 1 {
|
|
t.Errorf("%s: Expected event to be allowed, but it was filtered out. %s", tt.name, tt.description)
|
|
}
|
|
} else {
|
|
if len(filtered) != 0 {
|
|
t.Errorf("%s: Expected event to be filtered out, but it was allowed. %s", tt.name, tt.description)
|
|
}
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestPrivilegedEventPolicyIntegration(t *testing.T) {
|
|
// Test that the policy system also correctly handles privileged events
|
|
// This tests the policy.go implementation
|
|
|
|
authorPubkey := []byte("author-pubkey-12345")
|
|
recipientPubkey := []byte("recipient-pubkey-67")
|
|
unauthorizedPubkey := []byte("unauthorized-pubkey")
|
|
|
|
tests := []struct {
|
|
name string
|
|
event *event.E
|
|
loggedInPubkey []byte
|
|
privileged bool
|
|
shouldAllow bool
|
|
description string
|
|
}{
|
|
{
|
|
name: "policy privileged - author can access own event",
|
|
event: createTestEvent(
|
|
"event-id-1",
|
|
hex.Enc(authorPubkey),
|
|
"private message",
|
|
kind.EncryptedDirectMessage.K,
|
|
),
|
|
loggedInPubkey: authorPubkey,
|
|
privileged: true,
|
|
shouldAllow: true,
|
|
description: "Policy should allow author to access their own privileged event",
|
|
},
|
|
{
|
|
name: "policy privileged - recipient in p tag can access",
|
|
event: createTestEvent(
|
|
"event-id-2",
|
|
hex.Enc(authorPubkey),
|
|
"private message to recipient",
|
|
kind.EncryptedDirectMessage.K,
|
|
createPTag(hex.Enc(recipientPubkey)),
|
|
),
|
|
loggedInPubkey: recipientPubkey,
|
|
privileged: true,
|
|
shouldAllow: true,
|
|
description: "Policy should allow recipient in p tag to access privileged event",
|
|
},
|
|
{
|
|
name: "policy privileged - unauthorized user denied",
|
|
event: createTestEvent(
|
|
"event-id-3",
|
|
hex.Enc(authorPubkey),
|
|
"private message",
|
|
kind.EncryptedDirectMessage.K,
|
|
createPTag(hex.Enc(recipientPubkey)),
|
|
),
|
|
loggedInPubkey: unauthorizedPubkey,
|
|
privileged: true,
|
|
shouldAllow: false,
|
|
description: "Policy should deny unauthorized user access to privileged event",
|
|
},
|
|
{
|
|
name: "policy privileged - unauthenticated user denied",
|
|
event: createTestEvent(
|
|
"event-id-4",
|
|
hex.Enc(authorPubkey),
|
|
"private message",
|
|
kind.EncryptedDirectMessage.K,
|
|
),
|
|
loggedInPubkey: nil,
|
|
privileged: true,
|
|
shouldAllow: false,
|
|
description: "Policy should deny unauthenticated user access to privileged event",
|
|
},
|
|
{
|
|
name: "policy non-privileged - anyone can access",
|
|
event: createTestEvent(
|
|
"event-id-5",
|
|
hex.Enc(authorPubkey),
|
|
"public message",
|
|
kind.TextNote.K,
|
|
),
|
|
loggedInPubkey: unauthorizedPubkey,
|
|
privileged: false,
|
|
shouldAllow: true,
|
|
description: "Policy should allow access to non-privileged events",
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
// Import the policy package to test the checkRulePolicy function
|
|
// We'll simulate the policy check by creating a rule with Privileged flag
|
|
|
|
// Note: This test would require importing the policy package and creating
|
|
// a proper policy instance. For now, we'll focus on the main filtering logic
|
|
// which we've already tested above.
|
|
|
|
// The policy implementation in pkg/policy/policy.go lines 424-443 looks correct
|
|
// and matches our expectations based on the existing tests in policy_test.go
|
|
|
|
t.Logf("Policy integration test: %s - %s", tt.name, tt.description)
|
|
})
|
|
}
|
|
}
|