mleku
24383ef1f4
Some checks failed
Go / build-and-release (push) Has been cancelled
Major refactoring of event handling into clean, testable domain services: - Add pkg/event/validation: JSON hex validation, signature verification, timestamp bounds, NIP-70 protected tag validation - Add pkg/event/authorization: Policy and ACL authorization decisions, auth challenge handling, access level determination - Add pkg/event/routing: Event router registry with ephemeral and delete handlers, kind-based dispatch - Add pkg/event/processing: Event persistence, delivery to subscribers, and post-save hooks (ACL reconfig, sync, relay groups) - Reduce handle-event.go from 783 to 296 lines (62% reduction) - Add comprehensive unit tests for all new domain services - Refactor database tests to use shared TestMain setup - Fix blossom URL test expectations (missing "/" separator) - Add go-memory-optimization skill and analysis documentation - Update DDD_ANALYSIS.md to reflect completed decomposition Files modified: - app/handle-event.go: Slim orchestrator using domain services - app/server.go: Service initialization and interface wrappers - app/handle-event-types.go: Shared types (OkHelper, result types) - pkg/event/validation/*: New validation service package - pkg/event/authorization/*: New authorization service package - pkg/event/routing/*: New routing service package - pkg/event/processing/*: New processing service package - pkg/database/*_test.go: Refactored to shared TestMain - pkg/blossom/http_test.go: Fixed URL format expectations 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
229 lines
6.1 KiB
Go
229 lines
6.1 KiB
Go
package validation
|
|
|
|
import (
|
|
"testing"
|
|
"time"
|
|
|
|
"git.mleku.dev/mleku/nostr/encoders/event"
|
|
"git.mleku.dev/mleku/nostr/encoders/tag"
|
|
"git.mleku.dev/mleku/nostr/interfaces/signer/p8k"
|
|
)
|
|
|
|
func TestNew(t *testing.T) {
|
|
s := New()
|
|
if s == nil {
|
|
t.Fatal("New() returned nil")
|
|
}
|
|
if s.cfg == nil {
|
|
t.Fatal("New() returned service with nil config")
|
|
}
|
|
if s.cfg.MaxFutureSeconds != 3600 {
|
|
t.Errorf("expected MaxFutureSeconds=3600, got %d", s.cfg.MaxFutureSeconds)
|
|
}
|
|
}
|
|
|
|
func TestNewWithConfig(t *testing.T) {
|
|
cfg := &Config{MaxFutureSeconds: 7200}
|
|
s := NewWithConfig(cfg)
|
|
if s.cfg.MaxFutureSeconds != 7200 {
|
|
t.Errorf("expected MaxFutureSeconds=7200, got %d", s.cfg.MaxFutureSeconds)
|
|
}
|
|
|
|
// Test nil config defaults
|
|
s = NewWithConfig(nil)
|
|
if s.cfg.MaxFutureSeconds != 3600 {
|
|
t.Errorf("expected default MaxFutureSeconds=3600, got %d", s.cfg.MaxFutureSeconds)
|
|
}
|
|
}
|
|
|
|
func TestResultConstructors(t *testing.T) {
|
|
// Test OK
|
|
r := OK()
|
|
if !r.Valid || r.Code != ReasonNone || r.Msg != "" {
|
|
t.Error("OK() should return Valid=true with no code/msg")
|
|
}
|
|
|
|
// Test Blocked
|
|
r = Blocked("test blocked")
|
|
if r.Valid || r.Code != ReasonBlocked || r.Msg != "test blocked" {
|
|
t.Error("Blocked() should return Valid=false with ReasonBlocked")
|
|
}
|
|
|
|
// Test Invalid
|
|
r = Invalid("test invalid")
|
|
if r.Valid || r.Code != ReasonInvalid || r.Msg != "test invalid" {
|
|
t.Error("Invalid() should return Valid=false with ReasonInvalid")
|
|
}
|
|
|
|
// Test Error
|
|
r = Error("test error")
|
|
if r.Valid || r.Code != ReasonError || r.Msg != "test error" {
|
|
t.Error("Error() should return Valid=false with ReasonError")
|
|
}
|
|
}
|
|
|
|
func TestValidateRawJSON_LowercaseHex(t *testing.T) {
|
|
s := New()
|
|
|
|
// Valid lowercase hex
|
|
validJSON := []byte(`["EVENT",{"id":"abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789","pubkey":"fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210","created_at":1234567890,"kind":1,"tags":[],"content":"test","sig":"abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789"}]`)
|
|
|
|
result := s.ValidateRawJSON(validJSON)
|
|
if !result.Valid {
|
|
t.Errorf("valid lowercase JSON should pass: %s", result.Msg)
|
|
}
|
|
|
|
// Invalid - uppercase in id
|
|
invalidID := []byte(`["EVENT",{"id":"ABCDEF0123456789abcdef0123456789abcdef0123456789abcdef0123456789","pubkey":"fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210","created_at":1234567890,"kind":1,"tags":[],"content":"test","sig":"abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789"}]`)
|
|
|
|
result = s.ValidateRawJSON(invalidID)
|
|
if result.Valid {
|
|
t.Error("uppercase in id should fail validation")
|
|
}
|
|
if result.Code != ReasonBlocked {
|
|
t.Error("uppercase hex should return ReasonBlocked")
|
|
}
|
|
}
|
|
|
|
func TestValidateEvent_ValidEvent(t *testing.T) {
|
|
s := New()
|
|
|
|
// Create and sign a valid event
|
|
sign := p8k.MustNew()
|
|
if err := sign.Generate(); err != nil {
|
|
t.Fatalf("failed to generate signer: %v", err)
|
|
}
|
|
|
|
ev := event.New()
|
|
ev.Kind = 1
|
|
ev.CreatedAt = time.Now().Unix()
|
|
ev.Content = []byte("test content")
|
|
ev.Tags = tag.NewS()
|
|
|
|
if err := ev.Sign(sign); err != nil {
|
|
t.Fatalf("failed to sign event: %v", err)
|
|
}
|
|
|
|
result := s.ValidateEvent(ev)
|
|
if !result.Valid {
|
|
t.Errorf("valid event should pass validation: %s", result.Msg)
|
|
}
|
|
}
|
|
|
|
func TestValidateEvent_InvalidID(t *testing.T) {
|
|
s := New()
|
|
|
|
// Create a valid event then corrupt the ID
|
|
sign := p8k.MustNew()
|
|
if err := sign.Generate(); err != nil {
|
|
t.Fatalf("failed to generate signer: %v", err)
|
|
}
|
|
|
|
ev := event.New()
|
|
ev.Kind = 1
|
|
ev.CreatedAt = time.Now().Unix()
|
|
ev.Content = []byte("test content")
|
|
ev.Tags = tag.NewS()
|
|
|
|
if err := ev.Sign(sign); err != nil {
|
|
t.Fatalf("failed to sign event: %v", err)
|
|
}
|
|
|
|
// Corrupt the ID
|
|
ev.ID[0] ^= 0xFF
|
|
|
|
result := s.ValidateEvent(ev)
|
|
if result.Valid {
|
|
t.Error("event with corrupted ID should fail validation")
|
|
}
|
|
if result.Code != ReasonInvalid {
|
|
t.Errorf("invalid ID should return ReasonInvalid, got %d", result.Code)
|
|
}
|
|
}
|
|
|
|
func TestValidateEvent_FutureTimestamp(t *testing.T) {
|
|
// Use short max future time for testing
|
|
s := NewWithConfig(&Config{MaxFutureSeconds: 10})
|
|
|
|
sign := p8k.MustNew()
|
|
if err := sign.Generate(); err != nil {
|
|
t.Fatalf("failed to generate signer: %v", err)
|
|
}
|
|
|
|
ev := event.New()
|
|
ev.Kind = 1
|
|
ev.CreatedAt = time.Now().Unix() + 3600 // 1 hour in future
|
|
ev.Content = []byte("test content")
|
|
ev.Tags = tag.NewS()
|
|
|
|
if err := ev.Sign(sign); err != nil {
|
|
t.Fatalf("failed to sign event: %v", err)
|
|
}
|
|
|
|
result := s.ValidateEvent(ev)
|
|
if result.Valid {
|
|
t.Error("event with future timestamp should fail validation")
|
|
}
|
|
if result.Code != ReasonInvalid {
|
|
t.Errorf("future timestamp should return ReasonInvalid, got %d", result.Code)
|
|
}
|
|
}
|
|
|
|
func TestValidateProtectedTag_NoTag(t *testing.T) {
|
|
s := New()
|
|
|
|
ev := event.New()
|
|
ev.Kind = 1
|
|
ev.Tags = tag.NewS()
|
|
|
|
result := s.ValidateProtectedTag(ev, []byte("somepubkey"))
|
|
if !result.Valid {
|
|
t.Error("event without protected tag should pass validation")
|
|
}
|
|
}
|
|
|
|
func TestValidateProtectedTag_MatchingPubkey(t *testing.T) {
|
|
s := New()
|
|
|
|
ev := event.New()
|
|
ev.Kind = 1
|
|
ev.Pubkey = make([]byte, 32)
|
|
for i := range ev.Pubkey {
|
|
ev.Pubkey[i] = byte(i)
|
|
}
|
|
ev.Tags = tag.NewS()
|
|
*ev.Tags = append(*ev.Tags, tag.NewFromAny("-"))
|
|
|
|
result := s.ValidateProtectedTag(ev, ev.Pubkey)
|
|
if !result.Valid {
|
|
t.Errorf("protected tag with matching pubkey should pass: %s", result.Msg)
|
|
}
|
|
}
|
|
|
|
func TestValidateProtectedTag_MismatchedPubkey(t *testing.T) {
|
|
s := New()
|
|
|
|
ev := event.New()
|
|
ev.Kind = 1
|
|
ev.Pubkey = make([]byte, 32)
|
|
for i := range ev.Pubkey {
|
|
ev.Pubkey[i] = byte(i)
|
|
}
|
|
ev.Tags = tag.NewS()
|
|
*ev.Tags = append(*ev.Tags, tag.NewFromAny("-"))
|
|
|
|
// Different pubkey for auth
|
|
differentPubkey := make([]byte, 32)
|
|
for i := range differentPubkey {
|
|
differentPubkey[i] = byte(i + 100)
|
|
}
|
|
|
|
result := s.ValidateProtectedTag(ev, differentPubkey)
|
|
if result.Valid {
|
|
t.Error("protected tag with different pubkey should fail validation")
|
|
}
|
|
if result.Code != ReasonBlocked {
|
|
t.Errorf("mismatched protected tag should return ReasonBlocked, got %d", result.Code)
|
|
}
|
|
}
|