244 lines
7.4 KiB
Go
244 lines
7.4 KiB
Go
package policy
|
|
|
|
import (
|
|
"encoding/json"
|
|
"testing"
|
|
|
|
"git.mleku.dev/mleku/nostr/encoders/hex"
|
|
)
|
|
|
|
// TestPrivilegedOnlyBug tests the reported bug where privileged flag
|
|
// doesn't work when read_allow is missing
|
|
func TestPrivilegedOnlyBug(t *testing.T) {
|
|
aliceSigner, alicePubkey := generateTestKeypair(t)
|
|
_, bobPubkey := generateTestKeypair(t)
|
|
_, charliePubkey := generateTestKeypair(t)
|
|
|
|
// Create policy with ONLY privileged, no read_allow
|
|
policyJSON := map[string]interface{}{
|
|
"rules": map[string]interface{}{
|
|
"4": map[string]interface{}{
|
|
"description": "DM - privileged only",
|
|
"privileged": true,
|
|
},
|
|
},
|
|
}
|
|
|
|
policyBytes, err := json.Marshal(policyJSON)
|
|
if err != nil {
|
|
t.Fatalf("Failed to marshal policy: %v", err)
|
|
}
|
|
t.Logf("Policy JSON: %s", policyBytes)
|
|
|
|
policy, err := New(policyBytes)
|
|
if err != nil {
|
|
t.Fatalf("Failed to create policy: %v", err)
|
|
}
|
|
|
|
// Verify the rule was loaded correctly
|
|
rule, hasRule := policy.rules[4]
|
|
if !hasRule {
|
|
t.Fatal("Rule for kind 4 was not loaded")
|
|
}
|
|
t.Logf("Loaded rule: %+v", rule)
|
|
t.Logf("Privileged flag: %v", rule.Privileged)
|
|
t.Logf("ReadAllow: %v", rule.ReadAllow)
|
|
t.Logf("readAllowBin: %v", rule.readAllowBin)
|
|
|
|
if !rule.Privileged {
|
|
t.Fatal("BUG: Privileged flag was not set to true!")
|
|
}
|
|
|
|
// Create a kind 4 (DM) event from Alice to Bob
|
|
ev := createTestEvent(t, aliceSigner, "Secret message from Alice to Bob", 4)
|
|
addPTag(ev, bobPubkey) // Bob is recipient
|
|
|
|
t.Logf("Event author: %s", hex.Enc(ev.Pubkey))
|
|
t.Logf("Event p-tags: %v", ev.Tags.GetAll([]byte("p")))
|
|
|
|
// Test 1: Alice (author) should be able to read
|
|
t.Run("alice_author_can_read", func(t *testing.T) {
|
|
allowed, err := policy.CheckPolicy("read", ev, alicePubkey, "127.0.0.1")
|
|
if err != nil {
|
|
t.Fatalf("Unexpected error: %v", err)
|
|
}
|
|
if !allowed {
|
|
t.Error("BUG! Author should be able to read their own privileged event")
|
|
}
|
|
})
|
|
|
|
// Test 2: Bob (in p-tag) should be able to read
|
|
t.Run("bob_recipient_can_read", func(t *testing.T) {
|
|
allowed, err := policy.CheckPolicy("read", ev, bobPubkey, "127.0.0.1")
|
|
if err != nil {
|
|
t.Fatalf("Unexpected error: %v", err)
|
|
}
|
|
if !allowed {
|
|
t.Error("BUG! Recipient (in p-tag) should be able to read privileged event")
|
|
}
|
|
})
|
|
|
|
// Test 3: Charlie (third party) should NOT be able to read
|
|
t.Run("charlie_third_party_denied", func(t *testing.T) {
|
|
allowed, err := policy.CheckPolicy("read", ev, charliePubkey, "127.0.0.1")
|
|
if err != nil {
|
|
t.Fatalf("Unexpected error: %v", err)
|
|
}
|
|
if allowed {
|
|
t.Error("BUG! Third party should NOT be able to read privileged event")
|
|
}
|
|
})
|
|
|
|
// Test 4: Unauthenticated user should NOT be able to read
|
|
t.Run("unauthenticated_denied", func(t *testing.T) {
|
|
allowed, err := policy.CheckPolicy("read", ev, nil, "127.0.0.1")
|
|
if err != nil {
|
|
t.Fatalf("Unexpected error: %v", err)
|
|
}
|
|
if allowed {
|
|
t.Error("BUG! Unauthenticated user should NOT be able to read privileged event")
|
|
}
|
|
})
|
|
}
|
|
|
|
// TestPrivilegedWithReadAllowBug tests the scenario where read_allow is present
|
|
// and checks if the OR logic works correctly
|
|
func TestPrivilegedWithReadAllowBug(t *testing.T) {
|
|
aliceSigner, alicePubkey := generateTestKeypair(t)
|
|
_, bobPubkey := generateTestKeypair(t)
|
|
_, charliePubkey := generateTestKeypair(t)
|
|
_, davePubkey := generateTestKeypair(t)
|
|
|
|
// Create policy with privileged AND read_allow
|
|
// Expected: OR logic - user can read if in read_allow OR party to event
|
|
policyJSON := map[string]interface{}{
|
|
"rules": map[string]interface{}{
|
|
"4": map[string]interface{}{
|
|
"description": "DM - privileged with read_allow",
|
|
"privileged": true,
|
|
"read_allow": []string{hex.Enc(davePubkey)}, // Dave is in read_allow
|
|
},
|
|
},
|
|
}
|
|
|
|
policyBytes, err := json.Marshal(policyJSON)
|
|
if err != nil {
|
|
t.Fatalf("Failed to marshal policy: %v", err)
|
|
}
|
|
t.Logf("Policy JSON: %s", policyBytes)
|
|
|
|
policy, err := New(policyBytes)
|
|
if err != nil {
|
|
t.Fatalf("Failed to create policy: %v", err)
|
|
}
|
|
|
|
// Create a kind 4 (DM) event from Alice to Bob (Dave is NOT in p-tag)
|
|
ev := createTestEvent(t, aliceSigner, "Secret message from Alice to Bob", 4)
|
|
addPTag(ev, bobPubkey) // Bob is recipient, Dave is NOT in p-tag
|
|
|
|
t.Logf("Event author: %s", hex.Enc(ev.Pubkey))
|
|
t.Logf("Event p-tags: %v", ev.Tags.GetAll([]byte("p")))
|
|
t.Logf("Dave (in read_allow, NOT in p-tag): %s", hex.Enc(davePubkey))
|
|
|
|
// Test 1: Alice (author, party) should be able to read via privileged
|
|
t.Run("alice_party_can_read", func(t *testing.T) {
|
|
allowed, err := policy.CheckPolicy("read", ev, alicePubkey, "127.0.0.1")
|
|
if err != nil {
|
|
t.Fatalf("Unexpected error: %v", err)
|
|
}
|
|
if !allowed {
|
|
t.Error("BUG! Author should be able to read (privileged)")
|
|
}
|
|
})
|
|
|
|
// Test 2: Bob (in p-tag, party) should be able to read via privileged
|
|
t.Run("bob_party_can_read", func(t *testing.T) {
|
|
allowed, err := policy.CheckPolicy("read", ev, bobPubkey, "127.0.0.1")
|
|
if err != nil {
|
|
t.Fatalf("Unexpected error: %v", err)
|
|
}
|
|
if !allowed {
|
|
t.Error("BUG! Recipient (in p-tag) should be able to read (privileged)")
|
|
}
|
|
})
|
|
|
|
// Test 3: Dave (in read_allow, NOT party) should be able to read via OR logic
|
|
t.Run("dave_read_allow_can_read", func(t *testing.T) {
|
|
allowed, err := policy.CheckPolicy("read", ev, davePubkey, "127.0.0.1")
|
|
if err != nil {
|
|
t.Fatalf("Unexpected error: %v", err)
|
|
}
|
|
if !allowed {
|
|
t.Error("BUG! User in read_allow should be able to read (OR logic)")
|
|
}
|
|
})
|
|
|
|
// Test 4: Charlie (NOT in read_allow, NOT party) should NOT be able to read
|
|
t.Run("charlie_denied", func(t *testing.T) {
|
|
allowed, err := policy.CheckPolicy("read", ev, charliePubkey, "127.0.0.1")
|
|
if err != nil {
|
|
t.Fatalf("Unexpected error: %v", err)
|
|
}
|
|
if allowed {
|
|
t.Error("BUG! Third party should NOT be able to read")
|
|
}
|
|
})
|
|
}
|
|
|
|
// TestNoReadAllowNoPrivileged tests what happens when a rule has neither
|
|
// read_allow nor privileged - should default to allow
|
|
func TestNoReadAllowNoPrivileged(t *testing.T) {
|
|
aliceSigner, _ := generateTestKeypair(t)
|
|
_, charliePubkey := generateTestKeypair(t)
|
|
|
|
// Create policy with a rule that has no read_allow and no privileged
|
|
policyJSON := map[string]interface{}{
|
|
"default_policy": "allow",
|
|
"rules": map[string]interface{}{
|
|
"1": map[string]interface{}{
|
|
"description": "Regular text note - no restrictions",
|
|
},
|
|
},
|
|
}
|
|
|
|
policyBytes, err := json.Marshal(policyJSON)
|
|
if err != nil {
|
|
t.Fatalf("Failed to marshal policy: %v", err)
|
|
}
|
|
t.Logf("Policy JSON: %s", policyBytes)
|
|
|
|
policy, err := New(policyBytes)
|
|
if err != nil {
|
|
t.Fatalf("Failed to create policy: %v", err)
|
|
}
|
|
|
|
// Check that privileged is false for this rule
|
|
rule := policy.rules[1]
|
|
t.Logf("Privileged: %v, ReadAllow: %v", rule.Privileged, rule.ReadAllow)
|
|
|
|
// Create a kind 1 event
|
|
ev := createTestEvent(t, aliceSigner, "Hello world", 1)
|
|
|
|
// Test: Third party should be able to read (no restrictions)
|
|
t.Run("charlie_can_read_unrestricted", func(t *testing.T) {
|
|
allowed, err := policy.CheckPolicy("read", ev, charliePubkey, "127.0.0.1")
|
|
if err != nil {
|
|
t.Fatalf("Unexpected error: %v", err)
|
|
}
|
|
if !allowed {
|
|
t.Error("Third party should be able to read unrestricted events")
|
|
}
|
|
})
|
|
|
|
// Test: Unauthenticated should also be able to read
|
|
t.Run("unauthenticated_can_read_unrestricted", func(t *testing.T) {
|
|
allowed, err := policy.CheckPolicy("read", ev, nil, "127.0.0.1")
|
|
if err != nil {
|
|
t.Fatalf("Unexpected error: %v", err)
|
|
}
|
|
if !allowed {
|
|
t.Error("Unauthenticated user should be able to read unrestricted events")
|
|
}
|
|
})
|
|
}
|