summaryrefslogtreecommitdiffstats
path: root/internal/auth/auth_test.go
diff options
context:
space:
mode:
authorbndw <ben@bdw.to>2026-02-14 10:11:16 -0800
committerbndw <ben@bdw.to>2026-02-14 10:11:16 -0800
commit606e0a3329a3534a00889eee19c25e7d432f7d2d (patch)
tree526b1419eaa6b9b91126adbfa5990ec47f5d3a07 /internal/auth/auth_test.go
parenta90009e6b887a8a7ca67f49566af2caffb807776 (diff)
refactor: restructure auth config for better UX
Changed from flat structure to hierarchical read/write config: Before: auth: enabled: bool required: bool allowed_npubs_read: [] allowed_npubs_write: [] After: auth: read: enabled: bool allowed_npubs: [] write: enabled: bool allowed_npubs: [] Three states per operation: - enabled=false: no auth, allow all - enabled=true, allowed_npubs=[]: auth required, any valid signature - enabled=true, allowed_npubs=[...]: auth required, whitelist only Much clearer semantics and easier to reason about.
Diffstat (limited to 'internal/auth/auth_test.go')
-rw-r--r--internal/auth/auth_test.go9
1 files changed, 8 insertions, 1 deletions
diff --git a/internal/auth/auth_test.go b/internal/auth/auth_test.go
index d5f3257..bcbb4a3 100644
--- a/internal/auth/auth_test.go
+++ b/internal/auth/auth_test.go
@@ -243,8 +243,15 @@ func TestValidateAuthFromContext(t *testing.T) {
243 ctx := metadata.NewIncomingContext(context.Background(), md) 243 ctx := metadata.NewIncomingContext(context.Background(), md)
244 244
245 opts := &InterceptorOptions{ 245 opts := &InterceptorOptions{
246 Read: OperationAuthConfig{
247 Enabled: true,
248 AllowedNpubs: nil,
249 },
250 Write: OperationAuthConfig{
251 Enabled: true,
252 AllowedNpubs: nil,
253 },
246 TimestampWindow: 60, 254 TimestampWindow: 60,
247 Required: true,
248 } 255 }
249 256
250 pubkey, err := validateAuthFromContext(ctx, "/test.Service/Method", opts) 257 pubkey, err := validateAuthFromContext(ctx, "/test.Service/Method", opts)