feat: track auth rejections with specific 'unauthorized' status

Auth failures (pubkey not in allowlist) are now tracked with status 'unauthorized' instead of generic 'error' in metrics. This allows monitoring of auth rejections separately from other errors. Metrics will now show: - muxstr_relay_requests_total{status="unauthorized"} - auth failures - muxstr_relay_requests_total{status="unauthenticated"} - no auth yet - muxstr_relay_requests_total{status="error"} - other errors - muxstr_relay_requests_total{status="rate_limited"} - rate limited - muxstr_relay_requests_total{status="ok"} - success Added test assertion to verify metrics tracking.
author: bndw <ben@bdw.to> 2026-02-15 10:22:32 -0800
committer: bndw <ben@bdw.to> 2026-02-15 10:22:32 -0800
commit: e26729f658739b368073b558eb909af137609dfa (patch)
tree: 3e574bf390235d16af78d1c902d1c349f4400ca8 /internal/handler/websocket/handler.go
parent: 16a38f97183e4cbaf95c510c85d61f5a45873f4b (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/internal/handler/websocket/handler.go b/internal/handler/websocket/handler.go
index a23dd60..de71926 100644
--- a/internal/handler/websocket/handler.go
+++ b/internal/handler/websocket/handler.go
@@ -265,7 +265,7 @@ func (h *Handler) handleEvent(ctx context.Context, conn *websocket.Conn, raw []j
        }
        if err := h.requireAuth(ctx, conn, true, state); err != nil {
-                status = "error"
+                status = "unauthorized"
                h.sendOK(ctx, conn, event.ID, false, err.Error())
                return nil
        }
@@ -371,7 +371,7 @@ func (h *Handler) handleReq(ctx context.Context, conn *websocket.Conn, raw []jso
        }
        if err := h.requireAuth(ctx, conn, false, state); err != nil {
-                status = "error"
+                status = "unauthorized"
                return err
        }
author	bndw <ben@bdw.to>	2026-02-15 10:22:32 -0800
committer	bndw <ben@bdw.to>	2026-02-15 10:22:32 -0800
commit	e26729f658739b368073b558eb909af137609dfa (patch)
tree	3e574bf390235d16af78d1c902d1c349f4400ca8 /internal/handler/websocket/handler.go
parent	16a38f97183e4cbaf95c510c85d61f5a45873f4b (diff)

diff --git a/internal/handler/websocket/handler.go b/internal/handler/websocket/handler.go index a23dd60..de71926 100644 --- a/internal/handler/websocket/handler.go +++ b/internal/handler/websocket/handler.go
@@ -265,7 +265,7 @@ func (h Handler) handleEvent(ctx context.Context, conn websocket.Conn, raw []j
265	}	265	}
266		266
267	if err := h.requireAuth(ctx, conn, true, state); err != nil {	267	if err := h.requireAuth(ctx, conn, true, state); err != nil {
268	status = "error"	268	status = "unauthorized"
269	h.sendOK(ctx, conn, event.ID, false, err.Error())	269	h.sendOK(ctx, conn, event.ID, false, err.Error())
270	return nil	270	return nil
271	}	271	}
@@ -371,7 +371,7 @@ func (h Handler) handleReq(ctx context.Context, conn websocket.Conn, raw []jso
371	}	371	}
372		372
373	if err := h.requireAuth(ctx, conn, false, state); err != nil {	373	if err := h.requireAuth(ctx, conn, false, state); err != nil {
374	status = "error"	374	status = "unauthorized"
375	return err	375	return err
376	}	376	}
377		377