|
|
Add comprehensive WebSocket handler integration tests that verify:
- NIP-42 authentication flow (auth required, challenge/response)
- Allowlist enforcement (reject unauthorized pubkeys)
- Rate limiting by IP address
- Rate limiting by authenticated pubkey
- No-auth mode works correctly
These tests use real WebSocket connections and would have caught
the AUTH timeout bug and other protocol issues.
Tests cover:
- TestAuthRequired: Verifies AUTH challenge sent, client authenticates, publish succeeds
- TestAuthNotInAllowlist: Verifies pubkeys not in allowlist are rejected
- TestRateLimitByIP: Verifies unauthenticated clients are rate limited by IP
- TestRateLimitByPubkey: Verifies authenticated clients are rate limited by pubkey
- TestNoAuthWhenDisabled: Verifies publishing works when auth is disabled
|
