From d30459513ec44ab298fafd1bfe0edc08d6ab62e4 Mon Sep 17 00:00:00 2001 From: bndw Date: Sat, 14 Feb 2026 09:58:28 -0800 Subject: feat: rename allowed_pubkeys to allowed_npubs with normalization - Config now accepts npub format only (human-readable) - Automatically converts npubs to hex pubkeys at load time - Updated InterceptorOptions.AllowedPubkeys -> AllowedNpubs - Added validation to reject hex format in config (npub only) - Updated documentation to clarify npub-only config - Added comprehensive tests for npub normalization Config is for humans (npub), internal code uses hex pubkeys. --- internal/config/config_test.go | 97 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) (limited to 'internal/config/config_test.go') diff --git a/internal/config/config_test.go b/internal/config/config_test.go index e1df1aa..5fa159e 100644 --- a/internal/config/config_test.go +++ b/internal/config/config_test.go @@ -2,6 +2,7 @@ package config import ( "os" + "strings" "testing" "time" ) @@ -240,6 +241,102 @@ func TestSaveAndLoad(t *testing.T) { } } +func TestNpubNormalization(t *testing.T) { + // Create a test key to get a valid npub + tmpfile, err := os.CreateTemp("", "config-*.yaml") + if err != nil { + t.Fatal(err) + } + defer os.Remove(tmpfile.Name()) + + // Use a real npub for testing + configData := ` +server: + grpc_addr: ":50051" + http_addr: ":8080" + +database: + path: "test.db" + +auth: + enabled: true + allowed_npubs: + - npub180cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsyjh6w6 + - npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft +` + + if _, err := tmpfile.Write([]byte(configData)); err != nil { + t.Fatal(err) + } + tmpfile.Close() + + cfg, err := Load(tmpfile.Name()) + if err != nil { + t.Fatalf("failed to load config: %v", err) + } + + // Verify npubs were normalized to hex + if len(cfg.Auth.AllowedNpubs) != 2 { + t.Errorf("expected 2 allowed npubs, got %d", len(cfg.Auth.AllowedNpubs)) + } + + // Check that they're hex format (64 chars, not npub1...) + for i, pubkey := range cfg.Auth.AllowedNpubs { + if len(pubkey) != 64 { + t.Errorf("npub %d: expected 64 hex chars, got %d", i, len(pubkey)) + } + if pubkey[:5] == "npub1" { + t.Errorf("npub %d: should be normalized to hex, still in npub format", i) + } + } + + // Verify the actual hex values + expectedHex1 := "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d" + expectedHex2 := "fa984bd7dbb282f07e16e7ae87b26a2a7b9b90b7246a44771f0cf5ae58018f52" + + if cfg.Auth.AllowedNpubs[0] != expectedHex1 { + t.Errorf("npub 0: expected %s, got %s", expectedHex1, cfg.Auth.AllowedNpubs[0]) + } + if cfg.Auth.AllowedNpubs[1] != expectedHex2 { + t.Errorf("npub 1: expected %s, got %s", expectedHex2, cfg.Auth.AllowedNpubs[1]) + } +} + +func TestNpubValidation(t *testing.T) { + tmpfile, err := os.CreateTemp("", "config-*.yaml") + if err != nil { + t.Fatal(err) + } + defer os.Remove(tmpfile.Name()) + + // Invalid: hex format instead of npub + configData := ` +server: + grpc_addr: ":50051" + http_addr: ":8080" + +database: + path: "test.db" + +auth: + allowed_npubs: + - 3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d +` + + if _, err := tmpfile.Write([]byte(configData)); err != nil { + t.Fatal(err) + } + tmpfile.Close() + + _, err = Load(tmpfile.Name()) + if err == nil { + t.Error("expected error for hex format in allowed_npubs, got nil") + } + if err != nil && !strings.Contains(err.Error(), "must start with 'npub1'") { + t.Errorf("expected 'must start with npub1' error, got: %v", err) + } +} + func TestDurationParsing(t *testing.T) { // Create config with durations tmpfile, err := os.CreateTemp("", "config-*.yaml") -- cgit v1.2.3