From f658ef072394ff9fd28244ad475859c210e8ec16 Mon Sep 17 00:00:00 2001 From: bndw Date: Sun, 15 Feb 2026 10:31:06 -0800 Subject: feat: track authorized (authenticated + successful) requests Add 'authorized' status for requests that complete successfully after authentication. This complements the existing 'unauthenticated' (pre-auth) status tracking. Now the dashboard shows: - Authorized: Authenticated requests that succeeded - Unauthorized: Authenticated requests rejected (not in allowlist) - Pre-Auth: Requests sent before authentication This gives full visibility into the auth flow: 1. Challenges: How many clients authenticated 2. Authorized: How many authenticated requests succeeded 3. Unauthorized: How many were rejected despite valid auth 4. Pre-Auth: How many tried before authenticating Updated metrics: - requests_total{status="authorized"} - authenticated successes - requests_total{status="ok"} - unauthenticated successes (when no auth) --- internal/handler/websocket/handler.go | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'internal/handler/websocket/handler.go') diff --git a/internal/handler/websocket/handler.go b/internal/handler/websocket/handler.go index dfe7b9e..909e2ec 100644 --- a/internal/handler/websocket/handler.go +++ b/internal/handler/websocket/handler.go @@ -348,7 +348,12 @@ func (h *Handler) handleEvent(ctx context.Context, conn *websocket.Conn, raw []j h.subs.MatchAndFan(pbEvent) - status = "ok" + // Track whether request was authenticated for metrics + if state.authenticatedPubkey != "" { + status = "authorized" + } else { + status = "ok" + } h.sendOK(ctx, conn, event.ID, true, "") return nil } @@ -448,7 +453,12 @@ func (h *Handler) handleReq(ctx context.Context, conn *websocket.Conn, raw []jso go h.streamEvents(ctx, conn, sub) - status = "ok" + // Track whether request was authenticated for metrics + if state.authenticatedPubkey != "" { + status = "authorized" + } else { + status = "ok" + } return nil } -- cgit v1.2.3