From f658ef072394ff9fd28244ad475859c210e8ec16 Mon Sep 17 00:00:00 2001 From: bndw Date: Sun, 15 Feb 2026 10:31:06 -0800 Subject: feat: track authorized (authenticated + successful) requests Add 'authorized' status for requests that complete successfully after authentication. This complements the existing 'unauthenticated' (pre-auth) status tracking. Now the dashboard shows: - Authorized: Authenticated requests that succeeded - Unauthorized: Authenticated requests rejected (not in allowlist) - Pre-Auth: Requests sent before authentication This gives full visibility into the auth flow: 1. Challenges: How many clients authenticated 2. Authorized: How many authenticated requests succeeded 3. Unauthorized: How many were rejected despite valid auth 4. Pre-Auth: How many tried before authenticating Updated metrics: - requests_total{status="authorized"} - authenticated successes - requests_total{status="ok"} - unauthenticated successes (when no auth) --- internal/handler/websocket/handler_test.go | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'internal/handler/websocket/handler_test.go') diff --git a/internal/handler/websocket/handler_test.go b/internal/handler/websocket/handler_test.go index 10405b2..604a190 100644 --- a/internal/handler/websocket/handler_test.go +++ b/internal/handler/websocket/handler_test.go @@ -305,6 +305,13 @@ func TestAuthRequired(t *testing.T) { t.Errorf("Expected OK true after auth, got false: %v", msg3[3]) } t.Logf("Publish succeeded after auth") + + // Verify authorized requests are tracked in metrics + authorizedCount := ts.metrics.getRequestCount("EVENT", "authorized") + if authorizedCount == 0 { + t.Errorf("Expected authorized requests to be tracked in metrics, got 0") + } + t.Logf("Metrics: %d authorized requests tracked", authorizedCount) } // TestAuthNotInAllowlist verifies that pubkeys not in allowlist are rejected -- cgit v1.2.3