commit fe66f19e8e8887dfa4ec79b5fac42a2726747323
parent 2df1abc31e36816cfbbe7a1a3e8fa6d4950c94a8
Author: triesap <tyson@radroots.org>
Date: Sat, 6 Jun 2026 02:14:56 -0700
policy: require authenticated writes
Diffstat:
1 file changed, 28 insertions(+), 0 deletions(-)
diff --git a/crates/tangle/tests/run_integration.rs b/crates/tangle/tests/run_integration.rs
@@ -67,6 +67,27 @@ async fn tangle_run_serves_relay_clients_and_persists_surreal_state() {
.expect("subscribe");
assert_eq!(next_label(&mut subscriber).await, "EOSE");
+ let (mut unauthenticated, _) = connect_async(format!("ws://127.0.0.1:{port}/ws"))
+ .await
+ .expect("unauthenticated connect");
+ assert_eq!(next_label(&mut unauthenticated).await, "AUTH");
+ unauthenticated
+ .send(Message::Text(
+ serde_json::json!(["EVENT", event_to_value(&listing)])
+ .to_string()
+ .into(),
+ ))
+ .await
+ .expect("unauthenticated event send");
+ let unauthenticated_rejection = next_json(&mut unauthenticated).await;
+ assert_ok(&unauthenticated_rejection, false);
+ assert!(
+ unauthenticated_rejection[3]
+ .as_str()
+ .expect("rejection message")
+ .contains("write authentication required")
+ );
+
let (mut publisher, _) = connect_async(format!("ws://127.0.0.1:{port}/ws"))
.await
.expect("publisher connect");
@@ -150,6 +171,13 @@ async fn tangle_run_serves_relay_clients_and_persists_surreal_state() {
);
assert!(
store
+ .raw_event_row(auth.id())
+ .await
+ .expect("auth raw row")
+ .is_none()
+ );
+ assert!(
+ store
.listing_current_row(&listing_key)
.await
.expect("listing row")
