Nostr relay with gRPC, HTTP/JSON, and WebSocket interfaces https://code.northwest.io/muxstr.git/atom?h=main 2026-02-16T20:04:20+00:00 2026-02-16T20:04:20+00:00 bndw ben@bdw.to 2026-02-16T20:04:20+00:00 urn:sha1:02d6819ebfdc5b18d65c83c4077a040466960bac Updated all import references from northwest.io/nostr to code.northwest.io/nostr and removed the local replace directive from go.mod. The module is now resolved from the published repository. 2026-02-15T18:19:39+00:00 bndw ben@bdw.to 2026-02-15T18:19:39+00:00 urn:sha1:16a38f97183e4cbaf95c510c85d61f5a45873f4b The AuthOperationConfig struct was missing YAML tags, causing the config loader to not properly parse allowed_npubs from YAML. This was causing TestNpubNormalization to fail with an index out of range panic because AllowedNpubs was always empty. 2026-02-14T20:14:19+00:00 bndw ben@bdw.to 2026-02-14T20:14:19+00:00 urn:sha1:ea4f508f5ee91b370c6912cde26b1a432380d037 Add support for loading configuration from YAML file via -config flag. Wire up auth, rate limiting, and metrics interceptors based on config. Changes: - Add -config flag to relay command - Use config types directly in auth package (AuthOperationConfig) - Add conversion methods: RateLimitConfig.ToRateLimiter(), MetricsConfig.ToMetrics() - Add Metrics.Serve() method for prometheus HTTP endpoint - Update main.go to initialize interceptors from config - Fix type naming: OperationAuthConfig -> AuthOperationConfig for consistency Config now supports complete relay setup including auth read/write allowlists, rate limiting, and prometheus metrics. 2026-02-14T20:03:21+00:00 bndw ben@bdw.to 2026-02-14T20:03:21+00:00 urn:sha1:4fc493e6d8cc20137f920f8647e39fc5051bb245 Also removed internal/nostr package - now using northwest.io/nostr library. 2026-02-14T18:17:54+00:00 bndw ben@bdw.to 2026-02-14T18:17:54+00:00 urn:sha1:702fa6c37b9f74e75404a0ea8e6f9023841143de Removed ~100 lines of obvious comments that just repeated what the code does. Kept only comments that add clarity or valuable detail. 2026-02-14T18:11:16+00:00 bndw ben@bdw.to 2026-02-14T18:11:16+00:00 urn:sha1:606e0a3329a3534a00889eee19c25e7d432f7d2d Changed from flat structure to hierarchical read/write config: Before: auth: enabled: bool required: bool allowed_npubs_read: [] allowed_npubs_write: [] After: auth: read: enabled: bool allowed_npubs: [] write: enabled: bool allowed_npubs: [] Three states per operation: - enabled=false: no auth, allow all - enabled=true, allowed_npubs=[]: auth required, any valid signature - enabled=true, allowed_npubs=[...]: auth required, whitelist only Much clearer semantics and easier to reason about. 2026-02-14T18:04:07+00:00 bndw ben@bdw.to 2026-02-14T18:04:07+00:00 urn:sha1:a90009e6b887a8a7ca67f49566af2caffb807776 Replace pattern-matching with explicit checks for PublishEvent/PublishBatch. API is small and well-defined - no need for extensible pattern matching. 2026-02-14T18:02:52+00:00 bndw ben@bdw.to 2026-02-14T18:02:52+00:00 urn:sha1:5d21632ea70e1c7de7becb7ab6227b06b1535a83 - Split allowed_npubs into allowed_npubs_read and allowed_npubs_write - Write operations: Publish, Delete, Create, Update, Insert, Remove, Set, Put - Read operations: everything else (Query, Subscribe, Get, List, etc.) - Auth interceptor checks appropriate list based on method type - Enables common patterns: - Public relay: only some can write, everyone can read - Private relay: restricted read and write - Open relay: everyone can read and write - Updated config, docs, and comprehensive tests Use cases: "only some can write, everyone can read" 2026-02-14T17:58:28+00:00 bndw ben@bdw.to 2026-02-14T17:58:28+00:00 urn:sha1:d30459513ec44ab298fafd1bfe0edc08d6ab62e4 - Config now accepts npub format only (human-readable) - Automatically converts npubs to hex pubkeys at load time - Updated InterceptorOptions.AllowedPubkeys -> AllowedNpubs - Added validation to reject hex format in config (npub only) - Updated documentation to clarify npub-only config - Added comprehensive tests for npub normalization Config is for humans (npub), internal code uses hex pubkeys. 2026-02-14T16:52:59+00:00 bndw ben@bdw.to 2026-02-14T16:52:59+00:00 urn:sha1:44aa0591b0eed7851e961ea17bd1c9601570ac24 Explain that the gRPC NIP-98 implementation is effectively NIP-42 for reads (same pattern: authenticate once, stream many events) and adds standardized relay access control for writes (beyond event.sig). Add comparison table showing functional equivalence for streaming reads and the additional benefits for write access control.