muxstr.git/internal/config, branch main

muxstr.git/internal/config, branch main Nostr relay with gRPC, HTTP/JSON, and WebSocket interfaces https://code.northwest.io/muxstr.git/atom?h=main 2026-03-08T02:34:25+00:00 Make allowed event kinds configurable 2026-03-08T02:34:25+00:00 bndw ben@bdw.to 2026-03-08T02:34:25+00:00 urn:sha1:4522797a0cf378cc44485ed77a01dee9643b6ebe Replaces hardcoded kind allowlist in isAllowedKind with a configurable allowed_kinds list in relay config. Empty list allows all kinds. Default matches previous hardcoded list. Wired through SetAllowedKinds on the handler. NIP-11: make relay info configurable 2026-02-22T22:08:54+00:00 Clawd ai@clawd.bot 2026-02-22T22:08:54+00:00 urn:sha1:5195d8031b7930069ba5441a6cd1e7a59c21c546 - Add relay config section (name, description, pubkey, contact, icon) - Wire config to NIP-11 handler - AuthRequired/RestrictedWrites now reflect actual auth config - Add NIP-42 to supported_nips list - Update example config refactor: migrate nostr dependency to code.northwest.io 2026-02-16T20:04:20+00:00 bndw ben@bdw.to 2026-02-16T20:04:20+00:00 urn:sha1:02d6819ebfdc5b18d65c83c4077a040466960bac Updated all import references from northwest.io/nostr to code.northwest.io/nostr and removed the local replace directive from go.mod. The module is now resolved from the published repository. feat: integrate config system into relay main.go 2026-02-14T20:14:19+00:00 bndw ben@bdw.to 2026-02-14T20:14:19+00:00 urn:sha1:ea4f508f5ee91b370c6912cde26b1a432380d037 Add support for loading configuration from YAML file via -config flag. Wire up auth, rate limiting, and metrics interceptors based on config. Changes: - Add -config flag to relay command - Use config types directly in auth package (AuthOperationConfig) - Add conversion methods: RateLimitConfig.ToRateLimiter(), MetricsConfig.ToMetrics() - Add Metrics.Serve() method for prometheus HTTP endpoint - Update main.go to initialize interceptors from config - Fix type naming: OperationAuthConfig -> AuthOperationConfig for consistency Config now supports complete relay setup including auth read/write allowlists, rate limiting, and prometheus metrics. refactor: remove frivolous comments from auth validation/credentials 2026-02-14T20:03:21+00:00 bndw ben@bdw.to 2026-02-14T20:03:21+00:00 urn:sha1:4fc493e6d8cc20137f920f8647e39fc5051bb245 Also removed internal/nostr package - now using northwest.io/nostr library. refactor: remove frivolous comments from auth and config 2026-02-14T18:17:54+00:00 bndw ben@bdw.to 2026-02-14T18:17:54+00:00 urn:sha1:702fa6c37b9f74e75404a0ea8e6f9023841143de Removed ~100 lines of obvious comments that just repeated what the code does. Kept only comments that add clarity or valuable detail. refactor: restructure auth config for better UX 2026-02-14T18:11:16+00:00 bndw ben@bdw.to 2026-02-14T18:11:16+00:00 urn:sha1:606e0a3329a3534a00889eee19c25e7d432f7d2d Changed from flat structure to hierarchical read/write config: Before: auth: enabled: bool required: bool allowed_npubs_read: [] allowed_npubs_write: [] After: auth: read: enabled: bool allowed_npubs: [] write: enabled: bool allowed_npubs: [] Three states per operation: - enabled=false: no auth, allow all - enabled=true, allowed_npubs=[]: auth required, any valid signature - enabled=true, allowed_npubs=[...]: auth required, whitelist only Much clearer semantics and easier to reason about. feat: add separate read/write allowlists for granular access control 2026-02-14T18:02:52+00:00 bndw ben@bdw.to 2026-02-14T18:02:52+00:00 urn:sha1:5d21632ea70e1c7de7becb7ab6227b06b1535a83 - Split allowed_npubs into allowed_npubs_read and allowed_npubs_write - Write operations: Publish, Delete, Create, Update, Insert, Remove, Set, Put - Read operations: everything else (Query, Subscribe, Get, List, etc.) - Auth interceptor checks appropriate list based on method type - Enables common patterns: - Public relay: only some can write, everyone can read - Private relay: restricted read and write - Open relay: everyone can read and write - Updated config, docs, and comprehensive tests Use cases: "only some can write, everyone can read" feat: rename allowed_pubkeys to allowed_npubs with normalization 2026-02-14T17:58:28+00:00 bndw ben@bdw.to 2026-02-14T17:58:28+00:00 urn:sha1:d30459513ec44ab298fafd1bfe0edc08d6ab62e4 - Config now accepts npub format only (human-readable) - Automatically converts npubs to hex pubkeys at load time - Updated InterceptorOptions.AllowedPubkeys -> AllowedNpubs - Added validation to reject hex format in config (npub only) - Updated documentation to clarify npub-only config - Added comprehensive tests for npub normalization Config is for humans (npub), internal code uses hex pubkeys. fix: optimize SQLite connection pooling for single-writer architecture 2026-02-14T17:44:55+00:00 bndw ben@bdw.to 2026-02-14T17:44:55+00:00 urn:sha1:fe3708eaf495613cc6e2340b821795f25811d6ed Remove misleading max_connections config option and properly configure SQLite connection pooling in the storage layer. Changes: - Set MaxOpenConns(1) for optimal SQLite performance - Set MaxIdleConns(1) to keep connection alive - Set ConnMaxLifetime(0) to never close connection - Remove max_connections and max_lifetime from DatabaseConfig - Update docs to clarify SQLite's single-writer architecture Rationale: SQLite is an embedded database with a single-writer lock. Multiple connections cause lock contention and reduce performance. WAL mode allows concurrent reads from the same connection, making connection pooling unnecessary and counterproductive. This change makes the configuration clearer and ensures optimal SQLite performance by using a single long-lived connection.