Nostr relay with gRPC, HTTP/JSON, and WebSocket interfaces https://code.northwest.io/muxstr.git/atom?h=main 2026-02-15T05:50:10+00:00 2026-02-15T05:50:10+00:00 bndw ben@bdw.to 2026-02-15T05:50:10+00:00 urn:sha1:e647880669b79cd968231cf85dc037a18e8bfd9c Check X-Forwarded-For and X-Real-IP headers before peer info to correctly identify clients behind reverse proxies. Previously, rate limiting would apply globally when behind Caddy/nginx because all requests appeared to come from the proxy's IP address. This fix is critical for production deployments behind reverse proxies. 2026-02-14T16:58:57+00:00 bndw ben@bdw.to 2026-02-14T16:58:57+00:00 urn:sha1:f0169fa1f9d2e2a5d1c292b9080da10ef0878953 Add comprehensive rate limiting package that works seamlessly with NIP-98 authentication. Features: - Token bucket algorithm (allows bursts, smooth average rate) - Per-pubkey limits for authenticated users - Per-IP limits for unauthenticated users (fallback) - Method-specific overrides (e.g., stricter for PublishEvent) - Per-user custom limits (VIP/admin tiers) - Standard gRPC interceptors (chain after auth) - Automatic cleanup of idle limiters - Statistics tracking (allowed/denied/denial rate) Configuration options: - Default rate limits and burst sizes - Method-specific overrides - User-specific overrides (with method overrides) - Skip methods (health checks, public endpoints) - Skip users (admins, monitoring) - Configurable cleanup intervals Performance: - In-memory (200 bytes per user) - O(1) lookups with sync.RWMutex - ~85ns per rate limit check - Periodic cleanup to free memory Returns gRPC ResourceExhausted (HTTP 429) when limits exceeded. Includes comprehensive tests, benchmarks, and detailed README with usage examples, configuration reference, and security considerations.