refactor: restructure auth config for better UX

Changed from flat structure to hierarchical read/write config:

Before:
  auth:
    enabled: bool
    required: bool
    allowed_npubs_read: []
    allowed_npubs_write: []

After:
  auth:
    read:
      enabled: bool
      allowed_npubs: []
    write:
      enabled: bool
      allowed_npubs: []

Three states per operation:
- enabled=false: no auth, allow all
- enabled=true, allowed_npubs=[]: auth required, any valid signature
- enabled=true, allowed_npubs=[...]: auth required, whitelist only

Much clearer semantics and easier to reason about.

1 files changed, 8 insertions, 1 deletions

diff --git a/internal/auth/auth_test.go b/internal/auth/auth_test.go
index d5f3257..bcbb4a3 100644
--- a/internal/auth/auth_test.go
+++ b/internal/auth/auth_test.go
@@ -243,8 +243,15 @@ func TestValidateAuthFromContext(t *testing.T) {
         ctx := metadata.NewIncomingContext(context.Background(), md)
 
         opts := &InterceptorOptions{
+                Read: OperationAuthConfig{
+                        Enabled:      true,
+                        AllowedNpubs: nil,
+                },
+                Write: OperationAuthConfig{
+                        Enabled:      true,
+                        AllowedNpubs: nil,
+                },
                 TimestampWindow: 60,
-                Required:        true,
         }
 
         pubkey, err := validateAuthFromContext(ctx, "/test.Service/Method", opts)