diff options
| author | bndw <ben@bdw.to> | 2026-02-14 12:14:19 -0800 |
|---|---|---|
| committer | bndw <ben@bdw.to> | 2026-02-14 12:14:19 -0800 |
| commit | ea4f508f5ee91b370c6912cde26b1a432380d037 (patch) | |
| tree | 79081398bc0da1db76c28de6de04ed88a5e53bc3 /internal/auth/interceptor.go | |
| parent | 4fc493e6d8cc20137f920f8647e39fc5051bb245 (diff) | |
feat: integrate config system into relay main.go
Add support for loading configuration from YAML file via -config flag.
Wire up auth, rate limiting, and metrics interceptors based on config.
Changes:
- Add -config flag to relay command
- Use config types directly in auth package (AuthOperationConfig)
- Add conversion methods: RateLimitConfig.ToRateLimiter(), MetricsConfig.ToMetrics()
- Add Metrics.Serve() method for prometheus HTTP endpoint
- Update main.go to initialize interceptors from config
- Fix type naming: OperationAuthConfig -> AuthOperationConfig for consistency
Config now supports complete relay setup including auth read/write
allowlists, rate limiting, and prometheus metrics.
Diffstat (limited to 'internal/auth/interceptor.go')
| -rw-r--r-- | internal/auth/interceptor.go | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/internal/auth/interceptor.go b/internal/auth/interceptor.go index 42c2688..67450ce 100644 --- a/internal/auth/interceptor.go +++ b/internal/auth/interceptor.go | |||
| @@ -18,28 +18,25 @@ const ( | |||
| 18 | ) | 18 | ) |
| 19 | 19 | ||
| 20 | type InterceptorOptions struct { | 20 | type InterceptorOptions struct { |
| 21 | Read OperationAuthConfig | 21 | Read AuthOperationConfig |
| 22 | Write OperationAuthConfig | 22 | Write AuthOperationConfig |
| 23 | TimestampWindow int64 | 23 | TimestampWindow int64 |
| 24 | ValidatePayload bool | 24 | ValidatePayload bool |
| 25 | SkipMethods []string | 25 | SkipMethods []string |
| 26 | } | 26 | } |
| 27 | 27 | ||
| 28 | // OperationAuthConfig configures auth for read or write operations. | 28 | type AuthOperationConfig struct { |
| 29 | // Three states: disabled (allow all), enabled with empty list (require auth), | ||
| 30 | // enabled with npubs (whitelist only). Npubs normalized to hex at load time. | ||
| 31 | type OperationAuthConfig struct { | ||
| 32 | Enabled bool | 29 | Enabled bool |
| 33 | AllowedNpubs []string | 30 | AllowedNpubs []string |
| 34 | } | 31 | } |
| 35 | 32 | ||
| 36 | func DefaultInterceptorOptions() *InterceptorOptions { | 33 | func DefaultInterceptorOptions() *InterceptorOptions { |
| 37 | return &InterceptorOptions{ | 34 | return &InterceptorOptions{ |
| 38 | Read: OperationAuthConfig{ | 35 | Read: AuthOperationConfig{ |
| 39 | Enabled: false, | 36 | Enabled: false, |
| 40 | AllowedNpubs: nil, | 37 | AllowedNpubs: nil, |
| 41 | }, | 38 | }, |
| 42 | Write: OperationAuthConfig{ | 39 | Write: AuthOperationConfig{ |
| 43 | Enabled: false, | 40 | Enabled: false, |
| 44 | AllowedNpubs: nil, | 41 | AllowedNpubs: nil, |
| 45 | }, | 42 | }, |
| @@ -154,7 +151,7 @@ func validateAuthFromContext(ctx context.Context, method string, opts *Intercept | |||
| 154 | 151 | ||
| 155 | pubkey := ExtractPubkey(event) | 152 | pubkey := ExtractPubkey(event) |
| 156 | 153 | ||
| 157 | var opConfig OperationAuthConfig | 154 | var opConfig AuthOperationConfig |
| 158 | if isWriteMethod(method) { | 155 | if isWriteMethod(method) { |
| 159 | opConfig = opts.Write | 156 | opConfig = opts.Write |
| 160 | } else { | 157 | } else { |