summaryrefslogtreecommitdiffstats
path: root/internal/auth/interceptor.go
diff options
context:
space:
mode:
authorbndw <ben@bdw.to>2026-02-14 12:14:19 -0800
committerbndw <ben@bdw.to>2026-02-14 12:14:19 -0800
commitea4f508f5ee91b370c6912cde26b1a432380d037 (patch)
tree79081398bc0da1db76c28de6de04ed88a5e53bc3 /internal/auth/interceptor.go
parent4fc493e6d8cc20137f920f8647e39fc5051bb245 (diff)
feat: integrate config system into relay main.go
Add support for loading configuration from YAML file via -config flag. Wire up auth, rate limiting, and metrics interceptors based on config. Changes: - Add -config flag to relay command - Use config types directly in auth package (AuthOperationConfig) - Add conversion methods: RateLimitConfig.ToRateLimiter(), MetricsConfig.ToMetrics() - Add Metrics.Serve() method for prometheus HTTP endpoint - Update main.go to initialize interceptors from config - Fix type naming: OperationAuthConfig -> AuthOperationConfig for consistency Config now supports complete relay setup including auth read/write allowlists, rate limiting, and prometheus metrics.
Diffstat (limited to 'internal/auth/interceptor.go')
-rw-r--r--internal/auth/interceptor.go15
1 files changed, 6 insertions, 9 deletions
diff --git a/internal/auth/interceptor.go b/internal/auth/interceptor.go
index 42c2688..67450ce 100644
--- a/internal/auth/interceptor.go
+++ b/internal/auth/interceptor.go
@@ -18,28 +18,25 @@ const (
18) 18)
19 19
20type InterceptorOptions struct { 20type InterceptorOptions struct {
21 Read OperationAuthConfig 21 Read AuthOperationConfig
22 Write OperationAuthConfig 22 Write AuthOperationConfig
23 TimestampWindow int64 23 TimestampWindow int64
24 ValidatePayload bool 24 ValidatePayload bool
25 SkipMethods []string 25 SkipMethods []string
26} 26}
27 27
28// OperationAuthConfig configures auth for read or write operations. 28type AuthOperationConfig struct {
29// Three states: disabled (allow all), enabled with empty list (require auth),
30// enabled with npubs (whitelist only). Npubs normalized to hex at load time.
31type OperationAuthConfig struct {
32 Enabled bool 29 Enabled bool
33 AllowedNpubs []string 30 AllowedNpubs []string
34} 31}
35 32
36func DefaultInterceptorOptions() *InterceptorOptions { 33func DefaultInterceptorOptions() *InterceptorOptions {
37 return &InterceptorOptions{ 34 return &InterceptorOptions{
38 Read: OperationAuthConfig{ 35 Read: AuthOperationConfig{
39 Enabled: false, 36 Enabled: false,
40 AllowedNpubs: nil, 37 AllowedNpubs: nil,
41 }, 38 },
42 Write: OperationAuthConfig{ 39 Write: AuthOperationConfig{
43 Enabled: false, 40 Enabled: false,
44 AllowedNpubs: nil, 41 AllowedNpubs: nil,
45 }, 42 },
@@ -154,7 +151,7 @@ func validateAuthFromContext(ctx context.Context, method string, opts *Intercept
154 151
155 pubkey := ExtractPubkey(event) 152 pubkey := ExtractPubkey(event)
156 153
157 var opConfig OperationAuthConfig 154 var opConfig AuthOperationConfig
158 if isWriteMethod(method) { 155 if isWriteMethod(method) {
159 opConfig = opts.Write 156 opConfig = opts.Write
160 } else { 157 } else {