muxstr.git - Nostr relay with gRPC, HTTP/JSON, and WebSocket interfaces

	Commit message (Collapse)	Author	Age	Files	Lines
*	refactor: remove frivolous comments from auth validation/credentials	bndw	3 days	1	-1/+1
\| \| \| \|	Also removed internal/nostr package - now using northwest.io/nostr library.
*	refactor: restructure auth config for better UX	bndw	3 days	1	-1/+8
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Changed from flat structure to hierarchical read/write config: Before: auth: enabled: bool required: bool allowed_npubs_read: [] allowed_npubs_write: [] After: auth: read: enabled: bool allowed_npubs: [] write: enabled: bool allowed_npubs: [] Three states per operation: - enabled=false: no auth, allow all - enabled=true, allowed_npubs=[]: auth required, any valid signature - enabled=true, allowed_npubs=[...]: auth required, whitelist only Much clearer semantics and easier to reason about.
*	refactor: simplify isWriteMethod to only check actual API methods	bndw	3 days	1	-12/+4
\| \| \| \| \|	Replace pattern-matching with explicit checks for PublishEvent/PublishBatch. API is small and well-defined - no need for extensible pattern matching.
*	feat: add separate read/write allowlists for granular access control	bndw	3 days	1	-0/+38
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	- Split allowed_npubs into allowed_npubs_read and allowed_npubs_write - Write operations: Publish, Delete, Create, Update, Insert, Remove, Set, Put - Read operations: everything else (Query, Subscribe, Get, List, etc.) - Auth interceptor checks appropriate list based on method type - Enables common patterns: - Public relay: only some can write, everyone can read - Private relay: restricted read and write - Open relay: everyone can read and write - Updated config, docs, and comprehensive tests Use cases: "only some can write, everyone can read"
*	feat: implement NIP-98 HTTP auth for gRPC	bndw	3 days	1	-0/+306
	Add comprehensive NIP-98 authentication support following the standard gRPC credentials.PerRPCCredentials pattern. Client-side: - NostrCredentials implements PerRPCCredentials interface - Automatically signs each request with kind 27235 event - Drop-in replacement for OAuth2/JWT in gRPC clients Server-side: - Unary and stream interceptors for validation - Extracts and validates NIP-98 events from Authorization headers - Configurable options (timestamp window, whitelists, skip methods) - Adds authenticated pubkey to request context Security features: - Replay protection via timestamp validation - Optional payload hash verification - Signature verification using schnorr - TLS requirement option Includes comprehensive test coverage and detailed README with usage examples and security considerations.