From ea4f508f5ee91b370c6912cde26b1a432380d037 Mon Sep 17 00:00:00 2001 From: bndw Date: Sat, 14 Feb 2026 12:14:19 -0800 Subject: feat: integrate config system into relay main.go Add support for loading configuration from YAML file via -config flag. Wire up auth, rate limiting, and metrics interceptors based on config. Changes: - Add -config flag to relay command - Use config types directly in auth package (AuthOperationConfig) - Add conversion methods: RateLimitConfig.ToRateLimiter(), MetricsConfig.ToMetrics() - Add Metrics.Serve() method for prometheus HTTP endpoint - Update main.go to initialize interceptors from config - Fix type naming: OperationAuthConfig -> AuthOperationConfig for consistency Config now supports complete relay setup including auth read/write allowlists, rate limiting, and prometheus metrics. --- internal/auth/README.md | 4 ++-- internal/auth/auth_test.go | 4 ++-- internal/auth/interceptor.go | 15 ++++++--------- 3 files changed, 10 insertions(+), 13 deletions(-) (limited to 'internal/auth') diff --git a/internal/auth/README.md b/internal/auth/README.md index de37010..98d1437 100644 --- a/internal/auth/README.md +++ b/internal/auth/README.md @@ -142,11 +142,11 @@ import ( // Create auth options authOpts := &auth.InterceptorOptions{ - Read: auth.OperationAuthConfig{ + Read: auth.AuthOperationConfig{ Enabled: true, // Require auth for reads AllowedNpubs: nil, // Accept any valid signature }, - Write: auth.OperationAuthConfig{ + Write: auth.AuthOperationConfig{ Enabled: true, AllowedNpubs: []string{"hex-pubkey-1", "hex-pubkey-2"}, // Whitelist }, diff --git a/internal/auth/auth_test.go b/internal/auth/auth_test.go index 7b0fa13..68c68f5 100644 --- a/internal/auth/auth_test.go +++ b/internal/auth/auth_test.go @@ -243,11 +243,11 @@ func TestValidateAuthFromContext(t *testing.T) { ctx := metadata.NewIncomingContext(context.Background(), md) opts := &InterceptorOptions{ - Read: OperationAuthConfig{ + Read: AuthOperationConfig{ Enabled: true, AllowedNpubs: nil, }, - Write: OperationAuthConfig{ + Write: AuthOperationConfig{ Enabled: true, AllowedNpubs: nil, }, diff --git a/internal/auth/interceptor.go b/internal/auth/interceptor.go index 42c2688..67450ce 100644 --- a/internal/auth/interceptor.go +++ b/internal/auth/interceptor.go @@ -18,28 +18,25 @@ const ( ) type InterceptorOptions struct { - Read OperationAuthConfig - Write OperationAuthConfig + Read AuthOperationConfig + Write AuthOperationConfig TimestampWindow int64 ValidatePayload bool SkipMethods []string } -// OperationAuthConfig configures auth for read or write operations. -// Three states: disabled (allow all), enabled with empty list (require auth), -// enabled with npubs (whitelist only). Npubs normalized to hex at load time. -type OperationAuthConfig struct { +type AuthOperationConfig struct { Enabled bool AllowedNpubs []string } func DefaultInterceptorOptions() *InterceptorOptions { return &InterceptorOptions{ - Read: OperationAuthConfig{ + Read: AuthOperationConfig{ Enabled: false, AllowedNpubs: nil, }, - Write: OperationAuthConfig{ + Write: AuthOperationConfig{ Enabled: false, AllowedNpubs: nil, }, @@ -154,7 +151,7 @@ func validateAuthFromContext(ctx context.Context, method string, opts *Intercept pubkey := ExtractPubkey(event) - var opConfig OperationAuthConfig + var opConfig AuthOperationConfig if isWriteMethod(method) { opConfig = opts.Write } else { -- cgit v1.2.3