admin: normalize urls for nip86 checking.

Reject deleted events
Store and serve delete events
2026-04-07 14:06:51 +02:00 · 2025-04-17 08:02:25 -03:00 · 2025-04-16 18:55:36 -03:00 · 2025-04-16 18:55:28 -03:00 · 2025-04-14 09:24:34 -03:00 · 2025-04-13 09:05:23 -03:00
25 changed files with 345 additions and 180 deletions
--- a/adding.go
+++ b/adding.go
@@ -11,34 +11,90 @@ import (

 // AddEvent sends an event through then normal add pipeline, as if it was received from a websocket.
 func (rl *Relay) AddEvent(ctx context.Context, evt *nostr.Event) (skipBroadcast bool, writeError error) {
-	ctx, cancel := context.WithCancel(ctx)
-	defer cancel()
-
 	if evt == nil {
 		return false, errors.New("error: event is nil")
 	}

+	if nostr.IsEphemeralKind(evt.Kind) {
+		return false, rl.handleEphemeral(ctx, evt)
+	} else {
+		return rl.handleNormal(ctx, evt)
+	}
+}
+
+func (rl *Relay) handleNormal(ctx context.Context, evt *nostr.Event) (skipBroadcast bool, writeError error) {
 	for _, reject := range rl.RejectEvent {
 		if reject, msg := reject(ctx, evt); reject {
 			if msg == "" {
-				return false, errors.New("blocked: no reason")
+				return true, errors.New("blocked: no reason")
 			} else {
-				return false, errors.New(nostr.NormalizeOKMessage(msg, "blocked"))
+				return true, errors.New(nostr.NormalizeOKMessage(msg, "blocked"))
 			}
 		}
 	}

-	if 20000 <= evt.Kind && evt.Kind < 30000 {
-		// do not store ephemeral events
-		for _, oee := range rl.OnEphemeralEvent {
-			oee(ctx, evt)
+	// Check to see if the event has been deleted by ID
+	for _, query := range rl.QueryEvents {
+		ch, err := query(ctx, nostr.Filter{
+			Kinds: []int{5},
+			Tags:  nostr.TagMap{"#e": []string{evt.ID}},
+		})
+		if err != nil {
+			continue
+		}
+		target := <-ch
+		if target == nil {
+			continue
+		}
+
+		return true, errors.New("blocked: this event has been deleted")
+	}
+
+	// will store
+	// regular kinds are just saved directly
+	if nostr.IsRegularKind(evt.Kind) {
+		for _, store := range rl.StoreEvent {
+			if err := store(ctx, evt); err != nil {
+				switch err {
+				case eventstore.ErrDupEvent:
+					return true, nil
+				default:
+					return false, fmt.Errorf("%s", nostr.NormalizeOKMessage(err.Error(), "error"))
+				}
+			}
 		}
 	} else {
-		// will store
-		// regular kinds are just saved directly
-		if nostr.IsRegularKind(evt.Kind) {
-			for _, store := range rl.StoreEvent {
-				if err := store(ctx, evt); err != nil {
+		// Check to see if the event has been deleted by address
+		for _, query := range rl.QueryEvents {
+			dTagValue := ""
+			for _, tag := range evt.Tags {
+				if len(tag) > 0 && tag[0] == "d" {
+					dTagValue = tag[1]
+					break
+				}
+			}
+
+			address := fmt.Sprintf("%d:%s:%s", evt.Kind, evt.PubKey, dTagValue)
+			ch, err := query(ctx, nostr.Filter{
+				Kinds: []int{5},
+				Since: &evt.CreatedAt,
+				Tags:  nostr.TagMap{"#a": []string{address}},
+			})
+			if err != nil {
+				continue
+			}
+			target := <-ch
+			if target == nil {
+				continue
+			}
+
+			return true, errors.New("blocked: this event has been deleted")
+		}
+
+		// otherwise it's a replaceable -- so we'll use the replacer functions if we have any
+		if len(rl.ReplaceEvent) > 0 {
+			for _, repl := range rl.ReplaceEvent {
+				if err := repl(ctx, evt); err != nil {
 					switch err {
 					case eventstore.ErrDupEvent:
 						return true, nil
@@ -48,68 +104,54 @@ func (rl *Relay) AddEvent(ctx context.Context, evt *nostr.Event) (skipBroadcast
 				}
 			}
 		} else {
-			// otherwise it's a replaceable -- so we'll use the replacer functions if we have any
-			if len(rl.ReplaceEvent) > 0 {
-				for _, repl := range rl.ReplaceEvent {
-					if err := repl(ctx, evt); err != nil {
-						switch err {
+			// otherwise do it the manual way
+			filter := nostr.Filter{Limit: 1, Kinds: []int{evt.Kind}, Authors: []string{evt.PubKey}}
+			if nostr.IsAddressableKind(evt.Kind) {
+				// when addressable, add the "d" tag to the filter
+				filter.Tags = nostr.TagMap{"d": []string{evt.Tags.GetD()}}
+			}
+
+			// now we fetch old events and delete them
+			shouldStore := true
+			for _, query := range rl.QueryEvents {
+				ch, err := query(ctx, filter)
+				if err != nil {
+					continue
+				}
+				for previous := range ch {
+					if isOlder(previous, evt) {
+						for _, del := range rl.DeleteEvent {
+							del(ctx, previous)
+						}
+					} else {
+						// we found a more recent event, so we won't delete it and also will not store this new one
+						shouldStore = false
+					}
+				}
+			}
+
+			// store
+			if shouldStore {
+				for _, store := range rl.StoreEvent {
+					if saveErr := store(ctx, evt); saveErr != nil {
+						switch saveErr {
 						case eventstore.ErrDupEvent:
 							return true, nil
 						default:
-							return false, fmt.Errorf("%s", nostr.NormalizeOKMessage(err.Error(), "error"))
-						}
-					}
-				}
-			} else {
-				// otherwise do it the manual way
-				filter := nostr.Filter{Limit: 1, Kinds: []int{evt.Kind}, Authors: []string{evt.PubKey}}
-				if nostr.IsAddressableKind(evt.Kind) {
-					// when addressable, add the "d" tag to the filter
-					filter.Tags = nostr.TagMap{"d": []string{evt.Tags.GetD()}}
-				}
-
-				// now we fetch old events and delete them
-				shouldStore := true
-				for _, query := range rl.QueryEvents {
-					ch, err := query(ctx, filter)
-					if err != nil {
-						continue
-					}
-					for previous := range ch {
-						if isOlder(previous, evt) {
-							for _, del := range rl.DeleteEvent {
-								del(ctx, previous)
-							}
-						} else {
-							// we found a more recent event, so we won't delete it and also will not store this new one
-							shouldStore = false
-						}
-					}
-				}
-
-				// store
-				if shouldStore {
-					for _, store := range rl.StoreEvent {
-						if saveErr := store(ctx, evt); saveErr != nil {
-							switch saveErr {
-							case eventstore.ErrDupEvent:
-								return true, nil
-							default:
-								return false, fmt.Errorf("%s", nostr.NormalizeOKMessage(saveErr.Error(), "error"))
-							}
+							return false, fmt.Errorf("%s", nostr.NormalizeOKMessage(saveErr.Error(), "error"))
 						}
 					}
 				}
 			}
 		}
-
-		for _, ons := range rl.OnEventSaved {
-			ons(ctx, evt)
-		}
-
-		// track event expiration if applicable
-		rl.expirationManager.trackEvent(evt)
 	}

+	for _, ons := range rl.OnEventSaved {
+		ons(ctx, evt)
+	}
+
+	// track event expiration if applicable
+	rl.expirationManager.trackEvent(evt)
+
 	return false, nil
 }
--- a/blossom/authorization.go
+++ b/blossom/authorization.go
@@ -1,12 +1,12 @@
 package blossom

 import (
+	"encoding/base64"
 	"fmt"
 	"net/http"
 	"strconv"
 	"strings"

-	"github.com/cloudwego/base64x"
 	"github.com/mailru/easyjson"
 	"github.com/nbd-wtf/go-nostr"
 )
@@ -17,7 +17,7 @@ func readAuthorization(r *http.Request) (*nostr.Event, error) {
 		return nil, nil
 	}

-	eventj, err := base64x.StdEncoding.DecodeString(token[6:])
+	eventj, err := base64.StdEncoding.DecodeString(token[6:])
 	if err != nil {
 		return nil, fmt.Errorf("invalid base64 token")
 	}
@@ -25,7 +25,7 @@ func readAuthorization(r *http.Request) (*nostr.Event, error) {
 	if err := easyjson.Unmarshal(eventj, &evt); err != nil {
 		return nil, fmt.Errorf("broken event")
 	}
-	if evt.Kind != 24242 || len(evt.ID) != 64 || !evt.CheckID() {
+	if evt.Kind != 24242 || !evt.CheckID() {
 		return nil, fmt.Errorf("invalid event")
 	}
 	if ok, _ := evt.CheckSignature(); !ok {
--- a/blossom/handlers.go
+++ b/blossom/handlers.go
@@ -25,7 +25,7 @@ func (bs BlossomServer) handleUploadCheck(w http.ResponseWriter, r *http.Request
 		blossomError(w, "missing \"Authorization\" header", 401)
 		return
 	}
-	if auth.Tags.GetFirst([]string{"t", "upload"}) == nil {
+	if auth.Tags.FindWithValue("t", "upload") == nil {
 		blossomError(w, "invalid \"Authorization\" event \"t\" tag", 403)
 		return
 	}
@@ -59,7 +59,7 @@ func (bs BlossomServer) handleUpload(w http.ResponseWriter, r *http.Request) {
 		blossomError(w, "missing \"Authorization\" header", 401)
 		return
 	}
-	if auth.Tags.GetFirst([]string{"t", "upload"}) == nil {
+	if auth.Tags.FindWithValue("t", "upload") == nil {
 		blossomError(w, "invalid \"Authorization\" event \"t\" tag", 403)
 		return
 	}
@@ -73,7 +73,7 @@ func (bs BlossomServer) handleUpload(w http.ResponseWriter, r *http.Request) {

 	// read first bytes of upload so we can find out the filetype
 	b := make([]byte, min(50, size), size)
-	if _, err = r.Body.Read(b); err != nil {
+	if n, err := r.Body.Read(b); err != nil && n != size {
 		blossomError(w, "failed to read initial bytes of upload body: "+err.Error(), 400)
 		return
 	}
@@ -163,13 +163,13 @@ func (bs BlossomServer) handleGetBlob(w http.ResponseWriter, r *http.Request) {

 	// if there is one, we check if it has the extra requirements
 	if auth != nil {
-		if auth.Tags.GetFirst([]string{"t", "get"}) == nil {
+		if auth.Tags.FindWithValue("t", "get") == nil {
 			blossomError(w, "invalid \"Authorization\" event \"t\" tag", 403)
 			return
 		}

-		if auth.Tags.GetFirst([]string{"x", hhash}) == nil &&
-			auth.Tags.GetFirst([]string{"server", bs.ServiceURL}) == nil {
+		if auth.Tags.FindWithValue("x", hhash) == nil &&
+			auth.Tags.FindWithValue("server", bs.ServiceURL) == nil {
 			blossomError(w, "invalid \"Authorization\" event \"x\" or \"server\" tag", 403)
 			return
 		}
@@ -239,7 +239,7 @@ func (bs BlossomServer) handleList(w http.ResponseWriter, r *http.Request) {

 	// if there is one, we check if it has the extra requirements
 	if auth != nil {
-		if auth.Tags.GetFirst([]string{"t", "list"}) == nil {
+		if auth.Tags.FindWithValue("t", "list") == nil {
 			blossomError(w, "invalid \"Authorization\" event \"t\" tag", 403)
 			return
 		}
@@ -283,7 +283,7 @@ func (bs BlossomServer) handleDelete(w http.ResponseWriter, r *http.Request) {
 	}

 	if auth != nil {
-		if auth.Tags.GetFirst([]string{"t", "delete"}) == nil {
+		if auth.Tags.FindWithValue("t", "delete") == nil {
 			blossomError(w, "invalid \"Authorization\" event \"t\" tag", 403)
 			return
 		}
@@ -296,8 +296,8 @@ func (bs BlossomServer) handleDelete(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	hhash = hhash[1:]
-	if auth.Tags.GetFirst([]string{"x", hhash}) == nil &&
-		auth.Tags.GetFirst([]string{"server", bs.ServiceURL}) == nil {
+	if auth.Tags.FindWithValue("x", hhash) == nil &&
+		auth.Tags.FindWithValue("server", bs.ServiceURL) == nil {
 		blossomError(w, "invalid \"Authorization\" event \"x\" or \"server\" tag", 403)
 		return
 	}
--- a/blossom/server.go
+++ b/blossom/server.go
@@ -49,7 +49,7 @@ func New(rl *khatru.Relay, serviceURL string) *BlossomServer {
 			return
 		}

-		if len(strings.SplitN(r.URL.Path, ".", 2)[0]) == 65 {
+		if (len(r.URL.Path) == 65 || strings.Index(r.URL.Path, ".") == 65) && strings.Index(r.URL.Path[1:], "/") == -1 {
 			if r.Method == "HEAD" {
 				bs.handleHasBlob(w, r)
 				return
--- a/broadcasting.go
+++ b/broadcasting.go
@@ -6,6 +6,6 @@ import (

 // BroadcastEvent emits an event to all listeners whose filters' match, skipping all filters and actions
 // it also doesn't attempt to store the event or trigger any reactions or callbacks
-func (rl *Relay) BroadcastEvent(evt *nostr.Event) {
-	rl.notifyListeners(evt)
+func (rl *Relay) BroadcastEvent(evt *nostr.Event) int {
+	return rl.notifyListeners(evt)
 }
--- a/deleting.go
+++ b/deleting.go
@@ -39,6 +39,7 @@ func (rl *Relay) handleDeleteRequest(ctx context.Context, evt *nostr.Event) erro
 				continue
 			}

+			ctx := context.WithValue(ctx, internalCallKey, struct{}{})
 			for _, query := range rl.QueryEvents {
 				ch, err := query(ctx, f)
 				if err != nil {
@@ -66,6 +67,9 @@ func (rl *Relay) handleDeleteRequest(ctx context.Context, evt *nostr.Event) erro
 							return err
 						}
 					}
+
+					// if it was tracked to be expired that is not needed anymore
+					rl.expirationManager.removeEvent(target.ID)
 				} else {
 					// fail and stop here
 					return fmt.Errorf("blocked: %s", msg)
--- a/docs/.vitepress/config.js
+++ b/docs/.vitepress/config.js
@@ -19,7 +19,7 @@ export default {
          { text: 'HTTP Integration', link: '/core/embed' },
          { text: 'Request Routing', link: '/core/routing' },
          { text: 'Management API', link: '/core/management' },
-          { text: 'Media Storage', link: '/core/blossom' },
+          { text: 'Media Storage (Blossom)', link: '/core/blossom' },
        ]
      },
      {
--- a/docs/core/blossom.md
+++ b/docs/core/blossom.md
@@ -18,7 +18,8 @@ func main() {
    bl := blossom.New(relay, "http://localhost:3334")

    // create a database for keeping track of blob metadata
-	bl.Store = blossom.EventStoreBlobIndexWrapper{Store: db, ServiceURL: bl.ServiceURL}
+    // (do not use the same database used for the relay events)
+	bl.Store = blossom.EventStoreBlobIndexWrapper{Store: blobdb, ServiceURL: bl.ServiceURL}

    // implement the required storage functions
    bl.StoreBlob = append(bl.StoreBlob, func(ctx context.Context, sha256 string, body []byte) error {
--- a/docs/core/routing.md
+++ b/docs/core/routing.md
@@ -47,7 +47,7 @@ router.Route().
 			return true
 		case event.Kind <= 12 && event.Kind >= 9:
 			return true
-		case event.Tags.GetFirst([]string{"h", ""}) != nil:
+		case event.Tags.Find("h") != nil:
 			return true
 		default:
 			return false
--- a/ephemeral.go
+++ b/ephemeral.go
@@ -0,0 +1,26 @@
+package khatru
+
+import (
+	"context"
+	"errors"
+
+	"github.com/nbd-wtf/go-nostr"
+)
+
+func (rl *Relay) handleEphemeral(ctx context.Context, evt *nostr.Event) error {
+	for _, reject := range rl.RejectEvent {
+		if reject, msg := reject(ctx, evt); reject {
+			if msg == "" {
+				return errors.New("blocked: no reason")
+			} else {
+				return errors.New(nostr.NormalizeOKMessage(msg, "blocked"))
+			}
+		}
+	}
+
+	for _, oee := range rl.OnEphemeralEvent {
+		oee(ctx, evt)
+	}
+
+	return nil
+}
--- a/examples/basic-lmdb/main.go
+++ b/examples/basic-lmdb/main.go
@@ -13,7 +13,7 @@ func main() {
 	relay := khatru.NewRelay()

 	db := lmdb.LMDBBackend{Path: "/tmp/khatru-lmdb-tmp"}
-	os.MkdirAll(db.Path, 0755)
+	os.MkdirAll(db.Path, 0o755)
 	if err := db.Init(); err != nil {
 		panic(err)
 	}
--- a/examples/blossom/main.go
+++ b/examples/blossom/main.go
@@ -15,19 +15,22 @@ import (
 func main() {
 	relay := khatru.NewRelay()

-	db := &badger.BadgerBackend{Path: "/tmp/khatru-badger-blossom-tmp"}
+	db := &badger.BadgerBackend{Path: "/tmp/khatru-badger-tmp"}
 	if err := db.Init(); err != nil {
 		panic(err)
 	}
-
 	relay.StoreEvent = append(relay.StoreEvent, db.SaveEvent)
 	relay.QueryEvents = append(relay.QueryEvents, db.QueryEvents)
 	relay.CountEvents = append(relay.CountEvents, db.CountEvents)
 	relay.DeleteEvent = append(relay.DeleteEvent, db.DeleteEvent)
 	relay.ReplaceEvent = append(relay.ReplaceEvent, db.ReplaceEvent)

+	bdb := &badger.BadgerBackend{Path: "/tmp/khatru-badger-blossom-tmp"}
+	if err := bdb.Init(); err != nil {
+		panic(err)
+	}
 	bl := blossom.New(relay, "http://localhost:3334")
-	bl.Store = blossom.EventStoreBlobIndexWrapper{Store: db, ServiceURL: bl.ServiceURL}
+	bl.Store = blossom.EventStoreBlobIndexWrapper{Store: bdb, ServiceURL: bl.ServiceURL}
 	bl.StoreBlob = append(bl.StoreBlob, func(ctx context.Context, sha256 string, body []byte) error {
 		fmt.Println("storing", sha256, len(body))
 		return nil
--- a/examples/exclusive/main.go
+++ b/examples/exclusive/main.go
@@ -16,7 +16,7 @@ func main() {
 	relay := khatru.NewRelay()

 	db := lmdb.LMDBBackend{Path: "/tmp/exclusive"}
-	os.MkdirAll(db.Path, 0755)
+	os.MkdirAll(db.Path, 0o755)
 	if err := db.Init(); err != nil {
 		panic(err)
 	}
--- a/examples/routing/main.go
+++ b/examples/routing/main.go
@@ -52,7 +52,7 @@ func main() {
 			return slices.Contains(filter.Kinds, 1) && slices.Contains(filter.Tags["t"], "spam")
 		}).
 		Event(func(event *nostr.Event) bool {
-			return event.Kind == 1 && event.Tags.GetFirst([]string{"t", "spam"}) != nil
+			return event.Kind == 1 && event.Tags.FindWithValue("t", "spam") != nil
 		}).
 		Relay(r2)

--- a/expiration.go
+++ b/expiration.go
@@ -73,6 +73,7 @@ func (em *expirationManager) initialScan(ctx context.Context) {
 	defer em.mu.Unlock()

 	// query all events
+	ctx = context.WithValue(ctx, internalCallKey, struct{}{})
 	for _, query := range em.relay.QueryEvents {
 		ch, err := query(ctx, nostr.Filter{})
 		if err != nil {
@@ -107,6 +108,7 @@ func (em *expirationManager) checkExpiredEvents(ctx context.Context) {

 		heap.Pop(&em.events)

+		ctx := context.WithValue(ctx, internalCallKey, struct{}{})
 		for _, query := range em.relay.QueryEvents {
 			ch, err := query(ctx, nostr.Filter{IDs: []string{next.id}})
 			if err != nil {
@@ -133,3 +135,16 @@ func (em *expirationManager) trackEvent(evt *nostr.Event) {
 		em.mu.Unlock()
 	}
 }
+
+func (em *expirationManager) removeEvent(id string) {
+	em.mu.Lock()
+	defer em.mu.Unlock()
+
+	// Find and remove the event from the heap
+	for i := 0; i < len(em.events); i++ {
+		if em.events[i].id == id {
+			heap.Remove(&em.events, i)
+			break
+		}
+	}
+}
--- a/go.mod
+++ b/go.mod
@@ -1,14 +1,14 @@
 module github.com/fiatjaf/khatru

-go 1.23.1
+go 1.24.1

 require (
 	github.com/bep/debounce v1.2.1
-	github.com/cloudwego/base64x v0.1.5
 	github.com/fasthttp/websocket v1.5.12
 	github.com/fiatjaf/eventstore v0.16.2
 	github.com/liamg/magic v0.0.1
-	github.com/nbd-wtf/go-nostr v0.51.2
+	github.com/mailru/easyjson v0.9.0
+	github.com/nbd-wtf/go-nostr v0.51.8
 	github.com/puzpuzpuz/xsync/v3 v3.5.1
 	github.com/rs/cors v1.11.1
 	github.com/stretchr/testify v1.10.0
@@ -22,10 +22,11 @@ require (
 	github.com/aquasecurity/esquery v0.2.0 // indirect
 	github.com/btcsuite/btcd/btcec/v2 v2.3.4 // indirect
 	github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0 // indirect
-	github.com/bytedance/sonic v1.13.1 // indirect
+	github.com/bytedance/sonic v1.13.2 // indirect
 	github.com/bytedance/sonic/loader v0.2.4 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/coder/websocket v1.8.12 // indirect
+	github.com/cloudwego/base64x v0.1.5 // indirect
+	github.com/coder/websocket v1.8.13 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/decred/dcrd/crypto/blake256 v1.1.0 // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect
@@ -46,9 +47,7 @@ require (
 	github.com/klauspost/compress v1.18.0 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.10 // indirect
 	github.com/lib/pq v1.10.9 // indirect
-	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/mattn/go-sqlite3 v1.14.24 // indirect
-	github.com/minio/simdjson-go v0.4.5 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
@@ -59,14 +58,14 @@ require (
 	github.com/tidwall/pretty v1.2.1 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
-	github.com/valyala/fasthttp v1.58.0 // indirect
+	github.com/valyala/fasthttp v1.59.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/otel v1.32.0 // indirect
 	go.opentelemetry.io/otel/metric v1.32.0 // indirect
 	go.opentelemetry.io/otel/trace v1.32.0 // indirect
 	golang.org/x/arch v0.15.0 // indirect
 	golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 // indirect
-	golang.org/x/net v0.35.0 // indirect
+	golang.org/x/net v0.37.0 // indirect
 	golang.org/x/sys v0.31.0 // indirect
 	google.golang.org/protobuf v1.36.2 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
--- a/go.sum
+++ b/go.sum
@@ -21,6 +21,8 @@ github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0 h1:59Kx4K6lzOW5w6nFlA0v5+lk/6
 github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0/go.mod h1:7SFka0XMvUgj3hfZtydOrQY2mwhPclbT2snogU7SQQc=
 github.com/bytedance/sonic v1.13.1 h1:Jyd5CIvdFnkOWuKXr+wm4Nyk2h0yAFsr8ucJgEasO3g=
 github.com/bytedance/sonic v1.13.1/go.mod h1:o68xyaF9u2gvVBuGHPlUVCy+ZfmNNO5ETf1+KgkJhz4=
+github.com/bytedance/sonic v1.13.2 h1:8/H1FempDZqC4VqjptGo14QQlJx8VdZJegxs6wwfqpQ=
+github.com/bytedance/sonic v1.13.2/go.mod h1:o68xyaF9u2gvVBuGHPlUVCy+ZfmNNO5ETf1+KgkJhz4=
 github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
 github.com/bytedance/sonic/loader v0.2.4 h1:ZWCw4stuXUsn1/+zQDqeE7JKP+QO47tz7QCNan80NzY=
 github.com/bytedance/sonic/loader v0.2.4/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
@@ -34,13 +36,13 @@ github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQ
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/coder/websocket v1.8.12 h1:5bUXkEPPIbewrnkU8LTCLVaxi4N4J8ahufH2vlo4NAo=
 github.com/coder/websocket v1.8.12/go.mod h1:LNVeNrXQZfe5qhS9ALED3uA+l5pPqvwXg3CKoDBB2gs=
+github.com/coder/websocket v1.8.13 h1:f3QZdXy7uGVz+4uCJy2nTZyM0yTBj8yANEHhqlXZ9FE=
+github.com/coder/websocket v1.8.13/go.mod h1:LNVeNrXQZfe5qhS9ALED3uA+l5pPqvwXg3CKoDBB2gs=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/decred/dcrd/crypto/blake256 v1.1.0 h1:zPMNGQCm0g4QTY27fOCorQW7EryeQ/U0x++OzVrdms8=
 github.com/decred/dcrd/crypto/blake256 v1.1.0/go.mod h1:2OfgNZ5wDpcsFmHmCK5gZTPcCXqlm2ArzUIkw9czNJo=
-github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 h1:rpfIENRNNilwHwZeG5+P150SMrnNEcHYvcCuK6dPZSg=
-github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 h1:NMZiJj8QnKe1LgsbDayM4UoHwbvwDRwnI3hwNaAHRnc=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0/go.mod h1:ZXNYxsqcloTdSy/rNShjYzMhyjf0LaoftYK0p+A3h40=
 github.com/dgraph-io/badger/v4 v4.5.0 h1:TeJE3I1pIWLBjYhIYCA1+uxrjWEoJXImFBMEBVSm16g=
@@ -127,24 +129,20 @@ github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUt
 github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM=
 github.com/mattn/go-sqlite3 v1.14.24/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
-github.com/minio/simdjson-go v0.4.5 h1:r4IQwjRGmWCQ2VeMc7fGiilu1z5du0gJ/I/FsKwgo5A=
-github.com/minio/simdjson-go v0.4.5/go.mod h1:eoNz0DcLQRyEDeaPr4Ru6JpjlZPzbA0IodxVJk8lO8E=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/nbd-wtf/go-nostr v0.50.4 h1:KFMLxL07FPUzrCgllc2AKPP6INip+0MhAy6ZJxCwOyo=
-github.com/nbd-wtf/go-nostr v0.50.4/go.mod h1:IoEUVJKvV2308WFhVu8f2OwGC32oEYpFYnV86EH8dqA=
-github.com/nbd-wtf/go-nostr v0.51.2 h1:wQysG8omkF4LO7kcU6yoeCBBxD92SwUNab4TMeSuZZM=
-github.com/nbd-wtf/go-nostr v0.51.2/go.mod h1:9PcGOZ+e1VOaLvcK0peT4dbip+/eS+eTWXR3HuexQrA=
+github.com/nbd-wtf/go-nostr v0.51.7 h1:dGjtaaFQ1kA3H+vF8wt9a9WYl54K8C0JmVDf4cp+a4A=
+github.com/nbd-wtf/go-nostr v0.51.7/go.mod h1:d6+DfvMWYG5pA3dmNMBJd6WCHVDDhkXbHqvfljf0Gzg=
+github.com/nbd-wtf/go-nostr v0.51.8 h1:CIoS+YqChcm4e1L1rfMZ3/mIwTz4CwApM2qx7MHNzmE=
+github.com/nbd-wtf/go-nostr v0.51.8/go.mod h1:d6+DfvMWYG5pA3dmNMBJd6WCHVDDhkXbHqvfljf0Gzg=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/puzpuzpuz/xsync/v3 v3.5.0 h1:i+cMcpEDY1BkNm7lPDkCtE4oElsYLn+EKF8kAu2vXT4=
-github.com/puzpuzpuz/xsync/v3 v3.5.0/go.mod h1:VjzYrABPabuM4KyBh1Ftq6u8nhwY5tBPKP9jpmh0nnA=
 github.com/puzpuzpuz/xsync/v3 v3.5.1 h1:GJYJZwO6IdxN/IKbneznS6yPkVC+c3zyY/j19c++5Fg=
 github.com/puzpuzpuz/xsync/v3 v3.5.1/go.mod h1:VjzYrABPabuM4KyBh1Ftq6u8nhwY5tBPKP9jpmh0nnA=
 github.com/rs/cors v1.11.1 h1:eU3gRzXLRK57F5rKMGMZURNdIG4EoAmX8k94r9wXWHA=
@@ -173,8 +171,8 @@ github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
-github.com/valyala/fasthttp v1.58.0 h1:GGB2dWxSbEprU9j0iMJHgdKYJVDyjrOwF9RE59PbRuE=
-github.com/valyala/fasthttp v1.58.0/go.mod h1:SYXvHHaFp7QZHGKSHmoMipInhrI5StHrhDTYVEjK/Kw=
+github.com/valyala/fasthttp v1.59.0 h1:Qu0qYHfXvPk1mSLNqcFtEk6DpxgA26hy6bmydotDpRI=
+github.com/valyala/fasthttp v1.59.0/go.mod h1:GTxNb9Bc6r2a9D0TWNSPwDz78UxnTGBViY3xZNEqyYU=
 github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=
 github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
@@ -192,8 +190,6 @@ golang.org/x/arch v0.15.0/go.mod h1:JmwW7aLIoRUKgaTzhkiEFxvcEiQGyOg9BMonBJUS7EE=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20250210185358-939b2ce775ac h1:l5+whBCLH3iH2ZNHYLbAe58bo7yrN4mVcnkHDYz5vvs=
-golang.org/x/exp v0.0.0-20250210185358-939b2ce775ac/go.mod h1:hH+7mtFmImwwcMvScyxUhjuVHR3HGaDPMn9rMSUUbxo=
 golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 h1:nDVHiLt8aIbd/VzvPWN6kSOPE7+F/fNFDSXLVYkE/Iw=
 golang.org/x/exp v0.0.0-20250305212735-054e65f0b394/go.mod h1:sIifuuw/Yco/y6yb6+bDNfyeQ/MdPUy/hKEMYQV17cM=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -205,8 +201,8 @@ golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8=
-golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk=
+golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
+golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
--- a/handlers.go
+++ b/handlers.go
@@ -6,9 +6,11 @@ import (
 	"encoding/hex"
 	"errors"
 	"net/http"
+	"strconv"
 	"strings"
 	"sync"
 	"time"
+	"unsafe"

 	"github.com/bep/debounce"
 	"github.com/fasthttp/websocket"
@@ -16,6 +18,7 @@ import (
 	"github.com/nbd-wtf/go-nostr/nip42"
 	"github.com/nbd-wtf/go-nostr/nip45"
 	"github.com/nbd-wtf/go-nostr/nip45/hyperloglog"
+	"github.com/nbd-wtf/go-nostr/nip70"
 	"github.com/nbd-wtf/go-nostr/nip77"
 	"github.com/nbd-wtf/go-nostr/nip77/negentropy"
 	"github.com/puzpuzpuz/xsync/v3"
@@ -118,7 +121,7 @@ func (rl *Relay) HandleWebsocket(w http.ResponseWriter, r *http.Request) {
 		smp := nostr.NewMessageParser()

 		for {
-			typ, message, err := ws.conn.ReadMessage()
+			typ, msgb, err := ws.conn.ReadMessage()
 			if err != nil {
 				if websocket.IsUnexpectedCloseError(
 					err,
@@ -139,11 +142,14 @@ func (rl *Relay) HandleWebsocket(w http.ResponseWriter, r *http.Request) {
 				continue
 			}

-			// parse messages sequentially otherwise the world breaks
+			// this is safe because ReadMessage() will always create a new slice
+			message := unsafe.String(unsafe.SliceData(msgb), len(msgb))
+
+			// parse messages sequentially otherwise sonic breaks
 			envelope, err := smp.ParseMessage(message)

 			// then delegate to the goroutine
-			go func(message []byte) {
+			go func(message string) {
 				if err != nil {
 					if err == nostr.UnknownLabel && rl.Negentropy {
 						envelope = nip77.ParseNegMessage(message)
@@ -172,28 +178,31 @@ func (rl *Relay) HandleWebsocket(w http.ResponseWriter, r *http.Request) {
 					}

 					// check NIP-70 protected
-					for _, v := range env.Event.Tags {
-						if len(v) == 1 && v[0] == "-" {
-							msg := "must be published by event author"
-							authed := GetAuthed(ctx)
-							if authed == "" {
-								RequestAuth(ctx)
-								ws.WriteJSON(nostr.OKEnvelope{
-									EventID: env.Event.ID,
-									OK:      false,
-									Reason:  "auth-required: " + msg,
-								})
-								return
-							}
-							if authed != env.Event.PubKey {
-								ws.WriteJSON(nostr.OKEnvelope{
-									EventID: env.Event.ID,
-									OK:      false,
-									Reason:  "blocked: " + msg,
-								})
-								return
-							}
+					if nip70.IsProtected(env.Event) {
+						authed := GetAuthed(ctx)
+						if authed == "" {
+							RequestAuth(ctx)
+							ws.WriteJSON(nostr.OKEnvelope{
+								EventID: env.Event.ID,
+								OK:      false,
+								Reason:  "auth-required: must be published by authenticated event author",
+							})
+							return
+						} else if authed != env.Event.PubKey {
+							ws.WriteJSON(nostr.OKEnvelope{
+								EventID: env.Event.ID,
+								OK:      false,
+								Reason:  "blocked: must be published by event author",
+							})
+							return
 						}
+					} else if nip70.HasEmbeddedProtected(env.Event) {
+						ws.WriteJSON(nostr.OKEnvelope{
+							EventID: env.Event.ID,
+							OK:      false,
+							Reason:  "blocked: can't repost nip70 protected",
+						})
+						return
 					}

 					srl := rl
@@ -208,9 +217,16 @@ func (rl *Relay) HandleWebsocket(w http.ResponseWriter, r *http.Request) {
 					if env.Event.Kind == 5 {
 						// this always returns "blocked: " whenever it returns an error
 						writeErr = srl.handleDeleteRequest(ctx, &env.Event)
-					} else {
-						// this will also always return a prefixed reason
-						skipBroadcast, writeErr = srl.AddEvent(ctx, &env.Event)
+					}
+
+					if writeErr == nil {
+						if nostr.IsEphemeralKind(env.Event.Kind) {
+							// this will also always return a prefixed reason
+							writeErr = srl.handleEphemeral(ctx, &env.Event)
+						} else {
+							// this will also always return a prefixed reason
+							skipBroadcast, writeErr = srl.handleNormal(ctx, &env.Event)
+						}
 					}

 					var reason string
@@ -220,9 +236,20 @@ func (rl *Relay) HandleWebsocket(w http.ResponseWriter, r *http.Request) {
 							ovw(ctx, &env.Event)
 						}
 						if !skipBroadcast {
-							srl.notifyListeners(&env.Event)
+							n := srl.notifyListeners(&env.Event)
+
+							// the number of notified listeners matters in ephemeral events
+							if nostr.IsEphemeralKind(env.Event.Kind) {
+								if n == 0 {
+									ok = false
+									reason = "mute: no one was listening for this"
+								} else {
+									reason = "broadcasted to " + strconv.Itoa(n) + " listeners"
+								}
+							}
 						}
 					} else {
+						ok = false
 						reason = writeErr.Error()
 						if strings.HasPrefix(reason, "auth-required:") {
 							RequestAuth(ctx)
@@ -237,14 +264,13 @@ func (rl *Relay) HandleWebsocket(w http.ResponseWriter, r *http.Request) {

 					var total int64
 					var hll *hyperloglog.HyperLogLog
-					uneligibleForHLL := false

 					srl := rl
 					if rl.getSubRelayFromFilter != nil {
 						srl = rl.getSubRelayFromFilter(env.Filter)
 					}

-					if offset := nip45.HyperLogLogEventPubkeyOffsetForFilter(env.Filter); offset != -1 && !uneligibleForHLL {
+					if offset := nip45.HyperLogLogEventPubkeyOffsetForFilter(env.Filter); offset != -1 {
 						total, hll = srl.handleCountRequestWithHLL(ctx, ws, env.Filter, offset)
 					} else {
 						total = srl.handleCountRequest(ctx, ws, env.Filter)
--- a/listener.go
+++ b/listener.go
@@ -132,15 +132,20 @@ func (rl *Relay) removeClientAndListeners(ws *WebSocket) {
 	delete(rl.clients, ws)
 }

-func (rl *Relay) notifyListeners(event *nostr.Event) {
+// returns how many listeners were notified
+func (rl *Relay) notifyListeners(event *nostr.Event) int {
+	count := 0
+listenersloop:
 	for _, listener := range rl.listeners {
 		if listener.filter.Matches(event) {
 			for _, pb := range rl.PreventBroadcast {
 				if pb(listener.ws, event) {
-					return
+					continue listenersloop
 				}
 			}
 			listener.ws.WriteJSON(nostr.EventEnvelope{SubscriptionID: &listener.id, Event: *event})
+			count++
 		}
 	}
+	return count
 }
--- a/nip86.go
+++ b/nip86.go
@@ -3,6 +3,7 @@ package khatru
 import (
 	"context"
 	"crypto/sha256"
+	"encoding/base64"
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
@@ -12,7 +13,6 @@ import (
 	"reflect"
 	"strings"

-	"github.com/cloudwego/base64x"
 	"github.com/nbd-wtf/go-nostr"
 	"github.com/nbd-wtf/go-nostr/nip86"
 )
@@ -72,7 +72,7 @@ func (rl *Relay) HandleNIP86(w http.ResponseWriter, r *http.Request) {
 			goto respond
 		}

-		evtj, err := base64x.StdEncoding.DecodeString(spl[1])
+		evtj, err := base64.StdEncoding.DecodeString(spl[1])
 		if err != nil {
 			resp.Error = "invalid base64 auth"
 			goto respond
@@ -86,10 +86,11 @@ func (rl *Relay) HandleNIP86(w http.ResponseWriter, r *http.Request) {
 			goto respond
 		}

-		if uTag := evt.Tags.GetFirst([]string{"u", ""}); uTag == nil || rl.getBaseURL(r) != (*uTag)[1] {
-			resp.Error = "invalid 'u' tag"
+		if uTag := evt.Tags.Find("u"); uTag == nil || nostr.NormalizeURL(rl.getBaseURL(r)) != nostr.NormalizeURL(uTag[1]) {
+			resp.Error = fmt.Sprintf("invalid 'u' tag, got '%s', expected '%s'",
+				nostr.NormalizeURL(rl.getBaseURL(r)), nostr.NormalizeURL(uTag[1]))
 			goto respond
-		} else if pht := evt.Tags.GetFirst([]string{"payload", hex.EncodeToString(payloadHash[:])}); pht == nil {
+		} else if pht := evt.Tags.FindWithValue("payload", hex.EncodeToString(payloadHash[:])); pht == nil {
 			resp.Error = "invalid auth event payload hash"
 			goto respond
 		} else if evt.CreatedAt < nostr.Now()-30 {
--- a/policies/events.go
+++ b/policies/events.go
@@ -8,6 +8,7 @@ import (
 	"time"

 	"github.com/nbd-wtf/go-nostr"
+	"github.com/nbd-wtf/go-nostr/nip70"
 )

 // PreventTooManyIndexableTags returns a function that can be used as a RejectFilter that will reject
@@ -107,3 +108,10 @@ func PreventTimestampsInTheFuture(threshold time.Duration) func(context.Context,
 func RejectEventsWithBase64Media(ctx context.Context, evt *nostr.Event) (bool, string) {
 	return strings.Contains(evt.Content, "data:image/") || strings.Contains(evt.Content, "data:video/"), "event with base64 media"
 }
+
+func OnlyAllowNIP70ProtectedEvents(ctx context.Context, event *nostr.Event) (reject bool, msg string) {
+	if nip70.IsProtected(*event) {
+		return false, ""
+	}
+	return true, "blocked: we only accept events protected with the nip70 \"-\" tag"
+}
--- a/policies/nip04.go
+++ b/policies/nip04.go
@@ -2,7 +2,6 @@ package policies

 import (
 	"context"
-
 	"slices"

 	"github.com/fiatjaf/khatru"
--- a/relay_test.go
+++ b/relay_test.go
@@ -151,33 +151,64 @@ func TestBasicRelayFunctionality(t *testing.T) {
 			t.Fatalf("failed to publish deletion event: %v", err)
 		}

-		// Try to query the deleted event
-		sub, err := client2.Subscribe(ctx, []nostr.Filter{{
-			IDs: []string{evt3.ID},
-		}})
-		if err != nil {
-			t.Fatalf("failed to subscribe: %v", err)
-		}
-		defer sub.Unsub()
+		{
+			// Try to query the deleted event
+			sub, err := client2.Subscribe(ctx, []nostr.Filter{{
+				IDs: []string{evt3.ID},
+			}})
+			if err != nil {
+				t.Fatalf("failed to subscribe: %v", err)
+			}
+			defer sub.Unsub()

-		// Should get EOSE without receiving the deleted event
-		gotEvent := false
-		for {
-			select {
-			case <-sub.Events:
-				gotEvent = true
-			case <-sub.EndOfStoredEvents:
-				if gotEvent {
-					t.Error("should not have received deleted event")
+			// Should get EOSE without receiving the deleted event
+			gotEvent := false
+		DeletedLoop:
+			for {
+				select {
+				case <-sub.Events:
+					gotEvent = true
+				case <-sub.EndOfStoredEvents:
+					if gotEvent {
+						t.Error("should not have received deleted event")
+					}
+					break DeletedLoop
+				case <-ctx.Done():
+					t.Fatal("timeout waiting for EOSE")
+				}
+			}
+		}
+
+		{
+			// Try to query the deletion itself
+			sub, err := client2.Subscribe(ctx, []nostr.Filter{{
+				Kinds: []int{5},
+			}})
+			if err != nil {
+				t.Fatalf("failed to subscribe: %v", err)
+			}
+			defer sub.Unsub()
+
+			// Should get EOSE without receiving the deleted event
+			gotEvent := false
+		DeletionLoop:
+			for {
+				select {
+				case <-sub.Events:
+					gotEvent = true
+				case <-sub.EndOfStoredEvents:
+					if !gotEvent {
+						t.Error("should have received deletion event")
+					}
+					break DeletionLoop
+				case <-ctx.Done():
+					t.Fatal("timeout waiting for EOSE")
 				}
-				return
-			case <-ctx.Done():
-				t.Fatal("timeout waiting for EOSE")
 			}
 		}
 	})

-	// test 4: teplaceable events
+	// test 4: replaceable events
 	t.Run("replaceable events", func(t *testing.T) {
 		ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 		defer cancel()
--- a/utils.go
+++ b/utils.go
@@ -10,6 +10,7 @@ const (
 	wsKey = iota
 	subscriptionIdKey
 	nip86HeaderAuthKey
+	internalCallKey
 )

 func RequestAuth(ctx context.Context) {
@@ -40,6 +41,12 @@ func GetAuthed(ctx context.Context) string {
 	return ""
 }

+// IsInternalCall returns true when a call to QueryEvents, for example, is being made because of a deletion
+// or expiration request.
+func IsInternalCall(ctx context.Context) bool {
+	return ctx.Value(internalCallKey) != nil
+}
+
 func GetIP(ctx context.Context) string {
 	conn := GetConnection(ctx)
 	if conn == nil {
--- a/websocket.go
+++ b/websocket.go
@@ -33,12 +33,14 @@ type WebSocket struct {

 func (ws *WebSocket) WriteJSON(any any) error {
 	ws.mutex.Lock()
-	defer ws.mutex.Unlock()
-	return ws.conn.WriteJSON(any)
+	err := ws.conn.WriteJSON(any)
+	ws.mutex.Unlock()
+	return err
 }

 func (ws *WebSocket) WriteMessage(t int, b []byte) error {
 	ws.mutex.Lock()
-	defer ws.mutex.Unlock()
-	return ws.conn.WriteMessage(t, b)
+	err := ws.conn.WriteMessage(t, b)
+	ws.mutex.Unlock()
+	return err
 }
Author	SHA1	Message	Date
fiatjaf	583f712fe4	admin: normalize urls for nip86 checking.	2025-04-17 08:02:25 -03:00
Jon Staab	28b1061166	Reject deleted events	2025-04-16 18:55:36 -03:00
Jon Staab	25f19ce46e	Store and serve delete events	2025-04-16 18:55:28 -03:00
fiatjaf	33545587b6	make it so ephemeral events respond with ok:false if no one is listening.	2025-04-14 09:24:34 -03:00
Kay	214371f8bd	refactor(adding): check kind range with proper function.	2025-04-13 09:05:23 -03:00
fiatjaf	fbb40f3b74	use .Find() instead of .GetFirst() everywhere.	2025-04-04 23:07:18 -03:00
fiatjaf	d97a2f1cf2	initialScan()	2025-04-04 17:55:16 -03:00
fiatjaf	c9a7d60543	remove event from expiration manager if it is deleted.	2025-04-03 23:11:47 -03:00
fiatjaf	2bb6d4d29a	simplify WriteMessage, remove the `defer` since it's not needed.	2025-04-03 23:10:39 -03:00
fiatjaf	2292ce4a30	add missing return in repost protected clause.	2025-04-03 23:10:11 -03:00
fiatjaf	2ae219a34c	add khatru.IsInternal() for dealing with internal calls specifically in QueryEvents()	2025-04-03 23:06:57 -03:00
fiatjaf	8c9394993b	reject reposts that embed nip70 protected events. in accordance with new stuff added to nip70 that makes some sense.	2025-03-28 18:08:49 -03:00
fiatjaf	850497956c	include checkid length check from @pippellia-btc	2025-03-24 15:57:20 -03:00
andrewheadricke	28ce6cfb7a	ensure suspected blossom request hash does not have slashes in it	2025-03-24 15:23:00 -03:00
fiatjaf	f47282c745	get rid of base64x temporarily since it doesn't work on arm64.	2025-03-19 15:02:56 -03:00
fiatjaf	f72dea346f	rename menu item on docs to say "blossom".	2025-03-17 13:38:35 -03:00
fiatjaf	51632dcc9f	update blossom example to use a different database. closes https://github.com/fiatjaf/khatru/issues/36	2025-03-17 13:36:41 -03:00
andrewheadricke	6cc2477e89	fix blossom upload < 50bytes	2025-03-15 01:58:07 -03:00
fiatjaf	581c4ece28	updating go-nostr to fix sonic parser bug.	2025-03-14 20:10:52 -03:00
fiatjaf	596bca93c3	go-nostr MessageParser string transition.	2025-03-12 00:53:19 -03:00
fiatjaf	650d9209c3	policies: nip70 enforcer.	2025-03-11 17:42:27 -03:00