remove unused .OnAuth() and update README example.

i.e. if there has been an auth and for some reason the client tried to auth again
after RequestAuth() has been called again.

README.md

@@ -76,16 +76,17 @@ func main() {
 			return false, "" // anyone else can
 		},
 	)
-	relay.OnConnect = append(relay.OnConnect,
-		func(ctx context.Context) {
-			// request NIP-42 AUTH from everybody
-			khatru.RequestAuth(ctx)
-		},
-	)
-	relay.OnAuth = append(relay.OnAuth,
-		func(ctx context.Context, pubkey string) {
-			// and when they auth we just log that for nothing
-			log.Println(pubkey + " is authed!")
+
+	// you can request auth by rejecting an event or a request with the prefix "auth-required: "
+	relay.RejectFilter = append(relay.RejectFilter,
+		func(ctx context.Context, filter nostr.Filter) (reject bool, msg string) {
+			if pubkey := khatru.GetAuthed(ctx); pubkey != "" {
+				log.Printf("request from %s\n", pubkey)
+				return false, ""
+			}
+			return true, "auth-required: only authenticated users can read from this relay"
+			// (this will cause an AUTH message to be sent and then a CLOSED message such that clients can
+			//  authenticate and then request again)
 		},
 	)
 	// check the docs for more goodies!

examples/readme-demo/main.go

@@ -69,12 +69,8 @@ func main() {
 				return false, ""
 			}
 			return true, "auth-required: only authenticated users can read from this relay"
-		},
-	)
-	relay.OnAuth = append(relay.OnAuth,
-		func(ctx context.Context, pubkey string) {
-			// and when they auth we can just log that for nothing
-			log.Println(pubkey + " is authed!")
+			// (this will cause an AUTH message to be sent and then a CLOSED message such that clients can
+			//  authenticate and then request again)
 		},
 	)
 	// check the docs for more goodies!

handlers.go

@@ -50,7 +50,6 @@ func (rl *Relay) HandleWebsocket(w http.ResponseWriter, r *http.Request) {
 		conn:      conn,
 		Request:   r,
 		Challenge: hex.EncodeToString(challenge),
-		Authed:    make(chan struct{}),
 	}
 
 	ctx, cancel := context.WithCancel(
@@ -204,7 +203,12 @@ func (rl *Relay) HandleWebsocket(w http.ResponseWriter, r *http.Request) {
 					wsBaseUrl := strings.Replace(rl.ServiceURL, "http", "ws", 1)
 					if pubkey, ok := nip42.ValidateAuthEvent(&env.Event, ws.Challenge, wsBaseUrl); ok {
 						ws.AuthedPublicKey = pubkey
-						close(ws.Authed)
+						ws.authLock.Lock()
+						if ws.Authed != nil {
+							close(ws.Authed)
+							ws.Authed = nil
+						}
+						ws.authLock.Unlock()
 						ws.WriteJSON(nostr.OKEnvelope{EventID: env.Event.ID, OK: true})
 					} else {
 						ws.WriteJSON(nostr.OKEnvelope{EventID: env.Event.ID, OK: false, Reason: "error: failed to authenticate"})

relay.go

@@ -54,7 +54,6 @@ type Relay struct {
 	DeleteEvent               []func(ctx context.Context, event *nostr.Event) error
 	QueryEvents               []func(ctx context.Context, filter nostr.Filter) (chan *nostr.Event, error)
 	CountEvents               []func(ctx context.Context, filter nostr.Filter) (int64, error)
-	OnAuth                    []func(ctx context.Context, pubkey string)
 	OnConnect                 []func(ctx context.Context)
 	OnDisconnect              []func(ctx context.Context)
 	OnEventSaved              []func(ctx context.Context, event *nostr.Event)

utils.go

@@ -14,6 +14,11 @@ const (
 
 func RequestAuth(ctx context.Context) {
 	ws := GetConnection(ctx)
+	ws.authLock.Lock()
+	if ws.Authed == nil {
+		ws.Authed = make(chan struct{})
+	}
+	ws.authLock.Unlock()
 	ws.WriteJSON(nostr.AuthEnvelope{Challenge: &ws.Challenge})
 }
 

websocket.go

@@ -18,6 +18,8 @@ type WebSocket struct {
 	Challenge       string
 	AuthedPublicKey string
 	Authed          chan struct{}
+
+	authLock sync.Mutex
 }
 
 func (ws *WebSocket) WriteJSON(any any) error {