tests that caught the previous two bugs.

addresses https://t.me/nip29_temp/303

README.md

@@ -128,3 +128,13 @@ Fear no more. Using the https://github.com/fiatjaf/eventstore module you get a b
 	relay.CountEvents = append(relay.CountEvents, db.CountEvents)
 	relay.DeleteEvent = append(relay.DeleteEvent, db.DeleteEvent)
 ```
+
+### But I don't want to write a bunch of custom policies!
+
+Fear no more. We have a bunch of common policies written in the `github.com/fiatjaf/khatru/policies` package and also a handpicked selection of base sane defaults, which you can apply with:
+
+```go
+	policies.ApplySaneDefaults(relay)
+```
+
+Contributions to this are very much welcomed.

adding.go

@@ -10,17 +10,17 @@ import (
 )
 
 // AddEvent sends an event through then normal add pipeline, as if it was received from a websocket.
-func (rl *Relay) AddEvent(ctx context.Context, evt *nostr.Event) error {
+func (rl *Relay) AddEvent(ctx context.Context, evt *nostr.Event) (skipBroadcast bool, writeError error) {
 	if evt == nil {
-		return errors.New("error: event is nil")
+		return false, errors.New("error: event is nil")
 	}
 
 	for _, reject := range rl.RejectEvent {
 		if reject, msg := reject(ctx, evt); reject {
 			if msg == "" {
-				return errors.New("blocked: no reason")
+				return false, errors.New("blocked: no reason")
 			} else {
-				return errors.New(nostr.NormalizeOKMessage(msg, "blocked"))
+				return false, errors.New(nostr.NormalizeOKMessage(msg, "blocked"))
 			}
 		}
 	}
@@ -31,29 +31,53 @@ func (rl *Relay) AddEvent(ctx context.Context, evt *nostr.Event) error {
 			oee(ctx, evt)
 		}
 	} else {
+		// will store
+
+		// but first check if we already have it
+		filter := nostr.Filter{IDs: []string{evt.ID}}
+		for _, query := range rl.QueryEvents {
+			ch, err := query(ctx, filter)
+			if err != nil {
+				continue
+			}
+			for range ch {
+				// if we run this it means we already have this event, so we just return a success and exit
+				return true, nil
+			}
+		}
+
+		// if it's replaceable we first delete old versions
 		if evt.Kind == 0 || evt.Kind == 3 || (10000 <= evt.Kind && evt.Kind < 20000) {
 			// replaceable event, delete before storing
+			filter := nostr.Filter{Authors: []string{evt.PubKey}, Kinds: []int{evt.Kind}}
 			for _, query := range rl.QueryEvents {
-				ch, err := query(ctx, nostr.Filter{Authors: []string{evt.PubKey}, Kinds: []int{evt.Kind}})
+				ch, err := query(ctx, filter)
 				if err != nil {
 					continue
 				}
-				if previous := <-ch; previous != nil && isOlder(previous, evt) {
-					for _, del := range rl.DeleteEvent {
-						del(ctx, previous)
+				for previous := range ch {
+					if isOlder(previous, evt) {
+						for _, del := range rl.DeleteEvent {
+							del(ctx, previous)
+						}
 					}
 				}
 			}
 		} else if 30000 <= evt.Kind && evt.Kind < 40000 {
 			// parameterized replaceable event, delete before storing
 			d := evt.Tags.GetFirst([]string{"d", ""})
-			if d != nil {
-				for _, query := range rl.QueryEvents {
-					ch, err := query(ctx, nostr.Filter{Authors: []string{evt.PubKey}, Kinds: []int{evt.Kind}, Tags: nostr.TagMap{"d": []string{d.Value()}}})
-					if err != nil {
-						continue
-					}
-					if previous := <-ch; previous != nil && isOlder(previous, evt) {
+			if d == nil {
+				return false, fmt.Errorf("invalid: missing 'd' tag on parameterized replaceable event")
+			}
+
+			filter := nostr.Filter{Authors: []string{evt.PubKey}, Kinds: []int{evt.Kind}, Tags: nostr.TagMap{"d": []string{(*d)[1]}}}
+			for _, query := range rl.QueryEvents {
+				ch, err := query(ctx, filter)
+				if err != nil {
+					continue
+				}
+				for previous := range ch {
+					if isOlder(previous, evt) {
 						for _, del := range rl.DeleteEvent {
 							del(ctx, previous)
 						}
@@ -67,9 +91,9 @@ func (rl *Relay) AddEvent(ctx context.Context, evt *nostr.Event) error {
 			if saveErr := store(ctx, evt); saveErr != nil {
 				switch saveErr {
 				case eventstore.ErrDupEvent:
-					return nil
+					return true, nil
 				default:
-					return fmt.Errorf(nostr.NormalizeOKMessage(saveErr.Error(), "error"))
+					return false, fmt.Errorf(nostr.NormalizeOKMessage(saveErr.Error(), "error"))
 				}
 			}
 		}
@@ -79,5 +103,5 @@ func (rl *Relay) AddEvent(ctx context.Context, evt *nostr.Event) error {
 		}
 	}
 
-	return nil
+	return false, nil
 }

broadcasting.go

@@ -7,5 +7,5 @@ import (
 // BroadcastEvent emits an event to all listeners whose filters' match, skipping all filters and actions
 // it also doesn't attempt to store the event or trigger any reactions or callbacks
 func (rl *Relay) BroadcastEvent(evt *nostr.Event) {
-	notifyListeners(evt)
+	rl.notifyListeners(evt)
 }

deleting.go

@@ -34,7 +34,9 @@ func (rl *Relay) handleDeleteRequest(ctx context.Context, evt *nostr.Event) erro
 				if acceptDeletion {
 					// delete it
 					for _, del := range rl.DeleteEvent {
-						del(ctx, target)
+						if err := del(ctx, target); err != nil {
+							return err
+						}
 					}
 				} else {
 					// fail and stop here

docs/.gitignore

@@ -0,0 +1 @@
+node_modules

docs/.prettierrc.yaml

@@ -0,0 +1,9 @@
+semi: false
+arrowParens: avoid
+insertPragma: false
+printWidth: 80
+proseWrap: preserve
+singleQuote: true
+trailingComma: none
+useTabs: false
+bracketSpacing: false

docs/.vitepress/.gitignore

@@ -0,0 +1,2 @@
+cache
+dist

docs/.vitepress/config.js

@@ -0,0 +1,21 @@
+export default {
+  lang: 'en-US',
+  title: 'khatru',
+  description: 'a framework for making Nostr relays',
+  themeConfig: {
+    logo: '/logo.png',
+    nav: [
+      {text: 'Home', link: '/'},
+      {text: 'Why', link: '/why'},
+      {text: 'Use Cases', link: '/use-cases'},
+      {text: 'Get Started', link: '/getting-started'},
+      {text: 'Cookbook', link: '/cookbook'},
+      {text: 'Source', link: 'https://github.com/fiatjaf/khatru'}
+    ],
+    editLink: {
+      pattern: 'https://github.com/fiatjaf/khatru/edit/master/docs/:path'
+    }
+  },
+  head: [['link', {rel: 'icon', href: '/logo.png'}]],
+  cleanUrls: true
+}

docs/.vitepress/theme/Layout.vue

@@ -0,0 +1,11 @@
+<script setup>
+import DefaultTheme from 'vitepress/theme'
+const {Layout} = DefaultTheme
+</script>
+<template>
+  <Layout>
+    <template #layout-bottom>
+      <div class="khatru-layout-bottom">~</div>
+    </template>
+  </Layout>
+</template>

docs/.vitepress/theme/custom.css

@@ -0,0 +1,24 @@
+:root {
+  --vp-c-brand-1: #2eafab;
+  --vp-c-brand-2: #30373b;
+  --vp-c-brand-3: #3b6a3e;
+  --vp-button-brand-bg: #2eafab;
+  --vp-button-brand-hover-bg: #3b6a3e;
+  --vp-button-brand-active-bg: #30373b;
+
+  --vp-c-bg: #f2e6e2;
+  --vp-c-bg-soft: #f3f2f0;
+}
+
+.dark {
+  --vp-c-bg: #0a0a08;
+  --vp-c-bg-soft: #161a0e;
+}
+
+.khatru-layout-bottom {
+  margin: 2rem auto;
+  width: 200px;
+  text-align: center;
+  font-family: monospace;
+  font-size: 2rem;
+}

docs/.vitepress/theme/index.mjs

@@ -0,0 +1,8 @@
+import DefaultTheme from 'vitepress/theme'
+import NostrifyLayout from './Layout.vue'
+import './custom.css'
+
+export default {
+  extends: DefaultTheme,
+  Layout: NostrifyLayout
+}

docs/config.js

@@ -0,0 +1 @@
+.vitepress/config.js

docs/cookbook/auth.md

@@ -0,0 +1,62 @@
+---
+outline: deep
+---
+
+# NIP-42 `AUTH`
+
+`khatru` supports [NIP-42](https://nips.nostr.com/42) out of the box. The functionality is exposed in the following ways.
+
+## Sending arbitrary `AUTH` challenges
+
+At any time you can send an `AUTH` message to a client that is making a request.
+
+It makes sense to give the user the option to authenticate right after they establish a connection, for example, when you have a relay that works differently depending on whether the user is authenticated or not.
+
+```go
+relay := khatru.NewRelay()
+
+relay.OnConnect = append(relay.OnConnect, func(ctx context.Context) {
+	khatru.RequestAuth(ctx)
+})
+```
+
+This will send a NIP-42 `AUTH` challenge message to the client so it will have the option to authenticate itself whenever it wants to.
+
+## Signaling to the client that a specific query requires an authenticated user
+
+If on `RejectFilter` or `RejectEvent` you prefix the message with `auth-required: `, that will automatically send an `AUTH` message before a `CLOSED` or `OK` with that prefix, such that the client will immediately be able to know it must authenticate to proceed and will already have the challenge required for that, so they can immediately replay the request.
+
+```go
+relay.RejectFilter = append(relay.RejectFilter, func(ctx context.Context, filter nostr.Filter) (bool, string) {
+	return true, "auth-required: this query requires you to be authenticated"
+})
+relay.RejectEvent = append(relay.RejectFilter, func(ctx context.Context, event *nostr.Event) (bool, string) {
+	return true, "auth-required: publishing this event requires authentication"
+})
+```
+
+## Reading the auth status of a client
+
+After a client is authenticated and opens a new subscription with `REQ` or sends a new event with `EVENT`, you'll be able to read the public key they're authenticated with.
+
+```go
+relay.RejectFilter = append(relay.RejectFilter, func(ctx context.Context, filter nostr.Filter) (bool, string) {
+	authenticatedUser := khatru.GetAuthed(ctx)
+})
+```
+
+## Telling an authenticated user they're still not allowed to do something
+
+If the user is authenticated but still not allowed (because some specific filters or events are only accessible to some specific users) you can reply on `RejectFilter` or `RejectEvent` with a message prefixed with `"restricted: "` to make that clear to clients.
+
+```go
+relay.RejectFilter = append(relay.RejectFilter, func(ctx context.Context, filter nostr.Filter) (bool, string) {
+	authenticatedUser := khatru.GetAuthed(ctx)
+
+	if slices.Contain(authorizedUsers, authenticatedUser) {
+		return false
+	} else {
+		return true, "restricted: you're not a member of the privileged group that can read that stuff"
+	}
+})
+```

docs/cookbook/custom-live-events.md

@@ -0,0 +1,64 @@
+---
+outline: deep
+---
+
+# Generating custom live events
+
+Suppose you want to generate a new event every time a goal is scored on some soccer game and send that to all clients subscribed to a given game according to a tag `t`.
+
+We'll assume you'll be polling some HTTP API that gives you the game's current score, and that in your `main` function you'll start the function that does the polling:
+
+```go
+func main () {
+	// other stuff here
+	relay := khatru.NewRelay()
+
+	go startPollingGame(relay)
+	// other stuff here
+}
+
+type GameStatus struct {
+	TeamA int `json:"team_a"`
+	TeamB int `json:"team_b"`
+}
+
+func startPollingGame(relay *khatru.Relay) {
+	current := GameStatus{0, 0}
+
+	for {
+		newStatus, err := fetchGameStatus()
+		if err != nil {
+				continue
+		}
+
+		if newStatus.TeamA > current.TeamA {
+				// team A has scored a goal, here we generate an event
+				evt := nostr.Event{
+					CreatedAt: nostr.Now(),
+					Kind: 1,
+					Content: "team A has scored!",
+					Tags: nostr.Tags{{"t", "this-game"}}
+				}
+				evt.Sign(global.RelayPrivateKey)
+				// calling BroadcastEvent will send the event to everybody who has been listening for tag "t=[this-game]"
+				// there is no need to do any code to keep track of these clients or who is listening to what, khatru
+				// does that already in the background automatically
+				relay.BroadcastEvent(evt)
+
+				// just calling BroadcastEvent won't cause this event to be be stored,
+				// if for any reason you want to store these events you must call the store functions manually
+				for _, store := range relay.StoreEvent {
+					store(context.TODO(), evt)
+				}
+		}
+		if newStatus.TeamB > current.TeamB {
+				// same here, if team B has scored a goal
+				// ...
+		}
+	}
+}
+
+func fetchGameStatus() (GameStatus, error) {
+	// implementation of calling some external API goes here
+}
+```

docs/cookbook/custom-stores.md

@@ -0,0 +1,88 @@
+---
+outline: deep
+---
+
+# Generating events on the fly from a non-Nostr data-source
+
+Suppose you want to serve events with the weather data for periods in the past. All you have is a big CSV file with the data.
+
+Then you get a query like `{"#g": ["d6nvp"], "since": 1664074800, "until": 1666666800, "kind": 10774}`, imagine for a while that kind `10774` means weather data.
+
+First you do some geohashing calculation to discover that `d6nvp` corresponds to Willemstad, Curaçao, then you query your XML file for the Curaçao weather data for the given period -- from `2022-09-25` to `2022-10-25`, then you return the events corresponding to such query, signed on the fly:
+
+```go
+func main () {
+	// other stuff here
+	relay := khatru.NewRelay()
+
+	relay.QueryEvents = append(relay.QueryEvents,
+		handleWeatherQuery,
+	)
+	// other stuff here
+}
+
+func handleWeatherQuery(ctx context.Context, filter nostr.Filter) (ch chan *nostr.Event, err error) {
+	if filter.Kind != 10774 {
+		// this function only handles kind 10774, if the query is for something else we return
+		// a nil channel, which corresponds to no results
+		return nil, nil
+	}
+
+	file, err := os.Open("weatherdata.xml")
+	if err != nil {
+		return nil, fmt.Errorf("we have lost our file: %w", err)
+	}
+
+	// QueryEvents functions are expected to return a channel
+	ch := make(chan *nostr.Event)
+
+	// and they can do their query asynchronously, emitting events to the channel as they come
+	go func () {
+		defer file.Close()
+
+		// we're going to do this for each tag in the filter
+		gTags, _ := filter.Tags["g"]
+		for _, gTag := range gTags {
+			// translate geohash into city name
+			citName, err := geohashToCityName(gTag)
+			if err != nil {
+				continue
+			}
+
+			reader := csv.NewReader(file)
+			for {
+				record, err := reader.Read()
+				if err != nil {
+					return
+				}
+
+				// ensure we're only getting records for Willemstad
+				if cityName != record[0] {
+					continue
+				}
+
+				date, _ := time.Parse("2006-01-02", record[1])
+				ts := nostr.Timestamp(date.Unix())
+				if ts > filter.Since && ts < filter.Until {
+					// we found a record that matches the filter, so we make
+					// an event on the fly and return it
+					evt := nostr.Event{
+						CreatedAt: ts,
+						Kind: 10774,
+						Tags: nostr.Tags{
+							{"temperature", record[2]},
+							{"condition", record[3]},
+						}
+					}
+					evt.Sign(global.RelayPrivateKey)
+					ch <- evt
+				}
+			}
+		}
+	}()
+
+	return ch, nil
+}
+```
+
+Beware, the code above is inefficient and the entire approach is not very smart, it's meant just as an example.

docs/cookbook/dynamic.md

@@ -0,0 +1,58 @@
+---
+outline: deep
+---
+
+# Generating `khatru` relays dynamically and serving them from the same path
+
+Suppose you want to expose a different relay interface depending on the subdomain that is accessed. I don't know, maybe you want to serve just events with pictures on `pictures.example.com` and just events with audio files on `audios.example.com`; maybe you want just events in English on `en.example.com` and just examples in Portuguese on `pt.example.com`, there are many possibilities.
+
+You could achieve that with a scheme like the following
+
+```go
+var topLevelHost = "example.com"
+var mainRelay = khatru.NewRelay() // we're omitting all the configuration steps for brevity
+var subRelays = xsync.NewMapOf[string, *khatru.Relay]()
+
+func main () {
+	handler := http.HandlerFunc(dynamicRelayHandler)
+
+	log.Printf("listening at http://0.0.0.0:8080")
+	http.ListenAndServe("0.0.0.0:8080", handler)
+}
+
+func dynamicRelayHandler(w http.ResponseWriter, r *http.Request) {
+	var relay *khatru.Relay
+	subdomain := r.Host[0 : len(topLevelHost)-len(topLevelHost)]
+	if subdomain == "" {
+		// no subdomain, use the main top-level relay
+		relay = mainRelay
+	} else {
+		// call on subdomain, so get a dynamic relay
+		subdomain = subdomain[0 : len(subdomain)-1] // remove dangling "."
+		// get a dynamic relay
+		relay, _ = subRelays.LoadOrCompute(subdomain, func () *khatru.Relay {
+			return makeNewRelay(subdomain)
+		})
+	}
+
+	relay.ServeHTTP(w, r)
+}
+
+func makeNewRelay (subdomain string) *khatru.Relay {
+	// somehow use the subdomain to generate a relay with specific configurations
+	relay := khatru.NewRelay()
+	switch subdomain {
+	case "pictures":
+		// relay configuration shenanigans go here
+	case "audios":
+		// relay configuration shenanigans go here
+	case "en":
+		// relay configuration shenanigans go here
+	case "pt":
+		// relay configuration shenanigans go here
+	}
+	return relay
+}
+```
+
+In practice you could come up with a way that allows all these dynamic relays to share a common underlying datastore, but this is out of the scope of this example.

docs/cookbook/embed.md

@@ -0,0 +1,72 @@
+---
+outline: deep
+---
+
+# Mixing a `khatru` relay with other HTTP handlers
+
+If you already have a web server with all its HTML handlers or a JSON HTTP API or anything like that, something like:
+
+```go
+func main() {
+	mux := http.NewServeMux()
+
+	mux.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.Dir("./static"))))
+	mux.HandleFunc("/.well-known/nostr.json", handleNIP05)
+	mux.HandleFunc("/page/{page}", handlePage)
+	mux.HandleFunc("/", handleHomePage)
+
+	log.Printf("listening at http://0.0.0.0:8080")
+	http.ListenAndServe("0.0.0.0:8080", mux)
+}
+```
+
+Then you can easily inject a relay or two there in alternative paths if you want:
+
+```diff
+ 	mux := http.NewServeMux()
+
++	relay1 := khatru.NewRelay()
++	relay2 := khatru.NewRelay()
++	// and so on
+
+ 	mux.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.Dir("./static"))))
+ 	mux.HandleFunc("/.well-known/nostr.json", handleNIP05)
+ 	mux.HandleFunc("/page/{page}", handlePage)
+ 	mux.HandleFunc("/", handleHomePage)
++	mux.Handle("/relay1", relay1)
++	mux.Handle("/relay2", relay2)
++	// and so forth
+
+ 	log.Printf("listening at http://0.0.0.0:8080")
+```
+
+Imagine each of these relay handlers is different, each can be using a different eventstore and have different policies for writing and reading.
+
+## Exposing a relay interface at the root
+
+If you want to expose your relay at the root path `/` that is also possible. You can just use it as the `mux` directly:
+
+```go
+func main() {
+	relay := khatru.NewRelay()
+	// ... -- relay configuration steps (omitted for brevity)
+
+	mux := relay.Router() // the relay comes with its own http.ServeMux inside
+
+	mux.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.Dir("./static"))))
+	mux.HandleFunc("/.well-known/nostr.json", handleNIP05)
+	mux.HandleFunc("/page/{page}", handlePage)
+	mux.HandleFunc("/", handleHomePage)
+
+	log.Printf("listening at http://0.0.0.0:8080")
+	http.ListenAndServe("0.0.0.0:8080", mux)
+}
+```
+
+Every [`khatru.Relay`](https://pkg.go.dev/github.com/fiatjaf/khatru#Relay) instance comes with its own ['http.ServeMux`](https://pkg.go.dev/net/http#ServeMux) inside. It ensures all requests are handled normally, but intercepts the requests that are pertinent to the relay operation, specifically the WebSocket requests, and the [NIP-11](https://nips.nostr.com/11) and the [NIP-86](https://nips.nostr.com/86) HTTP requests.
+
+## Exposing multiple relays at the same path or at the root
+
+That's also possible, as long as you have a way of differentiating each HTTP request that comes at the middleware level and associating it with a `khatru.Relay` instance in the background.
+
+See [dynamic](dynamic) for an example that does that using the subdomain. [`countries`](https://git.fiatjaf.com/countries) does it using the requester country implied from its IP address.

docs/cookbook/eventstore.md

@@ -0,0 +1,101 @@
+---
+outline: deep
+---
+
+# Using the `eventstore` library
+
+The [`eventstore`](https://github.com/fiatjaf/eventstore) library has adapters that you can easily plug into `khatru`'s:
+
+* `StoreEvent`
+* `DeleteEvent`
+* `QueryEvents`
+* `CountEvents`
+
+For all of them you start by instantiating a struct containing some basic options and a pointer (a file path for local databases, a connection string for remote databases) to the data. Then you call `.Init()` and if all is well you're ready to start storing, querying and deleting events, so you can pass the respective functions to their `khatru` counterparts. These eventstores also expose a `.Close()` function that must be called if you're going to stop using that store and keep your application open.
+
+Here's an example with the [Badger](https://pkg.go.dev/github.com/fiatjaf/eventstore/badger) adapter, made for the [Badger](https://github.com/dgraph-io/badger) embedded key-value database:
+
+```go
+package main
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/fiatjaf/eventstore/badger"
+	"github.com/fiatjaf/khatru"
+)
+
+func main() {
+	relay := khatru.NewRelay()
+
+	db := badger.BadgerBackend{Path: "/tmp/khatru-badger-tmp"}
+	if err := db.Init(); err != nil {
+		panic(err)
+	}
+
+	relay.StoreEvent = append(relay.StoreEvent, db.SaveEvent)
+	relay.QueryEvents = append(relay.QueryEvents, db.QueryEvents)
+	relay.CountEvents = append(relay.CountEvents, db.CountEvents)
+	relay.DeleteEvent = append(relay.DeleteEvent, db.DeleteEvent)
+
+	fmt.Println("running on :3334")
+	http.ListenAndServe(":3334", relay)
+}
+```
+
+Other local key-value embedded databases that work the same way are [LMDB](https://pkg.go.dev/github.com/fiatjaf/eventstore/lmdb) and [BoltDB](https://pkg.go.dev/github.com/fiatjaf/eventstore/bolt).
+
+[SQLite](https://pkg.go.dev/github.com/fiatjaf/eventstore/sqlite3) also stores things locally so it only needs a `Path`.
+
+[PostgreSQL](https://pkg.go.dev/github.com/fiatjaf/eventstore/postgresql) and [MySQL](https://pkg.go.dev/github.com/fiatjaf/eventstore/mysql) use remote connections to database servers, so they take a `DatabaseURL` parameter, but after that it's the same.
+
+## Using two at a time
+
+If you want to use two different adapters at the same time that's easy. Just add both to the corresponding slices:
+
+```go
+	relay.StoreEvent = append(relay.StoreEvent, db1.SaveEvent, db2.SaveEvent)
+	relay.QueryEvents = append(relay.QueryEvents, db1.QueryEvents, db2.SaveEvent)
+```
+
+But that will duplicate events on both and then return duplicated events on each query.
+
+## Sharding
+
+You can do a kind of sharding, for example, by storing some events in one store and others in another:
+
+For example, maybe you want kind 1 events in `db1` and kind 30023 events in `db30023`:
+
+```go
+	relay.StoreEvent = append(relay.StoreEvent, func (ctx context.Context, evt *nostr.Event) error {
+		switch evt.Kind {
+		case 1:
+			return db1.StoreEvent(ctx, evt)
+		case 30023:
+			return db30023.StoreEvent(ctx, evt)
+		default:
+			return nil
+		}
+	})
+	relay.QueryEvents = append(relay.QueryEvents, func (ctx context.Context, filter nostr.Filter) (chan *nostr.Event, error) {
+		for _, kind := range filter.Kinds {
+			switch kind {
+			case 1:
+				filter1 := filter
+				filter1.Kinds = []int{1}
+				return db1.QueryEvents(ctx, filter1)
+			case 30023:
+				filter30023 := filter
+				filter30023.Kinds = []int{30023}
+				return db30023.QueryEvents(ctx, filter30023)
+			default:
+				return nil, nil
+			}
+		}
+	})
+```
+
+## Search
+
+See [search](search).

docs/cookbook/google-drive.md

@@ -0,0 +1,67 @@
+---
+outline: deep
+---
+
+## Querying events from Google Drive
+
+Suppose you have a bunch of events stored in text files on Google Drive and you want to serve them as a relay. You could just store each event as a separate file and use the native Google Drive search to match the queries when serving requests. It would probably not be as fast as using local database, but it would work.
+
+```go
+func main () {
+	// other stuff here
+	relay := khatru.NewRelay()
+
+	relay.StoreEvent = append(relay.StoreEvent, handleEvent)
+	relay.QueryEvents = append(relay.QueryEvents, handleQuery)
+	// other stuff here
+}
+
+func handleEvent(ctx context.Context, event *nostr.Event) error {
+	// store each event as a file on google drive
+	_, err := gdriveService.Files.Create(googledrive.CreateOptions{
+		Name: event.ID, // with the name set to their id
+		Body: event.String(), // the body as the full event JSON
+	})
+	return err
+}
+
+func handleQuery(ctx context.Context, filter nostr.Filter) (ch chan *nostr.Event, err error) {
+	// QueryEvents functions are expected to return a channel
+	ch := make(chan *nostr.Event)
+
+	// and they can do their query asynchronously, emitting events to the channel as they come
+	go func () {
+		if len(filter.IDs) > 0 {
+			// if the query is for ids we can do a simpler name match
+			for _, id := range filter.IDS {
+				results, _ := gdriveService.Files.List(googledrive.ListOptions{
+					Q: fmt.Sprintf("name = '%s'", id)
+				})
+				if len(results) > 0 {
+					var evt nostr.Event
+					json.Unmarshal(results[0].Body, &evt)
+					ch <- evt
+				}
+			}
+		} else {
+			// otherwise we use the google-provided search and hope it will catch tags that are in the event body
+			for tagName, tagValues := range filter.Tags {
+				results, _ := gdriveService.Files.List(googledrive.ListOptions{
+					Q: fmt.Sprintf("fullText contains '%s'", tagValues)
+				})
+				for _, result := range results {
+					var evt nostr.Event
+					json.Unmarshal(results[0].Body, &evt)
+					if filter.Match(evt) {
+						ch <- evt
+					}
+				}
+			}
+		}
+	}()
+
+	return ch, nil
+}
+```
+
+(Disclaimer: since I have no idea of how to properly use the Google Drive API this interface is entirely made up.)

docs/cookbook/index.md

@@ -0,0 +1,11 @@
+# Cookbook
+
+- [Dealing with `AUTH` messages and authenticated users](auth)
+- [Configuring the Relay Management API](management)
+- [Using the eventstore library](eventstore)
+- [Custom store: creating Nostr events on the fly from a non-Nostr source](custom-stores)
+- [Custom store: reading from Google Drive](google-drive)
+- [Live event generation](custom-live-events)
+- [Embedding `khatru` inside other Go HTTP servers](embed)
+- [Generating relays dynamically and serving them from the same path](dynamic)
+- [Routing between multiple relays](routing)

docs/cookbook/management.md

@@ -0,0 +1,85 @@
+---
+outline: deep
+---
+
+# Setting up the Relay Management API
+
+[NIP-86](https://nips.nostr.com/86) specifies a set of RPC methods for managing the boring aspects of relays, such as whitelisting or banning users, banning individual events, banning IPs and so on.
+
+All [`khatru.Relay`](https://pkg.go.dev/github.com/fiatjaf/khatru#Relay) instances expose a field `ManagementAPI` with a [`RelayManagementAPI`](https://pkg.go.dev/github.com/fiatjaf/khatru#RelayManagementAPI) instance inside, which can be used for creating handlers for each of the RPC methods.
+
+There is also a generic `RejectAPICall` which is a slice of functions that will be called before any RPC method, if they exist and, if any of them returns true, the request will be rejected.
+
+The most basic implementation of a `RejectAPICall` handler would be one that checks the public key of the caller with a hardcoded public key of the relay owner:
+
+```go
+var owner = "<my-own-pubkey>"
+var allowedPubkeys = make([]string, 0, 10)
+
+func main () {
+	relay := khatru.NewRelay()
+
+	relay.ManagementAPI.RejectAPICall = append(relay.ManagementAPI.RejectAPICall,
+		func(ctx context.Context, mp nip86.MethodParams) (reject bool, msg string) {
+			user := khatru.GetAuthed(ctx)
+			if user != owner {
+				return true, "go away, intruder"
+			}
+			return false, ""
+		}
+	)
+
+	relay.ManagementAPI.AllowPubKey = func(ctx context.Context, pubkey string, reason string) error {
+		allowedPubkeys = append(allowedPubkeys, pubkey)
+		return nil
+	}
+	relay.ManagementAPI.BanPubKey = func(ctx context.Context, pubkey string, reason string) error {
+		idx := slices.Index(allowedPubkeys, pubkey)
+		if idx == -1 {
+			return fmt.Errorf("pubkey already not allowed")
+		}
+		allowedPubkeys = slices.Delete(allowedPubkeys, idx, idx+1)
+	}
+}
+```
+
+You can also not provide any `RejectAPICall` handler and do the approval specifically on each RPC handler.
+
+In the following example any current member can include any other pubkey, and anyone who was added before is able to remove any pubkey that was added afterwards (not a very good idea, but serves as an example).
+
+```go
+var allowedPubkeys = []string{"<my-own-pubkey>"}
+
+func main () {
+	relay := khatru.NewRelay()
+
+	relay.ManagementAPI.AllowPubKey = func(ctx context.Context, pubkey string, reason string) error {
+		caller := khatru.GetAuthed(ctx)
+
+		if slices.Contains(allowedPubkeys, caller) {
+			allowedPubkeys = append(allowedPubkeys, pubkey)
+			return nil
+		}
+
+		return fmt.Errorf("you're not authorized")
+	}
+	relay.ManagementAPI.BanPubKey = func(ctx context.Context, pubkey string, reason string) error {
+		caller := khatru.GetAuthed(ctx)
+
+		callerIdx := slices.Index(allowedPubkeys, caller)
+		if callerIdx == -1 {
+			return fmt.Errorf("you're not even allowed here")
+		}
+
+		targetIdx := slices.Index(allowedPubkeys, pubkey)
+		if targetIdx < callerIdx {
+			// target is a bigger OG than the caller, so it has bigger influence and can't be removed
+			return fmt.Errorf("you're less powerful than the pubkey you're trying to remove")
+		}
+
+		// allow deletion since the target came after the caller
+		allowedPubkeys = slices.Delete(allowedPubkeys, targetIdx, targetIdx+1)
+		return nil
+	}
+}
+```

docs/cookbook/routing.md

@@ -0,0 +1,63 @@
+---
+outline: deep
+---
+
+# Routing
+
+If you have one (or more) set of policies that have to be executed in sequence (for example, first you check for the presence of a tag, then later in the next policies you use that tag without checking) and they only apply to some class of events, but you still want your relay to deal with other classes of events that can lead to cumbersome sets of rules, always having to check if an event meets the requirements and so on. There is where routing can help you.
+
+It also can be handy if you get a [`khatru.Relay`](https://pkg.go.dev/github.com/fiatjaf/khatru#Relay) from somewhere else, like a library such as [`relay29`](https://github.com/fiatjaf/relay29), and you want to combine it with other policies without some interfering with the others. As in the example below:
+
+```go
+sk := os.Getenv("RELAY_SECRET_KEY")
+
+// a relay for NIP-29 groups
+groupsStore := badger.BadgerBackend{}
+groupsStore.Init()
+groupsRelay, _ := khatru29.Init(relay29.Options{Domain: "example.com", DB: groupsStore, SecretKey: sk})
+// ...
+
+// a relay for everything else
+publicStore := slicestore.SliceStore{}
+publicStore.Init()
+publicRelay := khatru.NewRelay()
+publicRelay.StoreEvent = append(publicRelay.StoreEvent, publicStore.SaveEvent)
+publicRelay.QueryEvents = append(publicRelay.QueryEvents, publicStore.QueryEvents)
+publicRelay.CountEvents = append(publicRelay.CountEvents, publicStore.CountEvents)
+publicRelay.DeleteEvent = append(publicRelay.DeleteEvent, publicStore.DeleteEvent)
+// ...
+
+// a higher-level relay that just routes between the two above
+router := khatru.NewRouter()
+
+// route requests and events to the groups relay
+router.Route().
+	Req(func (filter nostr.Filter) bool {
+		_, hasHTag := filter.Tags["h"]
+		if hasHTag {
+			return true
+		}
+		return slices.Contains(filter.Kinds, func (k int) bool { return k == 39000 || k == 39001 || k == 39002 })
+	}).
+	Event(func (event *nostr.Event) bool {
+		switch {
+		case event.Kind <= 9021 && event.Kind >= 9000:
+			return true
+		case event.Kind <= 39010 && event.Kind >= 39000:
+			return true
+		case event.Kind <= 12 && event.Kind >= 9:
+			return true
+		case event.Tags.GetFirst([]string{"h", ""}) != nil:
+			return true
+		default:
+			return false
+		}
+	}).
+	Relay(groupsRelay)
+
+// route requests and events to the other
+router.Route().
+	Req(func (filter nostr.Filter) bool { return true }).
+	Event(func (event *nostr.Event) bool { return true }).
+	Relay(publicRelay)
+```

docs/cookbook/search.md

@@ -0,0 +1,51 @@
+---
+outline: deep
+---
+
+# Implementing NIP-50 `search` support
+
+The [`nostr.Filter` type](https://pkg.go.dev/github.com/nbd-wtf/go-nostr#Filter) has a `Search` field, so you basically just has to handle that if it's present.
+
+It can be tricky to implement fulltext search properly though, so some [eventstores](eventstore) implement it natively, such as [Bluge](https://pkg.go.dev/github.com/fiatjaf/eventstore/bluge), [OpenSearch](https://pkg.go.dev/github.com/fiatjaf/eventstore/opensearch) and [ElasticSearch](https://pkg.go.dev/github.com/fiatjaf/eventstore/elasticsearch) (although for the last two you'll need an instance of these database servers running, while with Bluge it's embedded).
+
+If you have any of these you can just use them just like any other eventstore:
+
+```go
+func main () {
+    // other stuff here
+
+	normal := &lmdb.LMDBBackend{Path: "data"}
+	os.MkdirAll(normal.Path, 0755)
+	if err := normal.Init(); err != nil {
+		panic(err)
+	}
+
+	search := bluge.BlugeBackend{Path: "search", RawEventStore: normal}
+	if err := search.Init(); err != nil {
+		panic(err)
+	}
+
+	relay.StoreEvent = append(relay.StoreEvent, normal.SaveEvent, search.SaveEvent)
+	relay.QueryEvents = append(relay.QueryEvents, normal.QueryEvents, search.QueryEvents)
+	relay.DeleteEvent = append(relay.DeleteEvent, normal.DeleteEvent, search.DeleteEvent)
+
+    // other stuff here
+}
+```
+
+Note that in this case we're using the [LMDB](https://pkg.go.dev/github.com/fiatjaf/eventstore/lmdb) adapter for normal queries and it explicitly rejects any filter that contains a `Search` field, while [Bluge](https://pkg.go.dev/github.com/fiatjaf/eventstore/bluge) rejects any filter _without_ a `Search` value, which make them pair well together.
+
+Other adapters, like [SQLite](https://pkg.go.dev/github.com/fiatjaf/eventstore/sqlite3), implement search functionality on their own, so if you don't want to use that you would have to have a middleware between, like:
+
+```go
+	relay.StoreEvent = append(relay.StoreEvent, db.SaveEvent, search.SaveEvent)
+	relay.QueryEvents = append(relay.QueryEvents, func (ctx context.Context, filter nostr.Filter) (chan *nostr.Event, error) {
+        if len(filter.Search) > 0 {
+			return search.QueryEvents(ctx, filter)
+        } else {
+			filterNoSearch := filter
+            filterNoSearch.Search = ""
+			return normal.QueryEvents(ctx, filterNoSearch)
+		}
+	})
+```

docs/getting-started/index.md

@@ -0,0 +1,78 @@
+---
+outline: deep
+---
+
+# Getting Started
+
+Download the library:
+
+```bash
+go get github.com/fiatjaf/khatru
+```
+
+Include the library:
+
+```go
+import "github.com/fiatjaf/khatru"
+```
+
+Then in your `main()` function, instantiate a new `Relay`:
+
+```go
+relay := khatru.NewRelay()
+```
+
+Optionally, set up basic info about the relay that will be returned according to [NIP-11](https://nips.nostr.com/11):
+
+```go
+relay.Info.Name = "my relay"
+relay.Info.PubKey = "79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"
+relay.Info.Description = "this is my custom relay"
+relay.Info.Icon = "https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fliquipedia.net%2Fcommons%2Fimages%2F3%2F35%2FSCProbe.jpg&f=1&nofb=1&ipt=0cbbfef25bce41da63d910e86c3c343e6c3b9d63194ca9755351bb7c2efa3359&ipo=images"
+```
+
+Now we must set up the basic functions for accepting events and answering queries. We could make our own querying engine from scratch, but we can also use [eventstore](https://github.com/fiatjaf/eventstore). In this example we'll use the SQLite adapter:
+
+```go
+db := sqlite3.SQLite3Backend{DatabaseURL: "/tmp/khatru-sqlite-tmp"}
+if err := db.Init(); err != nil {
+	panic(err)
+}
+
+relay.StoreEvent = append(relay.StoreEvent, db.SaveEvent)
+relay.QueryEvents = append(relay.QueryEvents, db.QueryEvents)
+relay.DeleteEvent = append(relay.DeleteEvent, db.DeleteEvent)
+```
+
+These are lists of functions that will be called in order every time an `EVENT` is received, or a `REQ` query is received. You can add more than one handler there, you can have a function that reads from some other server, but just in some cases, you can do anything.
+
+The next step is adding some protection, because maybe we don't want to allow _anyone_ to write to our relay. Maybe we want to only allow people that have a pubkey starting with `"a"`, `"b"` or `"c"`:
+
+```go
+relay.RejectEvent = append(relay.RejectEvent, func (ctx context.Context, event *nostr.Event) (reject bool, msg string) {
+	firstHexChar := event.PubKey[0:1]
+	if firstHexChar == "a" || firstHexChar == "b" || firstHexChar == "c" {
+		return false, "" // allow
+	}
+	return true, "you're not allowed in this shard"
+})
+```
+
+We can also make use of some default policies that come bundled with Khatru:
+
+```go
+import "github.com/fiatjaf/khatru" // implied
+
+relay.RejectEvent = append(relay.RejectEvent, policies.PreventLargeTags, policies.PreventTimestampsInThePast(time.Hour * 2), policies.PreventTimestampsInTheFuture(time.Minute * 30))
+```
+
+There are many other ways to customize the relay behavior. Take a look at the [`Relay` struct docs](https://pkg.go.dev/github.com/fiatjaf/khatru#Relay) for more, or see the [cookbook](/cookbook/).
+
+The last step is actually running the server. Our relay is actually an `http.Handler`, so it can just be ran directly with `http.ListenAndServe()` from the standard library:
+
+```go
+fmt.Println("running on :3334")
+http.ListenAndServe(":3334", relay)
+```
+
+And that's it.

docs/index.md

@@ -0,0 +1,41 @@
+---
+layout: home
+
+hero:
+  name: khatru
+  text: a framework for making Nostr relays
+  tagline: write your custom relay with code over configuration
+  actions:
+    - theme: brand
+      text: Get Started
+      link: /getting-started
+    - theme: alt
+      text: Cookbook
+      link: /cookbook/
+
+features:
+  - title: It's a library
+    icon: 🐢
+    link: /getting-started
+    details: This is not an executable that you have to tweak with config files, it's a library that you import and use, so you just write code and it does exactly what you want.
+  - title: It's very very customizable
+    icon: 🎶
+    link: /cookbook/embed
+    details: Run arbitrary functions to reject events, reject filters, overwrite results of queries, perform actual queries, mix the relay stuff with other HTTP handlers or even run it inside an existing website.
+  - title: It plugs into event stores easily
+    icon: 📦
+    link: /cookbook/eventstore
+    details: khatru's companion, the `eventstore` library, provides all methods for storing and querying events efficiently from SQLite, LMDB, Postgres, Badger and others.
+  - title: It supports NIP-42 AUTH
+    icon: 🪪
+    link: /cookbook/auth
+    details: You can check if a client is authenticated or request AUTH anytime, or reject an event or a filter with an "auth-required:" and it will be handled automatically.
+  - title: It supports NIP-86 Management API
+    icon: 🛠️
+    link: /cookbook/management
+    details: You just define your custom handlers for each RPC call and they will be exposed appropriately to management clients.
+  - title: It's written in Go
+    icon: 🛵
+    link: https://pkg.go.dev/github.com/fiatjaf/khatru
+    details: That means it is fast and lightweight, you can learn the language in 5 minutes and it builds your relay into a single binary that's easy to ship and deploy.
+---

docs/justfile

@@ -0,0 +1,7 @@
+export PATH := "./node_modules/.bin:" + env_var('PATH')
+
+dev:
+  vitepress dev
+
+build:
+  vitepress build

docs/package.json

@@ -0,0 +1,5 @@
+{
+  "dependencies": {
+    "vitepress": "^1.3.0"
+  }
+}

docs/use-cases.md

@@ -0,0 +1,26 @@
+# Use cases
+
+`khatru` is being used today in the real world by
+
+* [pyramid](https://github.com/github-tijlxyz/khatru-pyramid), a relay with a invite-based whitelisting system similar to [lobste.rs](https://lobste.rs)
+* [triflector](https://github.com/coracle-social/triflector), a relay which enforces authentication based on custom policy
+* [countries](https://git.fiatjaf.com/countries), a relay that stores and serves content differently according to the country of the reader or writer
+* [jingle](https://github.com/fiatjaf/jingle), a simple relay that exposes part of `khatru`'s configuration options to JavaScript code supplied by the user that is interpreted at runtime
+* [njump](https://git.njump.me/njump), a Nostr gateway to the web that also serves its cached content in a relay interface
+* [song](https://git.fiatjaf.com/song), a personal git server that comes with an embedded relay dedicated to dealing with [NIP-34](https://nips.nostr.com/34) git-related Nostr events
+* [relay29](https://github.com/fiatjaf/relay29), a relay that powers most of the [NIP-29](https://nips.nostr.com/29) Nostr groups ecosystem
+* [fiatjaf.com](https://fiatjaf.com), a personal website that serves the same content as HTML but also as Nostr events.
+
+## Other possible use cases
+
+Other possible use cases, still not developed, include:
+
+* Bridges: `khatru` was initially developed to serve as an RSS-to-Nostr bridge server that would fetch RSS feeds on demand in order to serve them to Nostr clients. Other similar use cases could fit.
+* Paid relays: Nostr has multiple relays that charge for write-access currently, but there are many other unexplored ways to make this scheme work: charge per each note, charge per month, charge per month per note, have different payment methods, and so on.
+* Other whitelisting schemes: _pyramid_ implements a cool inviting scheme for granting access to the relay, same for _triflector_, but there are infinite other possibilities of other ways to grant access to people to an exclusive or community relay.
+* Just-in-time content generation: instead of storing a bunch of signed JSON and serving that to clients, there could be relays that store data in a more compact format and turn it into Nostr events at the time they receive a request from a Nostr client -- or relays that do some kind of live data generation based on who is connected, not storing anything.
+* Community relays: some internet communities may want relays that restrict writing or browsing of content only to its members, essentially making it a closed group -- or it could be closed for outsiders to write, but public for them to read and vice-versa.
+* Automated moderation schemes: relays that are owned by a group (either a static or a dynamic group) can rely on signals from their members, like mutes or reports, to decide what content to allow in its domains and what to disallow, making crowdfunded moderation easy.
+* Curation: in the same way as community relays can deal with unwanted content, they can also perform curation based on signals from their members (for example, if a member of the relay likes some note from someone that is outside the relay that note can be fetched and stored), creating a dynamic relay that can be browsed by anyone that share the same interests as that community.
+* Local relays: a relay that can be only browsed by people using the WiFi connection of some event or some building, serving as a way to share temporary or restricted content that only interests people sharing that circumstance.
+* Cool experiments: relays that only allow one note per user per day, relays that require proof-of-work on event ids], relays that require engagement otherwise you get kicked, relays that return events in different ordering, relays that impose arbitrary funny rules on notes in order for them to be accepted (i.e. they must contain the word "poo"), I don't know!

docs/why.md

@@ -0,0 +1,10 @@
+# Why `khatru`?
+
+If you want to craft a relay that isn't completely dumb, but it's supposed to
+
+* have custom own policies for accepting events;
+* handle requests for stored events using data from multiple sources;
+* require users to authenticate for some operations and not for others;
+* and other stuff.
+
+`khatru` provides a simple framework for creating your custom relay without having to reimplement it all from scratch or hack into other relay codebases.

examples/routing/main.go

@@ -0,0 +1,70 @@
+package main
+
+import (
+	"fmt"
+	"net/http"
+	"slices"
+
+	"github.com/fiatjaf/eventstore/slicestore"
+	"github.com/fiatjaf/eventstore/sqlite3"
+	"github.com/fiatjaf/khatru"
+	"github.com/nbd-wtf/go-nostr"
+)
+
+func main() {
+	db1 := slicestore.SliceStore{}
+	db1.Init()
+	r1 := khatru.NewRelay()
+	r1.StoreEvent = append(r1.StoreEvent, db1.SaveEvent)
+	r1.QueryEvents = append(r1.QueryEvents, db1.QueryEvents)
+	r1.CountEvents = append(r1.CountEvents, db1.CountEvents)
+	r1.DeleteEvent = append(r1.DeleteEvent, db1.DeleteEvent)
+
+	db2 := sqlite3.SQLite3Backend{DatabaseURL: "/tmp/t"}
+	db2.Init()
+	r2 := khatru.NewRelay()
+	r2.StoreEvent = append(r2.StoreEvent, db2.SaveEvent)
+	r2.QueryEvents = append(r2.QueryEvents, db2.QueryEvents)
+	r2.CountEvents = append(r2.CountEvents, db2.CountEvents)
+	r2.DeleteEvent = append(r2.DeleteEvent, db2.DeleteEvent)
+
+	db3 := slicestore.SliceStore{}
+	db3.Init()
+	r3 := khatru.NewRelay()
+	r3.StoreEvent = append(r3.StoreEvent, db3.SaveEvent)
+	r3.QueryEvents = append(r3.QueryEvents, db3.QueryEvents)
+	r3.CountEvents = append(r3.CountEvents, db3.CountEvents)
+	r3.DeleteEvent = append(r3.DeleteEvent, db3.DeleteEvent)
+
+	router := khatru.NewRouter()
+
+	router.Route().
+		Req(func(filter nostr.Filter) bool {
+			return slices.Contains(filter.Kinds, 30023)
+		}).
+		Event(func(event *nostr.Event) bool {
+			return event.Kind == 30023
+		}).
+		Relay(r1)
+
+	router.Route().
+		Req(func(filter nostr.Filter) bool {
+			return slices.Contains(filter.Kinds, 1) && slices.Contains(filter.Tags["t"], "spam")
+		}).
+		Event(func(event *nostr.Event) bool {
+			return event.Kind == 1 && event.Tags.GetFirst([]string{"t", "spam"}) != nil
+		}).
+		Relay(r2)
+
+	router.Route().
+		Req(func(filter nostr.Filter) bool {
+			return slices.Contains(filter.Kinds, 1)
+		}).
+		Event(func(event *nostr.Event) bool {
+			return event.Kind == 1
+		}).
+		Relay(r3)
+
+	fmt.Println("running on :3334")
+	http.ListenAndServe(":3334", router)
+}

get-started.go

@@ -49,11 +49,12 @@ func (rl *Relay) Start(host string, port int, started ...chan bool) error {
 // Shutdown sends a websocket close control message to all connected clients.
 func (rl *Relay) Shutdown(ctx context.Context) {
 	rl.httpServer.Shutdown(ctx)
-
-	rl.clients.Range(func(conn *websocket.Conn, _ struct{}) bool {
-		conn.WriteControl(websocket.CloseMessage, nil, time.Now().Add(time.Second))
-		conn.Close()
-		rl.clients.Delete(conn)
-		return true
-	})
+	rl.clientsMutex.Lock()
+	defer rl.clientsMutex.Unlock()
+	for ws := range rl.clients {
+		ws.conn.WriteControl(websocket.CloseMessage, nil, time.Now().Add(time.Second))
+		ws.conn.Close()
+	}
+	clear(rl.clients)
+	rl.listeners = rl.listeners[:0]
 }

go.mod

@@ -4,11 +4,11 @@ go 1.21.4
 
 require (
 	github.com/fasthttp/websocket v1.5.7
-	github.com/fiatjaf/eventstore v0.3.8
-	github.com/nbd-wtf/go-nostr v0.28.1
+	github.com/fiatjaf/eventstore v0.5.1
+	github.com/nbd-wtf/go-nostr v0.34.5
 	github.com/puzpuzpuz/xsync/v3 v3.0.2
 	github.com/rs/cors v1.7.0
-	github.com/sebest/xff v0.0.0-20210106013422-671bd2870b3a
+	github.com/stretchr/testify v1.9.0
 )
 
 require (
@@ -18,6 +18,7 @@ require (
 	github.com/btcsuite/btcd/btcec/v2 v2.3.2 // indirect
 	github.com/btcsuite/btcd/chaincfg/chainhash v1.0.2 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/decred/dcrd/crypto/blake256 v1.0.1 // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
 	github.com/dgraph-io/badger/v4 v4.2.0 // indirect
@@ -38,11 +39,12 @@ require (
 	github.com/google/flatbuffers v23.5.26+incompatible // indirect
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
-	github.com/klauspost/compress v1.17.3 // indirect
+	github.com/klauspost/compress v1.17.8 // indirect
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-sqlite3 v1.14.18 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/savsgio/gotils v0.0.0-20230208104028-c358bd845dee // indirect
 	github.com/tidwall/gjson v1.17.0 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
@@ -52,6 +54,7 @@ require (
 	go.opencensus.io v0.24.0 // indirect
 	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
 	golang.org/x/net v0.18.0 // indirect
-	golang.org/x/sys v0.14.0 // indirect
+	golang.org/x/sys v0.20.0 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -47,8 +47,8 @@ github.com/fasthttp/websocket v1.5.7 h1:0a6o2OfeATvtGgoMKleURhLT6JqWPg7fYfWnH4KH
 github.com/fasthttp/websocket v1.5.7/go.mod h1:bC4fxSono9czeXHQUVKxsC0sNjbm7lPJR04GDFqClfU=
 github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
 github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
-github.com/fiatjaf/eventstore v0.3.8 h1:q4jcN95O2CVA+wP47V25BcVSNvjfOiPPIWgPmQ6hTRk=
-github.com/fiatjaf/eventstore v0.3.8/go.mod h1:Qsm5loQICkazpsj8tQmcOK95AVkQQNF09Xx/NS/Biow=
+github.com/fiatjaf/eventstore v0.5.1 h1:tTh+JYP0RME51VY2QB2Gvtzj6QTaZAnSVhgZtrYqY2A=
+github.com/fiatjaf/eventstore v0.5.1/go.mod h1:r5yCFmrVNT2b1xUOuMnDVS3xPGh97y8IgTcLyY2rYP8=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
 github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
@@ -103,8 +103,12 @@ github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8Hm
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.17.3 h1:qkRjuerhUU1EmXLYGkSH6EZL+vPSxIrYjLNAK4slzwA=
-github.com/klauspost/compress v1.17.3/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
+github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU=
+github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
@@ -113,8 +117,8 @@ github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJ
 github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
 github.com/mattn/go-sqlite3 v1.14.18 h1:JL0eqdCOq6DJVNPSvArO/bIV9/P7fbGrV00LZHc+5aI=
 github.com/mattn/go-sqlite3 v1.14.18/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
-github.com/nbd-wtf/go-nostr v0.28.1 h1:XQi/lBsigBXHRm7IDBJE7SR9citCh9srgf8sA5iVW3A=
-github.com/nbd-wtf/go-nostr v0.28.1/go.mod h1:OQ8sNLFJnsj17BdqZiLSmjJBIFTfDqckEYC3utS4qoY=
+github.com/nbd-wtf/go-nostr v0.34.5 h1:vti8WqvGWbVoWAPniaz7li2TpCyC+7ZS62Gmy7ib/z0=
+github.com/nbd-wtf/go-nostr v0.34.5/go.mod h1:NZQkxl96ggbO8rvDpVjcsojJqKTPwqhP4i82O7K5DJs=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@@ -126,8 +130,6 @@ github.com/rs/cors v1.7.0 h1:+88SsELBHx5r+hZ8TCkggzSstaWNbDvThkVK8H6f9ik=
 github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
 github.com/savsgio/gotils v0.0.0-20230208104028-c358bd845dee h1:8Iv5m6xEo1NR1AvpV+7XmhI4r39LGNzwUL4YpMuL5vk=
 github.com/savsgio/gotils v0.0.0-20230208104028-c358bd845dee/go.mod h1:qwtSXrKuJh/zsFQ12yEE89xfCrGKK63Rr7ctU/uCo4g=
-github.com/sebest/xff v0.0.0-20210106013422-671bd2870b3a h1:iLcLb5Fwwz7g/DLK89F+uQBDeAhHhwdzB5fSlVdhGcM=
-github.com/sebest/xff v0.0.0-20210106013422-671bd2870b3a/go.mod h1:wozgYq9WEBQBaIJe4YZ0qTSFAMxmcwBhQH0fO0R34Z0=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
@@ -135,8 +137,8 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/tidwall/gjson v1.17.0 h1:/Jocvlh98kcTfpN2+JzGQWQcqrPQwDrVEMApx/M5ZwM=
 github.com/tidwall/gjson v1.17.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
 github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
@@ -186,8 +188,8 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20221010170243-090e33056c14/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
-golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -226,6 +228,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
 google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
 google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

handlers.go

@@ -5,7 +5,6 @@ import (
 	"crypto/rand"
 	"crypto/sha256"
 	"encoding/hex"
-	"encoding/json"
 	"errors"
 	"net/http"
 	"strings"
@@ -28,18 +27,27 @@ func (rl *Relay) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		rl.HandleWebsocket(w, r)
 	} else if r.Header.Get("Accept") == "application/nostr+json" {
 		cors.AllowAll().Handler(http.HandlerFunc(rl.HandleNIP11)).ServeHTTP(w, r)
+	} else if r.Header.Get("Content-Type") == "application/nostr+json+rpc" {
+		cors.AllowAll().Handler(http.HandlerFunc(rl.HandleNIP86)).ServeHTTP(w, r)
 	} else {
 		rl.serveMux.ServeHTTP(w, r)
 	}
 }
 
 func (rl *Relay) HandleWebsocket(w http.ResponseWriter, r *http.Request) {
+	for _, reject := range rl.RejectConnection {
+		if reject(r) {
+			w.WriteHeader(429) // Too many requests
+			return
+		}
+	}
+
 	conn, err := rl.upgrader.Upgrade(w, r, nil)
 	if err != nil {
 		rl.Log.Printf("failed to upgrade websocket: %v\n", err)
 		return
 	}
-	rl.clients.Store(conn, struct{}{})
+
 	ticker := time.NewTicker(rl.PingPeriod)
 
 	// NIP-42 challenge
@@ -52,6 +60,10 @@ func (rl *Relay) HandleWebsocket(w http.ResponseWriter, r *http.Request) {
 		Challenge: hex.EncodeToString(challenge),
 	}
 
+	rl.clientsMutex.Lock()
+	rl.clients[ws] = make([]listenerSpec, 0, 2)
+	rl.clientsMutex.Unlock()
+
 	ctx, cancel := context.WithCancel(
 		context.WithValue(
 			context.Background(),
@@ -66,11 +78,9 @@ func (rl *Relay) HandleWebsocket(w http.ResponseWriter, r *http.Request) {
 
 		ticker.Stop()
 		cancel()
-		if _, ok := rl.clients.Load(conn); ok {
-			conn.Close()
-			rl.clients.Delete(conn)
-			removeListener(ws)
-		}
+		conn.Close()
+
+		rl.removeClientAndListeners(ws)
 	}
 
 	go func() {
@@ -159,23 +169,31 @@ func (rl *Relay) HandleWebsocket(w http.ResponseWriter, r *http.Request) {
 						}
 					}
 
+					srl := rl
+					if rl.getSubRelayFromEvent != nil {
+						srl = rl.getSubRelayFromEvent(&env.Event)
+					}
+
 					var ok bool
 					var writeErr error
+					var skipBroadcast bool
 					if env.Event.Kind == 5 {
 						// this always returns "blocked: " whenever it returns an error
-						writeErr = rl.handleDeleteRequest(ctx, &env.Event)
+						writeErr = srl.handleDeleteRequest(ctx, &env.Event)
 					} else {
 						// this will also always return a prefixed reason
-						writeErr = rl.AddEvent(ctx, &env.Event)
+						skipBroadcast, writeErr = srl.AddEvent(ctx, &env.Event)
 					}
 
 					var reason string
 					if writeErr == nil {
 						ok = true
-						for _, ovw := range rl.OverwriteResponseEvent {
+						for _, ovw := range srl.OverwriteResponseEvent {
 							ovw(ctx, &env.Event)
 						}
-						notifyListeners(&env.Event)
+						if !skipBroadcast {
+							srl.notifyListeners(&env.Event)
+						}
 					} else {
 						reason = writeErr.Error()
 						if strings.HasPrefix(reason, "auth-required:") {
@@ -188,9 +206,14 @@ func (rl *Relay) HandleWebsocket(w http.ResponseWriter, r *http.Request) {
 						ws.WriteJSON(nostr.ClosedEnvelope{SubscriptionID: env.SubscriptionID, Reason: "unsupported: this relay does not support NIP-45"})
 						return
 					}
+
 					var total int64
 					for _, filter := range env.Filters {
-						total += rl.handleCountRequest(ctx, ws, filter)
+						srl := rl
+						if rl.getSubRelayFromFilter != nil {
+							srl = rl.getSubRelayFromFilter(filter)
+						}
+						total += srl.handleCountRequest(ctx, ws, filter)
 					}
 					ws.WriteJSON(nostr.CountEnvelope{SubscriptionID: env.SubscriptionID, Count: &total})
 				case *nostr.ReqEnvelope:
@@ -205,7 +228,11 @@ func (rl *Relay) HandleWebsocket(w http.ResponseWriter, r *http.Request) {
 
 					// handle each filter separately -- dispatching events as they're loaded from databases
 					for _, filter := range env.Filters {
-						err := rl.handleRequest(reqCtx, env.SubscriptionID, &eose, ws, filter)
+						srl := rl
+						if rl.getSubRelayFromFilter != nil {
+							srl = rl.getSubRelayFromFilter(filter)
+						}
+						err := srl.handleRequest(reqCtx, env.SubscriptionID, &eose, ws, filter)
 						if err != nil {
 							// fail everything if any filter is rejected
 							reason := err.Error()
@@ -215,6 +242,8 @@ func (rl *Relay) HandleWebsocket(w http.ResponseWriter, r *http.Request) {
 							ws.WriteJSON(nostr.ClosedEnvelope{SubscriptionID: env.SubscriptionID, Reason: reason})
 							cancelReqCtx(errors.New("filter rejected"))
 							return
+						} else {
+							rl.addListener(ws, env.SubscriptionID, srl, filter, cancelReqCtx)
 						}
 					}
 
@@ -225,10 +254,9 @@ func (rl *Relay) HandleWebsocket(w http.ResponseWriter, r *http.Request) {
 						cancelReqCtx(nil)
 						ws.WriteJSON(nostr.EOSEEnvelope(env.SubscriptionID))
 					}()
-
-					setListener(env.SubscriptionID, ws, env.Filters, cancelReqCtx)
 				case *nostr.CloseEnvelope:
-					removeListenerId(ws, string(*env))
+					id := string(*env)
+					rl.removeListenerId(ws, id)
 				case *nostr.AuthEnvelope:
 					wsBaseUrl := strings.Replace(rl.ServiceURL, "http", "ws", 1)
 					if pubkey, ok := nip42.ValidateAuthEvent(&env.Event, ws.Challenge, wsBaseUrl); ok {
@@ -267,14 +295,3 @@ func (rl *Relay) HandleWebsocket(w http.ResponseWriter, r *http.Request) {
 		}
 	}()
 }
-
-func (rl *Relay) HandleNIP11(w http.ResponseWriter, r *http.Request) {
-	w.Header().Set("Content-Type", "application/nostr+json")
-
-	info := *rl.Info
-	for _, ovw := range rl.OverwriteRelayInformation {
-		info = ovw(r.Context(), r, info)
-	}
-
-	json.NewEncoder(w).Encode(info)
-}

helpers.go

@@ -1,6 +1,7 @@
 package khatru
 
 import (
+	"net"
 	"net/http"
 	"strconv"
 	"strings"
@@ -34,3 +35,43 @@ func getServiceBaseURL(r *http.Request) string {
 	}
 	return proto + "://" + host
 }
+
+var privateMasks = func() []net.IPNet {
+	privateCIDRs := []string{
+		"127.0.0.0/8",
+		"10.0.0.0/8",
+		"172.16.0.0/12",
+		"192.168.0.0/16",
+		"fc00::/7",
+	}
+	masks := make([]net.IPNet, len(privateCIDRs))
+	for i, cidr := range privateCIDRs {
+		_, netw, err := net.ParseCIDR(cidr)
+		if err != nil {
+			return nil
+		}
+		masks[i] = *netw
+	}
+	return masks
+}()
+
+func isPrivate(ip net.IP) bool {
+	for _, mask := range privateMasks {
+		if mask.Contains(ip) {
+			return true
+		}
+	}
+	return false
+}
+
+func GetIPFromRequest(r *http.Request) string {
+	if xffh := r.Header.Get("X-Forwarded-For"); xffh != "" {
+		for _, v := range strings.Split(xffh, ",") {
+			if ip := net.ParseIP(strings.TrimSpace(v)); ip != nil && ip.IsGlobalUnicast() && !isPrivate(ip) {
+				return ip.String()
+			}
+		}
+	}
+	ip, _, _ := net.SplitHostPort(r.RemoteAddr)
+	return ip
+}

listener.go

@@ -2,86 +2,145 @@ package khatru
 
 import (
 	"context"
-	"fmt"
+	"errors"
+	"slices"
 
 	"github.com/nbd-wtf/go-nostr"
-	"github.com/puzpuzpuz/xsync/v3"
 )
 
-type Listener struct {
-	filters nostr.Filters
-	cancel  context.CancelCauseFunc
+var ErrSubscriptionClosedByClient = errors.New("subscription closed by client")
+
+type listenerSpec struct {
+	id       string // kept here so we can easily match against it removeListenerId
+	cancel   context.CancelCauseFunc
+	index    int
+	subrelay *Relay // this is important when we're dealing with routing, otherwise it will be always the same
 }
 
-var listeners = xsync.NewMapOf[*WebSocket, *xsync.MapOf[string, *Listener]]()
+type listener struct {
+	id     string // duplicated here so we can easily send it on notifyListeners
+	filter nostr.Filter
+	ws     *WebSocket
+}
 
-func GetListeningFilters() nostr.Filters {
-	respfilters := make(nostr.Filters, 0, listeners.Size()*2)
-
-	// here we go through all the existing listeners
-	listeners.Range(func(_ *WebSocket, subs *xsync.MapOf[string, *Listener]) bool {
-		subs.Range(func(_ string, listener *Listener) bool {
-			for _, listenerfilter := range listener.filters {
-				for _, respfilter := range respfilters {
-					// check if this filter specifically is already added to respfilters
-					if nostr.FilterEqual(listenerfilter, respfilter) {
-						goto nextconn
-					}
-				}
-
-				// field not yet present on respfilters, add it
-				respfilters = append(respfilters, listenerfilter)
-
-				// continue to the next filter
-			nextconn:
-				continue
-			}
-
-			return true
-		})
-
-		return true
-	})
-
-	// respfilters will be a slice with all the distinct filter we currently have active
+func (rl *Relay) GetListeningFilters() []nostr.Filter {
+	respfilters := make([]nostr.Filter, len(rl.listeners))
+	for i, l := range rl.listeners {
+		respfilters[i] = l.filter
+	}
 	return respfilters
 }
 
-func setListener(id string, ws *WebSocket, filters nostr.Filters, cancel context.CancelCauseFunc) {
-	subs, _ := listeners.LoadOrCompute(ws, func() *xsync.MapOf[string, *Listener] {
-		return xsync.NewMapOf[string, *Listener]()
-	})
-	subs.Store(id, &Listener{filters: filters, cancel: cancel})
+// addListener may be called multiple times for each id and ws -- in which case each filter will
+// be added as an independent listener
+func (rl *Relay) addListener(
+	ws *WebSocket,
+	id string,
+	subrelay *Relay,
+	filter nostr.Filter,
+	cancel context.CancelCauseFunc,
+) {
+	rl.clientsMutex.Lock()
+	defer rl.clientsMutex.Unlock()
+
+	if specs, ok := rl.clients[ws]; ok /* this will always be true unless client has disconnected very rapidly */ {
+		idx := len(subrelay.listeners)
+		rl.clients[ws] = append(specs, listenerSpec{
+			id:       id,
+			cancel:   cancel,
+			subrelay: subrelay,
+			index:    idx,
+		})
+		subrelay.listeners = append(subrelay.listeners, listener{
+			ws:     ws,
+			id:     id,
+			filter: filter,
+		})
+	}
 }
 
 // remove a specific subscription id from listeners for a given ws client
 // and cancel its specific context
-func removeListenerId(ws *WebSocket, id string) {
-	if subs, ok := listeners.Load(ws); ok {
-		if listener, ok := subs.LoadAndDelete(id); ok {
-			listener.cancel(fmt.Errorf("subscription closed by client"))
-		}
-		if subs.Size() == 0 {
-			listeners.Delete(ws)
+func (rl *Relay) removeListenerId(ws *WebSocket, id string) {
+	rl.clientsMutex.Lock()
+	defer rl.clientsMutex.Unlock()
+
+	if specs, ok := rl.clients[ws]; ok {
+		// swap delete specs that match this id
+		for s := len(specs) - 1; s >= 0; s-- {
+			spec := specs[s]
+			if spec.id == id {
+				spec.cancel(ErrSubscriptionClosedByClient)
+				specs[s] = specs[len(specs)-1]
+				specs = specs[0 : len(specs)-1]
+				rl.clients[ws] = specs
+
+				// swap delete listeners one at a time, as they may be each in a different subrelay
+				srl := spec.subrelay // == rl in normal cases, but different when this came from a route
+
+				if spec.index != len(srl.listeners)-1 {
+					movedFromIndex := len(srl.listeners) - 1
+					moved := srl.listeners[movedFromIndex] // this wasn't removed, but will be moved
+					srl.listeners[spec.index] = moved
+
+					// now we must update the the listener we just moved
+					// so its .index reflects its new position on srl.listeners
+					movedSpecs := rl.clients[moved.ws]
+					idx := slices.IndexFunc(movedSpecs, func(ls listenerSpec) bool {
+						return ls.index == movedFromIndex
+					})
+					movedSpecs[idx].index = spec.index
+					rl.clients[moved.ws] = movedSpecs
+				}
+				srl.listeners = srl.listeners[0 : len(srl.listeners)-1] // finally reduce the slice length
+			}
 		}
 	}
 }
 
-// remove WebSocket conn from listeners
-// (no need to cancel contexts as they are all inherited from the main connection context)
-func removeListener(ws *WebSocket) {
-	listeners.Delete(ws)
+func (rl *Relay) removeClientAndListeners(ws *WebSocket) {
+	rl.clientsMutex.Lock()
+	defer rl.clientsMutex.Unlock()
+	if specs, ok := rl.clients[ws]; ok {
+		// swap delete listeners and delete client (all specs will be deleted)
+		for s, spec := range specs {
+			// no need to cancel contexts since they inherit from the main connection context
+			// just delete the listeners (swap-delete)
+			srl := spec.subrelay
+
+			if spec.index != len(srl.listeners)-1 {
+				movedFromIndex := len(srl.listeners) - 1
+				moved := srl.listeners[movedFromIndex] // this wasn't removed, but will be moved
+				srl.listeners[spec.index] = moved
+
+				// temporarily update the spec of the listener being removed to have index == -1
+				// (since it was removed) so it doesn't match in the search below
+				rl.clients[ws][s].index = -1
+
+				// now we must update the the listener we just moved
+				// so its .index reflects its new position on srl.listeners
+				movedSpecs := rl.clients[moved.ws]
+				idx := slices.IndexFunc(movedSpecs, func(ls listenerSpec) bool {
+					return ls.index == movedFromIndex
+				})
+				movedSpecs[idx].index = spec.index
+				rl.clients[moved.ws] = movedSpecs
+			}
+			srl.listeners = srl.listeners[0 : len(srl.listeners)-1] // finally reduce the slice length
+		}
+	}
+	delete(rl.clients, ws)
 }
 
-func notifyListeners(event *nostr.Event) {
-	listeners.Range(func(ws *WebSocket, subs *xsync.MapOf[string, *Listener]) bool {
-		subs.Range(func(id string, listener *Listener) bool {
-			if !listener.filters.Match(event) {
-				return true
+func (rl *Relay) notifyListeners(event *nostr.Event) {
+	for _, listener := range rl.listeners {
+		if listener.filter.Matches(event) {
+			for _, pb := range rl.PreventBroadcast {
+				if pb(listener.ws, event) {
+					return
+				}
 			}
-			ws.WriteJSON(nostr.EventEnvelope{SubscriptionID: &id, Event: *event})
-			return true
-		})
-		return true
-	})
+			listener.ws.WriteJSON(nostr.EventEnvelope{SubscriptionID: &listener.id, Event: *event})
+		}
+	}
 }

listener_test.go

@@ -0,0 +1,503 @@
+package khatru
+
+import (
+	"math/rand"
+	"testing"
+
+	"github.com/nbd-wtf/go-nostr"
+	"github.com/stretchr/testify/require"
+)
+
+func TestListenerSetupAndRemoveOnce(t *testing.T) {
+	rl := NewRelay()
+
+	ws1 := &WebSocket{}
+	ws2 := &WebSocket{}
+
+	f1 := nostr.Filter{Kinds: []int{1}}
+	f2 := nostr.Filter{Kinds: []int{2}}
+	f3 := nostr.Filter{Kinds: []int{3}}
+
+	rl.clients[ws1] = nil
+	rl.clients[ws2] = nil
+
+	var cancel func(cause error) = nil
+
+	t.Run("adding listeners", func(t *testing.T) {
+		rl.addListener(ws1, "1a", rl, f1, cancel)
+		rl.addListener(ws1, "1b", rl, f2, cancel)
+		rl.addListener(ws2, "2a", rl, f3, cancel)
+		rl.addListener(ws1, "1c", rl, f3, cancel)
+
+		require.Equal(t, map[*WebSocket][]listenerSpec{
+			ws1: {
+				{"1a", cancel, 0, rl},
+				{"1b", cancel, 1, rl},
+				{"1c", cancel, 3, rl},
+			},
+			ws2: {
+				{"2a", cancel, 2, rl},
+			},
+		}, rl.clients)
+
+		require.Equal(t, []listener{
+			{"1a", f1, ws1},
+			{"1b", f2, ws1},
+			{"2a", f3, ws2},
+			{"1c", f3, ws1},
+		}, rl.listeners)
+	})
+
+	t.Run("removing a client", func(t *testing.T) {
+		rl.removeClientAndListeners(ws1)
+
+		require.Equal(t, map[*WebSocket][]listenerSpec{
+			ws2: {
+				{"2a", cancel, 0, rl},
+			},
+		}, rl.clients)
+
+		require.Equal(t, []listener{
+			{"2a", f3, ws2},
+		}, rl.listeners)
+	})
+}
+
+func TestListenerMoreConvolutedCase(t *testing.T) {
+	rl := NewRelay()
+
+	ws1 := &WebSocket{}
+	ws2 := &WebSocket{}
+	ws3 := &WebSocket{}
+	ws4 := &WebSocket{}
+
+	f1 := nostr.Filter{Kinds: []int{1}}
+	f2 := nostr.Filter{Kinds: []int{2}}
+	f3 := nostr.Filter{Kinds: []int{3}}
+
+	rl.clients[ws1] = nil
+	rl.clients[ws2] = nil
+	rl.clients[ws3] = nil
+	rl.clients[ws4] = nil
+
+	var cancel func(cause error) = nil
+
+	t.Run("adding listeners", func(t *testing.T) {
+		rl.addListener(ws1, "c", rl, f1, cancel)
+		rl.addListener(ws2, "b", rl, f2, cancel)
+		rl.addListener(ws3, "a", rl, f3, cancel)
+		rl.addListener(ws4, "d", rl, f3, cancel)
+		rl.addListener(ws2, "b", rl, f1, cancel)
+
+		require.Equal(t, map[*WebSocket][]listenerSpec{
+			ws1: {
+				{"c", cancel, 0, rl},
+			},
+			ws2: {
+				{"b", cancel, 1, rl},
+				{"b", cancel, 4, rl},
+			},
+			ws3: {
+				{"a", cancel, 2, rl},
+			},
+			ws4: {
+				{"d", cancel, 3, rl},
+			},
+		}, rl.clients)
+
+		require.Equal(t, []listener{
+			{"c", f1, ws1},
+			{"b", f2, ws2},
+			{"a", f3, ws3},
+			{"d", f3, ws4},
+			{"b", f1, ws2},
+		}, rl.listeners)
+	})
+
+	t.Run("removing a client", func(t *testing.T) {
+		rl.removeClientAndListeners(ws2)
+
+		require.Equal(t, map[*WebSocket][]listenerSpec{
+			ws1: {
+				{"c", cancel, 0, rl},
+			},
+			ws3: {
+				{"a", cancel, 2, rl},
+			},
+			ws4: {
+				{"d", cancel, 1, rl},
+			},
+		}, rl.clients)
+
+		require.Equal(t, []listener{
+			{"c", f1, ws1},
+			{"d", f3, ws4},
+			{"a", f3, ws3},
+		}, rl.listeners)
+	})
+
+	t.Run("reorganize the first case differently and then remove again", func(t *testing.T) {
+		rl.clients = map[*WebSocket][]listenerSpec{
+			ws1: {
+				{"c", cancel, 1, rl},
+			},
+			ws2: {
+				{"b", cancel, 2, rl},
+				{"b", cancel, 4, rl},
+			},
+			ws3: {
+				{"a", cancel, 0, rl},
+			},
+			ws4: {
+				{"d", cancel, 3, rl},
+			},
+		}
+		rl.listeners = []listener{
+			{"a", f3, ws3},
+			{"c", f1, ws1},
+			{"b", f2, ws2},
+			{"d", f3, ws4},
+			{"b", f1, ws2},
+		}
+
+		rl.removeClientAndListeners(ws2)
+
+		require.Equal(t, map[*WebSocket][]listenerSpec{
+			ws1: {
+				{"c", cancel, 1, rl},
+			},
+			ws3: {
+				{"a", cancel, 0, rl},
+			},
+			ws4: {
+				{"d", cancel, 2, rl},
+			},
+		}, rl.clients)
+
+		require.Equal(t, []listener{
+			{"a", f3, ws3},
+			{"c", f1, ws1},
+			{"d", f3, ws4},
+		}, rl.listeners)
+	})
+}
+
+func TestListenerMoreStuffWithMultipleRelays(t *testing.T) {
+	rl := NewRelay()
+
+	ws1 := &WebSocket{}
+	ws2 := &WebSocket{}
+	ws3 := &WebSocket{}
+	ws4 := &WebSocket{}
+
+	f1 := nostr.Filter{Kinds: []int{1}}
+	f2 := nostr.Filter{Kinds: []int{2}}
+	f3 := nostr.Filter{Kinds: []int{3}}
+
+	rlx := NewRelay()
+	rly := NewRelay()
+	rlz := NewRelay()
+
+	rl.clients[ws1] = nil
+	rl.clients[ws2] = nil
+	rl.clients[ws3] = nil
+	rl.clients[ws4] = nil
+
+	var cancel func(cause error) = nil
+
+	t.Run("adding listeners", func(t *testing.T) {
+		rl.addListener(ws1, "c", rlx, f1, cancel)
+		rl.addListener(ws2, "b", rly, f2, cancel)
+		rl.addListener(ws3, "a", rlz, f3, cancel)
+		rl.addListener(ws4, "d", rlx, f3, cancel)
+		rl.addListener(ws4, "e", rlx, f3, cancel)
+		rl.addListener(ws3, "a", rlx, f3, cancel)
+		rl.addListener(ws4, "e", rly, f3, cancel)
+		rl.addListener(ws3, "f", rly, f3, cancel)
+		rl.addListener(ws1, "g", rlz, f1, cancel)
+		rl.addListener(ws2, "g", rlz, f2, cancel)
+
+		require.Equal(t, map[*WebSocket][]listenerSpec{
+			ws1: {
+				{"c", cancel, 0, rlx},
+				{"g", cancel, 1, rlz},
+			},
+			ws2: {
+				{"b", cancel, 0, rly},
+				{"g", cancel, 2, rlz},
+			},
+			ws3: {
+				{"a", cancel, 0, rlz},
+				{"a", cancel, 3, rlx},
+				{"f", cancel, 2, rly},
+			},
+			ws4: {
+				{"d", cancel, 1, rlx},
+				{"e", cancel, 2, rlx},
+				{"e", cancel, 1, rly},
+			},
+		}, rl.clients)
+
+		require.Equal(t, []listener{
+			{"c", f1, ws1},
+			{"d", f3, ws4},
+			{"e", f3, ws4},
+			{"a", f3, ws3},
+		}, rlx.listeners)
+
+		require.Equal(t, []listener{
+			{"b", f2, ws2},
+			{"e", f3, ws4},
+			{"f", f3, ws3},
+		}, rly.listeners)
+
+		require.Equal(t, []listener{
+			{"a", f3, ws3},
+			{"g", f1, ws1},
+			{"g", f2, ws2},
+		}, rlz.listeners)
+	})
+
+	t.Run("removing a subscription id", func(t *testing.T) {
+		// removing 'd' from ws4
+		rl.clients[ws4][0].cancel = func(cause error) {} // set since removing will call it
+		rl.removeListenerId(ws4, "d")
+
+		require.Equal(t, map[*WebSocket][]listenerSpec{
+			ws1: {
+				{"c", cancel, 0, rlx},
+				{"g", cancel, 1, rlz},
+			},
+			ws2: {
+				{"b", cancel, 0, rly},
+				{"g", cancel, 2, rlz},
+			},
+			ws3: {
+				{"a", cancel, 0, rlz},
+				{"a", cancel, 1, rlx},
+				{"f", cancel, 2, rly},
+			},
+			ws4: {
+				{"e", cancel, 1, rly},
+				{"e", cancel, 2, rlx},
+			},
+		}, rl.clients)
+
+		require.Equal(t, []listener{
+			{"c", f1, ws1},
+			{"a", f3, ws3},
+			{"e", f3, ws4},
+		}, rlx.listeners)
+
+		require.Equal(t, []listener{
+			{"b", f2, ws2},
+			{"e", f3, ws4},
+			{"f", f3, ws3},
+		}, rly.listeners)
+
+		require.Equal(t, []listener{
+			{"a", f3, ws3},
+			{"g", f1, ws1},
+			{"g", f2, ws2},
+		}, rlz.listeners)
+	})
+
+	t.Run("removing another subscription id", func(t *testing.T) {
+		// removing 'a' from ws3
+		rl.clients[ws3][0].cancel = func(cause error) {} // set since removing will call it
+		rl.clients[ws3][1].cancel = func(cause error) {} // set since removing will call it
+		rl.removeListenerId(ws3, "a")
+
+		require.Equal(t, map[*WebSocket][]listenerSpec{
+			ws1: {
+				{"c", cancel, 0, rlx},
+				{"g", cancel, 1, rlz},
+			},
+			ws2: {
+				{"b", cancel, 0, rly},
+				{"g", cancel, 0, rlz},
+			},
+			ws3: {
+				{"f", cancel, 2, rly},
+			},
+			ws4: {
+				{"e", cancel, 1, rly},
+				{"e", cancel, 1, rlx},
+			},
+		}, rl.clients)
+
+		require.Equal(t, []listener{
+			{"c", f1, ws1},
+			{"e", f3, ws4},
+		}, rlx.listeners)
+
+		require.Equal(t, []listener{
+			{"b", f2, ws2},
+			{"e", f3, ws4},
+			{"f", f3, ws3},
+		}, rly.listeners)
+
+		require.Equal(t, []listener{
+			{"g", f2, ws2},
+			{"g", f1, ws1},
+		}, rlz.listeners)
+	})
+
+	t.Run("removing a connection", func(t *testing.T) {
+		rl.removeClientAndListeners(ws2)
+
+		require.Equal(t, map[*WebSocket][]listenerSpec{
+			ws1: {
+				{"c", cancel, 0, rlx},
+				{"g", cancel, 0, rlz},
+			},
+			ws3: {
+				{"f", cancel, 0, rly},
+			},
+			ws4: {
+				{"e", cancel, 1, rly},
+				{"e", cancel, 1, rlx},
+			},
+		}, rl.clients)
+
+		require.Equal(t, []listener{
+			{"c", f1, ws1},
+			{"e", f3, ws4},
+		}, rlx.listeners)
+
+		require.Equal(t, []listener{
+			{"f", f3, ws3},
+			{"e", f3, ws4},
+		}, rly.listeners)
+
+		require.Equal(t, []listener{
+			{"g", f1, ws1},
+		}, rlz.listeners)
+	})
+
+	t.Run("removing another subscription id", func(t *testing.T) {
+		// removing 'e' from ws4
+		rl.clients[ws4][0].cancel = func(cause error) {} // set since removing will call it
+		rl.clients[ws4][1].cancel = func(cause error) {} // set since removing will call it
+		rl.removeListenerId(ws4, "e")
+
+		require.Equal(t, map[*WebSocket][]listenerSpec{
+			ws1: {
+				{"c", cancel, 0, rlx},
+				{"g", cancel, 0, rlz},
+			},
+			ws3: {
+				{"f", cancel, 0, rly},
+			},
+			ws4: {},
+		}, rl.clients)
+
+		require.Equal(t, []listener{
+			{"c", f1, ws1},
+		}, rlx.listeners)
+
+		require.Equal(t, []listener{
+			{"f", f3, ws3},
+		}, rly.listeners)
+
+		require.Equal(t, []listener{
+			{"g", f1, ws1},
+		}, rlz.listeners)
+	})
+}
+
+func TestRandomListenerClientRemoving(t *testing.T) {
+	rl := NewRelay()
+
+	f := nostr.Filter{Kinds: []int{1}}
+	cancel := func(cause error) {}
+
+	websockets := make([]*WebSocket, 0, 20)
+
+	l := 0
+
+	for i := 0; i < 20; i++ {
+		ws := &WebSocket{}
+		websockets = append(websockets, ws)
+		rl.clients[ws] = nil
+	}
+
+	for j := 0; j < 20; j++ {
+		for i := 0; i < 20; i++ {
+			ws := websockets[i]
+			w := string(rune(i + 65))
+
+			if rand.Intn(2) < 1 {
+				l++
+				rl.addListener(ws, w+":"+string(rune(j+97)), rl, f, cancel)
+			}
+		}
+	}
+
+	require.Len(t, rl.clients, 20)
+	require.Len(t, rl.listeners, l)
+
+	for ws := range rl.clients {
+		rl.removeClientAndListeners(ws)
+	}
+
+	require.Len(t, rl.clients, 0)
+	require.Len(t, rl.listeners, 0)
+}
+
+func TestRandomListenerIdRemoving(t *testing.T) {
+	rl := NewRelay()
+
+	f := nostr.Filter{Kinds: []int{1}}
+	cancel := func(cause error) {}
+
+	websockets := make([]*WebSocket, 0, 20)
+
+	type wsid struct {
+		ws *WebSocket
+		id string
+	}
+
+	subs := make([]wsid, 0, 20*20)
+	extra := 0
+
+	for i := 0; i < 20; i++ {
+		ws := &WebSocket{}
+		websockets = append(websockets, ws)
+		rl.clients[ws] = nil
+	}
+
+	for j := 0; j < 20; j++ {
+		for i := 0; i < 20; i++ {
+			ws := websockets[i]
+			w := string(rune(i + 65))
+
+			if rand.Intn(2) < 1 {
+				id := w + ":" + string(rune(j+97))
+				rl.addListener(ws, id, rl, f, cancel)
+				subs = append(subs, wsid{ws, id})
+
+				if rand.Intn(5) < 1 {
+					rl.addListener(ws, id, rl, f, cancel)
+					extra++
+				}
+			}
+		}
+	}
+
+	require.Len(t, rl.clients, 20)
+	require.Len(t, rl.listeners, len(subs)+extra)
+
+	rand.Shuffle(len(subs), func(i, j int) {
+		subs[i], subs[j] = subs[j], subs[i]
+	})
+	for _, wsidToRemove := range subs {
+		rl.removeListenerId(wsidToRemove.ws, wsidToRemove.id)
+	}
+
+	require.Len(t, rl.listeners, 0)
+	require.Len(t, rl.clients, 20)
+	for _, specs := range rl.clients {
+		require.Len(t, specs, 0)
+	}
+}

nip11.go

@@ -0,0 +1,25 @@
+package khatru
+
+import (
+	"encoding/json"
+	"net/http"
+)
+
+func (rl *Relay) HandleNIP11(w http.ResponseWriter, r *http.Request) {
+	w.Header().Set("Content-Type", "application/nostr+json")
+
+	info := *rl.Info
+
+	if len(rl.DeleteEvent) > 0 {
+		info.SupportedNIPs = append(info.SupportedNIPs, 9)
+	}
+	if len(rl.CountEvents) > 0 {
+		info.SupportedNIPs = append(info.SupportedNIPs, 45)
+	}
+
+	for _, ovw := range rl.OverwriteRelayInformation {
+		info = ovw(r.Context(), r, info)
+	}
+
+	json.NewEncoder(w).Encode(info)
+}

nip86.go

@@ -0,0 +1,270 @@
+package khatru
+
+import (
+	"context"
+	"crypto/sha256"
+	"encoding/base64"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"reflect"
+	"strings"
+
+	"github.com/nbd-wtf/go-nostr"
+	"github.com/nbd-wtf/go-nostr/nip86"
+)
+
+type RelayManagementAPI struct {
+	RejectAPICall []func(ctx context.Context, mp nip86.MethodParams) (reject bool, msg string)
+
+	BanPubKey                   func(ctx context.Context, pubkey string, reason string) error
+	ListBannedPubKeys           func(ctx context.Context) ([]nip86.PubKeyReason, error)
+	AllowPubKey                 func(ctx context.Context, pubkey string, reason string) error
+	ListAllowedPubKeys          func(ctx context.Context) ([]nip86.PubKeyReason, error)
+	ListEventsNeedingModeration func(ctx context.Context) ([]nip86.IDReason, error)
+	AllowEvent                  func(ctx context.Context, id string, reason string) error
+	BanEvent                    func(ctx context.Context, id string, reason string) error
+	ListBannedEvents            func(ctx context.Context) ([]nip86.IDReason, error)
+	ChangeRelayName             func(ctx context.Context, name string) error
+	ChangeRelayDescription      func(ctx context.Context, desc string) error
+	ChangeRelayIcon             func(ctx context.Context, icon string) error
+	AllowKind                   func(ctx context.Context, kind int) error
+	DisallowKind                func(ctx context.Context, kind int) error
+	ListAllowedKinds            func(ctx context.Context) ([]int, error)
+	BlockIP                     func(ctx context.Context, ip net.IP, reason string) error
+	UnblockIP                   func(ctx context.Context, ip net.IP, reason string) error
+	ListBlockedIPs              func(ctx context.Context) ([]nip86.IPReason, error)
+}
+
+func (rl *Relay) HandleNIP86(w http.ResponseWriter, r *http.Request) {
+	w.Header().Set("Content-Type", "application/nostr+json+rpc")
+
+	var (
+		resp        nip86.Response
+		ctx         = r.Context()
+		req         nip86.Request
+		mp          nip86.MethodParams
+		evt         nostr.Event
+		payloadHash [32]byte
+	)
+
+	payload, err := io.ReadAll(r.Body)
+	if err != nil {
+		resp.Error = "empty request"
+		goto respond
+	}
+	payloadHash = sha256.Sum256(payload)
+
+	{
+		auth := r.Header.Get("Authorization")
+		spl := strings.Split(auth, "Nostr ")
+		if len(spl) != 2 {
+			resp.Error = "missing auth"
+			goto respond
+		}
+		if evtj, err := base64.StdEncoding.DecodeString(spl[1]); err != nil {
+			resp.Error = "invalid base64 auth"
+			goto respond
+		} else if err := json.Unmarshal(evtj, &evt); err != nil {
+			resp.Error = "invalid auth event json"
+			goto respond
+		} else if ok, _ := evt.CheckSignature(); !ok {
+			resp.Error = "invalid auth event"
+			goto respond
+		} else if uTag := evt.Tags.GetFirst([]string{"u", ""}); uTag == nil || getServiceBaseURL(r) != (*uTag)[1] {
+			resp.Error = "invalid 'u' tag"
+			goto respond
+		} else if pht := evt.Tags.GetFirst([]string{"payload", hex.EncodeToString(payloadHash[:])}); pht == nil {
+			resp.Error = "invalid auth event payload hash"
+			goto respond
+		} else if evt.CreatedAt < nostr.Now()-30 {
+			resp.Error = "auth event is too old"
+			goto respond
+		}
+	}
+
+	if err := json.Unmarshal(payload, &req); err != nil {
+		resp.Error = "invalid json body"
+		goto respond
+	}
+
+	mp, err = nip86.DecodeRequest(req)
+	if err != nil {
+		resp.Error = fmt.Sprintf("invalid params: %s", err)
+		goto respond
+	}
+
+	ctx = context.WithValue(ctx, nip86HeaderAuthKey, evt.PubKey)
+	for _, rac := range rl.ManagementAPI.RejectAPICall {
+		if reject, msg := rac(ctx, mp); reject {
+			resp.Error = msg
+			goto respond
+		}
+	}
+
+	if _, ok := mp.(nip86.SupportedMethods); ok {
+		mat := reflect.TypeOf(rl.ManagementAPI)
+		mav := reflect.ValueOf(rl.ManagementAPI)
+
+		methods := make([]string, 0, mat.NumField())
+		for i := 0; i < mat.NumField(); i++ {
+			field := mat.Field(i)
+
+			// danger: this assumes the struct fields are appropriately named
+			methodName := strings.ToLower(field.Name)
+
+			// assign this only if the function was defined
+			if mav.Field(i).Interface() != nil {
+				methods[i] = methodName
+			}
+		}
+		resp.Result = methods
+	} else {
+		switch thing := mp.(type) {
+		case nip86.BanPubKey:
+			if rl.ManagementAPI.BanPubKey == nil {
+				resp.Error = fmt.Sprintf("method %s not supported", thing.MethodName())
+			} else if err := rl.ManagementAPI.BanPubKey(ctx, thing.PubKey, thing.Reason); err != nil {
+				resp.Error = err.Error()
+			} else {
+				resp.Result = true
+			}
+		case nip86.ListBannedPubKeys:
+			if rl.ManagementAPI.ListBannedPubKeys == nil {
+				resp.Error = fmt.Sprintf("method %s not supported", thing.MethodName())
+			} else if result, err := rl.ManagementAPI.ListBannedPubKeys(ctx); err != nil {
+				resp.Error = err.Error()
+			} else {
+				resp.Result = result
+			}
+		case nip86.AllowPubKey:
+			if rl.ManagementAPI.AllowPubKey == nil {
+				resp.Error = fmt.Sprintf("method %s not supported", thing.MethodName())
+			} else if err := rl.ManagementAPI.AllowPubKey(ctx, thing.PubKey, thing.Reason); err != nil {
+				resp.Error = err.Error()
+			} else {
+				resp.Result = true
+			}
+		case nip86.ListAllowedPubKeys:
+			if rl.ManagementAPI.ListAllowedPubKeys == nil {
+				resp.Error = fmt.Sprintf("method %s not supported", thing.MethodName())
+			} else if result, err := rl.ManagementAPI.ListAllowedPubKeys(ctx); err != nil {
+				resp.Error = err.Error()
+			} else {
+				resp.Result = result
+			}
+		case nip86.BanEvent:
+			if rl.ManagementAPI.BanEvent == nil {
+				resp.Error = fmt.Sprintf("method %s not supported", thing.MethodName())
+			} else if err := rl.ManagementAPI.BanEvent(ctx, thing.ID, thing.Reason); err != nil {
+				resp.Error = err.Error()
+			} else {
+				resp.Result = true
+			}
+		case nip86.AllowEvent:
+			if rl.ManagementAPI.AllowEvent == nil {
+				resp.Error = fmt.Sprintf("method %s not supported", thing.MethodName())
+			} else if err := rl.ManagementAPI.AllowEvent(ctx, thing.ID, thing.Reason); err != nil {
+				resp.Error = err.Error()
+			} else {
+				resp.Result = true
+			}
+		case nip86.ListEventsNeedingModeration:
+			if rl.ManagementAPI.ListEventsNeedingModeration == nil {
+				resp.Error = fmt.Sprintf("method %s not supported", thing.MethodName())
+			} else if result, err := rl.ManagementAPI.ListEventsNeedingModeration(ctx); err != nil {
+				resp.Error = err.Error()
+			} else {
+				resp.Result = result
+			}
+		case nip86.ListBannedEvents:
+			if rl.ManagementAPI.ListBannedEvents == nil {
+				resp.Error = fmt.Sprintf("method %s not supported", thing.MethodName())
+			} else if result, err := rl.ManagementAPI.ListEventsNeedingModeration(ctx); err != nil {
+				resp.Error = err.Error()
+			} else {
+				resp.Result = result
+			}
+		case nip86.ChangeRelayName:
+			if rl.ManagementAPI.ChangeRelayName == nil {
+				resp.Error = fmt.Sprintf("method %s not supported", thing.MethodName())
+			} else if err := rl.ManagementAPI.ChangeRelayName(ctx, thing.Name); err != nil {
+				resp.Error = err.Error()
+			} else {
+				resp.Result = true
+			}
+		case nip86.ChangeRelayDescription:
+			if rl.ManagementAPI.ChangeRelayDescription == nil {
+				resp.Error = fmt.Sprintf("method %s not supported", thing.MethodName())
+			} else if err := rl.ManagementAPI.ChangeRelayDescription(ctx, thing.Description); err != nil {
+				resp.Error = err.Error()
+			} else {
+				resp.Result = true
+			}
+		case nip86.ChangeRelayIcon:
+			if rl.ManagementAPI.ChangeRelayIcon == nil {
+				resp.Error = fmt.Sprintf("method %s not supported", thing.MethodName())
+			} else if err := rl.ManagementAPI.ChangeRelayIcon(ctx, thing.IconURL); err != nil {
+				resp.Error = err.Error()
+			} else {
+				resp.Result = true
+			}
+		case nip86.AllowKind:
+			if rl.ManagementAPI.AllowKind == nil {
+				resp.Error = fmt.Sprintf("method %s not supported", thing.MethodName())
+			} else if err := rl.ManagementAPI.AllowKind(ctx, thing.Kind); err != nil {
+				resp.Error = err.Error()
+			} else {
+				resp.Result = true
+			}
+		case nip86.DisallowKind:
+			if rl.ManagementAPI.DisallowKind == nil {
+				resp.Error = fmt.Sprintf("method %s not supported", thing.MethodName())
+			} else if err := rl.ManagementAPI.DisallowKind(ctx, thing.Kind); err != nil {
+				resp.Error = err.Error()
+			} else {
+				resp.Result = true
+			}
+		case nip86.ListAllowedKinds:
+			if rl.ManagementAPI.ListAllowedKinds == nil {
+				resp.Error = fmt.Sprintf("method %s not supported", thing.MethodName())
+			} else if result, err := rl.ManagementAPI.ListAllowedKinds(ctx); err != nil {
+				resp.Error = err.Error()
+			} else {
+				resp.Result = result
+			}
+		case nip86.BlockIP:
+			if rl.ManagementAPI.BlockIP == nil {
+				resp.Error = fmt.Sprintf("method %s not supported", thing.MethodName())
+			} else if err := rl.ManagementAPI.BlockIP(ctx, thing.IP, thing.Reason); err != nil {
+				resp.Error = err.Error()
+			} else {
+				resp.Result = true
+			}
+		case nip86.UnblockIP:
+			if rl.ManagementAPI.UnblockIP == nil {
+				resp.Error = fmt.Sprintf("method %s not supported", thing.MethodName())
+			} else if err := rl.ManagementAPI.UnblockIP(ctx, thing.IP, thing.Reason); err != nil {
+				resp.Error = err.Error()
+			} else {
+				resp.Result = true
+			}
+		case nip86.ListBlockedIPs:
+			if rl.ManagementAPI.ListBlockedIPs == nil {
+				resp.Error = fmt.Sprintf("method %s not supported", thing.MethodName())
+			} else if result, err := rl.ManagementAPI.ListBlockedIPs(ctx); err != nil {
+				resp.Error = err.Error()
+			} else {
+				resp.Result = result
+			}
+		default:
+			resp.Error = fmt.Sprintf("method '%s' not known", mp.MethodName())
+		}
+	}
+
+respond:
+	json.NewEncoder(w).Encode(resp)
+}

policies/events.go

@@ -2,8 +2,9 @@ package policies
 
 import (
 	"context"
-
+	"fmt"
 	"slices"
+	"strings"
 
 	"github.com/nbd-wtf/go-nostr"
 )
@@ -14,6 +15,9 @@ import (
 // If ignoreKinds is given this restriction will not apply to these kinds (useful for allowing a bigger).
 // If onlyKinds is given then all other kinds will be ignored.
 func PreventTooManyIndexableTags(max int, ignoreKinds []int, onlyKinds []int) func(context.Context, *nostr.Event) (bool, string) {
+	slices.Sort(ignoreKinds)
+	slices.Sort(onlyKinds)
+
 	ignore := func(kind int) bool { return false }
 	if len(ignoreKinds) > 0 {
 		ignore = func(kind int) bool {
@@ -63,32 +67,15 @@ func PreventLargeTags(maxTagValueLen int) func(context.Context, *nostr.Event) (b
 // RestrictToSpecifiedKinds returns a function that can be used as a RejectFilter that will reject
 // any events with kinds different than the specified ones.
 func RestrictToSpecifiedKinds(kinds ...uint16) func(context.Context, *nostr.Event) (bool, string) {
-	max := 0
-	min := 0
-	for _, kind := range kinds {
-		if int(kind) > max {
-			max = int(kind)
-		}
-		if int(kind) < min {
-			min = int(kind)
-		}
-	}
+	// sort the kinds in increasing order
+	slices.Sort(kinds)
 
 	return func(ctx context.Context, event *nostr.Event) (reject bool, msg string) {
-		// these are cheap and very questionable optimizations, but they exist for a reason:
-		// we would have to ensure that the kind number is within the bounds of a uint16 anyway
-		if event.Kind > max {
-			return true, "event kind not allowed"
-		}
-		if event.Kind < min {
-			return true, "event kind not allowed"
-		}
-
-		// hopefully this map of uint16s is very fast
 		if _, allowed := slices.BinarySearch(kinds, uint16(event.Kind)); allowed {
 			return false, ""
 		}
-		return true, "event kind not allowed"
+
+		return true, fmt.Sprintf("received event kind %d not allowed", event.Kind)
 	}
 }
 
@@ -109,3 +96,7 @@ func PreventTimestampsInTheFuture(thresholdSeconds nostr.Timestamp) func(context
 		return false, ""
 	}
 }
+
+func RejectEventsWithBase64Media(ctx context.Context, evt *nostr.Event) (bool, string) {
+	return strings.Contains(evt.Content, "data:image/") || strings.Contains(evt.Content, "data:video/"), "event with base64 media"
+}

policies/filters.go

@@ -2,7 +2,6 @@ package policies
 
 import (
 	"context"
-
 	"slices"
 
 	"github.com/nbd-wtf/go-nostr"
@@ -48,7 +47,7 @@ func NoSearchQueries(ctx context.Context, filter nostr.Filter) (reject bool, msg
 func RemoveSearchQueries(ctx context.Context, filter *nostr.Filter) {
 	if filter.Search != "" {
 		filter.Search = ""
-		filter.Limit = -1 // signals that this query should be just skipped
+		filter.LimitZero = true // signals that this query should be just skipped
 	}
 }
 
@@ -63,7 +62,7 @@ func RemoveAllButKinds(kinds ...uint16) func(context.Context, *nostr.Filter) {
 			}
 			filter.Kinds = newKinds
 			if len(filter.Kinds) == 0 {
-				filter.Limit = -1 // signals that this query should be just skipped
+				filter.LimitZero = true // signals that this query should be just skipped
 			}
 		}
 	}
@@ -78,7 +77,7 @@ func RemoveAllButTags(tagNames ...string) func(context.Context, *nostr.Filter) {
 				}
 			}
 			if len(filter.Tags) == 0 {
-				filter.Limit = -1 // signals that this query should be just skipped
+				filter.LimitZero = true // signals that this query should be just skipped
 			}
 		}
 	}

policies/helpers.go

@@ -0,0 +1,43 @@
+package policies
+
+import (
+	"sync/atomic"
+	"time"
+
+	"github.com/puzpuzpuz/xsync/v3"
+)
+
+func startRateLimitSystem[K comparable](
+	tokensPerInterval int,
+	interval time.Duration,
+	maxTokens int,
+) func(key K) (ratelimited bool) {
+	negativeBuckets := xsync.NewMapOf[K, *atomic.Int32]()
+	maxTokensInt32 := int32(maxTokens)
+
+	go func() {
+		for {
+			time.Sleep(interval)
+			negativeBuckets.Range(func(key K, bucket *atomic.Int32) bool {
+				newv := bucket.Add(int32(-tokensPerInterval))
+				if newv <= 0 {
+					negativeBuckets.Delete(key)
+				}
+				return true
+			})
+		}
+	}()
+
+	return func(key K) bool {
+		nb, _ := negativeBuckets.LoadOrStore(key, &atomic.Int32{})
+
+		if nb.Load() < maxTokensInt32 {
+			nb.Add(1)
+			// rate limit not reached yet
+			return false
+		}
+
+		// rate limit reached
+		return true
+	}
+}

policies/ratelimits.go

@@ -0,0 +1,42 @@
+package policies
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/fiatjaf/khatru"
+	"github.com/nbd-wtf/go-nostr"
+)
+
+func EventIPRateLimiter(tokensPerInterval int, interval time.Duration, maxTokens int) func(ctx context.Context, _ *nostr.Event) (reject bool, msg string) {
+	rl := startRateLimitSystem[string](tokensPerInterval, interval, maxTokens)
+
+	return func(ctx context.Context, _ *nostr.Event) (reject bool, msg string) {
+		return rl(khatru.GetIP(ctx)), "rate-limited: slow down, please"
+	}
+}
+
+func EventPubKeyRateLimiter(tokensPerInterval int, interval time.Duration, maxTokens int) func(ctx context.Context, _ *nostr.Event) (reject bool, msg string) {
+	rl := startRateLimitSystem[string](tokensPerInterval, interval, maxTokens)
+
+	return func(ctx context.Context, evt *nostr.Event) (reject bool, msg string) {
+		return rl(evt.PubKey), "rate-limited: slow down, please"
+	}
+}
+
+func ConnectionRateLimiter(tokensPerInterval int, interval time.Duration, maxTokens int) func(r *http.Request) bool {
+	rl := startRateLimitSystem[string](tokensPerInterval, interval, maxTokens)
+
+	return func(r *http.Request) bool {
+		return rl(khatru.GetIPFromRequest(r))
+	}
+}
+
+func FilterIPRateLimiter(tokensPerInterval int, interval time.Duration, maxTokens int) func(ctx context.Context, _ nostr.Filter) (reject bool, msg string) {
+	rl := startRateLimitSystem[string](tokensPerInterval, interval, maxTokens)
+
+	return func(ctx context.Context, _ nostr.Filter) (reject bool, msg string) {
+		return rl(khatru.GetIP(ctx)), "rate-limited: there is a bug in the client, no one should be making so many requests"
+	}
+}

policies/sane_defaults.go

@@ -0,0 +1,24 @@
+package policies
+
+import (
+	"time"
+
+	"github.com/fiatjaf/khatru"
+)
+
+func ApplySaneDefaults(relay *khatru.Relay) {
+	relay.RejectEvent = append(relay.RejectEvent,
+		RejectEventsWithBase64Media,
+		EventIPRateLimiter(2, time.Minute*3, 5),
+	)
+
+	relay.RejectFilter = append(relay.RejectFilter,
+		NoEmptyFilters,
+		NoComplexFilters,
+		FilterIPRateLimiter(20, time.Minute, 100),
+	)
+
+	relay.RejectConnection = append(relay.RejectConnection,
+		ConnectionRateLimiter(1, time.Minute*5, 3),
+	)
+}

relay.go

@@ -5,22 +5,22 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"sync"
 	"time"
 
 	"github.com/fasthttp/websocket"
 	"github.com/nbd-wtf/go-nostr"
 	"github.com/nbd-wtf/go-nostr/nip11"
-	"github.com/puzpuzpuz/xsync/v3"
 )
 
 func NewRelay() *Relay {
-	return &Relay{
+	rl := &Relay{
 		Log: log.New(os.Stderr, "[khatru-relay] ", log.LstdFlags),
 
 		Info: &nip11.RelayInformationDocument{
 			Software:      "https://github.com/fiatjaf/khatru",
 			Version:       "n/a",
-			SupportedNIPs: []int{1, 11, 70},
+			SupportedNIPs: []int{1, 11, 42, 70, 86},
 		},
 
 		upgrader: websocket.Upgrader{
@@ -29,7 +29,9 @@ func NewRelay() *Relay {
 			CheckOrigin:     func(r *http.Request) bool { return true },
 		},
 
-		clients:  xsync.NewMapOf[*websocket.Conn, struct{}](),
+		clients:   make(map[*WebSocket][]listenerSpec, 100),
+		listeners: make([]listener, 0, 100),
+
 		serveMux: &http.ServeMux{},
 
 		WriteWait:      10 * time.Second,
@@ -37,29 +39,42 @@ func NewRelay() *Relay {
 		PingPeriod:     30 * time.Second,
 		MaxMessageSize: 512000,
 	}
+
+	return rl
 }
 
 type Relay struct {
 	ServiceURL string
 
+	// these structs keeps track of all the things that can be customized when handling events or requests
 	RejectEvent               []func(ctx context.Context, event *nostr.Event) (reject bool, msg string)
-	RejectFilter              []func(ctx context.Context, filter nostr.Filter) (reject bool, msg string)
-	RejectCountFilter         []func(ctx context.Context, filter nostr.Filter) (reject bool, msg string)
 	OverwriteDeletionOutcome  []func(ctx context.Context, target *nostr.Event, deletion *nostr.Event) (acceptDeletion bool, msg string)
-	OverwriteResponseEvent    []func(ctx context.Context, event *nostr.Event)
-	OverwriteFilter           []func(ctx context.Context, filter *nostr.Filter)
-	OverwriteCountFilter      []func(ctx context.Context, filter *nostr.Filter)
-	OverwriteRelayInformation []func(ctx context.Context, r *http.Request, info nip11.RelayInformationDocument) nip11.RelayInformationDocument
 	StoreEvent                []func(ctx context.Context, event *nostr.Event) error
 	DeleteEvent               []func(ctx context.Context, event *nostr.Event) error
-	QueryEvents               []func(ctx context.Context, filter nostr.Filter) (chan *nostr.Event, error)
-	CountEvents               []func(ctx context.Context, filter nostr.Filter) (int64, error)
-	OnConnect                 []func(ctx context.Context)
-	OnDisconnect              []func(ctx context.Context)
 	OnEventSaved              []func(ctx context.Context, event *nostr.Event)
 	OnEphemeralEvent          []func(ctx context.Context, event *nostr.Event)
+	RejectFilter              []func(ctx context.Context, filter nostr.Filter) (reject bool, msg string)
+	RejectCountFilter         []func(ctx context.Context, filter nostr.Filter) (reject bool, msg string)
+	OverwriteFilter           []func(ctx context.Context, filter *nostr.Filter)
+	OverwriteCountFilter      []func(ctx context.Context, filter *nostr.Filter)
+	QueryEvents               []func(ctx context.Context, filter nostr.Filter) (chan *nostr.Event, error)
+	CountEvents               []func(ctx context.Context, filter nostr.Filter) (int64, error)
+	RejectConnection          []func(r *http.Request) bool
+	OnConnect                 []func(ctx context.Context)
+	OnDisconnect              []func(ctx context.Context)
+	OverwriteRelayInformation []func(ctx context.Context, r *http.Request, info nip11.RelayInformationDocument) nip11.RelayInformationDocument
+	OverwriteResponseEvent    []func(ctx context.Context, event *nostr.Event)
+	PreventBroadcast          []func(ws *WebSocket, event *nostr.Event) bool
 
-	// editing info will affect
+	// these are used when this relays acts as a router
+	routes                []Route
+	getSubRelayFromEvent  func(*nostr.Event) *Relay // used for handling EVENTs
+	getSubRelayFromFilter func(nostr.Filter) *Relay // used for handling REQs
+
+	// setting up handlers here will enable these methods
+	ManagementAPI RelayManagementAPI
+
+	// editing info will affect the NIP-11 responses
 	Info *nip11.RelayInformationDocument
 
 	// Default logger, as set by NewServer, is a stdlib logger prefixed with "[khatru-relay] ",
@@ -70,7 +85,10 @@ type Relay struct {
 	upgrader websocket.Upgrader
 
 	// keep a connection reference to all connected clients for Server.Shutdown
-	clients *xsync.MapOf[*websocket.Conn, struct{}]
+	// also used for keeping track of who is listening to what
+	clients      map[*WebSocket][]listenerSpec
+	listeners    []listener
+	clientsMutex sync.Mutex
 
 	// in case you call Server.Start
 	Addr       string

responding.go

@@ -17,9 +17,8 @@ func (rl *Relay) handleRequest(ctx context.Context, id string, eose *sync.WaitGr
 		ovw(ctx, &filter)
 	}
 
-	if filter.Limit < 0 {
-		// this is a special situation through which the implementor signals to us that it doesn't want
-		// to event perform any queries whatsoever
+	if filter.LimitZero {
+		// don't do any queries, just subscribe to future events
 		return nil
 	}
 
@@ -29,7 +28,6 @@ func (rl *Relay) handleRequest(ctx context.Context, id string, eose *sync.WaitGr
 	// filter we can just reject it)
 	for _, reject := range rl.RejectFilter {
 		if reject, msg := reject(ctx, filter); reject {
-			ws.WriteJSON(nostr.NoticeEnvelope(msg))
 			return errors.New(nostr.NormalizeOKMessage(msg, "blocked"))
 		}
 	}
@@ -43,6 +41,9 @@ func (rl *Relay) handleRequest(ctx context.Context, id string, eose *sync.WaitGr
 			ws.WriteJSON(nostr.NoticeEnvelope(err.Error()))
 			eose.Done()
 			continue
+		} else if ch == nil {
+			eose.Done()
+			continue
 		}
 
 		go func(ch chan *nostr.Event) {

router.go

@@ -0,0 +1,67 @@
+package khatru
+
+import (
+	"github.com/nbd-wtf/go-nostr"
+)
+
+type Router struct{ *Relay }
+
+type Route struct {
+	eventMatcher  func(*nostr.Event) bool
+	filterMatcher func(nostr.Filter) bool
+	relay         *Relay
+}
+
+type routeBuilder struct {
+	router        *Router
+	eventMatcher  func(*nostr.Event) bool
+	filterMatcher func(nostr.Filter) bool
+}
+
+func NewRouter() *Router {
+	rr := &Router{Relay: NewRelay()}
+	rr.routes = make([]Route, 0, 3)
+	rr.getSubRelayFromFilter = func(f nostr.Filter) *Relay {
+		for _, route := range rr.routes {
+			if route.filterMatcher(f) {
+				return route.relay
+			}
+		}
+		return rr.Relay
+	}
+	rr.getSubRelayFromEvent = func(e *nostr.Event) *Relay {
+		for _, route := range rr.routes {
+			if route.eventMatcher(e) {
+				return route.relay
+			}
+		}
+		return rr.Relay
+	}
+	return rr
+}
+
+func (rr *Router) Route() routeBuilder {
+	return routeBuilder{
+		router:        rr,
+		filterMatcher: func(f nostr.Filter) bool { return false },
+		eventMatcher:  func(e *nostr.Event) bool { return false },
+	}
+}
+
+func (rb routeBuilder) Req(fn func(nostr.Filter) bool) routeBuilder {
+	rb.filterMatcher = fn
+	return rb
+}
+
+func (rb routeBuilder) Event(fn func(*nostr.Event) bool) routeBuilder {
+	rb.eventMatcher = fn
+	return rb
+}
+
+func (rb routeBuilder) Relay(relay *Relay) {
+	rb.router.routes = append(rb.router.routes, Route{
+		filterMatcher: rb.filterMatcher,
+		eventMatcher:  rb.eventMatcher,
+		relay:         relay,
+	})
+}

utils.go

@@ -4,12 +4,12 @@ import (
 	"context"
 
 	"github.com/nbd-wtf/go-nostr"
-	"github.com/sebest/xff"
 )
 
 const (
 	wsKey = iota
 	subscriptionIdKey
+	nip86HeaderAuthKey
 )
 
 func RequestAuth(ctx context.Context) {
@@ -23,29 +23,27 @@ func RequestAuth(ctx context.Context) {
 }
 
 func GetConnection(ctx context.Context) *WebSocket {
-	return ctx.Value(wsKey).(*WebSocket)
+	wsi := ctx.Value(wsKey)
+	if wsi != nil {
+		return wsi.(*WebSocket)
+	}
+	return nil
 }
 
 func GetAuthed(ctx context.Context) string {
-	return GetConnection(ctx).AuthedPublicKey
+	if conn := GetConnection(ctx); conn != nil {
+		return conn.AuthedPublicKey
+	}
+	if nip86Auth := ctx.Value(nip86HeaderAuthKey); nip86Auth != nil {
+		return nip86Auth.(string)
+	}
+	return ""
 }
 
 func GetIP(ctx context.Context) string {
-	return xff.GetRemoteAddr(GetConnection(ctx).Request)
+	return GetIPFromRequest(GetConnection(ctx).Request)
 }
 
 func GetSubscriptionID(ctx context.Context) string {
 	return ctx.Value(subscriptionIdKey).(string)
 }
-
-func GetOpenSubscriptions(ctx context.Context) []nostr.Filter {
-	if subs, ok := listeners.Load(GetConnection(ctx)); ok {
-		res := make([]nostr.Filter, 0, listeners.Size()*2)
-		subs.Range(func(_ string, sub *Listener) bool {
-			res = append(res, sub.filters...)
-			return true
-		})
-		return res
-	}
-	return nil
-}