diff options
| author | DanConwayDev <DanConwayDev@protonmail.com> | 2026-01-09 07:57:54 +0000 |
|---|---|---|
| committer | DanConwayDev <DanConwayDev@protonmail.com> | 2026-01-09 07:57:54 +0000 |
| commit | 7cc5d37cbf4f02f0bb7eee6342dc1ede5a841a7b (patch) | |
| tree | 62d3dcf291a7ca67d18cf397b448fb98d62553ba /src/sync/mod.rs | |
| parent | 6bc2d70f6dd351521e522cc4d0f1ac188848ad26 (diff) | |
feat: replace owner-npub with relay-owner-nsec for persistent operator identity
Replace the owner-npub configuration option with relay-owner-nsec to provide
a persistent cryptographic identity for the relay operator. This addresses
NIP-42 authentication requirements discovered during sync debugging.
Motivation:
- Some relays (e.g., relay.damus.io) require NIP-42 authentication for
advanced features like NIP-77 negentropy sync
- Previously used random ephemeral keys per connection, providing no
persistent identity
- Other relays can now recognize us by pubkey for reputation-based rate
limiting
- Ensures consistency between NIP-11 pubkey and authentication key
Changes:
- Config: relay_owner_nsec with auto-load/generate from .relay-owner.nsec
- NIP-11: Pubkey derived from nsec instead of separate npub field
- Sync: RelayConnection now uses operator keys for NIP-42 auth
- Docs: Updated README, .env.example, and added .relay-owner.nsec to gitignore
Key Features:
- Auto-generates key on first run and saves to .relay-owner.nsec
- Loads existing key from file on subsequent runs
- Can override via CLI flag or environment variable
- Enables reputation building across relay network
- Future-ready for event signing and WoT calculations
Testing:
- 225/232 tests passing (7 pre-existing purgatory failures unrelated)
- Verified key generation, loading, and NIP-11 derivation
- Release build successful
Related: work/sync-debug-analysis.md, work/relay-owner-nsec-implementation.md
Diffstat (limited to 'src/sync/mod.rs')
| -rw-r--r-- | src/sync/mod.rs | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/sync/mod.rs b/src/sync/mod.rs index 280f857..6da2644 100644 --- a/src/sync/mod.rs +++ b/src/sync/mod.rs | |||
| @@ -1396,8 +1396,12 @@ impl SyncManager { | |||
| 1396 | async fn register_relay(&mut self, relay_url: String) { | 1396 | async fn register_relay(&mut self, relay_url: String) { |
| 1397 | // Create RelayConnection if not exists | 1397 | // Create RelayConnection if not exists |
| 1398 | if !self.connections.contains_key(&relay_url) { | 1398 | if !self.connections.contains_key(&relay_url) { |
| 1399 | // Get relay owner keys for NIP-42 authentication | ||
| 1400 | let keys = self.config.relay_owner_keys() | ||
| 1401 | .expect("relay_owner_keys should be available"); | ||
| 1402 | |||
| 1399 | let connection = | 1403 | let connection = |
| 1400 | RelayConnection::new_with_database(relay_url.clone(), Arc::clone(&self.database)); | 1404 | RelayConnection::new_with_database(relay_url.clone(), Arc::clone(&self.database), keys); |
| 1401 | self.connections.insert(relay_url.clone(), connection); | 1405 | self.connections.insert(relay_url.clone(), connection); |
| 1402 | tracing::debug!(relay = %relay_url, "Registered new relay connection"); | 1406 | tracing::debug!(relay = %relay_url, "Registered new relay connection"); |
| 1403 | } | 1407 | } |