Merge branch 'main' into feature/261-NIP-05-verification

Author: archief2910

.env.example

@@ -0,0 +1,69 @@
+# --- REQUIRED ---
+SECRET=change_me_to_something_long_and_random # Generate: openssl rand -hex 128
+
+# --- POSTGRESQL ---
+DB_HOST=localhost
+DB_PORT=5432
+DB_NAME=nostr_ts_relay
+DB_USER=nostr_ts_relay
+DB_PASSWORD=nostr_ts_relay
+# Alternatively, use a URI:
+# DB_URI=postgresql://nostr_ts_relay:nostr_ts_relay@localhost:5432/nostr_ts_relay
+
+# --- DB POOL TUNING (Optional) ---
+# DB_MIN_POOL_SIZE=0
+# DB_MAX_POOL_SIZE=3
+# DB_ACQUIRE_CONNECTION_TIMEOUT=60000
+
+# --- REDIS (Required for Rate Limiting) ---
+REDIS_HOST=localhost
+REDIS_PORT=6379
+# REDIS_USER=default
+# REDIS_PASSWORD=
+# Alternatively, use a URI:
+# REDIS_URI=redis://localhost:6379
+
+# --- SERVER CONFIG ---
+RELAY_PORT=8008
+WORKER_COUNT=2 # Defaults to CPU count. Use 1 or 2 for local testing.
+# NOSTR_CONFIG_DIR=.nostr # Where settings.yaml lives
+
+# --- DEBUGGING ---
+# Useful namespaces: maintenance-worker, database-client:*, cache-client, etc.
+# DEBUG=maintenance-worker
+
+# --- RELAY PRIVATE KEY (Optional) ---
+# RELAY_PRIVATE_KEY=your_hex_private_key
+
+# --- PAYMENTS (Only if enabled in settings.yaml) ---
+# ZEBEDEE_API_KEY=
+# NODELESS_API_KEY=
+# NODELESS_WEBHOOK_SECRET=
+# OPENNODE_API_KEY=
+# LNBITS_API_KEY=
+
+# --- READ REPLICAS (Optional) ---
+# READ_REPLICA_ENABLED=false
+# READ_REPLICAS=2
+# RR0_DB_HOST=localhost
+# RR0_DB_PORT=5432
+# RR0_DB_NAME=nostr_ts_relay
+# RR0_DB_USER=your_psql_username
+# RR0_DB_PASSWORD=your_psql_password
+# RR0_DB_MIN_POOL_SIZE=0
+# RR0_DB_MAX_POOL_SIZE=3
+# RR0_DB_ACQUIRE_CONNECTION_TIMEOUT=60000
+# RR1_DB_HOST=localhost
+# RR1_DB_PORT=5432
+# RR1_DB_NAME=nostr_ts_relay
+# RR1_DB_USER=your_psql_username
+# RR1_DB_PASSWORD=your_psql_password
+# RR1_DB_MIN_POOL_SIZE=0
+# RR1_DB_MAX_POOL_SIZE=3
+# RR1_DB_ACQUIRE_CONNECTION_TIMEOUT=60000
+
+# --- TOR (Optional) ---
+# TOR_HOST=localhost
+# TOR_CONTROL_PORT=9051
+# TOR_PASSWORD=
+# HIDDEN_SERVICE_PORT=80

.github/workflows/checks.yml

@@ -42,6 +42,8 @@ jobs:
         run: npm ci
       - name: Run ESLint
         run: npm run lint
+      - name: Run Knip
+        run: npm run knip
   build-check:
     name: Build check
     runs-on: ubuntu-latest
@@ -129,24 +131,6 @@ jobs:
         with:
           name: integration-coverage-lcov
           path: .coverage/integration/lcov.info
-  sonarcloud:
-    name: Sonarcloud
-    needs: [test-units-and-cover, test-integrations-and-cover]
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      - uses: actions/download-artifact@v4
-        name: Download unit & integration coverage reports
-        with:
-          path: .coverage
-      - name: SonarCloud Scan
-        uses: sonarsource/sonarcloud-github-action@master
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
   post-tests:
     name: Post Tests
     needs: [test-units-and-cover, test-integrations-and-cover]

.knip.json

@@ -0,0 +1,19 @@
+{
+  "$schema": "https://unpkg.com/knip@2/schema.json",
+  "entry": [
+    "src/index.ts",
+    "src/import-events.ts",
+    "knexfile.js"
+  ],
+  "project": [
+    "src/**/*.ts"
+  ],
+  "ignoreFiles": [],
+  "commitlint": false,
+  "eslint": false,
+  "github-actions": false,
+  "husky": false,
+  "mocha": false,
+  "nyc": false,
+  "semantic-release": false
+}

.nvmrc

@@ -1 +1 @@
-v18.8.0
+v24.14.1

CONTRIBUTING.md

@@ -6,6 +6,16 @@ before making a change.
 
 Please keep the conversations civil, respectful and focus on the topic being discussed.
 
+## Local Quality Checks
+
+Run dead code and dependency analysis before opening a pull request:
+
+```
+npm run knip
+```
+
+`npm run lint` now runs Knip first, then ESLint.
+
 ## Pull Request Process
 
 1. Update the relevant documentation with details of changes to the interface, this includes new environment

Dockerfile

@@ -1,4 +1,4 @@
-FROM node:18-alpine3.16 AS build
+FROM node:24-alpine AS build
 
 WORKDIR /build
 
@@ -10,7 +10,7 @@ COPY . .
 
 RUN npm run build
 
-FROM node:18-alpine3.16
+FROM node:24-alpine
 
 LABEL org.opencontainers.image.title="Nostream"
 LABEL org.opencontainers.image.source=https://github.com/cameri/nostream

Dockerfile.railwayapp

@@ -1,5 +1,5 @@
 ## Author Saransh Sharma @cynsar foundation
-FROM node:18-alpine3.16 as build
+FROM node:24-alpine as build
 
 ARG PORT
 ARG PGHOST
@@ -29,7 +29,7 @@ COPY . .
 
 RUN npm run build
 
-FROM node:18-alpine3.16
+FROM node:24-alpine
 
 ARG PORT
 ARG PGHOST

Dockerfile.test

@@ -1,4 +1,4 @@
-FROM node:18-alpine3.16
+FROM node:24-alpine
 
 WORKDIR /code
 

README.md

@@ -67,7 +67,7 @@ NIPs with a relay-specific implementation are listed here.
 ### Standalone setup
 - PostgreSQL 14.0
 - Redis
-- Node v18
+- Node v24
 - Typescript
 
 ### Docker setups
@@ -209,6 +209,10 @@ Start:
   ```
   ./scripts/start_with_tor
   ```
+  or, with Nginx reverse proxy and Let's Encrypt SSL:
+  ```
+  RELAY_DOMAIN=relay.example.com CERTBOT_EMAIL=you@example.com ./scripts/start_with_nginx
+  ```
 
 **Windows / WSL2 users:** Docker bind-mounts can cause PostgreSQL permission errors on Windows. Use the dedicated override file instead:
   ```
@@ -230,6 +234,29 @@ Print the Tor hostname:
   ./scripts/print_tor_hostname
   ```
 
+### Importing events from JSON Lines
+
+You can import NIP-01 events from a `.jsonl` file directly into the relay database.
+
+Basic import:
+  ```
+  npm run import -- ./events.jsonl
+  ```
+
+Set a custom batch size (default: `1000`):
+  ```
+  npm run import -- ./events.jsonl --batch-size 500
+  ```
+
+The importer:
+
+- Processes the file line-by-line to keep memory usage bounded.
+- Validates NIP-01 schema, event id hash, and Schnorr signature before insertion.
+- Inserts in database transactions per batch.
+- Skips duplicates without failing the whole import.
+- Prints progress in the format:
+  `[Processed: 50,000 | Inserted: 45,000 | Skipped: 5,000 | Errors: 0]`
+
 ### Running as a Service
 
 By default this server will run continuously until you stop it with Ctrl+C or until the system restarts.

docker-compose.nginx.yml

@@ -0,0 +1,48 @@
+services:
+  nginx:
+    image: nginx:1.25-alpine
+    container_name: nostream-nginx
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - ${PWD}/nginx/conf.d:/etc/nginx/conf.d
+      - ${PWD}/nginx/ssl:/etc/nginx/ssl
+      - certbot-webroot:/var/www/certbot
+    depends_on:
+      - nostream
+    restart: on-failure
+    # Run nginx in foreground (so container exits if nginx dies).
+    # A background loop watches for a signal file created by certbot
+    # after cert issuance/renewal, and reloads nginx within seconds.
+    command: >
+      /bin/sh -c "while :; do
+        if [ -f /etc/nginx/ssl/reload-nginx ]; then
+          if nginx -t && nginx -s reload; then
+            rm -f /etc/nginx/ssl/reload-nginx;
+          fi;
+        fi;
+        sleep 5;
+      done & nginx -g 'daemon off;'"
+    networks:
+      default:
+
+  certbot:
+    image: certbot/certbot:v2.11.0
+    container_name: nostream-certbot
+    environment:
+      RELAY_DOMAIN: ${RELAY_DOMAIN:?RELAY_DOMAIN required}
+      CERTBOT_EMAIL: ${CERTBOT_EMAIL:?CERTBOT_EMAIL required}
+    volumes:
+      - ${PWD}/nginx/ssl:/etc/letsencrypt
+      - ${PWD}/scripts/certbot_entrypoint.sh:/entrypoint.sh:ro
+      - certbot-webroot:/var/www/certbot
+    entrypoint: /entrypoint.sh
+    depends_on:
+      - nginx
+    restart: on-failure
+    networks:
+      default:
+
+volumes:
+  certbot-webroot: