mleku @mleku - 3mo
#realy #devstr #progressreport smol new thing, there is now a rate limiter enabled when auth is enabled (either explicitly or by setting relay owner npubs) this limiter slows down requests so that it will only handle 1 per second and in a burst will accept 5 within a second the purpose of this is to contain the often noisy demands of spiders that don't use auth and keep sending requests the limiter works on the websocket protocol level and essentially, as nostr:npub10npj3gydmv40m70ehemmal6vsdyfl7tewgvz043g54p0x23y0s8qzztl5h so elegantly expresses, "tarpits" them, meaning they are on slow mode so spiders only get 1 shot per second at best after 5 in a row one time and so long as they keep trying to hammer at the relay they get slow responses and the benefit is relay operator's costs are thereby reduced it's not a big issue but i have seen more and more over the last few months the appearance of nostr spiders and i approve of their existence in theory but they need to have manners, and they should learn how to auth, and if they really want to get data when nip-11 says "auth required" and "payment required" they should just go fuck off, kindly.
inspired by a conversation with nostr:npub1l5sga6xg72phsz5422ykujprejwud075ggrr3z2hwyrfgr7eylqstegx9z i am now adding a couple of new features one is a flag to enable public read access as a consequence of that, after adding the rate limiter, i am setting it to selectively enable except when the user is in the direct whitelisted users (follow list of owner npubs) this is important for the use case of publication, it doesn't change the fact that it won't hand out privileged events (eg DMs, application specific data - configs) to unauthed users, but at the same time, if users auth they can now read messages in the event store for them that were put there by a whitelisted user or one of the whitelisted user's follows it's pretty epic how well this will cover all the security and spam issues, while retaining usability hopefully this will be the feature that gets some people who have been sitting on the fence to open up to deploying my relay so i actually can become part of a revenue stream for something!
