Switch to express-style middleware implementation

[jimbojw]

Currently, there are a few major project components which interact rather directly:

• src/bin.ts - Command line entry point. Parses args and instantiates a MemorelayServer instance.
• src/lib/memorelay-server.ts - Defines MemorelayServer class which can open a port for listening, responds to requests for the NIP-11 relay information document, and creates Subscriber instances for upgraded WebSocket connections. It also maintains a shared MemorelayCoordinator instance.
• src/lib/subscriber.ts - Defines the Subscriber class, which processes incoming WebSocket client messages. Specifically, it handles EVENT, REQ and CLOSE events. For a valid REQ request, a Subscriber adds a listener to the shared MemorelayCoordinator instance which will send EVENT messages. In addition to EVENT messages, Subscriber sends NOTICE, EOSE, and OK messages when appropriate.
• src/lib/memorelay-coordinator.ts - The MemorelayCoordinator is where the actual Nostr events are stored. It notifies listeners by invoking callbacks when new events arrive.

While this direct invocation strategy worked for an initial implementation, it is hard to scale and makes reasoning about behavior difficult. Instead, the memorelay project should adopt an architecture similar to express middleware.

Here's a typical example of express middleware (source):

app.use('/user/:id', (req, res, next) => {
  console.log('Request URL:', req.originalUrl)
  next()
}, (req, res, next) => {
  console.log('Request Type:', req.method)
  next()
})

This example shows how an incoming request (req) which matches the path /user/:id first has its URL logged, and then its request method. Each of the callbacks in this example are synchronous, but they could just as well have been asynchronous, invoking the next() function at some future time.

A Nostr relay has similar, chainable considerations. When a client WebSocket is connected, in communicates with the relay by sending messages. These messages have any of the following forms:

• ["EVENT",{...}] - Client is publishing a signed Nostr event.
• ["REQ","<id>",{...}...] - Client is requesting events, optionally matching the supplied filters.
• ["CLOSE","<id>",{...}...] - Client is closing its previous REQ subscription.

In response to any of these messages, the relay may respond with messages of different types:

• ["EVENT","<id>",{...}] - Relay is providing a Nostr event matching a REQ subscription.
• ["EOSE","<id>"] - Relay signaling that all stored events matching the REQ filters have been sent.
• ["NOTICE","<description>"] - Relay providing general information to the client.
• ["OK","<event_id>",true|false,"<descsription>"] - Relay is signaling whether the client's previous EVENT message was stored (NIP-20).

In order to perform this task, the relay has to do a number of things:

• Listen for HTTP connections.
• Upgrade connections to WebSockets.
• Parse incoming WebSocket message buffers.
• Reject improperly formed messages (optionally notifying the client).
• Handle messages based on type.

On top of this basic procedure, NIPs introduce still more steps:

• NIP-09 - Process deletion events (kind=5).
• NIP-10 - Reject events with improper e or p tags.
• NIP-12 - Forward events based on any single-character tag query, not just #e and #p.
• NIP-13 - Reject events based on insufficient proof of work.
• NIP-16 - Replace events based on author and kind (10000<=n<20000).
• NIP-18 - Reject repost events if improperly formed.
• NIP-22 - Reject events based when created_at value is out of range.
• NIP-26- Reject events if delegation criteria are not satisfied. Include delegated notes when filtering by authors field.
• NIP-33- Replace events based on for example NIP- These steps, share much in common.
• NIP-40- Reject events based on expiration timestamp.
• NIP-42- Authenticate clients via ["AUTH",...] messages.
• NIP-45- Respond to ["COUNT",...] message queries.
• NIP-50- Process search queries in REQ filters.

To facilitate implementing these features, as well as future features, memorelay should pursue an express-like middleware architecture.

Here's a non-binding example for thought:

/**
 * Middleware to enforce NIP-10.
 * @see https://github.com/nostr-protocol/nips/blob/master/10.md
 */
memorelay.event((event: NostrEvent, client: NostrClient, next: NextFn) => {
  if (event.kind !== Kind.Text) {
    // NIP-10 only cares about Text events.
    next();
    return;
  }

  // Check 'e' tags.
  for (const tag of event.tags) {
    if (tag[0] !== 'e') {
      // In this loop we're only checking 'e' tags.
      continue;
    }

    const [, tagEventId, relayUrl, marker] = tag;

    if (typeof tagEventId !== 'string') {
      client.send('OK', event.id, false, 'invalid: e tag is not a string');
      next('done');
      return;
    }

    if (tagEventId.lenth !== 64) {
      client.send('OK', event.id, false, 'invalid: e tag wrong length');
      next('done');
      return;
    }

    if (relayUrl === undefined) {
      continue;
    }

    if (typeof relayUrl !== 'string') {
      client.send('OK', event.id, false, 'invalid: non-string e tag relay url');
      next('done');
      return;
    }

    if (marker === undefined) {
      continue;
    }

    if (marker !== 'reply' && marker !== 'root' && marker !== 'mention') {
      client.send('OK', event.id, false, 'invalid: unrecogniized marker');
      next('done');
      return;
    }
  }

  // Check 'p' tags.
  for (const tag of event.tags) {
    const [tagName, tagValue] = tag;

    if (tagName !== 'p') {
      // In this loop we're only checking 'p' tags.
      continue;
    }

    if (typeof tagValue !== 'string') {
      client.send('OK', event.id, false, 'invalid: p tag is not a string');
      next('done');
      return;
    }

    if (tagValue.lenth !== 64) {
      client.send('OK', event.id, false, 'invalid: p tag wrong length');
      next('done');
      return;
    }
  }

  // All checks have passed.
  next();
});

In this thought experiment, NostrClient is an object which represents the connected WebSockt. Its send() method serializes a message and pushes the buffer.

The memorelay object is like the express app object. Its methods like event() and req() provide API hooks for middleware to process EVENT and REQ messages respectively.

[jimbojw]

Upon further consideration, the middleware callbacks should be able to attach metadata to either the client connection, or the specific message being processed, or both. This would allow later middleware to benefit from earlier middleware computations without having the two have to directly interact.

For example, to implement NIP-42 authentication, the middleware should store the authentication state as metadata for the client. Later, as a REQ subscription is being processed, different middleware can check for the authentication status while determining whether to send NIP-04 private direct messages.

Potential Metadata specification:

interface Metadata {
  [key: string]: unknown;
}

Storing metadata associated with a client:

/**
 * Connected Client.
 */
class Client {
  readonly metadata: Metadata = {};
  /* ... */
}

Storing metadata associated with a request:

/**
 * Incoming message from a connected Client.
 */
class ClientMessage {
  readonly metadata: Metadata = {};

  constructor (
    readonly client: Client,
    readonly messageType: ClientMessageType,
    readonly messageArgs: unknown[]
  ) {}
}

Authentication data:

class ClientAuth {
  /**
   * Last issued, un-responded, serialized kind:22242 event.
   */
  challenge?: string;

  /**
   * Responded challenges, indexed by pubkey.
   */
  readonly responses = new Set<string, {
    challenge: string;
    response: string;
  }>();
}

Attaching metadata in middleware:

memorelay.message((message: ClientMessage, next: NextFn) => {
  const {client} = message;

  if (!client.metadata['auth'])) {
    client['auth'] = new ClientAuth();
  }

  next();
});

Checking metadata later on REQ:

memorelay.req((message: ClientMessage, next: NextFn) => {
  // ... code to next()/return if no kind=4 in any filters ...

  const {client} = message;
  const auth = assertDefined<ClientAuth>(client.metadata['auth']);

  if (auth.responses.size) {
    // An authentication challenge has already been responded to. Continue.
    next();
    return;
  }

  if (auth.challenge) {
    // There's an outstanding, unanswered challenge.
    // Possibly re-send AUTH challenge, or send NOTICE.
    // DO NOT set up listener.
    next('done');
    return;
  }

  // Generate challenge, send AUTH challenge message.
  next('done');
});