Update README.md for instructions on how to test relay locally.

2026-04-24 17:53:28 -04:00
17 changed files with 426 additions and 585 deletions
@@ -5,8 +5,8 @@ on:
    branches: [master]
 env:
-  REGISTRY: gitea.coracle.social
+  REGISTRY: ghcr.io
-  IMAGE_NAME: coracle/zooid
+  IMAGE_NAME: coracle-social/zooid
 jobs:
  build-and-push-image:
@@ -23,8 +23,8 @@ jobs:
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
-          username: hodlbod
+          username: ${{ secrets.REGISTRY_USERNAME }}
-          password: ${{ secrets.PACKAGE_TOKEN }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
      - name: Extract metadata (tags, labels) for Docker
        id: meta
@@ -48,4 +48,3 @@ jobs:
          platforms: linux/amd64,linux/arm64
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
@@ -1,41 +1,6 @@
-<p align="center">
+# Zooid
  <img src="./zooid-wordmark.jpeg" alt="Zooid" width="280" />
 </p>
-<p align="center">
+This is a multi-tenant relay based on [Khatru](https://gitworkshop.dev/fiatjaf.com/nostrlib/tree/master/khatru) which implements a range of access controls. It's designed to be used with [Flotilla](https://flotilla.social) as a community relay (complete with NIP 29 support), but it can also be used outside of a community context.
  <b>A multi-tenant Nostr relay for communities.</b>
 </p>
 <p align="center">
  <a href="#quick-start">Quick start</a> ·
  <a href="#configuration">Configuration</a> ·
  <a href="#api">API</a>
 </p>
 ---
 Zooid is a multi-tenant relay built on [Khatru](https://gitworkshop.dev/fiatjaf.com/nostrlib/tree/master/khatru) with a flexible set of access controls. It's designed to pair with [Flotilla](https://flotilla.social) as a community relay (with full NIP 29 support), but it works just fine outside of a community context too.
 ## Features
 - **Multi-tenant** — run any number of virtual relays from a single instance, each with its own host, schema, and policy.
 - **Community-ready** — first-class support for [NIP 29](https://github.com/nostr-protocol/nips/blob/master/29.md) groups, invite codes, and role-based access.
 - **Batteries included** — optional [Blossom](https://github.com/hzrd149/blossom) media, [NIP 86](https://github.com/nostr-protocol/nips/blob/master/86.md) management, [NIP 9a](https://github.com/nostr-protocol/nips/pull/1079) push, and [LiveKit](https://livekit.io/) audio/video calls.
 - **Remotely manageable** — JSON REST API authenticated via [NIP 98](https://github.com/nostr-protocol/nips/blob/master/98.md).
 - **Operationally simple** — single binary, SQLite storage, OCI container, optional pprof.
 ## Quick start
 ```sh
 docker run -it \
  -p 3334:3334 \
  -v ./config:/app/config \
  -v ./media:/app/media \
  -v ./data:/app/data \
  gitea.coracle.social/coracle/zooid
 ```
 Drop a TOML config file into `./config/` (see [Configuration](#configuration)) and the relay will be available at `ws://<host>:3334`.
 ## Architecture
@@ -48,7 +13,7 @@ Zooid supports a few environment variables, which configure shared resources lik
 - `PORT` - the port the server will listen on for all requests. Defaults to `3334`.
 - `CONFIG` - where to store relay configuration files. Defaults to `./config`.
 - `MEDIA` - where to store blossom media files. Defaults to `./media`.
- `DATA` - where to store database files. Defaults to `./data`.
+- `DATA` - where to store databse files. Defaults to `./data`.
 - `API_HOST` - the hostname on which to expose the management API. If not set, the API is disabled.
 - `API_WHITELIST` - a comma-separated list of nostr hex pubkeys authorized to use the management API. Required when `API_HOST` is set.
 - `PPROF_ADDR` - an http host to serve pprof stats on.
@@ -95,19 +60,6 @@ Configures NIP 86 support.
 Configures blossom support.
 - `enabled` - whether blossom is enabled.
 - `authenticated_read` - whether users must perform NIP 98 AUTH in order to fetch a file.
 - `adapter` - where to store blobs. Either `local` (the default, stores files under `MEDIA`) or `s3` (stores files in an S3-compatible bucket).
 #### `[blossom.s3]`
 Configures S3-compatible object storage, used when `blossom.adapter` is `s3`.
 - `endpoint` - the S3 endpoint URL. Optional; leave unset to use AWS S3.
 - `region` - the bucket region. Required when `adapter` is `s3`.
 - `bucket` - the bucket name. Required when `adapter` is `s3`.
 - `access_key` - the access key ID. Required when `adapter` is `s3`.
 - `secret_key` - the secret access key. Required when `adapter` is `s3`.
 - `key_prefix` - an optional prefix prepended to every object key.
 ### `[push]`
@@ -137,10 +89,10 @@ On your LiveKit server you should also set up a webhook that points to `https://
 ### Example
-The below config file might be saved as `./config/my-relay.example.com` in order to route requests from `wss://my-relay.example.com:3334` to this virtual relay.
+The below config file might be saved as `./config/my-relay.example.com` in order to route requests from `wss://my-relay.example.com` to this virtual relay.
 ```toml
-host = "my-relay.example.com:3334"
+host = "my-relay.example.com"
 schema = "my_relay"
 secret = "<hex private key>"
@@ -199,6 +151,85 @@ After running `just build`, a number of scripts will be available:
 See `justfile` for defined commands.
-## License
+To test zooid locally without having to set up SSL, follow these simple instructions:
-[MIT](./LICENSE)
+Create a `compose.yml` file with the following content:
 ```yml
 services:
  zooid:
    image: ghcr.io/coracle-social/zooid
    restart: unless-stopped
    container_name: zooid
    volumes:
      - ./zooid/config:/app/config:z
      - ./zooid/media:/app/media:z
      - ./zooid/data:/app/data:z
    networks:
      - nginx
  nginx:
    image: nginx
    restart: unless-stopped
    container_name: nginx
    volumes:
      - ./zooid/nginx.conf:/etc/nginx/conf.d/nginx.conf
      - /dev/null:/etc/nginx/conf.d/default.conf:ro # avoids conflicts with default config
    ports:
      - "3334:80"
    networks:
      - nginx
 networks:
  nginx:
    driver: bridge
 ```
 Make a `zooid` folder with the following structure:
 ```
 zooid/
 ├── config/
 │   └── relay.toml
 ├── data/
 ├── media/
 └── nginx.conf
 ```
 Your `nginx.conf` should have the following content:
 ```json
 server {  
    listen 80;
    listen [::]:80;
    server_name localhost;
    location / {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://zooid:3334;
        proxy_read_timeout 86400;
    }
 }
 ```
 To run, just run either `podman compose up` OR `docker compose up`
 ## Deploying
 Zooid can be run using an OCI container:
 ```sh
 podman run -it \
  -p 3334:3334 \
  -v ./config:/app/config \
  -v ./media:/app/media \
  -v ./data:/app/data \
  ghcr.io/coracle-social/zooid
 ```
@@ -26,9 +26,10 @@ func main() {
 	}
 	// Load config for the specified relay
-	config, err := zooid.LoadConfigFromId(*relay)
+	filename := fmt.Sprintf("%s.toml", *relay)
 	config, err := zooid.LoadConfig(filename)
 	if err != nil {
-		fmt.Fprintln(os.Stderr, err)
+		fmt.Fprintln(os.Stderr, "No such config file", filename)
 		os.Exit(1)
 	}
@@ -40,9 +40,10 @@ func main() {
 	}
 	// Load config for the specified relay
-	config, err := zooid.LoadConfigFromId(*relay)
+	filename := fmt.Sprintf("%s.toml", *relay)
 	config, err := zooid.LoadConfig(filename)
 	if err != nil {
-		fmt.Fprintln(os.Stderr, err)
+		fmt.Fprintln(os.Stderr, "No such config file", filename)
 		os.Exit(1)
 	}
@@ -21,6 +21,8 @@ func main() {
 	port := zooid.Env("PORT")
 	apiHost := zooid.Env("API_HOST")
 	apiWhitelist := zooid.Env("API_WHITELIST")
 	configDir := zooid.Env("CONFIG")
 	pprofAddr := zooid.Env("PPROF_ADDR")
 	// pprof server — only starts when PPROF_ADDR is set. Bind to
@@ -48,8 +50,8 @@ func main() {
 	// Wrap with API handler if API_HOST is configured
 	var handler http.Handler = mainHandler
-	if apiHost != "" {
+	if apiHost != "" && apiWhitelist != "" {
-		apiHandler := zooid.NewAPIHandler()
+		apiHandler := zooid.NewAPIHandler(apiWhitelist, configDir)
 		handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			// Check if this request is for the API host
 			if r.Host == apiHost {
@@ -6,10 +6,6 @@ require (
 	fiatjaf.com/nostr v0.0.0-20251104112613-38a6ca92b954
 	github.com/BurntSushi/toml v1.5.0
 	github.com/Masterminds/squirrel v1.5.4
 	github.com/aws/aws-sdk-go-v2 v1.41.7
 	github.com/aws/aws-sdk-go-v2/config v1.32.17
 	github.com/aws/aws-sdk-go-v2/credentials v1.19.16
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.101.0
 	github.com/fsnotify/fsnotify v1.9.0
 	github.com/gosimple/slug v1.15.0
 	github.com/livekit/protocol v1.43.5-0.20260114074149-a8bb8204ce69
@@ -22,24 +18,10 @@ require (
 	buf.build/go/protovalidate v0.13.1 // indirect
 	buf.build/go/protoyaml v0.6.0 // indirect
 	cel.dev/expr v0.24.0 // indirect
-	fiatjaf.com/lib v0.3.7 // indirect
+	fiatjaf.com/lib v0.3.6 // indirect
 	github.com/ImVexed/fasturl v0.0.0-20230304231329-4e41488060f3 // indirect
 	github.com/andybalholm/brotli v1.1.1 // indirect
 	github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.10 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.23 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.23 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.23 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.24 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.9 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.15 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.23 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.23 // indirect
 	github.com/aws/aws-sdk-go-v2/service/signin v1.0.11 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.30.17 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.21 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sts v1.42.1 // indirect
 	github.com/aws/smithy-go v1.25.1 // indirect
 	github.com/benbjohnson/clock v1.3.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bep/debounce v1.2.1 // indirect
@@ -132,4 +114,4 @@ require (
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
-replace fiatjaf.com/nostr => gitea.coracle.social/Coracle/nostrlib v0.0.0-20260505183642-fefc85d50080
+replace fiatjaf.com/nostr => gitea.coracle.social/Coracle/nostrlib v0.0.0-20260414151249-4daeb8737c1c
@@ -8,10 +8,12 @@ cel.dev/expr v0.24.0 h1:56OvJKSH3hDGL0ml5uSxZmz3/3Pq4tJ+fb1unVLAFcY=
 cel.dev/expr v0.24.0/go.mod h1:hLPLo1W4QUmuYdA72RBX06QTs6MXw941piREPl3Yfiw=
 dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
 dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
-fiatjaf.com/lib v0.3.7 h1:mXZOn7NrUcjSdy4oNvwQyAmes7Ueb+Zr5hjqMIe2dxI=
+fiatjaf.com/lib v0.3.6 h1:GRZNSxHI2EWdjSKVuzaT+c0aifLDtS16SzkeJaHyJfY=
-fiatjaf.com/lib v0.3.7/go.mod h1:UlHaZvPHj25PtKLh9GjZkUHRmQ2xZ8Jkoa4VRaLeeQ8=
+fiatjaf.com/lib v0.3.6/go.mod h1:UlHaZvPHj25PtKLh9GjZkUHRmQ2xZ8Jkoa4VRaLeeQ8=
-gitea.coracle.social/Coracle/nostrlib v0.0.0-20260505183642-fefc85d50080 h1:nNL6kqhG0U4dVHYoRULb/klaocv2NGEQm/qxFiZzbzY=
+gitea.coracle.social/Coracle/nostrlib v0.0.0-20260313164927-662e7d271c47 h1:Pg/8ZXG2diV3uWbgt3mcAWF2ifL4FZXwotieokY8TBA=
-gitea.coracle.social/Coracle/nostrlib v0.0.0-20260505183642-fefc85d50080/go.mod h1:b1EIUDnd133Ie8Pg8O/biaKdFyCMz28aD4n64g1GqvM=
+gitea.coracle.social/Coracle/nostrlib v0.0.0-20260313164927-662e7d271c47/go.mod h1:ue7yw0zHfZj23Ml2kVSdBx0ENEaZiuvGxs/8VEN93FU=
 gitea.coracle.social/Coracle/nostrlib v0.0.0-20260414151249-4daeb8737c1c h1:RqKwqUz1R3LQC2IcsdsyYHEUAZACIAKYxGuntyBCGw8=
 gitea.coracle.social/Coracle/nostrlib v0.0.0-20260414151249-4daeb8737c1c/go.mod h1:1cmygNC87Pw06/WjkZqDV+Xo6rV10kpTjzuayosIX4Y=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
@@ -30,42 +32,6 @@ github.com/andybalholm/brotli v1.1.1 h1:PR2pgnyFznKEugtsUo0xLdDop5SKXd5Qf5ysW+7X
 github.com/andybalholm/brotli v1.1.1/go.mod h1:05ib4cKhjx3OQYUY22hTVd34Bc8upXjOLL2rKwwZBoA=
 github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ=
 github.com/antlr4-go/antlr/v4 v4.13.1/go.mod h1:GKmUxMtwp6ZgGwZSva4eWPC5mS6vUAmOABFgjdkM7Nw=
 github.com/aws/aws-sdk-go-v2 v1.41.7 h1:DWpAJt66FmnnaRIOT/8ASTucrvuDPZASqhhLey6tLY8=
 github.com/aws/aws-sdk-go-v2 v1.41.7/go.mod h1:4LAfZOPHNVNQEckOACQx60Y8pSRjIkNZQz1w92xpMJc=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.10 h1:gx1AwW1Iyk9Z9dD9F4akX5gnN3QZwUB20GGKH/I+Rho=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.10/go.mod h1:qqY157uZoqm5OXq/amuaBJyC9hgBCBQnsaWnPe905GY=
 github.com/aws/aws-sdk-go-v2/config v1.32.17 h1:FpL4/758/diKwqbytU0prpuiu60fgXKUWCpDJtApclU=
 github.com/aws/aws-sdk-go-v2/config v1.32.17/go.mod h1:OXqUMzgXytfoF9JaKkhrOYsyh72t9G+MJH8mMRaexOE=
 github.com/aws/aws-sdk-go-v2/credentials v1.19.16 h1:r3RJBuU7X9ibt8RHbMjWE6y60QbKBiII6wSrXnapxSU=
 github.com/aws/aws-sdk-go-v2/credentials v1.19.16/go.mod h1:6cx7zqDENJDbBIIWX6P8s0h6hqHC8Avbjh9Dseo27ug=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.23 h1:UuSfcORqNSz/ey3VPRS8TcVH2Ikf0/sC+Hdj400QI6U=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.23/go.mod h1:+G/OSGiOFnSOkYloKj/9M35s74LgVAdJBSD5lsFfqKg=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.23 h1:GpT/TrnBYuE5gan2cZbTtvP+JlHsutdmlV2YfEyNde0=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.23/go.mod h1:xYWD6BS9ywC5bS3sz9Xh04whO/hzK2plt2Zkyrp4JuA=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.23 h1:bpd8vxhlQi2r1hiueOw02f/duEPTMK59Q4QMAoTTtTo=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.23/go.mod h1:15DfR2nw+CRHIk0tqNyifu3G1YdAOy68RftkhMDDwYk=
 github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.24 h1:OQqn11BtaYv1WLUowvcA30MpzIu8Ti4pcLPIIyoKZrA=
 github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.24/go.mod h1:X5ZJyfwVrWA96GzPmUCWFQaEARPR7gCrpq2E92PJwAE=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.9 h1:FLudkZLt5ci0ozzgkVo8BJGwvqNaZbTWb3UcucAateA=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.9/go.mod h1:w7wZ/s9qK7c8g4al+UyoF1Sp/Z45UwMGcqIzLWVQHWk=
 github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.15 h1:ieLCO1JxUWuxTZ1cRd0GAaeX7O6cIxnwk7tc1LsQhC4=
 github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.15/go.mod h1:e3IzZvQ3kAWNykvE0Tr0RDZCMFInMvhku3qNpcIQXhM=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.23 h1:pbrxO/kuIwgEsOPLkaHu0O+m4fNgLU8B3vxQ+72jTPw=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.23/go.mod h1:/CMNUqoj46HpS3MNRDEDIwcgEnrtZlKRaHNaHxIFpNA=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.23 h1:03xatSQO4+AM1lTAbnRg5OK528EUg744nW7F73U8DKw=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.23/go.mod h1:M8l3mwgx5ToK7wot2sBBce/ojzgnPzZXUV445gTSyE8=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.101.0 h1:etqBTKY581iwLL/H/S2sVgk3C9lAsTJFeXWFDsDcWOU=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.101.0/go.mod h1:L2dcoOgS2VSgbPLvpak2NyUPsO1TBN7M45Z4H7DlRc4=
 github.com/aws/aws-sdk-go-v2/service/signin v1.0.11 h1:TdJ+HdzOBhU8+iVAOGUTU63VXopcumCOF1paFulHWZc=
 github.com/aws/aws-sdk-go-v2/service/signin v1.0.11/go.mod h1:R82ZRExE/nheo0N+T8zHPcLRTcH8MGsnR3BiVGX0TwI=
 github.com/aws/aws-sdk-go-v2/service/sso v1.30.17 h1:7byT8HUWrgoRp6sXjxtZwgOKfhss5fW6SkLBtqzgRoE=
 github.com/aws/aws-sdk-go-v2/service/sso v1.30.17/go.mod h1:xNWknVi4Ezm1vg1QsB/5EWpAJURq22uqd38U8qKvOJc=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.21 h1:+1Kl1zx6bWi4X7cKi3VYh29h8BvsCoHQEQ6ST9X8w7w=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.21/go.mod h1:4vIRDq+CJB2xFAXZ+YgGUTiEft7oAQlhIs71xcSeuVg=
 github.com/aws/aws-sdk-go-v2/service/sts v1.42.1 h1:F/M5Y9I3nwr2IEpshZgh1GeHpOItExNM9L1euNuh/fk=
 github.com/aws/aws-sdk-go-v2/service/sts v1.42.1/go.mod h1:mTNxImtovCOEEuD65mKW7DCsL+2gjEH+RPEAexAzAio=
 github.com/aws/smithy-go v1.25.1 h1:J8ERsGSU7d+aCmdQur5Txg6bVoYelvQJgtZehD12GkI=
 github.com/aws/smithy-go v1.25.1/go.mod h1:YE2RhdIuDbA5E5bTdciG9KrW3+TiEONeUWCqxX9i1Fc=
 github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o=
 github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -6,38 +6,48 @@ import (
 	"io"
 	"net/http"
 	"os"
 	"path/filepath"
 	"regexp"
 	"sort"
 	"strings"
 	"fiatjaf.com/nostr"
 	"github.com/BurntSushi/toml"
 	"github.com/gosimple/slug"
 )
 // APIHandler handles REST API requests for managing virtual relays
 type APIHandler struct {
 	whitelist map[string]bool
 	configDir string
 	mux       http.Handler
 }
-func NewAPIHandler() *APIHandler {
+// NewAPIHandler creates a new API handler with the given whitelist
-	whitelist := make(map[string]bool)
+func NewAPIHandler(whitelist string, configDir string) *APIHandler {
-	for _, pubkey := range Split(Env("API_WHITELIST"), ",") {
+	w := make(map[string]bool)
 	for _, pubkey := range Split(whitelist, ",") {
 		pubkey = strings.TrimSpace(pubkey)
 		if pubkey != "" {
-			whitelist[pubkey] = true
+			w[pubkey] = true
 		}
 	}
 	api := &APIHandler{
-		whitelist: whitelist,
+		whitelist: w,
 		configDir: configDir,
 	}
 	api.mux = api.buildMux()
 	return api
 }
-  mux := http.NewServeMux()
+func (api *APIHandler) buildMux() http.Handler {
 	mux := http.NewServeMux()
 	mux.HandleFunc("POST /relay/{id}", api.auth(api.createRelay))
-	mux.HandleFunc("PUT /relay/{id}", api.auth(api.putRelay))
+	mux.HandleFunc("PUT /relay/{id}", api.auth(api.updateRelay))
 	mux.HandleFunc("PATCH /relay/{id}", api.auth(api.patchRelay))
 	mux.HandleFunc("DELETE /relay/{id}", api.auth(api.deleteRelay))
 	mux.HandleFunc("GET /relay/{id}/members", api.auth(api.listRelayMembers))
-
+	return mux
 	api.mux = mux
  return api
 }
 func (api *APIHandler) auth(next http.HandlerFunc) http.HandlerFunc {
@@ -55,95 +65,108 @@ func (api *APIHandler) auth(next http.HandlerFunc) http.HandlerFunc {
 	}
 }
 // ServeHTTP implements the http.Handler interface
 func (api *APIHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 	api.mux.ServeHTTP(w, r)
 }
 // listRelayMembers returns members for a relay as an array of pubkeys.
 func (api *APIHandler) listRelayMembers(w http.ResponseWriter, r *http.Request) {
 	id := r.PathValue("id")
 	members, err := api.resolveRelayMembers(id)
 	if err != nil {
 		if os.IsNotExist(err) {
 			writeError(w, http.StatusNotFound, "relay not found")
 		} else {
 			writeError(w, http.StatusInternalServerError, fmt.Sprintf("failed to load relay members: %v", err))
 		}
 		return
 	}
 	writeJSON(w, http.StatusOK, map[string][]string{"members": members})
 }
 func (api *APIHandler) resolveRelayMembers(id string) ([]string, error) {
 	if members, ok := api.getMembersFromLoadedInstance(id); ok {
 		return members, nil
 	}
 	config, err := api.loadConfigFromPath(api.configPath(id))
 	if err != nil {
 		return nil, err
 	}
 	events := &EventStore{
 		Config: config,
 		Schema: &Schema{Name: slug.Make(config.Schema)},
 	}
 	if err := events.Init(); err != nil {
 		return nil, fmt.Errorf("failed to init event store: %w", err)
 	}
 	management := &ManagementStore{
 		Config: config,
 		Events: events,
 	}
 	return collectMembers(management), nil
 }
 func (api *APIHandler) getMembersFromLoadedInstance(id string) ([]string, bool) {
 	instancesMux.RLock()
 	instance, exists := instancesByName[id+".toml"]
 	instancesMux.RUnlock()
 	if !exists || instance == nil || instance.Config == nil || instance.Management == nil {
 		return nil, false
 	}
 	return collectMembers(instance.Management), true
 }
 func collectMembers(management *ManagementStore) []string {
 	memberSet := make(map[string]struct{})
 	for _, pubkey := range management.GetMembers() {
 		memberSet[pubkey.Hex()] = struct{}{}
 	}
 	members := Keys(memberSet)
 	sort.Strings(members)
 	return members
 }
 // writeError writes a JSON error response
 func writeError(w http.ResponseWriter, status int, message string) {
 	w.WriteHeader(status)
 	json.NewEncoder(w).Encode(map[string]string{"error": message})
 }
 // writeJSON writes a JSON success response
 func writeJSON(w http.ResponseWriter, status int, v any) {
 	w.WriteHeader(status)
 	json.NewEncoder(w).Encode(v)
 }
-// Relay CRUD
+// scheme returns the URL scheme based on the request
-
+func scheme(r *http.Request) string {
-func (api *APIHandler) configFromRequest(r *http.Request) (*Config, error) {
+	if r.TLS != nil || r.Header.Get("X-Forwarded-Proto") == "https" {
-	r.Body = http.MaxBytesReader(nil, r.Body, 1024*1024)
+		return "https"
 	defer r.Body.Close()
 	body, err := io.ReadAll(r.Body)
 	if err != nil {
 		return nil, fmt.Errorf("failed to read body: %w", err)
 	}
-
+	return "http"
 	var config Config
 	if err := json.Unmarshal(body, &config); err != nil {
 		return nil, fmt.Errorf("invalid json config: %w", err)
 	}
 	if err := config.Validate(); err != nil {
 		return nil, err
 	}
 	return &config, nil
 }
-func (api *APIHandler) patchFromRequest(r *http.Request) (map[string]interface{}, error) {
+// createRelay creates a new relay config file
 	r.Body = http.MaxBytesReader(nil, r.Body, 1024*1024)
 	defer r.Body.Close()
 	body, err := io.ReadAll(r.Body)
 	if err != nil {
 		return nil, fmt.Errorf("failed to read body: %w", err)
 	}
 	var patch map[string]interface{}
 	if err := json.Unmarshal(body, &patch); err != nil {
 		return nil, fmt.Errorf("invalid json config: %w", err)
 	}
 	return patch, nil
 }
 func (api *APIHandler) checkDuplicateSchemaOrHost(config *Config, excludeFilename string) error {
 	entries, err := os.ReadDir(Env("CONFIG"))
 	if err != nil {
 		return fmt.Errorf("failed to read config directory: %w", err)
 	}
 	for _, entry := range entries {
 		if entry.IsDir() || entry.Name() == excludeFilename || !strings.HasSuffix(entry.Name(), ".toml") {
 			continue
 		}
 		if existing, err := LoadConfigFromName(entry.Name()); err == nil {
 			if existing.Schema == config.Schema {
 				return fmt.Errorf("schema %q is already in use", config.Schema)
 			}
 			if existing.Host == config.Host {
 				return fmt.Errorf("host %q is already in use", config.Host)
 			}
 		}
 	}
 	return nil
 }
 // Create relay
 func (api *APIHandler) createRelay(w http.ResponseWriter, r *http.Request) {
-	path := ConfigPathFromId(r.PathValue("id"))
+	id := r.PathValue("id")
-	if _, err := os.Stat(path); err == nil {
+	configPath := api.configPath(id)
 	if _, err := os.Stat(configPath); err == nil {
 		writeError(w, http.StatusConflict, "relay with this id already exists")
 		return
 	}
-	config, err := api.configFromRequest(r)
+	config, err := api.parseAndValidateConfig(r)
 	if err != nil {
 		writeError(w, http.StatusBadRequest, err.Error())
 		return
@@ -154,7 +177,7 @@ func (api *APIHandler) createRelay(w http.ResponseWriter, r *http.Request) {
 		return
 	}
-	if err := config.Save(); err != nil {
+	if err := api.saveConfig(configPath, config); err != nil {
 		writeError(w, http.StatusInternalServerError, fmt.Sprintf("failed to write config: %v", err))
 		return
 	}
@@ -162,17 +185,21 @@ func (api *APIHandler) createRelay(w http.ResponseWriter, r *http.Request) {
 	writeJSON(w, http.StatusCreated, map[string]string{"message": "relay created successfully"})
 }
-// Put relay
+// updateRelay updates an existing relay config file
-
+func (api *APIHandler) updateRelay(w http.ResponseWriter, r *http.Request) {
 func (api *APIHandler) putRelay(w http.ResponseWriter, r *http.Request) {
 	id := r.PathValue("id")
-	path := ConfigPathFromId(id)
+	configPath := api.configPath(id)
-	if _, err := os.Stat(path); err != nil {
+
-		writeError(w, http.StatusConflict, "relay not found")
+	if err := api.checkConfigExists(configPath); err != nil {
 		if os.IsNotExist(err) {
 			writeError(w, http.StatusNotFound, "relay not found")
 		} else {
 			writeError(w, http.StatusInternalServerError, fmt.Sprintf("failed to check config: %v", err))
 		}
 		return
 	}
-	config, err := api.configFromRequest(r)
+	config, err := api.parseAndValidateConfig(r)
 	if err != nil {
 		writeError(w, http.StatusBadRequest, err.Error())
 		return
@@ -183,7 +210,7 @@ func (api *APIHandler) putRelay(w http.ResponseWriter, r *http.Request) {
 		return
 	}
-	if err := config.Save(); err != nil {
+	if err := api.saveConfig(configPath, config); err != nil {
 		writeError(w, http.StatusInternalServerError, fmt.Sprintf("failed to write config: %v", err))
 		return
 	}
@@ -191,44 +218,52 @@ func (api *APIHandler) putRelay(w http.ResponseWriter, r *http.Request) {
 	writeJSON(w, http.StatusOK, map[string]string{"message": "relay updated successfully"})
 }
-// Patch relay
+// patchRelay partially updates an existing relay config
 func (api *APIHandler) patchRelay(w http.ResponseWriter, r *http.Request) {
 	id := r.PathValue("id")
-	path := ConfigPathFromId(id)
+	configPath := api.configPath(id)
-	if _, err := os.Stat(path); err != nil {
+
-		writeError(w, http.StatusConflict, "relay not found")
+	if err := api.checkConfigExists(configPath); err != nil {
 		if os.IsNotExist(err) {
 			writeError(w, http.StatusNotFound, "relay not found")
 		} else {
 			writeError(w, http.StatusInternalServerError, fmt.Sprintf("failed to check config: %v", err))
 		}
 		return
 	}
-	config, err := LoadConfigFromPath(path)
+	// Load existing config
 	existing, err := api.loadConfigFromPath(configPath)
 	if err != nil {
 		writeError(w, http.StatusInternalServerError, fmt.Sprintf("failed to read existing config: %v", err))
 		return
 	}
-	patch, err := api.patchFromRequest(r)
+	// Parse patch
 	patch, err := api.readPatch(r)
 	if err != nil {
 		writeError(w, http.StatusBadRequest, err.Error())
 		return
 	}
-	if err := api.applyPatch(config, patch); err != nil {
+	// Apply patch to existing config
 	if err := api.applyPatch(existing, patch); err != nil {
 		writeError(w, http.StatusBadRequest, err.Error())
 		return
 	}
-	if err := config.Validate(); err != nil {
+	// Validate the patched config
 	if err := api.validateConfig(existing); err != nil {
 		writeError(w, http.StatusBadRequest, err.Error())
 		return
 	}
-	if err := api.checkDuplicateSchemaOrHost(config, id+".toml"); err != nil {
+	if err := api.checkDuplicateSchemaOrHost(existing, id+".toml"); err != nil {
 		writeError(w, http.StatusConflict, err.Error())
 		return
 	}
-	if err := config.Save(); err != nil {
+	if err := api.saveConfig(configPath, existing); err != nil {
 		writeError(w, http.StatusInternalServerError, fmt.Sprintf("failed to write config: %v", err))
 		return
 	}
@@ -236,6 +271,25 @@ func (api *APIHandler) patchRelay(w http.ResponseWriter, r *http.Request) {
 	writeJSON(w, http.StatusOK, map[string]string{"message": "relay patched successfully"})
 }
 // readPatch reads and parses the patch JSON from the request
 func (api *APIHandler) readPatch(r *http.Request) (map[string]interface{}, error) {
 	r.Body = http.MaxBytesReader(nil, r.Body, 1024*1024)
 	defer r.Body.Close()
 	body, err := io.ReadAll(r.Body)
 	if err != nil {
 		return nil, fmt.Errorf("failed to read body: %w", err)
 	}
 	var patch map[string]interface{}
 	if err := json.Unmarshal(body, &patch); err != nil {
 		return nil, fmt.Errorf("invalid json: %w", err)
 	}
 	return patch, nil
 }
 // applyPatch applies a JSON patch to a config using reflection via JSON marshaling
 func (api *APIHandler) applyPatch(config *Config, patch map[string]interface{}) error {
 	// Convert config to map for merging
 	configJSON, _ := json.Marshal(config)
@@ -257,6 +311,7 @@ func (api *APIHandler) applyPatch(config *Config, patch map[string]interface{})
 	return nil
 }
 // deepMerge recursively merges patch into base
 func deepMerge(base, patch map[string]interface{}) map[string]interface{} {
 	result := make(map[string]interface{})
@@ -281,17 +336,46 @@ func deepMerge(base, patch map[string]interface{}) map[string]interface{} {
 	return result
 }
-// Delete relay
+// validateConfig validates a config
 func (api *APIHandler) validateConfig(config *Config) error {
 	if config.Host == "" {
 		return fmt.Errorf("host is required")
 	}
 	if config.Schema == "" {
 		return fmt.Errorf("schema is required")
 	}
 	if !regexp.MustCompile(`^[a-zA-Z_][a-zA-Z0-9_]*$`).MatchString(config.Schema) {
 		return fmt.Errorf("schema must contain only letters, numbers, and underscores")
 	}
 	if config.Secret == "" {
 		return fmt.Errorf("secret is required")
 	}
 	if _, err := nostr.SecretKeyFromHex(config.Secret); err != nil {
 		return fmt.Errorf("invalid secret key: %w", err)
 	}
 	if config.Info.Pubkey != "" {
 		if _, err := nostr.PubKeyFromHex(config.Info.Pubkey); err != nil {
 			return fmt.Errorf("invalid info.pubkey: %w", err)
 		}
 	}
 	return nil
 }
 // deleteRelay deletes a relay config file
 func (api *APIHandler) deleteRelay(w http.ResponseWriter, r *http.Request) {
 	id := r.PathValue("id")
-	path := ConfigPathFromId(id)
+	configPath := api.configPath(id)
-	if _, err := os.Stat(path); err != nil {
+
-		writeError(w, http.StatusConflict, "relay not found")
+	if err := api.checkConfigExists(configPath); err != nil {
 		if os.IsNotExist(err) {
 			writeError(w, http.StatusNotFound, "relay not found")
 		} else {
 			writeError(w, http.StatusInternalServerError, fmt.Sprintf("failed to check config: %v", err))
 		}
 		return
 	}
-	if err := os.Remove(path); err != nil {
+	if err := os.Remove(configPath); err != nil {
 		writeError(w, http.StatusInternalServerError, fmt.Sprintf("failed to delete config: %v", err))
 		return
 	}
@@ -299,60 +383,95 @@ func (api *APIHandler) deleteRelay(w http.ResponseWriter, r *http.Request) {
 	writeJSON(w, http.StatusOK, map[string]string{"message": "relay deleted successfully"})
 }
-// Relay members endpoint
+// configName returns the config file name
-
+func (api *APIHandler) configName(id string) string {
-func (api *APIHandler) listRelayMembers(w http.ResponseWriter, r *http.Request) {
+	return id+".toml"
 	id := r.PathValue("id")
 	members, err := api.resolveRelayMembers(id)
 	if err != nil {
 		if os.IsNotExist(err) {
 			writeError(w, http.StatusNotFound, "relay not found")
 		} else {
 			writeError(w, http.StatusInternalServerError, fmt.Sprintf("failed to load relay members: %v", err))
 		}
 		return
 	}
 	writeJSON(w, http.StatusOK, map[string][]string{"members": members})
 }
-func (api *APIHandler) resolveRelayMembers(id string) ([]string, error) {
+// configPath returns the full path for a config file
-	instancesMux.RLock()
+func (api *APIHandler) configPath(id string) string {
-	instance, exists := instancesByName[id+".toml"]
+	return filepath.Join(api.configDir, api.configName(id))
-	instancesMux.RUnlock()
+}
-	if exists {
+// checkConfigExists checks if a config file exists
-		return collectMembers(instance.Management), nil
+func (api *APIHandler) checkConfigExists(path string) error {
-	}
+	_, err := os.Stat(path)
 	return err
 }
-	config, err := LoadConfigFromId(id)
+// loadConfigFromPath loads a config from a file path
 func (api *APIHandler) loadConfigFromPath(path string) (*Config, error) {
 	var config Config
 	_, err := toml.DecodeFile(path, &config)
 	if err != nil {
 		return nil, err
 	}
-
+	return &config, nil
 	events := &EventStore{
 		Config: config,
 		Schema: &Schema{Name: config.Schema},
 	}
 	if err := events.Init(); err != nil {
 		return nil, fmt.Errorf("failed to init event store: %w", err)
 	}
 	management := &ManagementStore{
 		Config: config,
 		Events: events,
 	}
 	return collectMembers(management), nil
 }
-func collectMembers(management *ManagementStore) []string {
+// parseAndValidateConfig parses and validates the JSON config from the request body
-	memberSet := make(map[string]struct{})
+func (api *APIHandler) parseAndValidateConfig(r *http.Request) (*Config, error) {
-	for _, pubkey := range management.GetMembers() {
+	r.Body = http.MaxBytesReader(nil, r.Body, 1024*1024)
-		memberSet[pubkey.Hex()] = struct{}{}
+	defer r.Body.Close()
 	body, err := io.ReadAll(r.Body)
 	if err != nil {
 		return nil, fmt.Errorf("failed to read body: %w", err)
 	}
-	members := Keys(memberSet)
+
-	sort.Strings(members)
+	var config Config
-	return members
+	if err := json.Unmarshal(body, &config); err != nil {
 		return nil, fmt.Errorf("invalid json config: %w", err)
 	}
 	if err := api.validateConfig(&config); err != nil {
 		return nil, err
 	}
 	return &config, nil
 }
 // saveConfig saves a config to a file as TOML
 func (api *APIHandler) saveConfig(path string, config *Config) error {
 	file, err := os.Create(path)
 	if err != nil {
 		return fmt.Errorf("failed to create file: %w", err)
 	}
 	defer file.Close()
 	encoder := toml.NewEncoder(file)
 	if err := encoder.Encode(config); err != nil {
 		return fmt.Errorf("failed to encode toml: %w", err)
 	}
 	return nil
 }
 // checkDuplicateSchemaOrHost checks if the schema or host is already in use by another config
 func (api *APIHandler) checkDuplicateSchemaOrHost(config *Config, excludeFilename string) error {
 	entries, err := os.ReadDir(api.configDir)
 	if err != nil {
 		return fmt.Errorf("failed to read config directory: %w", err)
 	}
 	for _, entry := range entries {
 		if entry.IsDir() || entry.Name() == excludeFilename || !strings.HasSuffix(entry.Name(), ".toml") {
 			continue
 		}
 		path := filepath.Join(api.configDir, entry.Name())
 		var existing Config
 		if _, err := toml.DecodeFile(path, &existing); err != nil {
 			continue
 		}
 		if existing.Schema == config.Schema {
 			return fmt.Errorf("schema %q is already in use", config.Schema)
 		}
 		if existing.Host == config.Host {
 			return fmt.Errorf("host %q is already in use", config.Host)
 		}
 	}
 	return nil
 }
@@ -13,6 +13,7 @@ import (
 	"testing"
 	"fiatjaf.com/nostr"
 	"github.com/gosimple/slug"
 )
 func TestAPIHandler_Authentication(t *testing.T) {
@@ -692,7 +693,7 @@ func TestAPIHandler_ListRelayMembers(t *testing.T) {
 		// Seed DB with RELAY_MEMBERS to simulate a prior relay load.
 		seedEvents := &EventStore{
 			Config: &Config{secret: relaySecret},
-			Schema: &Schema{Name: config.Schema},
+			Schema: &Schema{Name: slug.Make(config.Schema)},
 		}
 		if err := seedEvents.Init(); err != nil {
 			t.Fatalf("failed to init seed events: %v", err)
@@ -4,18 +4,12 @@ import (
 	"bytes"
 	"context"
 	"io"
 	"fmt"
 	"log"
 	"net/url"
 	"path/filepath"
 	"fiatjaf.com/nostr"
 	"fiatjaf.com/nostr/eventstore"
 	"fiatjaf.com/nostr/khatru/blossom"
-	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/gosimple/slug"
 	awsconfig "github.com/aws/aws-sdk-go-v2/config"
 	"github.com/aws/aws-sdk-go-v2/credentials"
 	"github.com/aws/aws-sdk-go-v2/service/s3"
 	"github.com/spf13/afero"
 )
@@ -25,23 +19,39 @@ type BlossomStore struct {
 }
 func (bl *BlossomStore) Enable(instance *Instance) {
 	dir := Env("MEDIA") + "/" + slug.Make(bl.Config.Schema)
 	fs := afero.NewOsFs()
 	fs.MkdirAll(dir, 0755)
 	backend := blossom.New(instance.Relay, "https://"+bl.Config.Host)
 	backend.Store = blossom.EventStoreBlobIndexWrapper{
 		Store:      bl.Events,
 		ServiceURL: "https://" + bl.Config.Host,
 	}
-	switch bl.Config.Blossom.Adapter {
+	backend.StoreBlob = func(ctx context.Context, sha256 string, ext string, body []byte) error {
-	case "local":
+		file, err := fs.Create(dir + "/" + sha256)
-		if err := bl.UseLocalAdapter(backend); err != nil {
+		if err != nil {
-  		log.Fatalf("blossom: failed to use local adapter %q", err)
+			return err
 		}
-	case "s3":
+
-		if err := bl.UseS3Adapter(backend); err != nil {
+		if _, err := io.Copy(file, bytes.NewReader(body)); err != nil {
-  		log.Fatalf("blossom: failed to use s3 adapter %q", err)
+			return err
 		}
-	default:
+
-		log.Fatalf("blossom: unknown backend %q", bl.Config.Blossom.Adapter)
+		return nil
 	}
 	backend.LoadBlob = func(ctx context.Context, sha256 string, ext string) (io.ReadSeeker, *url.URL, error) {
 		file, err := fs.Open(dir + "/" + sha256)
 		if err != nil {
 			return nil, nil, err
 		}
 		return file, nil, nil
 	}
 	backend.DeleteBlob = func(ctx context.Context, sha256 string, ext string) error {
 		return fs.Remove(dir + "/" + sha256)
 	}
 	backend.RejectUpload = func(ctx context.Context, auth *nostr.Event, size int, ext string) (bool, string, int) {
@@ -57,10 +67,6 @@ func (bl *BlossomStore) Enable(instance *Instance) {
 	}
 	backend.RejectGet = func(ctx context.Context, auth *nostr.Event, sha256 string, ext string) (bool, string, int) {
 		if !bl.Config.Blossom.AuthenticatedRead {
 			return false, "", 200
 		}
 		if auth == nil || !instance.Management.IsMember(auth.PubKey) {
 			return true, "unauthorized", 403
 		}
@@ -89,114 +95,3 @@ func (bl *BlossomStore) Enable(instance *Instance) {
 	instance.Relay.Info.SupportedNIPs = append(instance.Relay.Info.SupportedNIPs, "BUD-02")
 	instance.Relay.Info.SupportedNIPs = append(instance.Relay.Info.SupportedNIPs, "BUD-11")
 }
 // Local adapter
 func (bl *BlossomStore) UseLocalAdapter(backend *blossom.BlossomServer) error {
 	dir := filepath.Join(Env("MEDIA"), bl.Config.Schema)
 	osfs := afero.NewOsFs()
 	_ = osfs.MkdirAll(dir, 0755)
 	backend.StoreBlob = func(ctx context.Context, sha256 string, ext string, body []byte) error {
 		file, err := osfs.Create(filepath.Join(dir, sha256))
 		if err != nil {
 			return err
 		}
 		if _, err := io.Copy(file, bytes.NewReader(body)); err != nil {
 			return err
 		}
 		return nil
 	}
 	backend.LoadBlob = func(ctx context.Context, sha256 string, ext string) (io.ReadSeeker, *url.URL, error) {
 		file, err := osfs.Open(filepath.Join(dir, sha256))
 		if err != nil {
 			return nil, nil, err
 		}
 		return file, nil, nil
 	}
 	backend.DeleteBlob = func(ctx context.Context, sha256 string, ext string) error {
 		return osfs.Remove(filepath.Join(dir, sha256))
 	}
 	return nil
 }
 // S3 adapter
 func (bl *BlossomStore) S3Key(sha256 string) string {
  key := bl.Config.Schema + "/" + sha256
  if bl.Config.Blossom.S3.KeyPrefix != "" {
    key = bl.Config.Blossom.S3.KeyPrefix + "/" + key
  }
  return key
 }
 func (bl *BlossomStore) UseS3Adapter(backend *blossom.BlossomServer) error {
 	ctx := context.Background()
 	awsConfig, err := awsconfig.LoadDefaultConfig(ctx,
 		awsconfig.WithRegion(bl.Config.Blossom.S3.Region),
 		awsconfig.WithCredentialsProvider(
 			credentials.NewStaticCredentialsProvider(
 				bl.Config.Blossom.S3.AccessKey,
 				bl.Config.Blossom.S3.SecretKey,
 				"",
 			),
 		),
 	)
 	if err != nil {
 		return fmt.Errorf("aws config: %w", err)
 	}
 	client := s3.NewFromConfig(awsConfig, func(o *s3.Options) {
 		if bl.Config.Blossom.S3.Endpoint != "" {
 			o.BaseEndpoint = aws.String(bl.Config.Blossom.S3.Endpoint)
 			o.UsePathStyle = true
 		}
 	})
 	backend.StoreBlob = func(ctx context.Context, sha256 string, ext string, body []byte) error {
 		_, err := client.PutObject(ctx, &s3.PutObjectInput{
 			Bucket: aws.String(bl.Config.Blossom.S3.Bucket),
 			Key:    aws.String(bl.S3Key(sha256)),
 			Body:   bytes.NewReader(body),
 		})
 		return err
 	}
 	backend.LoadBlob = func(ctx context.Context, sha256 string, ext string) (io.ReadSeeker, *url.URL, error) {
 		out, err := client.GetObject(ctx, &s3.GetObjectInput{
 			Bucket: aws.String(bl.Config.Blossom.S3.Bucket),
 			Key:    aws.String(bl.S3Key(sha256)),
 		})
 		if err != nil {
 			return nil, nil, err
 		}
 		defer out.Body.Close()
 		data, err := io.ReadAll(out.Body)
 		if err != nil {
 			return nil, nil, err
 		}
 		return bytes.NewReader(data), nil, nil
 	}
 	backend.DeleteBlob = func(ctx context.Context, sha256 string, ext string) error {
 		_, err := client.DeleteObject(ctx, &s3.DeleteObjectInput{
 			Bucket: aws.String(bl.Config.Blossom.S3.Bucket),
 			Key:    aws.String(bl.S3Key(sha256)),
 		})
 		return err
 	}
 	return nil
 }
@@ -3,7 +3,6 @@ package zooid
 import (
 	"fiatjaf.com/nostr"
 	"fmt"
 	"regexp"
 	"github.com/BurntSushi/toml"
 	"os"
 	"path/filepath"
@@ -46,10 +45,7 @@ type Config struct {
 	} `toml:"management" json:"management"`
 	Blossom struct {
-		Enabled           bool              `toml:"enabled" json:"enabled"`
+		Enabled bool `toml:"enabled" json:"enabled"`
 		AuthenticatedRead bool              `toml:"authenticated_read" json:"authenticated_read"`
 		Adapter           string            `toml:"adapter" json:"adapter"`
 		S3                BlossomS3Settings `toml:"s3" json:"s3"`
 	} `toml:"blossom" json:"blossom"`
 	Livekit struct {
@@ -65,31 +61,10 @@ type Config struct {
 	secret nostr.SecretKey
 }
-// BlossomS3Settings configures S3-compatible object storage for Blossom blobs
+func LoadConfig(filename string) (*Config, error) {
-// when [blossom] adapter is "s3".
+	path := filepath.Join(Env("CONFIG"), filename)
 type BlossomS3Settings struct {
 	Endpoint  string `toml:"endpoint" json:"endpoint"`
 	Region    string `toml:"region" json:"region"`
 	Bucket    string `toml:"bucket" json:"bucket"`
 	AccessKey string `toml:"access_key" json:"access_key"`
 	SecretKey string `toml:"secret_key" json:"secret_key"`
 	KeyPrefix string `toml:"key_prefix" json:"key_prefix"`
 }
-func ConfigPathFromId(id string) string {
+	return LoadConfigFromPath(path)
 	return filepath.Join(Env("CONFIG"), id+".toml")
 }
 func ConfigPathFromName(name string) string {
 	return filepath.Join(Env("CONFIG"), name)
 }
 func LoadConfigFromId(id string) (*Config, error) {
 	return LoadConfigFromPath(ConfigPathFromId(id))
 }
 func LoadConfigFromName(name string) (*Config, error) {
 	return LoadConfigFromPath(ConfigPathFromName(name))
 }
 func LoadConfigFromPath(path string) (*Config, error) {
@@ -98,64 +73,31 @@ func LoadConfigFromPath(path string) (*Config, error) {
 		return nil, fmt.Errorf("Failed to parse config file %s: %w", path, err)
 	}
 	config.path = path
 	if err := config.Validate(); err != nil {
 		return nil, err
 	}
 	return &config, nil
 }
 func (config *Config) Validate() error {
 	if config.Blossom.Adapter == "" {
 		config.Blossom.Adapter = "local"
 	}
 	if config.Host == "" {
-		return fmt.Errorf("host is required")
+		return nil, fmt.Errorf("host is required")
 	}
 	if config.Schema == "" {
-		return fmt.Errorf("schema is required")
+		return nil, fmt.Errorf("schema is required")
 	}
-	if !regexp.MustCompile(`^[a-z_][a-z0-9_]*$`).MatchString(config.Schema) {
+	if config.Info.Pubkey == "" {
-		return fmt.Errorf("schema must contain only lowercase letters, numbers, and underscores")
+		return nil, fmt.Errorf("info.pubkey is required")
 	}
-  secret, err := nostr.SecretKeyFromHex(config.Secret)
+	secret, err := nostr.SecretKeyFromHex(config.Secret)
 	if err != nil {
-		return fmt.Errorf("invalid secret key: %w", err)
+		return nil, err
 	}
 	// Save the path for later
 	config.path = path
 	// Make the secret... secret
 	config.Secret = ""
 	config.secret = secret
-	if _, err := nostr.PubKeyFromHex(config.Info.Pubkey); err != nil {
+	return &config, nil
 		return fmt.Errorf("invalid info.pubkey: %w", err)
 	}
 	if config.Blossom.Adapter == "s3" {
 		if config.Blossom.S3.Bucket == "" {
 			return fmt.Errorf("blossom.s3.bucket is required when blossom.adapter is s3")
 		}
 		if config.Blossom.S3.Region == "" {
 			return fmt.Errorf("blossom.s3.region is required when blossom.adapter is s3")
 		}
 		if config.Blossom.S3.AccessKey == "" {
 			return fmt.Errorf("blossom.s3.access_key is required when blossom.adapter is s3")
 		}
 		if config.Blossom.S3.SecretKey == "" {
 			return fmt.Errorf("blossom.s3.secret_key is required when blossom.adapter is s3")
 		}
 	} else if config.Blossom.Adapter != "local" {
 		return fmt.Errorf("invalid blossom adapter")
 	}
 	return nil
 }
 func (config *Config) Save() error {
@@ -1,8 +1,6 @@
 package zooid
 import (
 	"os"
 	"path/filepath"
 	"testing"
 	"fiatjaf.com/nostr"
@@ -156,94 +154,3 @@ func TestConfig_MemberRole(t *testing.T) {
 		t.Error("Any pubkey should have member role permissions")
 	}
 }
 func TestValidateBlossomFileStorage(t *testing.T) {
 	t.Run("blossom disabled skips validation", func(t *testing.T) {
 		c := &Config{}
 		c.Blossom.Enabled = false
 		c.Blossom.Backend = "s3"
 		normalizeBlossomConfig(c)
 		if err := validateBlossomFileStorage(c); err != nil {
 			t.Fatalf("expected nil, got %v", err)
 		}
 	})
 	t.Run("local storage needs no s3 fields", func(t *testing.T) {
 		c := &Config{}
 		c.Blossom.Enabled = true
 		c.Blossom.Backend = "local"
 		normalizeBlossomConfig(c)
 		if err := validateBlossomFileStorage(c); err != nil {
 			t.Fatalf("expected nil, got %v", err)
 		}
 	})
 	t.Run("s3 requires bucket region keys and secret", func(t *testing.T) {
 		c := &Config{}
 		c.Blossom.Enabled = true
 		c.Blossom.Backend = "s3"
 		c.Blossom.S3.Region = "us-east-1"
 		normalizeBlossomConfig(c)
 		if err := validateBlossomFileStorage(c); err == nil {
 			t.Fatal("expected error for missing bucket and credentials")
 		}
 		c.Blossom.S3.Bucket = "b"
 		c.Blossom.S3.AccessKey = "k"
 		c.Blossom.S3.SecretKey = "s"
 		normalizeBlossomConfig(c)
 		if err := validateBlossomFileStorage(c); err != nil {
 			t.Fatalf("expected nil with all s3 fields set, got %v", err)
 		}
 	})
 	t.Run("invalid backend value", func(t *testing.T) {
 		c := &Config{}
 		c.Blossom.Enabled = true
 		c.Blossom.Backend = "nfs"
 		normalizeBlossomConfig(c)
 		if err := validateBlossomFileStorage(c); err == nil {
 			t.Fatal("expected error for unknown backend")
 		}
 	})
 }
 func TestLoadConfigFromPath_BlossomS3(t *testing.T) {
 	sk := nostr.Generate()
 	tmp := t.TempDir()
 	path := filepath.Join(tmp, "relay.toml")
 	tomlBody := `host = "r.example.com"
 schema = "myrelay"
 secret = "` + sk.Hex() + `"
 inactive = false
 [info]
 name = "n"
 pubkey = "` + sk.Public().Hex() + `"
 [blossom]
 enabled = true
 backend = "s3"
 [blossom.s3]
 region = "auto"
 bucket = "test-bucket"
 access_key = "AKIA"
 secret_key = "topsecret"
 endpoint = "http://127.0.0.1:9000"
 `
 	if err := os.WriteFile(path, []byte(tomlBody), 0644); err != nil {
 		t.Fatal(err)
 	}
 	cfg, err := LoadConfigFromPath(path)
 	if err != nil {
 		t.Fatalf("LoadConfigFromPath: %v", err)
 	}
 	if cfg.Blossom.S3.SecretKey != "topsecret" {
 		t.Errorf("expected s3 secret_key retained in struct, got %q", cfg.Blossom.S3.SecretKey)
 	}
 	if cfg.Blossom.Backend != "s3" {
 		t.Errorf("backend: got %q", cfg.Blossom.Backend)
 	}
 }
@@ -9,6 +9,7 @@ import (
 	"fiatjaf.com/nostr"
 	"fiatjaf.com/nostr/khatru"
 	"github.com/gosimple/slug"
 )
 type Instance struct {
@@ -22,7 +23,7 @@ type Instance struct {
 }
 func MakeInstance(filename string) (*Instance, error) {
-	config, err := LoadConfigFromName(filename)
+	config, err := LoadConfig(filename)
 	if err != nil {
 		return nil, err
 	}
@@ -37,7 +38,7 @@ func makeInstance(config *Config, source string) (*Instance, error) {
 		Relay:  relay,
 		Config: config,
 		Schema: &Schema{
-			Name: config.Schema,
+			Name: slug.Make(config.Schema),
 		},
 	}
@@ -267,9 +268,8 @@ func (instance *Instance) StoreEvent(ctx context.Context, event nostr.Event) err
 	return instance.Events.StoreEvent(event)
 }
-func (instance *Instance) ReplaceEvent(ctx context.Context, event nostr.Event) error {
+func (instance *Instance) ReplaceEvent(ctx context.Context, event nostr.Event) ([]nostr.Event, error) {
-	_, err := instance.Events.ReplaceEvent(event)
+	return instance.Events.ReplaceEvent(event)
 	return err
 }
 func (instance *Instance) DeleteEvent(ctx context.Context, id nostr.ID) error {
@@ -64,7 +64,7 @@ func Start() {
 		if err != nil {
 			log.Printf("Failed to make instance for %s: %v", entry.Name(), err)
 		} else if instance.Config.Inactive {
-			instance.Cleanup()
+  		instance.Cleanup()
 			log.Printf("Skipped inactive %s", entry.Name())
 		} else {
 			instancesByHost[instance.Config.Host] = instance
@@ -112,7 +112,7 @@ func Start() {
 					if err != nil {
 						log.Printf("Failed to reload %s: %v", filename, err)
 					} else if instance.Config.Inactive {
-						instance.Cleanup()
+  					instance.Cleanup()
 						log.Printf("Skipped inactive %s", filename)
 					} else {
 						instancesByHost[instance.Config.Host] = instance
@@ -183,12 +183,7 @@ func validateNIP98Auth(r *http.Request) (nostr.PubKey, error) {
 		return nostr.PubKey{}, fmt.Errorf("invalid event signature")
 	}
-  scheme := "http"
+	expectedURL := fmt.Sprintf("%s://%s%s", scheme(r), r.Host, r.URL.Path)
 	if r.TLS != nil || r.Header.Get("X-Forwarded-Proto") == "https" {
 		scheme = scheme + "s"
 	}
 	expectedURL := fmt.Sprintf("%s://%s%s", scheme, r.Host, r.URL.Path)
 	var hasURL, hasMethod bool
 	for _, tag := range event.Tags {