Fix patch and tests

README.md

@@ -96,6 +96,18 @@ Configures blossom support.
 
 - `enabled` - whether blossom is enabled.
 - `authenticated_read` - whether users must perform NIP 98 AUTH in order to fetch a file.
+- `adapter` - where to store blobs. Either `local` (the default, stores files under `MEDIA`) or `s3` (stores files in an S3-compatible bucket).
+
+#### `[blossom.s3]`
+
+Configures S3-compatible object storage, used when `blossom.adapter` is `s3`.
+
+- `endpoint` - the S3 endpoint URL. Optional; leave unset to use AWS S3.
+- `region` - the bucket region. Required when `adapter` is `s3`.
+- `bucket` - the bucket name. Required when `adapter` is `s3`.
+- `access_key` - the access key ID. Required when `adapter` is `s3`.
+- `secret_key` - the secret access key. Required when `adapter` is `s3`.
+- `key_prefix` - an optional prefix prepended to every object key.
 
 ### `[push]`
 

cmd/export/main.go

@@ -25,8 +25,9 @@ func main() {
 		os.Exit(1)
 	}
 
-	// Load config for the specified relay
+	name := zooid.ConfigNameFromId(*relay)
-	config, err := zooid.LoadConfigFromId(*relay)
+	path := zooid.ConfigPathFromName(name)
+	config, err := zooid.LoadConfigFromPath(path)
 	if err != nil {
 		fmt.Fprintln(os.Stderr, err)
 		os.Exit(1)

cmd/import/main.go

@@ -39,8 +39,9 @@ func main() {
 		os.Exit(1)
 	}
 
-	// Load config for the specified relay
+	name := zooid.ConfigNameFromId(*relay)
-	config, err := zooid.LoadConfigFromId(*relay)
+	path := zooid.ConfigPathFromName(name)
+	config, err := zooid.LoadConfigFromPath(path)
 	if err != nil {
 		fmt.Fprintln(os.Stderr, err)
 		os.Exit(1)

zooid/api.go

@@ -2,8 +2,10 @@ package zooid
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
+	"io/fs"
 	"net/http"
 	"os"
 	"sort"
@@ -28,7 +30,7 @@ func NewAPIHandler() *APIHandler {
 		whitelist: whitelist,
 	}
 
-  mux := http.NewServeMux()
+	mux := http.NewServeMux()
 	mux.HandleFunc("POST /relay/{id}", api.auth(api.createRelay))
 	mux.HandleFunc("PUT /relay/{id}", api.auth(api.putRelay))
 	mux.HandleFunc("PATCH /relay/{id}", api.auth(api.patchRelay))
@@ -37,7 +39,7 @@ func NewAPIHandler() *APIHandler {
 
 	api.mux = mux
 
-  return api
+	return api
 }
 
 func (api *APIHandler) auth(next http.HandlerFunc) http.HandlerFunc {
@@ -72,7 +74,7 @@ func writeJSON(w http.ResponseWriter, status int, v any) {
 
 // Relay CRUD
 
-func (api *APIHandler) configFromRequest(r *http.Request) (*Config, error) {
+func (api *APIHandler) configFromRequest(path string, r *http.Request) (*Config, error) {
 	r.Body = http.MaxBytesReader(nil, r.Body, 1024*1024)
 	defer r.Body.Close()
 
@@ -81,16 +83,7 @@ func (api *APIHandler) configFromRequest(r *http.Request) (*Config, error) {
 		return nil, fmt.Errorf("failed to read body: %w", err)
 	}
 
-	var config Config
+	return LoadConfigFromJson(path, body)
-	if err := json.Unmarshal(body, &config); err != nil {
-		return nil, fmt.Errorf("invalid json config: %w", err)
-	}
-
-	if err := config.Validate(); err != nil {
-		return nil, err
-	}
-
-	return &config, nil
 }
 
 func (api *APIHandler) patchFromRequest(r *http.Request) (map[string]interface{}, error) {
@@ -121,7 +114,9 @@ func (api *APIHandler) checkDuplicateSchemaOrHost(config *Config, excludeFilenam
 			continue
 		}
 
-		if existing, err := LoadConfigFromName(entry.Name()); err == nil {
+		path := ConfigPathFromName(entry.Name())
+
+		if existing, err := LoadConfigFromPath(path); err == nil {
 			if existing.Schema == config.Schema {
 				return fmt.Errorf("schema %q is already in use", config.Schema)
 			}
@@ -137,13 +132,14 @@ func (api *APIHandler) checkDuplicateSchemaOrHost(config *Config, excludeFilenam
 // Create relay
 
 func (api *APIHandler) createRelay(w http.ResponseWriter, r *http.Request) {
-	path := ConfigPathFromId(r.PathValue("id"))
+	name := ConfigNameFromId(r.PathValue("id"))
+	path := ConfigPathFromName(name)
 	if _, err := os.Stat(path); err == nil {
 		writeError(w, http.StatusConflict, "relay with this id already exists")
 		return
 	}
 
-	config, err := api.configFromRequest(r)
+	config, err := api.configFromRequest(path, r)
 	if err != nil {
 		writeError(w, http.StatusBadRequest, err.Error())
 		return
@@ -166,19 +162,20 @@ func (api *APIHandler) createRelay(w http.ResponseWriter, r *http.Request) {
 
 func (api *APIHandler) putRelay(w http.ResponseWriter, r *http.Request) {
 	id := r.PathValue("id")
-	path := ConfigPathFromId(id)
+	name := ConfigNameFromId(id)
+	path := ConfigPathFromName(name)
 	if _, err := os.Stat(path); err != nil {
-		writeError(w, http.StatusConflict, "relay not found")
+		writeError(w, http.StatusNotFound, "relay not found")
 		return
 	}
 
-	config, err := api.configFromRequest(r)
+	config, err := api.configFromRequest(path, r)
 	if err != nil {
 		writeError(w, http.StatusBadRequest, err.Error())
 		return
 	}
 
-	if err := api.checkDuplicateSchemaOrHost(config, id+".toml"); err != nil {
+	if err := api.checkDuplicateSchemaOrHost(config, name); err != nil {
 		writeError(w, http.StatusConflict, err.Error())
 		return
 	}
@@ -195,9 +192,10 @@ func (api *APIHandler) putRelay(w http.ResponseWriter, r *http.Request) {
 
 func (api *APIHandler) patchRelay(w http.ResponseWriter, r *http.Request) {
 	id := r.PathValue("id")
-	path := ConfigPathFromId(id)
+	name := ConfigNameFromId(id)
+	path := ConfigPathFromName(name)
 	if _, err := os.Stat(path); err != nil {
-		writeError(w, http.StatusConflict, "relay not found")
+		writeError(w, http.StatusNotFound, "relay not found")
 		return
 	}
 
@@ -223,7 +221,7 @@ func (api *APIHandler) patchRelay(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if err := api.checkDuplicateSchemaOrHost(config, id+".toml"); err != nil {
+	if err := api.checkDuplicateSchemaOrHost(config, name); err != nil {
 		writeError(w, http.StatusConflict, err.Error())
 		return
 	}
@@ -252,6 +250,10 @@ func (api *APIHandler) applyPatch(config *Config, patch map[string]interface{})
 		return err
 	}
 
+	// Preserve unexported fields, which don't survive the JSON round-trip
+	patched.path = config.path
+	patched.secret = config.secret
+
 	// Copy patched values to original config
 	*config = patched
 	return nil
@@ -285,9 +287,10 @@ func deepMerge(base, patch map[string]interface{}) map[string]interface{} {
 
 func (api *APIHandler) deleteRelay(w http.ResponseWriter, r *http.Request) {
 	id := r.PathValue("id")
-	path := ConfigPathFromId(id)
+	name := ConfigNameFromId(id)
+	path := ConfigPathFromName(name)
 	if _, err := os.Stat(path); err != nil {
-		writeError(w, http.StatusConflict, "relay not found")
+		writeError(w, http.StatusNotFound, "relay not found")
 		return
 	}
 
@@ -303,9 +306,10 @@ func (api *APIHandler) deleteRelay(w http.ResponseWriter, r *http.Request) {
 
 func (api *APIHandler) listRelayMembers(w http.ResponseWriter, r *http.Request) {
 	id := r.PathValue("id")
-	members, err := api.resolveRelayMembers(id)
+	name := ConfigNameFromId(id)
+	members, err := api.resolveRelayMembers(name)
 	if err != nil {
-		if os.IsNotExist(err) {
+		if errors.Is(err, fs.ErrNotExist) {
 			writeError(w, http.StatusNotFound, "relay not found")
 		} else {
 			writeError(w, http.StatusInternalServerError, fmt.Sprintf("failed to load relay members: %v", err))
@@ -316,16 +320,17 @@ func (api *APIHandler) listRelayMembers(w http.ResponseWriter, r *http.Request)
 	writeJSON(w, http.StatusOK, map[string][]string{"members": members})
 }
 
-func (api *APIHandler) resolveRelayMembers(id string) ([]string, error) {
+func (api *APIHandler) resolveRelayMembers(name string) ([]string, error) {
 	instancesMux.RLock()
-	instance, exists := instancesByName[id+".toml"]
+	instance, exists := instancesByName[name]
 	instancesMux.RUnlock()
 
 	if exists {
 		return collectMembers(instance.Management), nil
 	}
 
-	config, err := LoadConfigFromId(id)
+	path := ConfigPathFromName(name)
+	config, err := LoadConfigFromPath(path)
 	if err != nil {
 		return nil, err
 	}

zooid/api_test.go

@@ -16,16 +16,14 @@ import (
 )
 
 func TestAPIHandler_Authentication(t *testing.T) {
-	// Create a temporary config directory
+	useTestConfigDir(t)
-	configDir := t.TempDir()
 
 	// Create a test keypair for authentication
 	secretKey := nostr.Generate()
 	pubkey := secretKey.Public()
 
 	// Create API handler with whitelist containing our test pubkey
-	whitelist := pubkey.Hex()
+	api := newTestAPIHandler(t, pubkey.Hex())
-	api := NewAPIHandler(whitelist, configDir)
 
 	t.Run("missing authorization header", func(t *testing.T) {
 		req := httptest.NewRequest(http.MethodPost, "/relay/test", strings.NewReader("{}"))
@@ -173,12 +171,11 @@ func TestAPIHandler_Authentication(t *testing.T) {
 }
 
 func TestAPIHandler_CreateRelay(t *testing.T) {
-	configDir := t.TempDir()
+	configDir := useTestConfigDir(t)
 
 	secretKey := nostr.Generate()
 	pubkey := secretKey.Public()
-	whitelist := pubkey.Hex()
+	api := newTestAPIHandler(t, pubkey.Hex())
-	api := NewAPIHandler(whitelist, configDir)
 
 	validConfig := map[string]interface{}{
 		"host":   "relay.example.com",
@@ -226,6 +223,9 @@ func TestAPIHandler_CreateRelay(t *testing.T) {
 			"host":   "other.example.com",
 			"schema": "testrelay", // Same schema as existing
 			"secret": secretKey.Hex(),
+			"info": map[string]interface{}{
+				"pubkey": pubkey.Hex(),
+			},
 		}
 		body, _ := json.Marshal(config)
 		req := createAuthenticatedRequest(http.MethodPost, "http://api.example.com/relay/other", secretKey, body)
@@ -243,6 +243,9 @@ func TestAPIHandler_CreateRelay(t *testing.T) {
 			"host":   "relay.example.com", // Same host as existing
 			"schema": "otherschema",
 			"secret": secretKey.Hex(),
+			"info": map[string]interface{}{
+				"pubkey": pubkey.Hex(),
+			},
 		}
 		body, _ := json.Marshal(config)
 		req := createAuthenticatedRequest(http.MethodPost, "http://api.example.com/relay/other2", secretKey, body)
@@ -301,12 +304,11 @@ func TestAPIHandler_CreateRelay(t *testing.T) {
 }
 
 func TestAPIHandler_UpdateRelay(t *testing.T) {
-	configDir := t.TempDir()
+	useTestConfigDir(t)
 
 	secretKey := nostr.Generate()
 	pubkey := secretKey.Public()
-	whitelist := pubkey.Hex()
+	api := newTestAPIHandler(t, pubkey.Hex())
-	api := NewAPIHandler(whitelist, configDir)
 
 	// Create initial relay
 	initialConfig := map[string]interface{}{
@@ -371,6 +373,9 @@ func TestAPIHandler_UpdateRelay(t *testing.T) {
 			"host":   "other.example.com",
 			"schema": "otherrelay",
 			"secret": secretKey.Hex(),
+			"info": map[string]interface{}{
+				"pubkey": pubkey.Hex(),
+			},
 		}
 		body, _ := json.Marshal(otherConfig)
 		req := createAuthenticatedRequest(http.MethodPost, "http://api.example.com/relay/otherrelay", secretKey, body)
@@ -385,6 +390,9 @@ func TestAPIHandler_UpdateRelay(t *testing.T) {
 			"host":   "relay.example.com",
 			"schema": "otherrelay", // Duplicate
 			"secret": secretKey.Hex(),
+			"info": map[string]interface{}{
+				"pubkey": pubkey.Hex(),
+			},
 		}
 		body, _ = json.Marshal(updateConfig)
 		req = createAuthenticatedRequest(http.MethodPut, "http://api.example.com/relay/testrelay", secretKey, body)
@@ -399,12 +407,11 @@ func TestAPIHandler_UpdateRelay(t *testing.T) {
 }
 
 func TestAPIHandler_PatchRelay(t *testing.T) {
-	configDir := t.TempDir()
+	useTestConfigDir(t)
 
 	secretKey := nostr.Generate()
 	pubkey := secretKey.Public()
-	whitelist := pubkey.Hex()
+	api := newTestAPIHandler(t, pubkey.Hex())
-	api := NewAPIHandler(whitelist, configDir)
 
 	// Create initial relay with full config
 	initialConfig := map[string]interface{}{
@@ -494,6 +501,9 @@ func TestAPIHandler_PatchRelay(t *testing.T) {
 			"host":   "other.example.com",
 			"schema": "anotherrelay",
 			"secret": secretKey.Hex(),
+			"info": map[string]interface{}{
+				"pubkey": pubkey.Hex(),
+			},
 		}
 		body, _ := json.Marshal(otherConfig)
 		req := createAuthenticatedRequest(http.MethodPost, "http://api.example.com/relay/anotherrelay", secretKey, body)
@@ -550,12 +560,11 @@ func TestAPIHandler_PatchRelay(t *testing.T) {
 }
 
 func TestAPIHandler_DeleteRelay(t *testing.T) {
-	configDir := t.TempDir()
+	configDir := useTestConfigDir(t)
 
 	secretKey := nostr.Generate()
 	pubkey := secretKey.Public()
-	whitelist := pubkey.Hex()
+	api := newTestAPIHandler(t, pubkey.Hex())
-	api := NewAPIHandler(whitelist, configDir)
 
 	// Create a relay to delete
 	config := map[string]interface{}{
@@ -605,12 +614,11 @@ func TestAPIHandler_DeleteRelay(t *testing.T) {
 }
 
 func TestAPIHandler_ListRelayMembers(t *testing.T) {
-	configDir := t.TempDir()
+	useTestConfigDir(t)
 
 	secretKey := nostr.Generate()
 	pubkey := secretKey.Public()
-	whitelist := pubkey.Hex()
+	api := newTestAPIHandler(t, pubkey.Hex())
-	api := NewAPIHandler(whitelist, configDir)
 
 	t.Run("list members from loaded relay instance", func(t *testing.T) {
 		member1 := nostr.Generate().Public()
@@ -681,11 +689,13 @@ func TestAPIHandler_ListRelayMembers(t *testing.T) {
 
 		config := &Config{
 			Host:   "members.example.com",
-			Schema: "members_" + RandomString(8),
+			Schema: "members_" + strings.ToLower(RandomString(8)),
 			Secret: relaySecret.Hex(),
 		}
+		config.Info.Pubkey = nostr.Generate().Public().Hex()
+		config.path = ConfigPathFromName(ConfigNameFromId("fallback"))
 
-		if err := api.saveConfig(api.configPath("fallback"), config); err != nil {
+		if err := config.Save(); err != nil {
 			t.Fatalf("failed to save config: %v", err)
 		}
 
@@ -779,12 +789,11 @@ func TestAPIHandler_ListRelayMembers(t *testing.T) {
 }
 
 func TestAPIHandler_MethodNotAllowed(t *testing.T) {
-	configDir := t.TempDir()
+	useTestConfigDir(t)
 
 	secretKey := nostr.Generate()
 	pubkey := secretKey.Public()
-	whitelist := pubkey.Hex()
+	api := newTestAPIHandler(t, pubkey.Hex())
-	api := NewAPIHandler(whitelist, configDir)
 
 	t.Run("GET method not allowed", func(t *testing.T) {
 		req := createAuthenticatedRequest(http.MethodGet, "http://api.example.com/relay/test", secretKey, nil)
@@ -799,12 +808,11 @@ func TestAPIHandler_MethodNotAllowed(t *testing.T) {
 }
 
 func TestAPIHandler_InvalidPath(t *testing.T) {
-	configDir := t.TempDir()
+	useTestConfigDir(t)
 
 	secretKey := nostr.Generate()
 	pubkey := secretKey.Public()
-	whitelist := pubkey.Hex()
+	api := newTestAPIHandler(t, pubkey.Hex())
-	api := NewAPIHandler(whitelist, configDir)
 
 	t.Run("invalid path returns not found", func(t *testing.T) {
 		req := createAuthenticatedRequest(http.MethodPost, "http://api.example.com/invalid/path", secretKey, []byte("{}"))
@@ -830,12 +838,11 @@ func TestAPIHandler_InvalidPath(t *testing.T) {
 }
 
 func TestAPIHandler_ConfigValidation(t *testing.T) {
-	configDir := t.TempDir()
+	configDir := useTestConfigDir(t)
 
 	secretKey := nostr.Generate()
 	pubkey := secretKey.Public()
-	whitelist := pubkey.Hex()
+	api := newTestAPIHandler(t, pubkey.Hex())
-	api := NewAPIHandler(whitelist, configDir)
 
 	t.Run("invalid info.pubkey", func(t *testing.T) {
 		config := map[string]interface{}{
@@ -976,9 +983,33 @@ func createAuthenticatedRequest(method, url string, secretKey nostr.SecretKey, b
 	return req
 }
 
+// setTestEnv overrides a value in the package-level env map. Env memoizes
+// os.Environ via sync.Once, so once the test binary has started, os.Setenv is
+// ignored — mutating the cached map directly is the only way to change config
+// for an individual test. Safe because tests in this package run sequentially.
+func setTestEnv(key, value string) {
+	_ = Env("DATA") // ensure the env map has been initialized
+	env[key] = value
+}
+
+// useTestConfigDir points Env("CONFIG") at a fresh temp dir for this test.
+func useTestConfigDir(t *testing.T) string {
+	t.Helper()
+	dir := t.TempDir()
+	setTestEnv("CONFIG", dir)
+	return dir
+}
+
+// newTestAPIHandler builds a handler whose whitelist contains the given pubkeys.
+func newTestAPIHandler(t *testing.T, whitelist ...string) *APIHandler {
+	t.Helper()
+	setTestEnv("API_WHITELIST", strings.Join(whitelist, ","))
+	return NewAPIHandler()
+}
+
 func TestNewAPIHandler(t *testing.T) {
 	t.Run("empty whitelist", func(t *testing.T) {
-		api := NewAPIHandler("", "/tmp")
+		api := newTestAPIHandler(t)
 		if len(api.whitelist) != 0 {
 			t.Error("expected empty whitelist")
 		}
@@ -986,7 +1017,7 @@ func TestNewAPIHandler(t *testing.T) {
 
 	t.Run("single pubkey", func(t *testing.T) {
 		pubkey := nostr.Generate().Public().Hex()
-		api := NewAPIHandler(pubkey, "/tmp")
+		api := newTestAPIHandler(t, pubkey)
 		if len(api.whitelist) != 1 {
 			t.Error("expected 1 entry in whitelist")
 		}
@@ -998,8 +1029,8 @@ func TestNewAPIHandler(t *testing.T) {
 	t.Run("multiple pubkeys", func(t *testing.T) {
 		pubkey1 := nostr.Generate().Public().Hex()
 		pubkey2 := nostr.Generate().Public().Hex()
-		whitelist := fmt.Sprintf("%s, %s", pubkey1, pubkey2)
+		setTestEnv("API_WHITELIST", fmt.Sprintf("%s, %s", pubkey1, pubkey2))
-		api := NewAPIHandler(whitelist, "/tmp")
+		api := NewAPIHandler()
 		if len(api.whitelist) != 2 {
 			t.Error("expected 2 entries in whitelist")
 		}
@@ -1010,8 +1041,8 @@ func TestNewAPIHandler(t *testing.T) {
 
 	t.Run("whitespace trimming", func(t *testing.T) {
 		pubkey := nostr.Generate().Public().Hex()
-		whitelist := "  " + pubkey + "  "
+		setTestEnv("API_WHITELIST", "  "+pubkey+"  ")
-		api := NewAPIHandler(whitelist, "/tmp")
+		api := NewAPIHandler()
 		if len(api.whitelist) != 1 {
 			t.Error("expected 1 entry in whitelist after trimming")
 		}

zooid/blossom.go

@@ -3,8 +3,8 @@ package zooid
 import (
 	"bytes"
 	"context"
-	"io"
 	"fmt"
+	"io"
 	"log"
 	"net/url"
 	"path/filepath"
@@ -34,11 +34,11 @@ func (bl *BlossomStore) Enable(instance *Instance) {
 	switch bl.Config.Blossom.Adapter {
 	case "local":
 		if err := bl.UseLocalAdapter(backend); err != nil {
-  		log.Fatalf("blossom: failed to use local adapter %q", err)
+			log.Fatalf("blossom: failed to use local adapter %q", err)
 		}
 	case "s3":
 		if err := bl.UseS3Adapter(backend); err != nil {
-  		log.Fatalf("blossom: failed to use s3 adapter %q", err)
+			log.Fatalf("blossom: failed to use s3 adapter %q", err)
 		}
 	default:
 		log.Fatalf("blossom: unknown backend %q", bl.Config.Blossom.Adapter)
@@ -128,13 +128,13 @@ func (bl *BlossomStore) UseLocalAdapter(backend *blossom.BlossomServer) error {
 // S3 adapter
 
 func (bl *BlossomStore) S3Key(sha256 string) string {
-  key := bl.Config.Schema + "/" + sha256
+	key := bl.Config.Schema + "/" + sha256
 
-  if bl.Config.Blossom.S3.KeyPrefix != "" {
+	if bl.Config.Blossom.S3.KeyPrefix != "" {
-    key = bl.Config.Blossom.S3.KeyPrefix + "/" + key
+		key = bl.Config.Blossom.S3.KeyPrefix + "/" + key
-  }
+	}
 
-  return key
+	return key
 }
 
 func (bl *BlossomStore) UseS3Adapter(backend *blossom.BlossomServer) error {

zooid/config.go

@@ -1,12 +1,13 @@
 package zooid
 
 import (
+	"encoding/json"
 	"fiatjaf.com/nostr"
 	"fmt"
-	"regexp"
 	"github.com/BurntSushi/toml"
 	"os"
 	"path/filepath"
+	"regexp"
 	"slices"
 )
 
@@ -60,7 +61,7 @@ type Config struct {
 
 	Roles map[string]Role `toml:"roles" json:"roles"`
 
-	// Private/parsed values
+	// Parsed values
 	path   string
 	secret nostr.SecretKey
 }
@@ -76,22 +77,14 @@ type BlossomS3Settings struct {
 	KeyPrefix string `toml:"key_prefix" json:"key_prefix"`
 }
 
-func ConfigPathFromId(id string) string {
+func ConfigNameFromId(id string) string {
-	return filepath.Join(Env("CONFIG"), id+".toml")
+	return id + ".toml"
 }
 
 func ConfigPathFromName(name string) string {
 	return filepath.Join(Env("CONFIG"), name)
 }
 
-func LoadConfigFromId(id string) (*Config, error) {
-	return LoadConfigFromPath(ConfigPathFromId(id))
-}
-
-func LoadConfigFromName(name string) (*Config, error) {
-	return LoadConfigFromPath(ConfigPathFromName(name))
-}
-
 func LoadConfigFromPath(path string) (*Config, error) {
 	var config Config
 	if _, err := toml.DecodeFile(path, &config); err != nil {
@@ -107,6 +100,21 @@ func LoadConfigFromPath(path string) (*Config, error) {
 	return &config, nil
 }
 
+func LoadConfigFromJson(path string, body []byte) (*Config, error) {
+	var config Config
+	if err := json.Unmarshal(body, &config); err != nil {
+		return nil, fmt.Errorf("invalid json config: %w", err)
+	}
+
+	config.path = path
+
+	if err := config.Validate(); err != nil {
+		return nil, err
+	}
+
+	return &config, nil
+}
+
 func (config *Config) Validate() error {
 	if config.Blossom.Adapter == "" {
 		config.Blossom.Adapter = "local"
@@ -124,14 +132,12 @@ func (config *Config) Validate() error {
 		return fmt.Errorf("schema must contain only lowercase letters, numbers, and underscores")
 	}
 
-  secret, err := nostr.SecretKeyFromHex(config.Secret)
+	secret, err := nostr.SecretKeyFromHex(config.Secret)
 
 	if err != nil {
 		return fmt.Errorf("invalid secret key: %w", err)
 	}
 
-	// Make the secret... secret
-	config.Secret = ""
 	config.secret = secret
 
 	if _, err := nostr.PubKeyFromHex(config.Info.Pubkey); err != nil {
@@ -159,9 +165,6 @@ func (config *Config) Validate() error {
 }
 
 func (config *Config) Save() error {
-	// Restore the secret key to the public field for saving
-	config.Secret = config.secret.Hex()
-
 	file, err := os.Create(config.path)
 	if err != nil {
 		return fmt.Errorf("Failed to open config file %s: %w", config.path, err)
@@ -173,9 +176,6 @@ func (config *Config) Save() error {
 		return fmt.Errorf("Failed to encode config file %s: %w", config.path, err)
 	}
 
-	// Clear the secret again
-	config.Secret = ""
-
 	return nil
 }
 

zooid/config_test.go

@@ -157,53 +157,64 @@ func TestConfig_MemberRole(t *testing.T) {
 	}
 }
 
+// validBlossomTestConfig returns a config that passes Validate except for any
+// Blossom settings the caller overrides, so blossom validation can be exercised
+// in isolation.
+func validBlossomTestConfig() *Config {
+	sk := nostr.Generate()
+	c := &Config{
+		Host:   "r.example.com",
+		Schema: "myrelay",
+		Secret: sk.Hex(),
+	}
+	c.Info.Pubkey = sk.Public().Hex()
+	return c
+}
+
 func TestValidateBlossomFileStorage(t *testing.T) {
-	t.Run("blossom disabled skips validation", func(t *testing.T) {
+	t.Run("empty adapter defaults to local", func(t *testing.T) {
-		c := &Config{}
+		c := validBlossomTestConfig()
-		c.Blossom.Enabled = false
+		c.Blossom.Enabled = true
-		c.Blossom.Backend = "s3"
+		if err := c.Validate(); err != nil {
-		normalizeBlossomConfig(c)
-		if err := validateBlossomFileStorage(c); err != nil {
 			t.Fatalf("expected nil, got %v", err)
 		}
+		if c.Blossom.Adapter != "local" {
+			t.Errorf("expected adapter normalized to local, got %q", c.Blossom.Adapter)
+		}
 	})
 
 	t.Run("local storage needs no s3 fields", func(t *testing.T) {
-		c := &Config{}
+		c := validBlossomTestConfig()
 		c.Blossom.Enabled = true
-		c.Blossom.Backend = "local"
+		c.Blossom.Adapter = "local"
-		normalizeBlossomConfig(c)
+		if err := c.Validate(); err != nil {
-		if err := validateBlossomFileStorage(c); err != nil {
 			t.Fatalf("expected nil, got %v", err)
 		}
 	})
 
 	t.Run("s3 requires bucket region keys and secret", func(t *testing.T) {
-		c := &Config{}
+		c := validBlossomTestConfig()
 		c.Blossom.Enabled = true
-		c.Blossom.Backend = "s3"
+		c.Blossom.Adapter = "s3"
 		c.Blossom.S3.Region = "us-east-1"
-		normalizeBlossomConfig(c)
+		if err := c.Validate(); err == nil {
-		if err := validateBlossomFileStorage(c); err == nil {
 			t.Fatal("expected error for missing bucket and credentials")
 		}
 
 		c.Blossom.S3.Bucket = "b"
 		c.Blossom.S3.AccessKey = "k"
 		c.Blossom.S3.SecretKey = "s"
-		normalizeBlossomConfig(c)
+		if err := c.Validate(); err != nil {
-		if err := validateBlossomFileStorage(c); err != nil {
 			t.Fatalf("expected nil with all s3 fields set, got %v", err)
 		}
 	})
 
-	t.Run("invalid backend value", func(t *testing.T) {
+	t.Run("invalid adapter value", func(t *testing.T) {
-		c := &Config{}
+		c := validBlossomTestConfig()
 		c.Blossom.Enabled = true
-		c.Blossom.Backend = "nfs"
+		c.Blossom.Adapter = "nfs"
-		normalizeBlossomConfig(c)
+		if err := c.Validate(); err == nil {
-		if err := validateBlossomFileStorage(c); err == nil {
+			t.Fatal("expected error for unknown adapter")
-			t.Fatal("expected error for unknown backend")
 		}
 	})
 }
@@ -223,7 +234,7 @@ pubkey = "` + sk.Public().Hex() + `"
 
 [blossom]
 enabled = true
-backend = "s3"
+adapter = "s3"
 
 [blossom.s3]
 region = "auto"
@@ -243,7 +254,7 @@ endpoint = "http://127.0.0.1:9000"
 	if cfg.Blossom.S3.SecretKey != "topsecret" {
 		t.Errorf("expected s3 secret_key retained in struct, got %q", cfg.Blossom.S3.SecretKey)
 	}
-	if cfg.Blossom.Backend != "s3" {
+	if cfg.Blossom.Adapter != "s3" {
-		t.Errorf("backend: got %q", cfg.Blossom.Backend)
+		t.Errorf("adapter: got %q", cfg.Blossom.Adapter)
 	}
 }

zooid/instance.go

@@ -21,13 +21,14 @@ type Instance struct {
 	Push       *PushManager
 }
 
-func MakeInstance(filename string) (*Instance, error) {
+func MakeInstance(name string) (*Instance, error) {
-	config, err := LoadConfigFromName(filename)
+	path := ConfigPathFromName(name)
+	config, err := LoadConfigFromPath(path)
 	if err != nil {
 		return nil, err
 	}
 
-	return makeInstance(config, filename)
+	return makeInstance(config, name)
 }
 
 func makeInstance(config *Config, source string) (*Instance, error) {

zooid/util.go

@@ -183,7 +183,7 @@ func validateNIP98Auth(r *http.Request) (nostr.PubKey, error) {
 		return nostr.PubKey{}, fmt.Errorf("invalid event signature")
 	}
 
-  scheme := "http"
+	scheme := "http"
 	if r.TLS != nil || r.Header.Get("X-Forwarded-Proto") == "https" {
 		scheme = scheme + "s"
 	}