Feat: addition of nip-05 verification (issue #261)

[archief2910]

Description

This PR implements NIP-05 verification as a spam reduction mechanism for nostream, as described in the nostr-rs-relay reference configuration.

Changes included:

NIP-05 Verification Core:

• Added Nip05Verification and DBNip05Verification types for application and database layers.
• Added Nip05Settings interface with three operational modes: enabled (require NIP-05 for publishing), passive (validate without blocking), and disabled (no-op).
• Implemented parseNip05Identifier, extractNip05FromEvent, verifyNip05Identifier, and isDomainAllowed utility functions conforming to the NIP-05 protocol (https://<domain>/.well-known/nostr.json?name=<local>).
• Created Nip05VerificationRepository following the existing repository pattern with Ramda applySpec DB-to-app mapping.
• Added Knex migration for the nip05_verifications table with indexes on domain, is_verified, and last_checked_at.

Event Handler Integration:

• Integrated checkNip05Verification into EventMessageHandler pipeline — blocks unverified authors when mode is enabled, always allows kind-0 (SET_METADATA) events through so users can set their NIP-05 identifier.
• Implemented processNip05Metadata as fire-and-forget async verification triggered on successful kind-0 event persistence. Deletes verification records when a user removes their NIP-05 from metadata.

Background Re-verification:

• Added processNip05Reverifications to MaintenanceWorker — periodically re-checks stale verifications respecting verifyUpdateFrequency and maxConsecutiveFailures settings with jittered delays between requests.

Configuration:

• Added nip05 section to default-settings.yaml with defaults matching nostr-rs-relay: 1 week expiration, 24-hour update frequency, 20 max consecutive failures.
• Updated CONFIGURATION.md with documentation for all six settings.

Factory Wiring:

• Threaded Nip05VerificationRepository through workerFactory → webSocketAdapterFactory → messageHandlerFactory → EventMessageHandler and maintenanceWorkerFactory → MaintenanceWorker as a required dependency.

Cleanup:

• Consolidated duplicate import from '../constants/base' lines in event-message-handler.ts.
• Removed dead sinonChai import from NIP-05 utility test file.

Related Issue

Closes #261

Motivation and Context

Spam is a persistent problem for public Nostr relays. NIP-05 verification provides a DNS-based identity layer that ties pubkeys to domain names, allowing relay operators to require that event authors have a verifiable internet identity. This is the same approach implemented by nostr-rs-relay and requested in issue #261. The three-mode system (enabled/passive/disabled) gives operators full control over enforcement level without requiring code changes.

How Has This Been Tested?

• 57 NIP-05 specific unit tests covering:
  • parseNip05Identifier: 12 tests — valid identifiers, subdomains, case normalization, edge cases (null, empty, missing @, no TLD).
  • extractNip05FromEvent: 6 tests — valid kind-0, wrong kind, missing field, bad JSON, empty string, non-string value.
  • isDomainAllowed: 8 tests — whitelist, blacklist, empty lists, case-insensitivity, blacklist-over-whitelist precedence.
  • checkNip05Verification: 12 tests — all three modes, relay pubkey bypass, kind-0 passthrough, missing/expired/unverified records, domain whitelist/blacklist filtering.
  • processNip05Metadata: 10 tests — disabled/passive modes, non-kind-0, delete on missing NIP-05, unparseable identifier, blocked domain, successful/failed verification with upsert assertions, error handling, passive mode verification.
  • processNip05Reverifications: 9 tests — disabled mode, no pending records, success/failure state updates, failure count increment, error resilience across batch, custom config values, undefined fallback defaults, passive mode operation.
• Updated existing factory tests (message-handler-factory.spec.ts, websocket-adapter-factory.spec.ts) for the new required repository parameter.
• Full test suite passes: 544 passing (2 pre-existing Windows path-separator failures ).
• ESLint: 0 errors across all modified files.
• TypeScript: compiles cleanly with --noEmit.

Screenshots (if appropriate):

N/A

Types of changes

• Non-functional change (docs, style, minor refactor)
• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my code changes.
• All new and existing tests passed.

---

[archief2910]

@phoenix-server @cameri This pr is ready for review and checks
Local checks including lint, unit passed.