Remove auto-profile creation and add auth config docs (v0.48.11)

- Remove createDefaultProfile() function from nostr.js that auto-created placeholder profiles for new users - profiles should not be auto-generated - Add auth-required configuration caution section to CLAUDE.md documenting risks of enabling NIP-42 auth on production relays Files modified: - CLAUDE.md: Added auth-required configuration section - app/web/src/nostr.js: Removed createDefaultProfile and auto-profile logic - app/web/dist/bundle.js: Rebuilt with changes - pkg/version/version: v0.48.11 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-10 10:22:56 +01:00
parent e7bc9a4a97
commit 61f6027a64
5 changed files with 21 additions and 62 deletions
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -130,6 +130,21 @@ if timeout > DefaultTimeoutSeconds {
 - Provide public API methods (`IsEnabled()`, `CheckPolicy()`)
 - Never change unexported→exported to fix bugs

+### 6. Auth-Required Configuration (CAUTION)
+
+**Be extremely careful when modifying auth-related settings in deployment configs.**
+
+The `ORLY_AUTH_REQUIRED` and `ORLY_AUTH_TO_WRITE` settings control whether clients must authenticate via NIP-42 before interacting with the relay. Changing these on a production relay can:
+
+- **Lock out all existing clients** if they don't support NIP-42 auth
+- **Break automated systems** (bots, bridges, scrapers) that depend on anonymous access
+- **Cause data sync issues** if upstream relays can't push events
+
+Before enabling auth-required on any deployment:
+1. Verify all expected clients support NIP-42
+2. Ensure the relay identity key is properly configured
+3. Test with a non-production instance first
+
 ## Database Backends

 | Backend | Use Case | Build |