npm - @mt-tl/server - Versions diffs - 0.1.0 - Mend

@mt-tl/server 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @mt-tl/server might be problematic. Click here for more details.

Files changed (293) hide show

package/LICENSE +21 -0
package/README.md +50 -0
package/dist/auth/handshake.d.ts +35 -0
package/dist/auth/handshake.d.ts.map +1 -0
package/dist/auth/handshake.js +208 -0
package/dist/auth/handshake.js.map +1 -0
package/dist/auth/nonce-store.d.ts +22 -0
package/dist/auth/nonce-store.d.ts.map +1 -0
package/dist/auth/nonce-store.js +23 -0
package/dist/auth/nonce-store.js.map +1 -0
package/dist/bootstrap.d.ts +36 -0
package/dist/bootstrap.d.ts.map +1 -0
package/dist/bootstrap.js +82 -0
package/dist/bootstrap.js.map +1 -0
package/dist/config.d.ts +103 -0
package/dist/config.d.ts.map +1 -0
package/dist/config.js +2 -0
package/dist/config.js.map +1 -0
package/dist/core/context.d.ts +57 -0
package/dist/core/context.d.ts.map +1 -0
package/dist/core/context.js +27 -0
package/dist/core/context.js.map +1 -0
package/dist/core/errors.d.ts +33 -0
package/dist/core/errors.d.ts.map +1 -0
package/dist/core/errors.js +47 -0
package/dist/core/errors.js.map +1 -0
package/dist/core/index.d.ts +5 -0
package/dist/core/index.d.ts.map +1 -0
package/dist/core/index.js +5 -0
package/dist/core/index.js.map +1 -0
package/dist/core/rpc.d.ts +83 -0
package/dist/core/rpc.d.ts.map +1 -0
package/dist/core/rpc.js +102 -0
package/dist/core/rpc.js.map +1 -0
package/dist/core/updates.d.ts +56 -0
package/dist/core/updates.d.ts.map +1 -0
package/dist/core/updates.js +34 -0
package/dist/core/updates.js.map +1 -0
package/dist/create-server.d.ts +89 -0
package/dist/create-server.d.ts.map +1 -0
package/dist/create-server.js +109 -0
package/dist/create-server.js.map +1 -0
package/dist/crypto/aes-ige.d.ts +3 -0
package/dist/crypto/aes-ige.d.ts.map +1 -0
package/dist/crypto/aes-ige.js +55 -0
package/dist/crypto/aes-ige.js.map +1 -0
package/dist/crypto/dh.d.ts +21 -0
package/dist/crypto/dh.d.ts.map +1 -0
package/dist/crypto/dh.js +99 -0
package/dist/crypto/dh.js.map +1 -0
package/dist/crypto/hashes.d.ts +6 -0
package/dist/crypto/hashes.d.ts.map +1 -0
package/dist/crypto/hashes.js +14 -0
package/dist/crypto/hashes.js.map +1 -0
package/dist/crypto/msg-key.d.ts +15 -0
package/dist/crypto/msg-key.d.ts.map +1 -0
package/dist/crypto/msg-key.js +24 -0
package/dist/crypto/msg-key.js.map +1 -0
package/dist/crypto/rsa.d.ts +27 -0
package/dist/crypto/rsa.d.ts.map +1 -0
package/dist/crypto/rsa.js +50 -0
package/dist/crypto/rsa.js.map +1 -0
package/dist/dispatch/dispatcher.d.ts +72 -0
package/dist/dispatch/dispatcher.d.ts.map +1 -0
package/dist/dispatch/dispatcher.js +503 -0
package/dist/dispatch/dispatcher.js.map +1 -0
package/dist/dispatch/forwarders/in-process.d.ts +12 -0
package/dist/dispatch/forwarders/in-process.d.ts.map +1 -0
package/dist/dispatch/forwarders/in-process.js +15 -0
package/dist/dispatch/forwarders/in-process.js.map +1 -0
package/dist/dispatch/forwarders/print.d.ts +14 -0
package/dist/dispatch/forwarders/print.d.ts.map +1 -0
package/dist/dispatch/forwarders/print.js +23 -0
package/dist/dispatch/forwarders/print.js.map +1 -0
package/dist/dispatch/rpc-forwarder.d.ts +14 -0
package/dist/dispatch/rpc-forwarder.d.ts.map +1 -0
package/dist/dispatch/rpc-forwarder.js +2 -0
package/dist/dispatch/rpc-forwarder.js.map +1 -0
package/dist/dispatch/types.d.ts +32 -0
package/dist/dispatch/types.d.ts.map +1 -0
package/dist/dispatch/types.js +23 -0
package/dist/dispatch/types.js.map +1 -0
package/dist/gateway.d.ts +57 -0
package/dist/gateway.d.ts.map +1 -0
package/dist/gateway.js +150 -0
package/dist/gateway.js.map +1 -0
package/dist/index.d.ts +7 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +25 -0
package/dist/index.js.map +1 -0
package/dist/lib.d.ts +12 -0
package/dist/lib.d.ts.map +1 -0
package/dist/lib.js +13 -0
package/dist/lib.js.map +1 -0
package/dist/server/message-pipeline.d.ts +57 -0
package/dist/server/message-pipeline.d.ts.map +1 -0
package/dist/server/message-pipeline.js +199 -0
package/dist/server/message-pipeline.js.map +1 -0
package/dist/session/inbound-tracker.d.ts +118 -0
package/dist/session/inbound-tracker.d.ts.map +1 -0
package/dist/session/inbound-tracker.js +170 -0
package/dist/session/inbound-tracker.js.map +1 -0
package/dist/session/message-id.d.ts +19 -0
package/dist/session/message-id.d.ts.map +1 -0
package/dist/session/message-id.js +30 -0
package/dist/session/message-id.js.map +1 -0
package/dist/session/salts.d.ts +51 -0
package/dist/session/salts.d.ts.map +1 -0
package/dist/session/salts.js +132 -0
package/dist/session/salts.js.map +1 -0
package/dist/session/session-manager.d.ts +18 -0
package/dist/session/session-manager.d.ts.map +1 -0
package/dist/session/session-manager.js +43 -0
package/dist/session/session-manager.js.map +1 -0
package/dist/storage/index.d.ts +14 -0
package/dist/storage/index.d.ts.map +1 -0
package/dist/storage/index.js +16 -0
package/dist/storage/index.js.map +1 -0
package/dist/storage/memory.d.ts +3 -0
package/dist/storage/memory.d.ts.map +1 -0
package/dist/storage/memory.js +91 -0
package/dist/storage/memory.js.map +1 -0
package/dist/storage/mongo.d.ts +3 -0
package/dist/storage/mongo.d.ts.map +1 -0
package/dist/storage/mongo.js +175 -0
package/dist/storage/mongo.js.map +1 -0
package/dist/storage/types.d.ts +85 -0
package/dist/storage/types.d.ts.map +1 -0
package/dist/storage/types.js +3 -0
package/dist/storage/types.js.map +1 -0
package/dist/testkit.d.ts +11 -0
package/dist/testkit.d.ts.map +1 -0
package/dist/testkit.js +17 -0
package/dist/testkit.js.map +1 -0
package/dist/tl/codec.d.ts +37 -0
package/dist/tl/codec.d.ts.map +1 -0
package/dist/tl/codec.js +297 -0
package/dist/tl/codec.js.map +1 -0
package/dist/tl/layered-registry.d.ts +29 -0
package/dist/tl/layered-registry.d.ts.map +1 -0
package/dist/tl/layered-registry.js +118 -0
package/dist/tl/layered-registry.js.map +1 -0
package/dist/tl/protocol.d.ts +126 -0
package/dist/tl/protocol.d.ts.map +1 -0
package/dist/tl/protocol.js +22 -0
package/dist/tl/protocol.js.map +1 -0
package/dist/tl/reader.d.ts +30 -0
package/dist/tl/reader.d.ts.map +1 -0
package/dist/tl/reader.js +87 -0
package/dist/tl/reader.js.map +1 -0
package/dist/tl/registry.d.ts +39 -0
package/dist/tl/registry.d.ts.map +1 -0
package/dist/tl/registry.js +52 -0
package/dist/tl/registry.js.map +1 -0
package/dist/tl/writer.d.ts +24 -0
package/dist/tl/writer.d.ts.map +1 -0
package/dist/tl/writer.js +95 -0
package/dist/tl/writer.js.map +1 -0
package/dist/transport/connection-registry.d.ts +31 -0
package/dist/transport/connection-registry.d.ts.map +1 -0
package/dist/transport/connection-registry.js +84 -0
package/dist/transport/connection-registry.js.map +1 -0
package/dist/transport/connection.d.ts +62 -0
package/dist/transport/connection.d.ts.map +1 -0
package/dist/transport/connection.js +77 -0
package/dist/transport/connection.js.map +1 -0
package/dist/transport/framing.d.ts +39 -0
package/dist/transport/framing.d.ts.map +1 -0
package/dist/transport/framing.js +212 -0
package/dist/transport/framing.js.map +1 -0
package/dist/transport/proxy-protocol.d.ts +23 -0
package/dist/transport/proxy-protocol.d.ts.map +1 -0
package/dist/transport/proxy-protocol.js +108 -0
package/dist/transport/proxy-protocol.js.map +1 -0
package/dist/transport/server-common.d.ts +27 -0
package/dist/transport/server-common.d.ts.map +1 -0
package/dist/transport/server-common.js +27 -0
package/dist/transport/server-common.js.map +1 -0
package/dist/transport/tcp-server.d.ts +26 -0
package/dist/transport/tcp-server.d.ts.map +1 -0
package/dist/transport/tcp-server.js +91 -0
package/dist/transport/tcp-server.js.map +1 -0
package/dist/transport/ws-server.d.ts +19 -0
package/dist/transport/ws-server.d.ts.map +1 -0
package/dist/transport/ws-server.js +78 -0
package/dist/transport/ws-server.js.map +1 -0
package/dist/update-publisher.d.ts +34 -0
package/dist/update-publisher.d.ts.map +1 -0
package/dist/update-publisher.js +29 -0
package/dist/update-publisher.js.map +1 -0
package/dist/updates/mongo-update-log.d.ts +13 -0
package/dist/updates/mongo-update-log.d.ts.map +1 -0
package/dist/updates/mongo-update-log.js +39 -0
package/dist/updates/mongo-update-log.js.map +1 -0
package/dist/updates/presence-binder.d.ts +29 -0
package/dist/updates/presence-binder.d.ts.map +1 -0
package/dist/updates/presence-binder.js +36 -0
package/dist/updates/presence-binder.js.map +1 -0
package/dist/updates/presence.d.ts +31 -0
package/dist/updates/presence.d.ts.map +1 -0
package/dist/updates/presence.js +44 -0
package/dist/updates/presence.js.map +1 -0
package/dist/updates/push.d.ts +25 -0
package/dist/updates/push.d.ts.map +1 -0
package/dist/updates/push.js +72 -0
package/dist/updates/push.js.map +1 -0
package/dist/updates/redis-bus.d.ts +45 -0
package/dist/updates/redis-bus.d.ts.map +1 -0
package/dist/updates/redis-bus.js +59 -0
package/dist/updates/redis-bus.js.map +1 -0
package/dist/updates/redis-presence.d.ts +43 -0
package/dist/updates/redis-presence.d.ts.map +1 -0
package/dist/updates/redis-presence.js +65 -0
package/dist/updates/redis-presence.js.map +1 -0
package/dist/updates/render.d.ts +16 -0
package/dist/updates/render.d.ts.map +1 -0
package/dist/updates/render.js +46 -0
package/dist/updates/render.js.map +1 -0
package/dist/updates/router.d.ts +27 -0
package/dist/updates/router.d.ts.map +1 -0
package/dist/updates/router.js +36 -0
package/dist/updates/router.js.map +1 -0
package/dist/updates/types.d.ts +23 -0
package/dist/updates/types.d.ts.map +1 -0
package/dist/updates/types.js +2 -0
package/dist/updates/types.js.map +1 -0
package/dist/updates/update-bus.d.ts +29 -0
package/dist/updates/update-bus.d.ts.map +1 -0
package/dist/updates/update-bus.js +24 -0
package/dist/updates/update-bus.js.map +1 -0
package/dist/util/bytes.d.ts +12 -0
package/dist/util/bytes.d.ts.map +1 -0
package/dist/util/bytes.js +46 -0
package/dist/util/bytes.js.map +1 -0
package/package.json +84 -0
package/src/auth/handshake.ts +262 -0
package/src/auth/nonce-store.ts +39 -0
package/src/bootstrap.ts +114 -0
package/src/config.ts +103 -0
package/src/core/context.ts +94 -0
package/src/core/errors.ts +52 -0
package/src/core/index.ts +4 -0
package/src/core/rpc.ts +165 -0
package/src/core/updates.ts +69 -0
package/src/create-server.ts +181 -0
package/src/crypto/aes-ige.ts +57 -0
package/src/crypto/dh.ts +101 -0
package/src/crypto/hashes.ts +17 -0
package/src/crypto/msg-key.ts +29 -0
package/src/crypto/rsa.ts +70 -0
package/src/dispatch/dispatcher.ts +586 -0
package/src/dispatch/forwarders/in-process.ts +14 -0
package/src/dispatch/forwarders/print.ts +22 -0
package/src/dispatch/rpc-forwarder.ts +15 -0
package/src/dispatch/types.ts +60 -0
package/src/gateway.ts +214 -0
package/src/index.ts +53 -0
package/src/lib.ts +24 -0
package/src/server/message-pipeline.ts +256 -0
package/src/session/inbound-tracker.ts +221 -0
package/src/session/message-id.ts +43 -0
package/src/session/salts.ts +162 -0
package/src/session/session-manager.ts +66 -0
package/src/storage/index.ts +26 -0
package/src/storage/memory.ts +101 -0
package/src/storage/mongo.ts +215 -0
package/src/storage/types.ts +92 -0
package/src/testkit.ts +19 -0
package/src/tl/codec.ts +292 -0
package/src/tl/layered-registry.ts +132 -0
package/src/tl/protocol.ts +146 -0
package/src/tl/reader.ts +99 -0
package/src/tl/registry.ts +78 -0
package/src/tl/writer.ts +104 -0
package/src/transport/connection-registry.ts +91 -0
package/src/transport/connection.ts +113 -0
package/src/transport/framing.ts +223 -0
package/src/transport/proxy-protocol.ts +109 -0
package/src/transport/server-common.ts +49 -0
package/src/transport/tcp-server.ts +102 -0
package/src/transport/ws-server.ts +94 -0
package/src/update-publisher.ts +47 -0
package/src/updates/mongo-update-log.ts +49 -0
package/src/updates/presence-binder.ts +51 -0
package/src/updates/presence.ts +61 -0
package/src/updates/push.ts +90 -0
package/src/updates/redis-bus.ts +86 -0
package/src/updates/redis-presence.ts +87 -0
package/src/updates/render.ts +53 -0
package/src/updates/router.ts +52 -0
package/src/updates/types.ts +24 -0
package/src/updates/update-bus.ts +49 -0
package/src/util/bytes.ts +49 -0

package/src/core/rpc.ts ADDED Viewed

@@ -0,0 +1,165 @@
+import { fromJson, toJson, noopLogger } from '@mt-tl/tl'
+import type { Logger, RpcRequest, RpcResponse, TlValue } from '@mt-tl/tl'
+import { AppError } from './errors.js'
+import { createHandlerCtx, type HandlerCtx } from './context.js'
+import type { UpdateEmitter } from './updates.js'
+/**
+ * Shape of one TL method's I/O. An app's generated `RpcMethods` (one entry per
+ * method, `{ params, result }`) structurally matches `RpcMethodMap` — the
+ * framework is generic over it, not bound to any specific schema.
+ */
+export interface RpcMethodSpec {
+    params: unknown
+    result: unknown
+}
+export type RpcMethodMap = Record<string, RpcMethodSpec>
+/** A typed handler for one method `M` of the app's method map `RM`. */
+export type RpcHandlerOf<RM extends Record<keyof RM, RpcMethodSpec>, M extends keyof RM> = (
+    params: RM[M]['params'],
+    ctx: HandlerCtx,
+) => Promise<RM[M]['result']>
+/**
+ * A reusable pre-handler. Runs before the handler with the same `ctx`; throw an
+ * `AppError` to reject (→ `rpc_error`), or `ctx.set(...)` to pass data forward.
+ * Method-agnostic, so `params` is `unknown` (narrow if a hook needs them).
+ */
+export type Hook = (params: unknown, ctx: HandlerCtx) => Promise<void> | void
+/** Identity helper for authoring a reusable hook. */
+export function defineHook(fn: Hook): Hook {
+    return fn
+}
+export type RpcEntryOf<RM extends Record<keyof RM, RpcMethodSpec>, M extends keyof RM> =
+    | RpcHandlerOf<RM, M>
+    | { auth?: boolean; preHandlers?: Hook[]; handler: RpcHandlerOf<RM, M> }
+/** A fully-typed module of RPC handlers, keyed by the app's method names. */
+export type RpcModuleOf<RM extends Record<keyof RM, RpcMethodSpec>> = { [M in keyof RM]?: RpcEntryOf<RM, M> }
+// Runtime/erased shapes the registry consumes — any RpcModuleOf<RM> is assignable.
+type LooseHandler = (params: never, ctx: HandlerCtx) => Promise<unknown>
+type LooseEntry = LooseHandler | { auth?: boolean; preHandlers?: Hook[]; handler: LooseHandler }
+/** Erased module shape — what module factories expose and the registry consumes. */
+export type RpcModule = Record<string, LooseEntry | undefined>
+/**
+ * Creates a `defineRpc` typed against the app's generated `RpcMethods`. Use once
+ * per app: `export const { defineRpc } = createRpc<RpcMethods>()`, then write
+ * modules with full param/result inference per method.
+ */
+export function createRpc<RM extends Record<keyof RM, RpcMethodSpec>>() {
+    return {
+        defineRpc(mod: RpcModuleOf<RM>): RpcModuleOf<RM> {
+            return mod
+        },
+    }
+}
+/** Untyped authoring helper — for fixtures/demos with no generated types. */
+export function defineRpc(mod: RpcModule): RpcModule {
+    return mod
+}
+interface Route {
+    handler: (params: unknown, ctx: HandlerCtx) => Promise<unknown>
+    auth: boolean
+    preHandlers: Hook[]
+}
+/**
+ * The method table behind a server. `createServer().method(...)` adds to one for
+ * you; you rarely touch it directly (pass your own via `createServer(config, {
+ * registry })` only for advanced wiring or tests).
+ */
+export class RpcRegistry {
+    private routes = new Map<string, Route>()
+    /** Register a module of handlers (later entries override earlier same-named ones). */
+    add(mod: RpcModule): this {
+        for (const [name, entry] of Object.entries(mod)) {
+            if (!entry) continue
+            const route: Route =
+                typeof entry === 'function'
+                    ? { handler: entry as Route['handler'], auth: true, preHandlers: [] }
+                    : {
+                          handler: entry.handler as Route['handler'],
+                          auth: entry.auth ?? true,
+                          preHandlers: entry.preHandlers ?? [],
+                      }
+            this.routes.set(name, route)
+        }
+        return this
+    }
+    get(method: string): Route | undefined {
+        return this.routes.get(method)
+    }
+    /** Registered method names. */
+    methods(): string[] {
+        return [...this.routes.keys()]
+    }
+    get size(): number {
+        return this.routes.size
+    }
+}
+/** Process-wide dependencies {@link dispatchRpc} threads into each handler's `ctx`. */
+export interface DispatchDeps {
+    updates: UpdateEmitter
+    /** Observability sink; a per-request child becomes `ctx.log`. Defaults to no-op. */
+    logger?: Logger
+}
+/**
+ * Routes a forwarded request to its handler and returns the gateway envelope.
+ * 404 for unknown methods, 401 for auth-required methods on an anonymous key,
+ * AppError → its code, anything else → 500. Effects accompany result or error.
+ */
+export async function dispatchRpc(
+    registry: RpcRegistry,
+    request: RpcRequest,
+    deps: DispatchDeps,
+): Promise<RpcResponse> {
+    const route = registry.get(request.method)
+    if (!route) return { error: { code: 404, message: 'METHOD_NOT_FOUND' } }
+    if (route.auth && request.context.subject === undefined) {
+        return { error: { code: 401, message: 'AUTH_KEY_UNREGISTERED' } }
+    }
+    // Bind the full request identity onto every handler line: reqId (the client's
+    // msg_id) ties the context to one request, plus authKeyId/sessionId/subject.
+    const log = (deps.logger ?? noopLogger).child({
+        reqId: request.id,
+        method: request.method,
+        subject: request.context.subject,
+        authKeyId: request.context.authKeyId,
+        sessionId: request.context.sessionId,
+    })
+    const ctx = createHandlerCtx(request.context, deps.updates, log)
+    try {
+        const params = fromJson(request.params)
+        for (const hook of route.preHandlers) await hook(params, ctx)
+        const result = await route.handler(params, ctx)
+        return { result: toJson(result as TlValue), effects: effectsOf(ctx) }
+    } catch (err) {
+        if (err instanceof AppError) {
+            // Expected business rejection (→ rpc_error with the app's code).
+            log.debug('handler.reject', { code: err.code, error: err.message })
+            return { error: { code: err.code, message: err.message }, effects: effectsOf(ctx) }
+        }
+        // Unexpected throw — a real bug. Log it with the stack (errorStack-gated) so
+        // the failed request is traceable; the client only sees a generic 500.
+        log.error('handler.fail', { err })
+        return { error: { code: 500, message: 'INTERNAL' }, effects: effectsOf(ctx) }
+    }
+}
+function effectsOf(ctx: HandlerCtx) {
+    return ctx.effects.length ? [...ctx.effects] : undefined
+}

package/src/core/updates.ts ADDED Viewed

@@ -0,0 +1,69 @@
+import type { JsonValue } from '@mt-tl/tl'
+/**
+ * Durable per-subject update log: assigns the next `pts` and persists the update.
+ * `updates.getDifference` reads from here. The gateway never sees pts — it only
+ * delivers live updates best-effort; correctness is this log + getDifference.
+ * Keyed by `subject` (your internal user id), like the rest of the push path.
+ */
+export interface UpdateLog {
+    append(subject: string, update: JsonValue): Promise<{ pts: number }>
+    /** Updates with pts in (sincePts, +inf], for getDifference. */
+    since(subject: string, sincePts: number): Promise<Array<{ pts: number; update: JsonValue }>>
+    currentPts(subject: string): Promise<number>
+}
+/** Publishes a routed live update onto the update bus (in-memory, or Redis pub/sub in prod). */
+export type UpdatePublish = (msg: {
+    subject?: string
+    authKeyId?: string
+    update: JsonValue
+    pts?: number
+}) => Promise<void>
+/**
+ * Emits a server update. `emit(subject, …)` is the common path: append to the
+ * durable log (assigns pts) then publish — this backs `ctx.push`. `emitToAuthKey`
+ * targets a specific (possibly anonymous) connection by auth key, with no pts
+ * (anonymous connections have no durable update state).
+ */
+export interface UpdateEmitter {
+    emit(subject: string, update: JsonValue): Promise<void>
+    emitToAuthKey(authKeyId: string, update: JsonValue): Promise<void>
+}
+/** The default {@link UpdateEmitter}: log (for pts) then publish to the bus. */
+export class LoggingUpdateEmitter implements UpdateEmitter {
+    constructor(
+        private readonly log: UpdateLog,
+        private readonly publish: UpdatePublish,
+    ) {}
+    async emit(subject: string, update: JsonValue): Promise<void> {
+        const { pts } = await this.log.append(subject, update)
+        await this.publish({ subject, update, pts })
+    }
+    async emitToAuthKey(authKeyId: string, update: JsonValue): Promise<void> {
+        await this.publish({ authKeyId, update })
+    }
+}
+/** In-memory update log (single process / tests). Use a Mongo impl in prod. */
+export class InMemoryUpdateLog implements UpdateLog {
+    private bySubject = new Map<string, Array<{ pts: number; update: JsonValue }>>()
+    async append(subject: string, update: JsonValue): Promise<{ pts: number }> {
+        const list = this.bySubject.get(subject) ?? []
+        const pts = (list.at(-1)?.pts ?? 0) + 1
+        list.push({ pts, update })
+        this.bySubject.set(subject, list)
+        return { pts }
+    }
+    async since(subject: string, sincePts: number): Promise<Array<{ pts: number; update: JsonValue }>> {
+        return (this.bySubject.get(subject) ?? []).filter(e => e.pts > sincePts)
+    }
+    async currentPts(subject: string): Promise<number> {
+        return this.bySubject.get(subject)?.at(-1)?.pts ?? 0
+    }
+}

package/src/create-server.ts ADDED Viewed

@@ -0,0 +1,181 @@
+import type { KeyObject } from 'node:crypto'
+import { bootstrap, type MTProtoConfig, type Gateway, type UpdatePublish } from './lib.js'
+import {
+    createLogger,
+    type Logger,
+    type MigrationRegistry,
+    type RpcRequest,
+    type RpcResponse,
+} from '@mt-tl/tl'
+import {
+    RpcRegistry,
+    dispatchRpc,
+    LoggingUpdateEmitter,
+    type Hook,
+    type HandlerCtx,
+    type RpcMethodSpec,
+    type UpdateEmitter,
+} from './core/index.js'
+/** Per-method options. */
+export interface MethodOpts {
+    /** Require an authorized auth key (a bound `subject`). Defaults to `true`. */
+    auth?: boolean
+    /** Reusable pre-handlers, run in order before the handler (see `defineHook`). */
+    preHandlers?: Hook[]
+}
+/** A handler for method `M` of the app's generated method map `RM`. */
+export type MethodHandler<RM, M extends keyof RM> = RM[M] extends RpcMethodSpec
+    ? (params: RM[M]['params'], ctx: HandlerCtx) => Promise<RM[M]['result']>
+    : never
+/** A plugin: registers routes on the server, given its declared dependencies. */
+export type Plugin<RM, D = void> = (app: MtprotoServer<RM>, deps: D) => void
+/**
+ * The server instance (Fastify-style): register routes and listen. It wraps the
+ * MTProto engine + the in-process handler dispatch — there is no broker and no
+ * separate "worker" to wire. Generic over the app's generated `RpcMethods` so
+ * `.method()` infers `params`/`result` (and the method name) per method.
+ */
+export interface MtprotoServer<RM = Record<string, RpcMethodSpec>> {
+    /** Register a route. `auth` defaults to true. */
+    method<M extends keyof RM>(name: M, handler: MethodHandler<RM, M>): this
+    method<M extends keyof RM>(name: M, opts: MethodOpts, handler: MethodHandler<RM, M>): this
+    /** Run a plugin, passing its dependencies by value (Style-A DI; omit for `void` deps). */
+    register<D = void>(plugin: Plugin<RM, D>, deps?: D): this
+    /** Open the configured transports (and the in-process push loop if enabled). */
+    listen(): Promise<void>
+    close(): Promise<void>
+    /** Dispatch a request against the registry without a socket — for tests. */
+    inject(req: RpcRequest): Promise<RpcResponse>
+    /** The server's root logger — use it (or `ctx.log` in a handler) for a unified log style. */
+    readonly log: Logger
+    /** Registered method names. */
+    readonly methods: string[]
+    /** Bound WebSocket port after {@link listen} (resolves `wsPort: 0`); else `undefined`. */
+    readonly wsPort: number | undefined
+    /** Bound raw-TCP port after {@link listen} (resolves `tcpPort: 0`); else `undefined`. */
+    readonly tcpPort: number | undefined
+    /** The server's RSA public key after {@link listen}; clients encrypt the handshake with it. */
+    readonly publicKey: KeyObject | undefined
+}
+const noopEmitter: UpdateEmitter = { async emit() {}, async emitToAuthKey() {} }
+/**
+ * Creates an MTProto server (Fastify-style). Pass the {@link MTProtoConfig},
+ * register routes with `.method()` / plugins with `.register()`, then
+ * `await app.listen()`. The framework owns the whole protocol — transport,
+ * handshake, crypto, sessions, TL (de)serialization, layered encoding,
+ * server-push — you write methods.
+ *
+ * Type it with your generated `RpcMethods` (`createServer<RpcMethods>(config)`)
+ * so every route's name, `params`, and `result` are checked.
+ *
+ * @param config - the server configuration (your app builds it from env).
+ * @param opts.registry - adopt an existing {@link RpcRegistry} instead of a fresh one (advanced/tests).
+ * @param opts.migrations - per-layer migration ladders applied on input/output.
+ * @param opts.logger - structured logger; defaults to `createLogger({ name: config.nodeId })`
+ *   (env-configured via `LOG_LEVEL`/`LOG_FORMAT`). Exposed as `app.log`; handlers get `ctx.log`.
+ *
+ * @example
+ * ```ts
+ * const app = createServer<RpcMethods>(config)
+ * app.method('help.getConfig', { auth: false }, async () => ({ _: 'config' }))
+ * await app.listen()   // opens the WS + raw-TCP carriers
+ * ```
+ */
+export function createServer<RM = Record<string, RpcMethodSpec>>(
+    config: MTProtoConfig,
+    opts: { registry?: RpcRegistry; migrations?: MigrationRegistry; logger?: Logger } = {},
+): MtprotoServer<RM> {
+    const registry = opts.registry ?? new RpcRegistry()
+    const logger = opts.logger ?? createLogger({ name: config.nodeId })
+    let gateway: Gateway | undefined
+    let emitter: UpdateEmitter = noopEmitter
+    const app: MtprotoServer<RM> = {
+        method(
+            name: keyof RM,
+            optsOrHandler: MethodOpts | Function,
+            maybeHandler?: Function,
+        ): MtprotoServer<RM> {
+            const handler = (maybeHandler ?? optsOrHandler) as (
+                params: unknown,
+                ctx: HandlerCtx,
+            ) => Promise<unknown>
+            const methodOpts: MethodOpts = maybeHandler ? (optsOrHandler as MethodOpts) : {}
+            registry.add({
+                [name as string]: {
+                    auth: methodOpts.auth ?? true,
+                    preHandlers: methodOpts.preHandlers,
+                    handler,
+                },
+            })
+            return app
+        },
+        register<D = void>(plugin: Plugin<RM, D>, deps?: D): MtprotoServer<RM> {
+            plugin(app, deps as D)
+            return app
+        },
+        async listen(): Promise<void> {
+            if (gateway) throw new Error('server already listening')
+            gateway = await bootstrap({
+                config,
+                migrations: opts.migrations,
+                logger,
+                createForward: (publish: UpdatePublish, updateLog) => {
+                    // Handler-emitted updates (ctx.push / ctx.updates) flow to the push loop,
+                    // logged (for pts) via the shared update log bootstrap provides.
+                    emitter = new LoggingUpdateEmitter(updateLog, publish)
+                    return req => dispatchRpc(registry, req, { updates: emitter, logger })
+                },
+            })
+            await gateway.listen()
+        },
+        async close(): Promise<void> {
+            await gateway?.close()
+        },
+        inject(req: RpcRequest): Promise<RpcResponse> {
+            return dispatchRpc(registry, req, { updates: emitter, logger })
+        },
+        get log(): Logger {
+            return logger
+        },
+        get methods(): string[] {
+            return registry.methods()
+        },
+        get wsPort(): number | undefined {
+            return gateway?.wsServer?.port
+        },
+        get tcpPort(): number | undefined {
+            return gateway?.tcpServer?.port
+        },
+        get publicKey(): KeyObject | undefined {
+            return gateway?.publicKey
+        },
+    }
+    return app
+}
+/**
+ * Authoring helper for a typed plugin — a function that registers a group of
+ * related routes, taking its dependencies by value (Style-A DI, like
+ * `fastify.register`). Pin it to your `RpcMethods` once (see your app's
+ * `framework.ts`) so routes inside infer their types.
+ *
+ * @example
+ * ```ts
+ * export const walletsPlugin = definePlugin<RpcMethods, { wallets: WalletService }>(
+ *   (app, { wallets }) => {
+ *     app.method('wallets.getBalance', async (_p, ctx) => wallets.balanceOf(ctx.subject!))
+ *   },
+ * )
+ * app.register(walletsPlugin, { wallets: new WalletService() })
+ * ```
+ */
+export function definePlugin<RM = Record<string, RpcMethodSpec>, D = void>(fn: Plugin<RM, D>): Plugin<RM, D> {
+    return fn
+}

package/src/crypto/aes-ige.ts ADDED Viewed

@@ -0,0 +1,57 @@
+import { createCipheriv, createDecipheriv } from 'node:crypto'
+/**
+ * AES-256 in IGE (Infinite Garble Extension) mode, as used by MTProto.
+ *
+ * Reimplemented on Node's `aes-256-ecb` (the existing server used CryptoJS's
+ * IGE). Verified byte-identical against the old lib via a known-answer test.
+ * Input length must be a multiple of 16; IV is 32 bytes (two blocks).
+ */
+function xor16(a: Buffer, b: Buffer): Buffer {
+    const out = Buffer.allocUnsafe(16)
+    for (let i = 0; i < 16; i++) out[i] = a[i]! ^ b[i]!
+    return out
+}
+export function igeEncrypt(data: Buffer, key: Buffer, iv: Buffer): Buffer {
+    if (data.length % 16 !== 0) throw new Error('IGE: data length must be a multiple of 16')
+    if (iv.length !== 32) throw new Error('IGE: iv must be 32 bytes')
+    const cipher = createCipheriv('aes-256-ecb', key, null)
+    cipher.setAutoPadding(false)
+    let prevCipher = iv.subarray(0, 16)
+    let prevPlain = iv.subarray(16, 32)
+    const out = Buffer.allocUnsafe(data.length)
+    for (let i = 0; i < data.length; i += 16) {
+        const block = data.subarray(i, i + 16)
+        const enc = cipher.update(xor16(block, prevCipher))
+        const c = xor16(enc, prevPlain)
+        c.copy(out, i)
+        prevCipher = c
+        prevPlain = Buffer.from(block)
+    }
+    return out
+}
+export function igeDecrypt(data: Buffer, key: Buffer, iv: Buffer): Buffer {
+    if (data.length % 16 !== 0) throw new Error('IGE: data length must be a multiple of 16')
+    if (iv.length !== 32) throw new Error('IGE: iv must be 32 bytes')
+    const decipher = createDecipheriv('aes-256-ecb', key, null)
+    decipher.setAutoPadding(false)
+    let prevCipher = iv.subarray(0, 16)
+    let prevPlain = iv.subarray(16, 32)
+    const out = Buffer.allocUnsafe(data.length)
+    for (let i = 0; i < data.length; i += 16) {
+        const block = Buffer.from(data.subarray(i, i + 16))
+        const dec = decipher.update(xor16(block, prevPlain))
+        const p = xor16(dec, prevCipher)
+        p.copy(out, i)
+        prevCipher = block
+        prevPlain = p
+    }
+    return out
+}

package/src/crypto/dh.ts ADDED Viewed

@@ -0,0 +1,101 @@
+import { randomBytes } from 'node:crypto'
+import { toBigIntBE } from '../util/bytes.js'
+/**
+ * Diffie-Hellman parameters and helpers for the auth-key exchange.
+ * The 2048-bit prime and generator are the exact values the existing server
+ * uses (`libs/mtproto-tools`), required for wire-compatibility.
+ */
+export const DH_PRIME = Buffer.from(
+    'C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F' +
+        '48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C37' +
+        '20FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F64' +
+        '2477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4' +
+        'A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754' +
+        'FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4' +
+        'E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F' +
+        '0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5B',
+    'hex',
+)
+export const DH_PRIME_BIGINT = toBigIntBE(DH_PRIME)
+export const DH_G = 3
+export function modPow(base: bigint, exp: bigint, mod: bigint): bigint {
+    let result = 1n
+    let b = base % mod
+    let e = exp
+    while (e > 0n) {
+        if (e & 1n) result = (result * b) % mod
+        e >>= 1n
+        b = (b * b) % mod
+    }
+    return result
+}
+/** MTProto padding: smallest r >= 0 with (a + r) divisible by b. */
+export function calculatePadding(a: number, b: number, min = 0): number {
+    let r = -a % b
+    while (r < 0 || (min && r < min)) r += b
+    return r + 0 // normalize -0 -> 0
+}
+// --- p, q factorization proof-of-work --------------------------------------
+const MAX_INT = 0x7fffffffn
+const MAX_LONG = 0x7fffffffffffffffn
+const MR_WITNESSES = [2n, 3n, 5n, 7n, 11n, 13n, 17n, 19n, 23n, 29n, 31n, 37n]
+function isProbablePrime(n: bigint): boolean {
+    if (n < 2n) return false
+    for (const p of MR_WITNESSES) {
+        if (n === p) return true
+        if (n % p === 0n) return false
+    }
+    let d = n - 1n
+    let r = 0n
+    while ((d & 1n) === 0n) {
+        d >>= 1n
+        r++
+    }
+    for (const a of MR_WITNESSES) {
+        let x = modPow(a, d, n)
+        if (x === 1n || x === n - 1n) continue
+        let composite = true
+        for (let i = 0n; i < r - 1n; i++) {
+            x = (x * x) % n
+            if (x === n - 1n) {
+                composite = false
+                break
+            }
+        }
+        if (composite) return false
+    }
+    return true
+}
+function randomPrime31(): bigint {
+    for (;;) {
+        let n = BigInt(randomBytes(4).readUInt32BE(0) & 0x7fffffff)
+        n |= 1n
+        if (n < 3n || n > MAX_INT) continue
+        if (isProbablePrime(n)) return n
+    }
+}
+/**
+ * Returns [p, q, pq] where p < q are ~31-bit primes and pq = p*q fits in a
+ * signed 64-bit long. Mirrors the existing server's `makePQ`.
+ */
+export function makePQ(): { p: bigint; q: bigint; pq: Buffer } {
+    let a: bigint
+    let b: bigint
+    let ab: bigint
+    do {
+        a = randomPrime31()
+        b = randomPrime31()
+        ab = a * b
+    } while (a > MAX_INT || b > MAX_INT || ab > MAX_LONG)
+    const pq = Buffer.from(ab.toString(16).padStart(16, '0'), 'hex')
+    return a < b ? { p: a, q: b, pq } : { p: b, q: a, pq }
+}

package/src/crypto/hashes.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import { createHash, randomBytes } from 'node:crypto'
+import { toBigIntBE } from '../util/bytes.js'
+export { xorBuffers } from '../util/bytes.js'
+export function sha1(buf: Buffer): Buffer {
+    return createHash('sha1').update(buf).digest()
+}
+export function sha256(buf: Buffer): Buffer {
+    return createHash('sha256').update(buf).digest()
+}
+/** Cryptographically-random bigint of the given bit width (multiple of 8). */
+export function randomBigInt(bits: number): bigint {
+    return toBigIntBE(randomBytes(bits / 8))
+}

package/src/crypto/msg-key.ts ADDED Viewed

@@ -0,0 +1,29 @@
+import { sha256 } from './hashes.js'
+/**
+ * MTProto 2.0 message-key derivation. `outgoing` selects the key half
+ * (server->client uses x=8). Ported from the existing `messageEncryption.js`;
+ * pinned by a known-answer test.
+ */
+export function generateMessageKey(
+    authKey: Buffer,
+    msgKey: Buffer,
+    outgoing: boolean,
+): { aesKey: Buffer; aesIv: Buffer } {
+    const x = outgoing ? 8 : 0
+    const a = sha256(Buffer.concat([msgKey, authKey.subarray(x, x + 36)]))
+    const b = sha256(Buffer.concat([authKey.subarray(x + 40, x + 76), msgKey]))
+    return {
+        aesKey: Buffer.concat([a.subarray(0, 8), b.subarray(8, 24), a.subarray(24, 32)]),
+        aesIv: Buffer.concat([b.subarray(0, 8), a.subarray(8, 24), b.subarray(24, 32)]),
+    }
+}
+/**
+ * msg_key = SHA256(authKey[88+x : 88+x+32] ‖ plaintext)[8:24] (MTProto 2.0),
+ * where x = 8 for server->client (outgoing) and x = 0 for client->server.
+ */
+export function computeMsgKey(authKey: Buffer, plaintext: Buffer, outgoing: boolean): Buffer {
+    const x = outgoing ? 8 : 0
+    return sha256(Buffer.concat([authKey.subarray(88 + x, 88 + x + 32), plaintext])).subarray(8, 24)
+}