@peers-app/peers-sdk 0.7.28 → 0.7.39
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -11,7 +11,7 @@ export declare class Connection {
|
|
|
11
11
|
private _remoteDeviceInfo;
|
|
12
12
|
secureLocal: boolean;
|
|
13
13
|
secureRemote: boolean;
|
|
14
|
-
|
|
14
|
+
overrideEncryption?: 'encrypt-traffic-regardless-of-protocol' | 'dont-encrypt-traffic-after-handshake';
|
|
15
15
|
trustLevel: TrustLevel;
|
|
16
16
|
onHandshakeComplete: ((deviceInfo: IDeviceInfo) => void) | undefined;
|
|
17
17
|
timeoutMs: number;
|
|
@@ -22,7 +22,7 @@ export declare class Connection {
|
|
|
22
22
|
readonly socket: ISocket;
|
|
23
23
|
constructor(socket: ISocket, localDevice: Device, localDeviceServerAddresses?: string[] | undefined, getTrustLevel?: GetTrustLevel);
|
|
24
24
|
get verified(): boolean;
|
|
25
|
-
get
|
|
25
|
+
get encryptTraffic(): boolean;
|
|
26
26
|
get remoteDeviceInfo(): {
|
|
27
27
|
userId: string;
|
|
28
28
|
deviceId: string;
|
|
@@ -20,11 +20,7 @@ class Connection {
|
|
|
20
20
|
};
|
|
21
21
|
secureLocal = false;
|
|
22
22
|
secureRemote = false;
|
|
23
|
-
|
|
24
|
-
// what it actually means is that the underlying connection _is_ secure
|
|
25
|
-
// OR that both the client and server want to skip encryption (which we maybe shouldn't allow)
|
|
26
|
-
// webRTC connections _are_ secure so we'll be setting `forceInsecure` to true (which is a misnomer)
|
|
27
|
-
forceInsecure = false;
|
|
23
|
+
overrideEncryption;
|
|
28
24
|
trustLevel = socket_type_1.TrustLevel.Unknown;
|
|
29
25
|
onHandshakeComplete;
|
|
30
26
|
timeoutMs = 60_000; // 60 seconds
|
|
@@ -68,18 +64,21 @@ class Connection {
|
|
|
68
64
|
});
|
|
69
65
|
this.exposeRPC('requestSecure', () => {
|
|
70
66
|
this.secureRemote = true;
|
|
71
|
-
return this.
|
|
67
|
+
return !this.encryptTraffic;
|
|
72
68
|
});
|
|
73
69
|
}
|
|
74
70
|
}
|
|
75
71
|
get verified() {
|
|
76
72
|
return this._verified;
|
|
77
73
|
}
|
|
78
|
-
get
|
|
79
|
-
if (this.
|
|
74
|
+
get encryptTraffic() {
|
|
75
|
+
if (this.overrideEncryption === 'dont-encrypt-traffic-after-handshake') {
|
|
80
76
|
return false;
|
|
81
77
|
}
|
|
82
|
-
|
|
78
|
+
if (this.overrideEncryption === 'encrypt-traffic-regardless-of-protocol') {
|
|
79
|
+
return true;
|
|
80
|
+
}
|
|
81
|
+
return !(this.secureLocal && this.secureRemote);
|
|
83
82
|
}
|
|
84
83
|
get remoteDeviceInfo() {
|
|
85
84
|
return { ...this._remoteDeviceInfo };
|
|
@@ -102,7 +101,7 @@ class Connection {
|
|
|
102
101
|
emit(eventName, ...args) {
|
|
103
102
|
return new Promise((resolve, reject) => {
|
|
104
103
|
try {
|
|
105
|
-
if (this._verified &&
|
|
104
|
+
if (this._verified && this.encryptTraffic) {
|
|
106
105
|
args = this.localDevice.signAndBoxDataForDevice(args, this._remoteDeviceInfo);
|
|
107
106
|
}
|
|
108
107
|
const timeoutMs = this.timeoutMs;
|
|
@@ -120,7 +119,7 @@ class Connection {
|
|
|
120
119
|
this.secureRemote = this.localDevice.unwrapResponse(result);
|
|
121
120
|
result = this.secureRemote;
|
|
122
121
|
}
|
|
123
|
-
else if (this._verified &&
|
|
122
|
+
else if (this._verified && this.encryptTraffic) {
|
|
124
123
|
// this purposely results in an error if the client is not securing the data when it should be
|
|
125
124
|
result = this.localDevice.openBoxedAndSignedData(result);
|
|
126
125
|
}
|
|
@@ -150,11 +149,11 @@ class Connection {
|
|
|
150
149
|
}
|
|
151
150
|
let result;
|
|
152
151
|
try {
|
|
153
|
-
if (this._verified &&
|
|
152
|
+
if (this._verified && this.encryptTraffic) {
|
|
154
153
|
args = this.localDevice.openBoxedAndSignedData(args);
|
|
155
154
|
}
|
|
156
155
|
result = await handler(...args);
|
|
157
|
-
if (this._verified &&
|
|
156
|
+
if (this._verified && this.encryptTraffic) {
|
|
158
157
|
result = this.localDevice.signAndBoxDataForDevice(result, this._remoteDeviceInfo);
|
|
159
158
|
}
|
|
160
159
|
callback(null, result);
|
|
@@ -162,7 +161,7 @@ class Connection {
|
|
|
162
161
|
catch (e) {
|
|
163
162
|
console.error(`Error handling ${eventName}(${JSON.stringify(args)})`, e);
|
|
164
163
|
let rpcError = { error: e.message, errorType: 'RPC_ERROR' };
|
|
165
|
-
if (this._verified &&
|
|
164
|
+
if (this._verified && this.encryptTraffic) {
|
|
166
165
|
try {
|
|
167
166
|
rpcError = this.localDevice.signAndBoxDataForDevice(rpcError, this._remoteDeviceInfo);
|
|
168
167
|
}
|
|
@@ -188,7 +187,6 @@ class Connection {
|
|
|
188
187
|
this._verified = false;
|
|
189
188
|
this.secureLocal = false;
|
|
190
189
|
this.secureRemote = false;
|
|
191
|
-
this.forceInsecure = false;
|
|
192
190
|
this.trustLevel = socket_type_1.TrustLevel.Unknown;
|
|
193
191
|
}
|
|
194
192
|
initiateHandshake(serverAddress, remoteDeviceInfo) {
|
|
@@ -254,7 +252,9 @@ class Connection {
|
|
|
254
252
|
}
|
|
255
253
|
this._verified = true;
|
|
256
254
|
this._connectionAddress = remoteAddress;
|
|
257
|
-
|
|
255
|
+
const secureProtocols = ['https', 'wss', 'wrtc', 'libp2p'];
|
|
256
|
+
// const secureProtocols = ['https', 'wss',]
|
|
257
|
+
this.secureLocal = secureProtocols.some(s => remoteAddress.startsWith(s)) && handshakeResponse.serverAddress === remoteAddress;
|
|
258
258
|
if (this.secureLocal) {
|
|
259
259
|
await this.emit('requestSecure');
|
|
260
260
|
}
|
|
@@ -90,10 +90,10 @@ describe(connection_1.Connection, () => {
|
|
|
90
90
|
const clientConnection = new connection_1.Connection(clientSocket, clientDevice);
|
|
91
91
|
const serverConnection = new connection_1.Connection(serverSocket, serverDevice, ['https://localhost']);
|
|
92
92
|
await clientConnection.doHandshake('https://localhost');
|
|
93
|
-
expect(clientConnection.
|
|
93
|
+
expect(clientConnection.encryptTraffic).toBe(false);
|
|
94
94
|
// and allow forcing insecure
|
|
95
|
-
clientConnection.
|
|
96
|
-
expect(clientConnection.
|
|
95
|
+
clientConnection.overrideEncryption = 'encrypt-traffic-regardless-of-protocol';
|
|
96
|
+
expect(clientConnection.encryptTraffic).toBe(true);
|
|
97
97
|
// and only return a copy of the remoteDeviceInfo
|
|
98
98
|
expect(clientConnection.remoteDeviceInfo).not.toBe(clientConnection.remoteDeviceInfo);
|
|
99
99
|
});
|
|
@@ -104,9 +104,8 @@ describe(connection_1.Connection, () => {
|
|
|
104
104
|
const clientConnection = new connection_1.Connection(clientSocket, clientDevice);
|
|
105
105
|
const serverConnection = new connection_1.Connection(serverSocket, serverDevice, ['https://localhost']);
|
|
106
106
|
await clientConnection.doHandshake('https://localhost');
|
|
107
|
-
|
|
108
|
-
expect(
|
|
109
|
-
expect(serverConnection.secure).toBe(true);
|
|
107
|
+
expect(clientConnection.encryptTraffic).toBe(false);
|
|
108
|
+
expect(serverConnection.encryptTraffic).toBe(false);
|
|
110
109
|
serverConnection.exposeRPC('ping', async () => { throw new Error("fake error"); });
|
|
111
110
|
const response = await clientConnection.emit('ping').catch((err) => err);
|
|
112
111
|
expect(response).toEqual({
|
|
@@ -121,9 +120,8 @@ describe(connection_1.Connection, () => {
|
|
|
121
120
|
const clientConnection = new connection_1.Connection(clientSocket, clientDevice);
|
|
122
121
|
const serverConnection = new connection_1.Connection(serverSocket, serverDevice, ['http://localhost']);
|
|
123
122
|
await clientConnection.doHandshake('http://localhost');
|
|
124
|
-
|
|
125
|
-
expect(
|
|
126
|
-
expect(serverConnection.secure).toBe(false);
|
|
123
|
+
expect(clientConnection.encryptTraffic).toBe(true);
|
|
124
|
+
expect(serverConnection.encryptTraffic).toBe(true);
|
|
127
125
|
serverConnection.exposeRPC('ping', async () => { throw new Error("fake error"); });
|
|
128
126
|
const response = await clientConnection.emit('ping').catch((err) => err);
|
|
129
127
|
expect(response).toEqual({
|