@xtr-dev/rondevu-server 0.0.1 → 0.1.2

package/dist/index.js

@@ -28,173 +28,585 @@ var import_node_server = require("@hono/node-server");
 // src/app.ts
 var import_hono = require("hono");
 var import_cors = require("hono/cors");
+
+// src/crypto.ts
+var ALGORITHM = "AES-GCM";
+var IV_LENGTH = 12;
+var KEY_LENGTH = 32;
+function generatePeerId() {
+  const bytes = crypto.getRandomValues(new Uint8Array(16));
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function generateSecretKey() {
+  const bytes = crypto.getRandomValues(new Uint8Array(KEY_LENGTH));
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function hexToBytes(hex) {
+  const bytes = new Uint8Array(hex.length / 2);
+  for (let i = 0; i < hex.length; i += 2) {
+    bytes[i / 2] = parseInt(hex.substring(i, i + 2), 16);
+  }
+  return bytes;
+}
+function bytesToBase64(bytes) {
+  const binString = Array.from(
+    bytes,
+    (byte) => String.fromCodePoint(byte)
+  ).join("");
+  return btoa(binString);
+}
+function base64ToBytes(base64) {
+  const binString = atob(base64);
+  return Uint8Array.from(binString, (char) => char.codePointAt(0));
+}
+async function encryptPeerId(peerId, secretKeyHex) {
+  const keyBytes = hexToBytes(secretKeyHex);
+  if (keyBytes.length !== KEY_LENGTH) {
+    throw new Error(`Secret key must be ${KEY_LENGTH * 2} hex characters (${KEY_LENGTH} bytes)`);
+  }
+  const key = await crypto.subtle.importKey(
+    "raw",
+    keyBytes,
+    { name: ALGORITHM, length: 256 },
+    false,
+    ["encrypt"]
+  );
+  const iv = crypto.getRandomValues(new Uint8Array(IV_LENGTH));
+  const encoder = new TextEncoder();
+  const data = encoder.encode(peerId);
+  const encrypted = await crypto.subtle.encrypt(
+    { name: ALGORITHM, iv },
+    key,
+    data
+  );
+  const combined = new Uint8Array(iv.length + encrypted.byteLength);
+  combined.set(iv, 0);
+  combined.set(new Uint8Array(encrypted), iv.length);
+  return bytesToBase64(combined);
+}
+async function decryptPeerId(encryptedSecret, secretKeyHex) {
+  try {
+    const keyBytes = hexToBytes(secretKeyHex);
+    if (keyBytes.length !== KEY_LENGTH) {
+      throw new Error(`Secret key must be ${KEY_LENGTH * 2} hex characters (${KEY_LENGTH} bytes)`);
+    }
+    const combined = base64ToBytes(encryptedSecret);
+    const iv = combined.slice(0, IV_LENGTH);
+    const ciphertext = combined.slice(IV_LENGTH);
+    const key = await crypto.subtle.importKey(
+      "raw",
+      keyBytes,
+      { name: ALGORITHM, length: 256 },
+      false,
+      ["decrypt"]
+    );
+    const decrypted = await crypto.subtle.decrypt(
+      { name: ALGORITHM, iv },
+      key,
+      ciphertext
+    );
+    const decoder = new TextDecoder();
+    return decoder.decode(decrypted);
+  } catch (err) {
+    throw new Error("Failed to decrypt peer ID: invalid secret or secret key");
+  }
+}
+async function validateCredentials(peerId, encryptedSecret, secretKey) {
+  try {
+    const decryptedPeerId = await decryptPeerId(encryptedSecret, secretKey);
+    return decryptedPeerId === peerId;
+  } catch {
+    return false;
+  }
+}
+
+// src/middleware/auth.ts
+function createAuthMiddleware(authSecret) {
+  return async (c, next) => {
+    const authHeader = c.req.header("Authorization");
+    if (!authHeader) {
+      return c.json({ error: "Missing Authorization header" }, 401);
+    }
+    const parts = authHeader.split(" ");
+    if (parts.length !== 2 || parts[0] !== "Bearer") {
+      return c.json({ error: "Invalid Authorization header format. Expected: Bearer {peerId}:{secret}" }, 401);
+    }
+    const credentials = parts[1].split(":");
+    if (credentials.length !== 2) {
+      return c.json({ error: "Invalid credentials format. Expected: {peerId}:{secret}" }, 401);
+    }
+    const [peerId, encryptedSecret] = credentials;
+    const isValid = await validateCredentials(peerId, encryptedSecret, authSecret);
+    if (!isValid) {
+      return c.json({ error: "Invalid credentials" }, 401);
+    }
+    c.set("peerId", peerId);
+    await next();
+  };
+}
+function getAuthenticatedPeerId(c) {
+  const peerId = c.get("peerId");
+  if (!peerId) {
+    throw new Error("No authenticated peer ID in context");
+  }
+  return peerId;
+}
+
+// src/bloom.ts
+var BloomFilter = class {
+  /**
+   * Creates a bloom filter from a base64 encoded bit array
+   */
+  constructor(base64Data, numHashes = 3) {
+    const binaryString = atob(base64Data);
+    const bytes = new Uint8Array(binaryString.length);
+    for (let i = 0; i < binaryString.length; i++) {
+      bytes[i] = binaryString.charCodeAt(i);
+    }
+    this.bits = bytes;
+    this.size = this.bits.length * 8;
+    this.numHashes = numHashes;
+  }
+  /**
+   * Test if a peer ID might be in the filter
+   * Returns true if possibly in set, false if definitely not in set
+   */
+  test(peerId) {
+    for (let i = 0; i < this.numHashes; i++) {
+      const hash = this.hash(peerId, i);
+      const index = hash % this.size;
+      const byteIndex = Math.floor(index / 8);
+      const bitIndex = index % 8;
+      if (!(this.bits[byteIndex] & 1 << bitIndex)) {
+        return false;
+      }
+    }
+    return true;
+  }
+  /**
+   * Simple hash function (FNV-1a variant)
+   */
+  hash(str, seed) {
+    let hash = 2166136261 ^ seed;
+    for (let i = 0; i < str.length; i++) {
+      hash ^= str.charCodeAt(i);
+      hash += (hash << 1) + (hash << 4) + (hash << 7) + (hash << 8) + (hash << 24);
+    }
+    return hash >>> 0;
+  }
+};
+function parseBloomFilter(base64) {
+  try {
+    return new BloomFilter(base64);
+  } catch {
+    return null;
+  }
+}
+
+// src/app.ts
 function createApp(storage, config) {
   const app = new import_hono.Hono();
+  const authMiddleware = createAuthMiddleware(config.authSecret);
   app.use("/*", (0, import_cors.cors)({
-    origin: config.corsOrigins,
-    allowMethods: ["GET", "POST", "OPTIONS"],
-    allowHeaders: ["Content-Type"],
+    origin: (origin) => {
+      if (config.corsOrigins.length === 1 && config.corsOrigins[0] === "*") {
+        return origin;
+      }
+      if (config.corsOrigins.includes(origin)) {
+        return origin;
+      }
+      return config.corsOrigins[0];
+    },
+    allowMethods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
+    allowHeaders: ["Content-Type", "Origin", "Authorization"],
     exposeHeaders: ["Content-Type"],
     maxAge: 600,
     credentials: true
   }));
-  app.get("/", async (c) => {
+  app.get("/", (c) => {
+    return c.json({
+      version: config.version,
+      name: "Rondevu",
+      description: "Topic-based peer discovery and signaling server"
+    });
+  });
+  app.get("/health", (c) => {
+    return c.json({
+      status: "ok",
+      timestamp: Date.now(),
+      version: config.version
+    });
+  });
+  app.post("/register", async (c) => {
     try {
-      const origin = c.req.header("Origin") || c.req.header("origin") || "unknown";
-      const page = parseInt(c.req.query("page") || "1", 10);
-      const limit = parseInt(c.req.query("limit") || "100", 10);
-      const result = await storage.listTopics(origin, page, limit);
-      return c.json(result);
+      const peerId = generatePeerId();
+      const secret = await encryptPeerId(peerId, config.authSecret);
+      return c.json({
+        peerId,
+        secret
+      }, 200);
     } catch (err) {
-      console.error("Error listing topics:", err);
+      console.error("Error registering peer:", err);
       return c.json({ error: "Internal server error" }, 500);
     }
   });
-  app.get("/:topic/sessions", async (c) => {
+  app.post("/offers", authMiddleware, async (c) => {
     try {
-      const origin = c.req.header("Origin") || c.req.header("origin") || "unknown";
-      const topic = c.req.param("topic");
-      if (!topic) {
-        return c.json({ error: "Missing required parameter: topic" }, 400);
+      const body = await c.req.json();
+      const { offers } = body;
+      if (!Array.isArray(offers) || offers.length === 0) {
+        return c.json({ error: "Missing or invalid required parameter: offers (must be non-empty array)" }, 400);
       }
-      if (topic.length > 256) {
-        return c.json({ error: "Topic string must be 256 characters or less" }, 400);
+      if (offers.length > config.maxOffersPerRequest) {
+        return c.json({ error: `Too many offers. Maximum ${config.maxOffersPerRequest} per request` }, 400);
       }
-      const sessions = await storage.listSessionsByTopic(origin, topic);
+      const peerId = getAuthenticatedPeerId(c);
+      const offerRequests = [];
+      for (const offer of offers) {
+        if (!offer.sdp || typeof offer.sdp !== "string") {
+          return c.json({ error: "Each offer must have an sdp field" }, 400);
+        }
+        if (offer.sdp.length > 65536) {
+          return c.json({ error: "SDP must be 64KB or less" }, 400);
+        }
+        if (offer.secret !== void 0) {
+          if (typeof offer.secret !== "string") {
+            return c.json({ error: "Secret must be a string" }, 400);
+          }
+          if (offer.secret.length > 128) {
+            return c.json({ error: "Secret must be 128 characters or less" }, 400);
+          }
+        }
+        if (!Array.isArray(offer.topics) || offer.topics.length === 0) {
+          return c.json({ error: "Each offer must have a non-empty topics array" }, 400);
+        }
+        if (offer.topics.length > config.maxTopicsPerOffer) {
+          return c.json({ error: `Too many topics. Maximum ${config.maxTopicsPerOffer} per offer` }, 400);
+        }
+        for (const topic of offer.topics) {
+          if (typeof topic !== "string" || topic.length === 0 || topic.length > 256) {
+            return c.json({ error: "Each topic must be a string between 1 and 256 characters" }, 400);
+          }
+        }
+        let ttl = offer.ttl || config.offerDefaultTtl;
+        if (ttl < config.offerMinTtl) {
+          ttl = config.offerMinTtl;
+        }
+        if (ttl > config.offerMaxTtl) {
+          ttl = config.offerMaxTtl;
+        }
+        offerRequests.push({
+          id: offer.id,
+          peerId,
+          sdp: offer.sdp,
+          topics: offer.topics,
+          expiresAt: Date.now() + ttl,
+          secret: offer.secret
+        });
+      }
+      const createdOffers = await storage.createOffers(offerRequests);
       return c.json({
-        sessions: sessions.map((s) => ({
-          code: s.code,
-          info: s.info,
-          offer: s.offer,
-          offerCandidates: s.offerCandidates,
-          createdAt: s.createdAt,
-          expiresAt: s.expiresAt
+        offers: createdOffers.map((o) => ({
+          id: o.id,
+          peerId: o.peerId,
+          topics: o.topics,
+          expiresAt: o.expiresAt
         }))
-      });
+      }, 200);
     } catch (err) {
-      console.error("Error listing sessions:", err);
+      console.error("Error creating offers:", err);
       return c.json({ error: "Internal server error" }, 500);
     }
   });
-  app.post("/:topic/offer", async (c) => {
+  app.get("/offers/by-topic/:topic", async (c) => {
     try {
-      const origin = c.req.header("Origin") || c.req.header("origin") || "unknown";
       const topic = c.req.param("topic");
-      const body = await c.req.json();
-      const { info, offer } = body;
-      if (!topic || typeof topic !== "string") {
-        return c.json({ error: "Missing or invalid required parameter: topic" }, 400);
-      }
-      if (topic.length > 256) {
-        return c.json({ error: "Topic string must be 256 characters or less" }, 400);
-      }
-      if (!info || typeof info !== "string") {
-        return c.json({ error: "Missing or invalid required parameter: info" }, 400);
-      }
-      if (info.length > 1024) {
-        return c.json({ error: "Info string must be 1024 characters or less" }, 400);
+      const bloomParam = c.req.query("bloom");
+      const limitParam = c.req.query("limit");
+      const limit = limitParam ? Math.min(parseInt(limitParam, 10), 200) : 50;
+      let excludePeerIds = [];
+      if (bloomParam) {
+        const bloom = parseBloomFilter(bloomParam);
+        if (!bloom) {
+          return c.json({ error: "Invalid bloom filter format" }, 400);
+        }
+        const allOffers = await storage.getOffersByTopic(topic);
+        const excludeSet = /* @__PURE__ */ new Set();
+        for (const offer of allOffers) {
+          if (bloom.test(offer.peerId)) {
+            excludeSet.add(offer.peerId);
+          }
+        }
+        excludePeerIds = Array.from(excludeSet);
       }
-      if (!offer || typeof offer !== "string") {
-        return c.json({ error: "Missing or invalid required parameter: offer" }, 400);
+      let offers = await storage.getOffersByTopic(topic, excludePeerIds.length > 0 ? excludePeerIds : void 0);
+      const total = offers.length;
+      offers = offers.slice(0, limit);
+      return c.json({
+        topic,
+        offers: offers.map((o) => ({
+          id: o.id,
+          peerId: o.peerId,
+          sdp: o.sdp,
+          topics: o.topics,
+          expiresAt: o.expiresAt,
+          lastSeen: o.lastSeen,
+          hasSecret: !!o.secret
+          // Indicate if secret is required without exposing it
+        })),
+        total: bloomParam ? total + excludePeerIds.length : total,
+        returned: offers.length
+      }, 200);
+    } catch (err) {
+      console.error("Error fetching offers by topic:", err);
+      return c.json({ error: "Internal server error" }, 500);
+    }
+  });
+  app.get("/topics", async (c) => {
+    try {
+      const limitParam = c.req.query("limit");
+      const offsetParam = c.req.query("offset");
+      const startsWithParam = c.req.query("startsWith");
+      const limit = limitParam ? Math.min(parseInt(limitParam, 10), 200) : 50;
+      const offset = offsetParam ? parseInt(offsetParam, 10) : 0;
+      const startsWith = startsWithParam || void 0;
+      const result = await storage.getTopics(limit, offset, startsWith);
+      return c.json({
+        topics: result.topics,
+        total: result.total,
+        limit,
+        offset,
+        ...startsWith && { startsWith }
+      }, 200);
+    } catch (err) {
+      console.error("Error fetching topics:", err);
+      return c.json({ error: "Internal server error" }, 500);
+    }
+  });
+  app.get("/peers/:peerId/offers", async (c) => {
+    try {
+      const peerId = c.req.param("peerId");
+      const offers = await storage.getOffersByPeerId(peerId);
+      const topicsSet = /* @__PURE__ */ new Set();
+      offers.forEach((o) => o.topics.forEach((t) => topicsSet.add(t)));
+      return c.json({
+        peerId,
+        offers: offers.map((o) => ({
+          id: o.id,
+          sdp: o.sdp,
+          topics: o.topics,
+          expiresAt: o.expiresAt,
+          lastSeen: o.lastSeen,
+          hasSecret: !!o.secret
+          // Indicate if secret is required without exposing it
+        })),
+        topics: Array.from(topicsSet)
+      }, 200);
+    } catch (err) {
+      console.error("Error fetching peer offers:", err);
+      return c.json({ error: "Internal server error" }, 500);
+    }
+  });
+  app.get("/offers/mine", authMiddleware, async (c) => {
+    try {
+      const peerId = getAuthenticatedPeerId(c);
+      const offers = await storage.getOffersByPeerId(peerId);
+      return c.json({
+        peerId,
+        offers: offers.map((o) => ({
+          id: o.id,
+          sdp: o.sdp,
+          topics: o.topics,
+          createdAt: o.createdAt,
+          expiresAt: o.expiresAt,
+          lastSeen: o.lastSeen,
+          secret: o.secret,
+          // Owner can see the secret
+          answererPeerId: o.answererPeerId,
+          answeredAt: o.answeredAt
+        }))
+      }, 200);
+    } catch (err) {
+      console.error("Error fetching own offers:", err);
+      return c.json({ error: "Internal server error" }, 500);
+    }
+  });
+  app.delete("/offers/:offerId", authMiddleware, async (c) => {
+    try {
+      const offerId = c.req.param("offerId");
+      const peerId = getAuthenticatedPeerId(c);
+      const deleted = await storage.deleteOffer(offerId, peerId);
+      if (!deleted) {
+        return c.json({ error: "Offer not found or not authorized" }, 404);
       }
-      const expiresAt = Date.now() + config.sessionTimeout;
-      const code = await storage.createSession(origin, topic, info, offer, expiresAt);
-      return c.json({ code }, 200);
+      return c.json({ deleted: true }, 200);
     } catch (err) {
-      console.error("Error creating offer:", err);
+      console.error("Error deleting offer:", err);
       return c.json({ error: "Internal server error" }, 500);
     }
   });
-  app.post("/answer", async (c) => {
+  app.post("/offers/:offerId/answer", authMiddleware, async (c) => {
     try {
-      const origin = c.req.header("Origin") || c.req.header("origin") || "unknown";
+      const offerId = c.req.param("offerId");
+      const peerId = getAuthenticatedPeerId(c);
       const body = await c.req.json();
-      const { code, answer, candidate, side } = body;
-      if (!code || typeof code !== "string") {
-        return c.json({ error: "Missing or invalid required parameter: code" }, 400);
-      }
-      if (!side || side !== "offerer" && side !== "answerer") {
-        return c.json({ error: 'Invalid or missing parameter: side (must be "offerer" or "answerer")' }, 400);
+      const { sdp, secret } = body;
+      if (!sdp || typeof sdp !== "string") {
+        return c.json({ error: "Missing or invalid required parameter: sdp" }, 400);
       }
-      if (!answer && !candidate) {
-        return c.json({ error: "Missing required parameter: answer or candidate" }, 400);
+      if (sdp.length > 65536) {
+        return c.json({ error: "SDP must be 64KB or less" }, 400);
       }
-      if (answer && candidate) {
-        return c.json({ error: "Cannot provide both answer and candidate" }, 400);
+      if (secret !== void 0 && typeof secret !== "string") {
+        return c.json({ error: "Secret must be a string" }, 400);
       }
-      const session = await storage.getSession(code, origin);
-      if (!session) {
-        return c.json({ error: "Session not found, expired, or origin mismatch" }, 404);
+      const result = await storage.answerOffer(offerId, peerId, sdp, secret);
+      if (!result.success) {
+        return c.json({ error: result.error }, 400);
       }
-      if (answer) {
-        await storage.updateSession(code, origin, { answer });
-      }
-      if (candidate) {
-        if (side === "offerer") {
-          const updatedCandidates = [...session.offerCandidates, candidate];
-          await storage.updateSession(code, origin, { offerCandidates: updatedCandidates });
-        } else {
-          const updatedCandidates = [...session.answerCandidates, candidate];
-          await storage.updateSession(code, origin, { answerCandidates: updatedCandidates });
-        }
-      }
-      return c.json({ success: true }, 200);
+      return c.json({
+        offerId,
+        answererId: peerId,
+        answeredAt: Date.now()
+      }, 200);
+    } catch (err) {
+      console.error("Error answering offer:", err);
+      return c.json({ error: "Internal server error" }, 500);
+    }
+  });
+  app.get("/offers/answers", authMiddleware, async (c) => {
+    try {
+      const peerId = getAuthenticatedPeerId(c);
+      const offers = await storage.getAnsweredOffers(peerId);
+      return c.json({
+        answers: offers.map((o) => ({
+          offerId: o.id,
+          answererId: o.answererPeerId,
+          sdp: o.answerSdp,
+          answeredAt: o.answeredAt,
+          topics: o.topics
+        }))
+      }, 200);
     } catch (err) {
-      console.error("Error handling answer:", err);
+      console.error("Error fetching answers:", err);
       return c.json({ error: "Internal server error" }, 500);
     }
   });
-  app.post("/poll", async (c) => {
+  app.post("/offers/:offerId/ice-candidates", authMiddleware, async (c) => {
     try {
-      const origin = c.req.header("Origin") || c.req.header("origin") || "unknown";
+      const offerId = c.req.param("offerId");
+      const peerId = getAuthenticatedPeerId(c);
       const body = await c.req.json();
-      const { code, side } = body;
-      if (!code || typeof code !== "string") {
-        return c.json({ error: "Missing or invalid required parameter: code" }, 400);
-      }
-      if (!side || side !== "offerer" && side !== "answerer") {
-        return c.json({ error: 'Invalid or missing parameter: side (must be "offerer" or "answerer")' }, 400);
+      const { candidates } = body;
+      if (!Array.isArray(candidates) || candidates.length === 0) {
+        return c.json({ error: "Missing or invalid required parameter: candidates (must be non-empty array)" }, 400);
       }
-      const session = await storage.getSession(code, origin);
-      if (!session) {
-        return c.json({ error: "Session not found, expired, or origin mismatch" }, 404);
+      const offer = await storage.getOfferById(offerId);
+      if (!offer) {
+        return c.json({ error: "Offer not found or expired" }, 404);
       }
-      if (side === "offerer") {
-        return c.json({
-          answer: session.answer || null,
-          answerCandidates: session.answerCandidates
-        });
+      let role;
+      if (offer.peerId === peerId) {
+        role = "offerer";
+      } else if (offer.answererPeerId === peerId) {
+        role = "answerer";
       } else {
-        return c.json({
-          offer: session.offer,
-          offerCandidates: session.offerCandidates
-        });
+        return c.json({ error: "Not authorized to post ICE candidates for this offer" }, 403);
       }
+      const added = await storage.addIceCandidates(offerId, peerId, role, candidates);
+      return c.json({
+        offerId,
+        candidatesAdded: added
+      }, 200);
     } catch (err) {
-      console.error("Error polling session:", err);
+      console.error("Error adding ICE candidates:", err);
       return c.json({ error: "Internal server error" }, 500);
     }
   });
-  app.get("/health", (c) => {
-    return c.json({ status: "ok", timestamp: Date.now() });
+  app.get("/offers/:offerId/ice-candidates", authMiddleware, async (c) => {
+    try {
+      const offerId = c.req.param("offerId");
+      const peerId = getAuthenticatedPeerId(c);
+      const sinceParam = c.req.query("since");
+      const since = sinceParam ? parseInt(sinceParam, 10) : void 0;
+      const offer = await storage.getOfferById(offerId);
+      if (!offer) {
+        return c.json({ error: "Offer not found or expired" }, 404);
+      }
+      let targetRole;
+      if (offer.peerId === peerId) {
+        targetRole = "answerer";
+        console.log(`[ICE GET] Offerer ${peerId} requesting answerer ICE candidates for offer ${offerId}, since=${since}, answererPeerId=${offer.answererPeerId}`);
+      } else if (offer.answererPeerId === peerId) {
+        targetRole = "offerer";
+        console.log(`[ICE GET] Answerer ${peerId} requesting offerer ICE candidates for offer ${offerId}, since=${since}, offererPeerId=${offer.peerId}`);
+      } else {
+        return c.json({ error: "Not authorized to view ICE candidates for this offer" }, 403);
+      }
+      const candidates = await storage.getIceCandidates(offerId, targetRole, since);
+      console.log(`[ICE GET] Found ${candidates.length} candidates for offer ${offerId}, targetRole=${targetRole}, since=${since}`);
+      return c.json({
+        offerId,
+        candidates: candidates.map((c2) => ({
+          candidate: c2.candidate,
+          peerId: c2.peerId,
+          role: c2.role,
+          createdAt: c2.createdAt
+        }))
+      }, 200);
+    } catch (err) {
+      console.error("Error fetching ICE candidates:", err);
+      return c.json({ error: "Internal server error" }, 500);
+    }
   });
   return app;
 }
 
 // src/config.ts
 function loadConfig() {
+  let authSecret = process.env.AUTH_SECRET;
+  if (!authSecret) {
+    authSecret = generateSecretKey();
+    console.warn("WARNING: No AUTH_SECRET provided. Generated temporary secret:", authSecret);
+    console.warn("All peer credentials will be invalidated on server restart.");
+    console.warn("Set AUTH_SECRET environment variable to persist credentials across restarts.");
+  }
   return {
     port: parseInt(process.env.PORT || "3000", 10),
     storageType: process.env.STORAGE_TYPE || "sqlite",
     storagePath: process.env.STORAGE_PATH || ":memory:",
-    sessionTimeout: parseInt(process.env.SESSION_TIMEOUT || "300000", 10),
-    corsOrigins: process.env.CORS_ORIGINS ? process.env.CORS_ORIGINS.split(",").map((o) => o.trim()) : ["*"]
+    corsOrigins: process.env.CORS_ORIGINS ? process.env.CORS_ORIGINS.split(",").map((o) => o.trim()) : ["*"],
+    version: process.env.VERSION || "unknown",
+    authSecret,
+    offerDefaultTtl: parseInt(process.env.OFFER_DEFAULT_TTL || "60000", 10),
+    offerMaxTtl: parseInt(process.env.OFFER_MAX_TTL || "86400000", 10),
+    offerMinTtl: parseInt(process.env.OFFER_MIN_TTL || "60000", 10),
+    cleanupInterval: parseInt(process.env.CLEANUP_INTERVAL || "60000", 10),
+    maxOffersPerRequest: parseInt(process.env.MAX_OFFERS_PER_REQUEST || "100", 10),
+    maxTopicsPerOffer: parseInt(process.env.MAX_TOPICS_PER_OFFER || "50", 10)
   };
 }
 
 // src/storage/sqlite.ts
 var import_better_sqlite3 = __toESM(require("better-sqlite3"));
-var import_crypto = require("crypto");
+
+// src/storage/hash-id.ts
+async function generateOfferHash(sdp, topics) {
+  const sanitizedOffer = {
+    sdp,
+    topics: [...topics].sort()
+    // Sort topics for consistency
+  };
+  const jsonString = JSON.stringify(sanitizedOffer);
+  const encoder = new TextEncoder();
+  const data = encoder.encode(jsonString);
+  const hashBuffer = await crypto.subtle.digest("SHA-256", data);
+  const hashArray = Array.from(new Uint8Array(hashBuffer));
+  const hashHex = hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
+  return hashHex;
+}
+
+// src/storage/sqlite.ts
 var SQLiteStorage = class {
   /**
    * Creates a new SQLite storage instance
@@ -203,193 +615,301 @@ var SQLiteStorage = class {
   constructor(path = ":memory:") {
     this.db = new import_better_sqlite3.default(path);
     this.initializeDatabase();
-    this.startCleanupInterval();
   }
   /**
-   * Initializes database schema
+   * Initializes database schema with new topic-based structure
    */
   initializeDatabase() {
     this.db.exec(`
-      CREATE TABLE IF NOT EXISTS sessions (
-        code TEXT PRIMARY KEY,
-        origin TEXT NOT NULL,
+      CREATE TABLE IF NOT EXISTS offers (
+        id TEXT PRIMARY KEY,
+        peer_id TEXT NOT NULL,
+        sdp TEXT NOT NULL,
+        created_at INTEGER NOT NULL,
+        expires_at INTEGER NOT NULL,
+        last_seen INTEGER NOT NULL,
+        secret TEXT,
+        answerer_peer_id TEXT,
+        answer_sdp TEXT,
+        answered_at INTEGER
+      );
+
+      CREATE INDEX IF NOT EXISTS idx_offers_peer ON offers(peer_id);
+      CREATE INDEX IF NOT EXISTS idx_offers_expires ON offers(expires_at);
+      CREATE INDEX IF NOT EXISTS idx_offers_last_seen ON offers(last_seen);
+      CREATE INDEX IF NOT EXISTS idx_offers_answerer ON offers(answerer_peer_id);
+
+      CREATE TABLE IF NOT EXISTS offer_topics (
+        offer_id TEXT NOT NULL,
         topic TEXT NOT NULL,
-        info TEXT NOT NULL CHECK(length(info) <= 1024),
-        offer TEXT NOT NULL,
-        answer TEXT,
-        offer_candidates TEXT NOT NULL DEFAULT '[]',
-        answer_candidates TEXT NOT NULL DEFAULT '[]',
+        PRIMARY KEY (offer_id, topic),
+        FOREIGN KEY (offer_id) REFERENCES offers(id) ON DELETE CASCADE
+      );
+
+      CREATE INDEX IF NOT EXISTS idx_topics_topic ON offer_topics(topic);
+      CREATE INDEX IF NOT EXISTS idx_topics_offer ON offer_topics(offer_id);
+
+      CREATE TABLE IF NOT EXISTS ice_candidates (
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        offer_id TEXT NOT NULL,
+        peer_id TEXT NOT NULL,
+        role TEXT NOT NULL CHECK(role IN ('offerer', 'answerer')),
+        candidate TEXT NOT NULL, -- JSON: RTCIceCandidateInit object
         created_at INTEGER NOT NULL,
-        expires_at INTEGER NOT NULL
+        FOREIGN KEY (offer_id) REFERENCES offers(id) ON DELETE CASCADE
       );
 
-      CREATE INDEX IF NOT EXISTS idx_expires_at ON sessions(expires_at);
-      CREATE INDEX IF NOT EXISTS idx_origin_topic ON sessions(origin, topic);
-      CREATE INDEX IF NOT EXISTS idx_origin_topic_expires ON sessions(origin, topic, expires_at);
+      CREATE INDEX IF NOT EXISTS idx_ice_offer ON ice_candidates(offer_id);
+      CREATE INDEX IF NOT EXISTS idx_ice_peer ON ice_candidates(peer_id);
+      CREATE INDEX IF NOT EXISTS idx_ice_created ON ice_candidates(created_at);
     `);
+    this.db.pragma("foreign_keys = ON");
   }
-  /**
-   * Starts periodic cleanup of expired sessions
-   */
-  startCleanupInterval() {
-    setInterval(() => {
-      this.cleanup().catch((err) => {
-        console.error("Cleanup error:", err);
-      });
-    }, 6e4);
-  }
-  /**
-   * Generates a unique code using UUID
-   */
-  generateCode() {
-    return (0, import_crypto.randomUUID)();
-  }
-  async createSession(origin, topic, info, offer, expiresAt) {
-    if (info.length > 1024) {
-      throw new Error("Info string must be 1024 characters or less");
-    }
-    let code;
-    let attempts = 0;
-    const maxAttempts = 10;
-    do {
-      code = this.generateCode();
-      attempts++;
-      if (attempts > maxAttempts) {
-        throw new Error("Failed to generate unique session code");
-      }
-      try {
-        const stmt = this.db.prepare(`
-          INSERT INTO sessions (code, origin, topic, info, offer, created_at, expires_at)
-          VALUES (?, ?, ?, ?, ?, ?, ?)
-        `);
-        stmt.run(code, origin, topic, info, offer, Date.now(), expiresAt);
-        break;
-      } catch (err) {
-        if (err.code === "SQLITE_CONSTRAINT_PRIMARYKEY") {
-          continue;
+  async createOffers(offers) {
+    const created = [];
+    const offersWithIds = await Promise.all(
+      offers.map(async (offer) => ({
+        ...offer,
+        id: offer.id || await generateOfferHash(offer.sdp, offer.topics)
+      }))
+    );
+    const transaction = this.db.transaction((offersWithIds2) => {
+      const offerStmt = this.db.prepare(`
+        INSERT INTO offers (id, peer_id, sdp, created_at, expires_at, last_seen, secret)
+        VALUES (?, ?, ?, ?, ?, ?, ?)
+      `);
+      const topicStmt = this.db.prepare(`
+        INSERT INTO offer_topics (offer_id, topic)
+        VALUES (?, ?)
+      `);
+      for (const offer of offersWithIds2) {
+        const now = Date.now();
+        offerStmt.run(
+          offer.id,
+          offer.peerId,
+          offer.sdp,
+          now,
+          offer.expiresAt,
+          now,
+          offer.secret || null
+        );
+        for (const topic of offer.topics) {
+          topicStmt.run(offer.id, topic);
         }
-        throw err;
+        created.push({
+          id: offer.id,
+          peerId: offer.peerId,
+          sdp: offer.sdp,
+          topics: offer.topics,
+          createdAt: now,
+          expiresAt: offer.expiresAt,
+          lastSeen: now,
+          secret: offer.secret
+        });
       }
-    } while (true);
-    return code;
+    });
+    transaction(offersWithIds);
+    return created;
   }
-  async listSessionsByTopic(origin, topic) {
-    const stmt = this.db.prepare(`
-      SELECT * FROM sessions
-      WHERE origin = ? AND topic = ? AND expires_at > ? AND answer IS NULL
-      ORDER BY created_at DESC
-    `);
-    const rows = stmt.all(origin, topic, Date.now());
-    return rows.map((row) => ({
-      code: row.code,
-      origin: row.origin,
-      topic: row.topic,
-      info: row.info,
-      offer: row.offer,
-      answer: row.answer || void 0,
-      offerCandidates: JSON.parse(row.offer_candidates),
-      answerCandidates: JSON.parse(row.answer_candidates),
-      createdAt: row.created_at,
-      expiresAt: row.expires_at
-    }));
+  async getOffersByTopic(topic, excludePeerIds) {
+    let query = `
+      SELECT DISTINCT o.*
+      FROM offers o
+      INNER JOIN offer_topics ot ON o.id = ot.offer_id
+      WHERE ot.topic = ? AND o.expires_at > ?
+    `;
+    const params = [topic, Date.now()];
+    if (excludePeerIds && excludePeerIds.length > 0) {
+      const placeholders = excludePeerIds.map(() => "?").join(",");
+      query += ` AND o.peer_id NOT IN (${placeholders})`;
+      params.push(...excludePeerIds);
+    }
+    query += " ORDER BY o.last_seen DESC";
+    const stmt = this.db.prepare(query);
+    const rows = stmt.all(...params);
+    return Promise.all(rows.map((row) => this.rowToOffer(row)));
   }
-  async listTopics(origin, page, limit) {
-    const safeLimit = Math.min(Math.max(1, limit), 1e3);
-    const safePage = Math.max(1, page);
-    const offset = (safePage - 1) * safeLimit;
-    const countStmt = this.db.prepare(`
-      SELECT COUNT(DISTINCT topic) as total
-      FROM sessions
-      WHERE origin = ? AND expires_at > ? AND answer IS NULL
-    `);
-    const { total } = countStmt.get(origin, Date.now());
+  async getOffersByPeerId(peerId) {
     const stmt = this.db.prepare(`
-      SELECT topic, COUNT(*) as count
-      FROM sessions
-      WHERE origin = ? AND expires_at > ? AND answer IS NULL
-      GROUP BY topic
-      ORDER BY topic ASC
-      LIMIT ? OFFSET ?
+      SELECT * FROM offers
+      WHERE peer_id = ? AND expires_at > ?
+      ORDER BY last_seen DESC
     `);
-    const rows = stmt.all(origin, Date.now(), safeLimit, offset);
-    const topics = rows.map((row) => ({
-      topic: row.topic,
-      count: row.count
-    }));
-    return {
-      topics,
-      pagination: {
-        page: safePage,
-        limit: safeLimit,
-        total,
-        hasMore: offset + topics.length < total
-      }
-    };
+    const rows = stmt.all(peerId, Date.now());
+    return Promise.all(rows.map((row) => this.rowToOffer(row)));
   }
-  async getSession(code, origin) {
+  async getOfferById(offerId) {
     const stmt = this.db.prepare(`
-      SELECT * FROM sessions WHERE code = ? AND origin = ? AND expires_at > ?
+      SELECT * FROM offers
+      WHERE id = ? AND expires_at > ?
     `);
-    const row = stmt.get(code, origin, Date.now());
+    const row = stmt.get(offerId, Date.now());
     if (!row) {
       return null;
     }
-    return {
-      code: row.code,
-      origin: row.origin,
-      topic: row.topic,
-      info: row.info,
-      offer: row.offer,
-      answer: row.answer || void 0,
-      offerCandidates: JSON.parse(row.offer_candidates),
-      answerCandidates: JSON.parse(row.answer_candidates),
-      createdAt: row.created_at,
-      expiresAt: row.expires_at
-    };
+    return this.rowToOffer(row);
   }
-  async updateSession(code, origin, update) {
-    const current = await this.getSession(code, origin);
-    if (!current) {
-      throw new Error("Session not found or origin mismatch");
-    }
-    const updates = [];
-    const values = [];
-    if (update.answer !== void 0) {
-      updates.push("answer = ?");
-      values.push(update.answer);
+  async deleteOffer(offerId, ownerPeerId) {
+    const stmt = this.db.prepare(`
+      DELETE FROM offers
+      WHERE id = ? AND peer_id = ?
+    `);
+    const result = stmt.run(offerId, ownerPeerId);
+    return result.changes > 0;
+  }
+  async deleteExpiredOffers(now) {
+    const stmt = this.db.prepare("DELETE FROM offers WHERE expires_at < ?");
+    const result = stmt.run(now);
+    return result.changes;
+  }
+  async answerOffer(offerId, answererPeerId, answerSdp, secret) {
+    const offer = await this.getOfferById(offerId);
+    if (!offer) {
+      return {
+        success: false,
+        error: "Offer not found or expired"
+      };
     }
-    if (update.offerCandidates !== void 0) {
-      updates.push("offer_candidates = ?");
-      values.push(JSON.stringify(update.offerCandidates));
+    if (offer.secret && offer.secret !== secret) {
+      return {
+        success: false,
+        error: "Invalid or missing secret"
+      };
     }
-    if (update.answerCandidates !== void 0) {
-      updates.push("answer_candidates = ?");
-      values.push(JSON.stringify(update.answerCandidates));
+    if (offer.answererPeerId) {
+      return {
+        success: false,
+        error: "Offer already answered"
+      };
     }
-    if (updates.length === 0) {
-      return;
+    const stmt = this.db.prepare(`
+      UPDATE offers
+      SET answerer_peer_id = ?, answer_sdp = ?, answered_at = ?
+      WHERE id = ? AND answerer_peer_id IS NULL
+    `);
+    const result = stmt.run(answererPeerId, answerSdp, Date.now(), offerId);
+    if (result.changes === 0) {
+      return {
+        success: false,
+        error: "Offer already answered (race condition)"
+      };
     }
-    values.push(code);
-    values.push(origin);
+    return { success: true };
+  }
+  async getAnsweredOffers(offererPeerId) {
     const stmt = this.db.prepare(`
-      UPDATE sessions SET ${updates.join(", ")} WHERE code = ? AND origin = ?
+      SELECT * FROM offers
+      WHERE peer_id = ? AND answerer_peer_id IS NOT NULL AND expires_at > ?
+      ORDER BY answered_at DESC
     `);
-    stmt.run(...values);
+    const rows = stmt.all(offererPeerId, Date.now());
+    return Promise.all(rows.map((row) => this.rowToOffer(row)));
   }
-  async deleteSession(code) {
-    const stmt = this.db.prepare("DELETE FROM sessions WHERE code = ?");
-    stmt.run(code);
+  async addIceCandidates(offerId, peerId, role, candidates) {
+    const stmt = this.db.prepare(`
+      INSERT INTO ice_candidates (offer_id, peer_id, role, candidate, created_at)
+      VALUES (?, ?, ?, ?, ?)
+    `);
+    const baseTimestamp = Date.now();
+    const transaction = this.db.transaction((candidates2) => {
+      for (let i = 0; i < candidates2.length; i++) {
+        stmt.run(
+          offerId,
+          peerId,
+          role,
+          JSON.stringify(candidates2[i]),
+          // Store full object as JSON
+          baseTimestamp + i
+          // Ensure unique timestamps to avoid "since" filtering issues
+        );
+      }
+    });
+    transaction(candidates);
+    return candidates.length;
   }
-  async cleanup() {
-    const stmt = this.db.prepare("DELETE FROM sessions WHERE expires_at <= ?");
-    const result = stmt.run(Date.now());
-    if (result.changes > 0) {
-      console.log(`Cleaned up ${result.changes} expired session(s)`);
+  async getIceCandidates(offerId, targetRole, since) {
+    let query = `
+      SELECT * FROM ice_candidates
+      WHERE offer_id = ? AND role = ?
+    `;
+    const params = [offerId, targetRole];
+    if (since !== void 0) {
+      query += " AND created_at > ?";
+      params.push(since);
     }
+    query += " ORDER BY created_at ASC";
+    const stmt = this.db.prepare(query);
+    const rows = stmt.all(...params);
+    return rows.map((row) => ({
+      id: row.id,
+      offerId: row.offer_id,
+      peerId: row.peer_id,
+      role: row.role,
+      candidate: JSON.parse(row.candidate),
+      // Parse JSON back to object
+      createdAt: row.created_at
+    }));
+  }
+  async getTopics(limit, offset, startsWith) {
+    const now = Date.now();
+    const whereClause = startsWith ? "o.expires_at > ? AND ot.topic LIKE ?" : "o.expires_at > ?";
+    const startsWithPattern = startsWith ? `${startsWith}%` : null;
+    const countQuery = `
+      SELECT COUNT(DISTINCT ot.topic) as count
+      FROM offer_topics ot
+      INNER JOIN offers o ON ot.offer_id = o.id
+      WHERE ${whereClause}
+    `;
+    const countStmt = this.db.prepare(countQuery);
+    const countParams = startsWith ? [now, startsWithPattern] : [now];
+    const countRow = countStmt.get(...countParams);
+    const total = countRow.count;
+    const topicsQuery = `
+      SELECT
+        ot.topic,
+        COUNT(DISTINCT o.peer_id) as active_peers
+      FROM offer_topics ot
+      INNER JOIN offers o ON ot.offer_id = o.id
+      WHERE ${whereClause}
+      GROUP BY ot.topic
+      ORDER BY active_peers DESC, ot.topic ASC
+      LIMIT ? OFFSET ?
+    `;
+    const topicsStmt = this.db.prepare(topicsQuery);
+    const topicsParams = startsWith ? [now, startsWithPattern, limit, offset] : [now, limit, offset];
+    const rows = topicsStmt.all(...topicsParams);
+    const topics = rows.map((row) => ({
+      topic: row.topic,
+      activePeers: row.active_peers
+    }));
+    return { topics, total };
   }
   async close() {
     this.db.close();
   }
+  /**
+   * Helper method to convert database row to Offer object with topics
+   */
+  async rowToOffer(row) {
+    const topicStmt = this.db.prepare(`
+      SELECT topic FROM offer_topics WHERE offer_id = ?
+    `);
+    const topicRows = topicStmt.all(row.id);
+    const topics = topicRows.map((t) => t.topic);
+    return {
+      id: row.id,
+      peerId: row.peer_id,
+      sdp: row.sdp,
+      topics,
+      createdAt: row.created_at,
+      expiresAt: row.expires_at,
+      lastSeen: row.last_seen,
+      secret: row.secret || void 0,
+      answererPeerId: row.answerer_peer_id || void 0,
+      answerSdp: row.answer_sdp || void 0,
+      answeredAt: row.answered_at || void 0
+    };
+  }
 };
 
 // src/index.ts
@@ -400,8 +920,14 @@ async function main() {
     port: config.port,
     storageType: config.storageType,
     storagePath: config.storagePath,
-    sessionTimeout: `${config.sessionTimeout}ms`,
-    corsOrigins: config.corsOrigins
+    offerDefaultTtl: `${config.offerDefaultTtl}ms`,
+    offerMaxTtl: `${config.offerMaxTtl}ms`,
+    offerMinTtl: `${config.offerMinTtl}ms`,
+    cleanupInterval: `${config.cleanupInterval}ms`,
+    maxOffersPerRequest: config.maxOffersPerRequest,
+    maxTopicsPerOffer: config.maxTopicsPerOffer,
+    corsOrigins: config.corsOrigins,
+    version: config.version
   });
   let storage;
   if (config.storageType === "sqlite") {
@@ -410,25 +936,32 @@ async function main() {
   } else {
     throw new Error("Unsupported storage type");
   }
-  const app = createApp(storage, {
-    sessionTimeout: config.sessionTimeout,
-    corsOrigins: config.corsOrigins
-  });
+  const cleanupInterval = setInterval(async () => {
+    try {
+      const now = Date.now();
+      const deleted = await storage.deleteExpiredOffers(now);
+      if (deleted > 0) {
+        console.log(`Cleanup: Deleted ${deleted} expired offer(s)`);
+      }
+    } catch (err) {
+      console.error("Cleanup error:", err);
+    }
+  }, config.cleanupInterval);
+  const app = createApp(storage, config);
   const server = (0, import_node_server.serve)({
     fetch: app.fetch,
     port: config.port
   });
   console.log(`Server running on http://localhost:${config.port}`);
-  process.on("SIGINT", async () => {
+  console.log("Ready to accept connections");
+  const shutdown = async () => {
     console.log("\nShutting down gracefully...");
+    clearInterval(cleanupInterval);
     await storage.close();
     process.exit(0);
-  });
-  process.on("SIGTERM", async () => {
-    console.log("\nShutting down gracefully...");
-    await storage.close();
-    process.exit(0);
-  });
+  };
+  process.on("SIGINT", shutdown);
+  process.on("SIGTERM", shutdown);
 }
 main().catch((err) => {
   console.error("Fatal error:", err);