@xtr-dev/rondevu-server 0.2.3 → 0.3.0

package/dist/index.js

@@ -654,6 +654,29 @@ async function validateUsernameClaim(username, publicKey, signature, message) {
   }
   return { valid: true };
 }
+async function validateServicePublish(username, serviceFqn, publicKey, signature, message) {
+  const usernameCheck = validateUsername(username);
+  if (!usernameCheck.valid) {
+    return usernameCheck;
+  }
+  const parts = message.split(":");
+  if (parts.length !== 4 || parts[0] !== "publish" || parts[1] !== username || parts[2] !== serviceFqn) {
+    return { valid: false, error: "Invalid message format (expected: publish:{username}:{serviceFqn}:{timestamp})" };
+  }
+  const timestamp = parseInt(parts[3], 10);
+  if (isNaN(timestamp)) {
+    return { valid: false, error: "Invalid timestamp in message" };
+  }
+  const timestampCheck = validateTimestamp(timestamp);
+  if (!timestampCheck.valid) {
+    return timestampCheck;
+  }
+  const signatureValid = await verifyEd25519Signature(publicKey, signature, message);
+  if (!signatureValid) {
+    return { valid: false, error: "Invalid signature" };
+  }
+  return { valid: true };
+}
 
 // src/middleware/auth.ts
 function createAuthMiddleware(authSecret) {
@@ -734,12 +757,35 @@ function createApp(storage, config) {
       return c.json({ error: "Internal server error" }, 500);
     }
   });
-  app.post("/usernames/claim", async (c) => {
+  app.get("/users/:username", async (c) => {
     try {
+      const username = c.req.param("username");
+      const claimed = await storage.getUsername(username);
+      if (!claimed) {
+        return c.json({
+          username,
+          available: true
+        }, 200);
+      }
+      return c.json({
+        username: claimed.username,
+        available: false,
+        claimedAt: claimed.claimedAt,
+        expiresAt: claimed.expiresAt,
+        publicKey: claimed.publicKey
+      }, 200);
+    } catch (err2) {
+      console.error("Error checking username:", err2);
+      return c.json({ error: "Internal server error" }, 500);
+    }
+  });
+  app.post("/users/:username", async (c) => {
+    try {
+      const username = c.req.param("username");
       const body = await c.req.json();
-      const { username, publicKey, signature, message } = body;
-      if (!username || !publicKey || !signature || !message) {
-        return c.json({ error: "Missing required parameters: username, publicKey, signature, message" }, 400);
+      const { publicKey, signature, message } = body;
+      if (!publicKey || !signature || !message) {
+        return c.json({ error: "Missing required parameters: publicKey, signature, message" }, 400);
       }
       const validation = await validateUsernameClaim(username, publicKey, signature, message);
       if (!validation.valid) {
@@ -756,7 +802,7 @@ function createApp(storage, config) {
           username: claimed.username,
           claimedAt: claimed.claimedAt,
           expiresAt: claimed.expiresAt
-        }, 200);
+        }, 201);
       } catch (err2) {
         if (err2.message?.includes("already claimed")) {
           return c.json({ error: "Username already claimed by different public key" }, 409);
@@ -768,47 +814,70 @@ function createApp(storage, config) {
       return c.json({ error: "Internal server error" }, 500);
     }
   });
-  app.get("/usernames/:username", async (c) => {
+  app.get("/users/:username/services", async (c) => {
     try {
       const username = c.req.param("username");
-      const claimed = await storage.getUsername(username);
-      if (!claimed) {
-        return c.json({
-          username,
-          available: true
-        }, 200);
-      }
+      const services = await storage.listServicesForUsername(username);
       return c.json({
-        username: claimed.username,
-        available: false,
-        claimedAt: claimed.claimedAt,
-        expiresAt: claimed.expiresAt,
-        publicKey: claimed.publicKey
+        username,
+        services
       }, 200);
     } catch (err2) {
-      console.error("Error checking username:", err2);
+      console.error("Error listing services:", err2);
       return c.json({ error: "Internal server error" }, 500);
     }
   });
-  app.get("/usernames/:username/services", async (c) => {
+  app.get("/users/:username/services/:fqn", async (c) => {
     try {
       const username = c.req.param("username");
-      const services = await storage.listServicesForUsername(username);
+      const serviceFqn = decodeURIComponent(c.req.param("fqn"));
+      const uuid = await storage.queryService(username, serviceFqn);
+      if (!uuid) {
+        return c.json({ error: "Service not found" }, 404);
+      }
+      const service = await storage.getServiceByUuid(uuid);
+      if (!service) {
+        return c.json({ error: "Service not found" }, 404);
+      }
+      const initialOffer = await storage.getOfferById(service.offerId);
+      if (!initialOffer) {
+        return c.json({ error: "Associated offer not found" }, 404);
+      }
+      const peerOffers = await storage.getOffersByPeerId(initialOffer.peerId);
+      const availableOffer = peerOffers.find((offer) => !offer.answererPeerId);
+      if (!availableOffer) {
+        return c.json({
+          error: "No available offers",
+          message: "All offers from this service are currently in use. Please try again later."
+        }, 503);
+      }
       return c.json({
-        username,
-        services
+        uuid,
+        serviceId: service.id,
+        username: service.username,
+        serviceFqn: service.serviceFqn,
+        offerId: availableOffer.id,
+        sdp: availableOffer.sdp,
+        isPublic: service.isPublic,
+        metadata: service.metadata ? JSON.parse(service.metadata) : void 0,
+        createdAt: service.createdAt,
+        expiresAt: service.expiresAt
       }, 200);
     } catch (err2) {
-      console.error("Error listing services:", err2);
+      console.error("Error getting service:", err2);
       return c.json({ error: "Internal server error" }, 500);
     }
   });
-  app.post("/services", authMiddleware, async (c) => {
+  app.post("/users/:username/services", authMiddleware, async (c) => {
+    let serviceFqn;
+    let offers = [];
     try {
+      const username = c.req.param("username");
       const body = await c.req.json();
-      const { username, serviceFqn, sdp, ttl, isPublic, metadata, signature, message } = body;
-      if (!username || !serviceFqn || !sdp) {
-        return c.json({ error: "Missing required parameters: username, serviceFqn, sdp" }, 400);
+      serviceFqn = body.serviceFqn;
+      const { sdp, ttl, isPublic, metadata, signature, message } = body;
+      if (!serviceFqn || !sdp) {
+        return c.json({ error: "Missing required parameters: serviceFqn, sdp" }, 400);
       }
       const fqnValidation = validateServiceFqn(serviceFqn);
       if (!fqnValidation.valid) {
@@ -821,10 +890,17 @@ function createApp(storage, config) {
       if (!usernameRecord) {
         return c.json({ error: "Username not claimed" }, 404);
       }
-      const signatureValidation = await validateUsernameClaim(username, usernameRecord.publicKey, signature, message);
+      const signatureValidation = await validateServicePublish(username, serviceFqn, usernameRecord.publicKey, signature, message);
       if (!signatureValidation.valid) {
         return c.json({ error: "Invalid signature for username" }, 403);
       }
+      const existingUuid = await storage.queryService(username, serviceFqn);
+      if (existingUuid) {
+        const existingService = await storage.getServiceByUuid(existingUuid);
+        if (existingService) {
+          await storage.deleteService(existingService.id, username);
+        }
+      }
       if (typeof sdp !== "string" || sdp.length === 0) {
         return c.json({ error: "Invalid SDP" }, 400);
       }
@@ -837,7 +913,7 @@ function createApp(storage, config) {
         config.offerMaxTtl
       );
       const expiresAt = Date.now() + offerTtl;
-      const offers = await storage.createOffers([{
+      offers = await storage.createOffers([{
         peerId,
         sdp,
         expiresAt
@@ -855,52 +931,45 @@ function createApp(storage, config) {
         metadata: metadata ? JSON.stringify(metadata) : void 0
       });
       return c.json({
-        serviceId: result.service.id,
         uuid: result.indexUuid,
+        serviceFqn,
+        username,
+        serviceId: result.service.id,
         offerId: offer.id,
+        sdp: offer.sdp,
+        isPublic: result.service.isPublic,
+        metadata,
+        createdAt: result.service.createdAt,
         expiresAt: result.service.expiresAt
       }, 201);
     } catch (err2) {
       console.error("Error creating service:", err2);
-      return c.json({ error: "Internal server error" }, 500);
+      console.error("Error details:", {
+        message: err2.message,
+        stack: err2.stack,
+        username: c.req.param("username"),
+        serviceFqn,
+        offerId: offers[0]?.id
+      });
+      return c.json({
+        error: "Internal server error",
+        details: err2.message
+      }, 500);
     }
   });
-  app.get("/services/:uuid", async (c) => {
+  app.delete("/users/:username/services/:fqn", authMiddleware, async (c) => {
     try {
-      const uuid = c.req.param("uuid");
+      const username = c.req.param("username");
+      const serviceFqn = decodeURIComponent(c.req.param("fqn"));
+      const uuid = await storage.queryService(username, serviceFqn);
+      if (!uuid) {
+        return c.json({ error: "Service not found" }, 404);
+      }
       const service = await storage.getServiceByUuid(uuid);
       if (!service) {
         return c.json({ error: "Service not found" }, 404);
       }
-      const offer = await storage.getOfferById(service.offerId);
-      if (!offer) {
-        return c.json({ error: "Associated offer not found" }, 404);
-      }
-      return c.json({
-        serviceId: service.id,
-        username: service.username,
-        serviceFqn: service.serviceFqn,
-        offerId: service.offerId,
-        sdp: offer.sdp,
-        isPublic: service.isPublic,
-        metadata: service.metadata ? JSON.parse(service.metadata) : void 0,
-        createdAt: service.createdAt,
-        expiresAt: service.expiresAt
-      }, 200);
-    } catch (err2) {
-      console.error("Error getting service:", err2);
-      return c.json({ error: "Internal server error" }, 500);
-    }
-  });
-  app.delete("/services/:serviceId", authMiddleware, async (c) => {
-    try {
-      const serviceId = c.req.param("serviceId");
-      const body = await c.req.json();
-      const { username } = body;
-      if (!username) {
-        return c.json({ error: "Missing required parameter: username" }, 400);
-      }
-      const deleted = await storage.deleteService(serviceId, username);
+      const deleted = await storage.deleteService(service.id, username);
       if (!deleted) {
         return c.json({ error: "Service not found or not owned by this username" }, 404);
       }
@@ -910,24 +979,39 @@ function createApp(storage, config) {
       return c.json({ error: "Internal server error" }, 500);
     }
   });
-  app.post("/index/:username/query", async (c) => {
+  app.get("/services/:uuid", async (c) => {
     try {
-      const username = c.req.param("username");
-      const body = await c.req.json();
-      const { serviceFqn } = body;
-      if (!serviceFqn) {
-        return c.json({ error: "Missing required parameter: serviceFqn" }, 400);
-      }
-      const uuid = await storage.queryService(username, serviceFqn);
-      if (!uuid) {
+      const uuid = c.req.param("uuid");
+      const service = await storage.getServiceByUuid(uuid);
+      if (!service) {
         return c.json({ error: "Service not found" }, 404);
       }
+      const initialOffer = await storage.getOfferById(service.offerId);
+      if (!initialOffer) {
+        return c.json({ error: "Associated offer not found" }, 404);
+      }
+      const peerOffers = await storage.getOffersByPeerId(initialOffer.peerId);
+      const availableOffer = peerOffers.find((offer) => !offer.answererPeerId);
+      if (!availableOffer) {
+        return c.json({
+          error: "No available offers",
+          message: "All offers from this service are currently in use. Please try again later."
+        }, 503);
+      }
       return c.json({
         uuid,
-        allowed: true
+        serviceId: service.id,
+        username: service.username,
+        serviceFqn: service.serviceFqn,
+        offerId: availableOffer.id,
+        sdp: availableOffer.sdp,
+        isPublic: service.isPublic,
+        metadata: service.metadata ? JSON.parse(service.metadata) : void 0,
+        createdAt: service.createdAt,
+        expiresAt: service.expiresAt
       }, 200);
     } catch (err2) {
-      console.error("Error querying service:", err2);
+      console.error("Error getting service:", err2);
       return c.json({ error: "Internal server error" }, 500);
     }
   });
@@ -997,6 +1081,28 @@ function createApp(storage, config) {
       return c.json({ error: "Internal server error" }, 500);
     }
   });
+  app.get("/offers/:offerId", authMiddleware, async (c) => {
+    try {
+      const offerId = c.req.param("offerId");
+      const offer = await storage.getOfferById(offerId);
+      if (!offer) {
+        return c.json({ error: "Offer not found" }, 404);
+      }
+      return c.json({
+        id: offer.id,
+        peerId: offer.peerId,
+        sdp: offer.sdp,
+        createdAt: offer.createdAt,
+        expiresAt: offer.expiresAt,
+        answererPeerId: offer.answererPeerId,
+        answered: !!offer.answererPeerId,
+        answerSdp: offer.answerSdp
+      }, 200);
+    } catch (err2) {
+      console.error("Error getting offer:", err2);
+      return c.json({ error: "Internal server error" }, 500);
+    }
+  });
   app.delete("/offers/:offerId", authMiddleware, async (c) => {
     try {
       const offerId = c.req.param("offerId");
@@ -1036,20 +1142,28 @@ function createApp(storage, config) {
       return c.json({ error: "Internal server error" }, 500);
     }
   });
-  app.get("/offers/answers", authMiddleware, async (c) => {
+  app.get("/offers/:offerId/answer", authMiddleware, async (c) => {
     try {
+      const offerId = c.req.param("offerId");
       const peerId = getAuthenticatedPeerId(c);
-      const offers = await storage.getAnsweredOffers(peerId);
+      const offer = await storage.getOfferById(offerId);
+      if (!offer) {
+        return c.json({ error: "Offer not found" }, 404);
+      }
+      if (offer.peerId !== peerId) {
+        return c.json({ error: "Not authorized to view this answer" }, 403);
+      }
+      if (!offer.answererPeerId || !offer.answerSdp) {
+        return c.json({ error: "Offer not yet answered" }, 404);
+      }
       return c.json({
-        answers: offers.map((offer) => ({
-          offerId: offer.id,
-          answererPeerId: offer.answererPeerId,
-          answerSdp: offer.answerSdp,
-          answeredAt: offer.answeredAt
-        }))
+        offerId: offer.id,
+        answererId: offer.answererPeerId,
+        sdp: offer.answerSdp,
+        answeredAt: offer.answeredAt
       }, 200);
     } catch (err2) {
-      console.error("Error getting answers:", err2);
+      console.error("Error getting answer:", err2);
       return c.json({ error: "Internal server error" }, 500);
     }
   });
@@ -1120,8 +1234,7 @@ function loadConfig() {
     offerMaxTtl: parseInt(process.env.OFFER_MAX_TTL || "86400000", 10),
     offerMinTtl: parseInt(process.env.OFFER_MIN_TTL || "60000", 10),
     cleanupInterval: parseInt(process.env.CLEANUP_INTERVAL || "60000", 10),
-    maxOffersPerRequest: parseInt(process.env.MAX_OFFERS_PER_REQUEST || "100", 10),
-    maxTopicsPerOffer: parseInt(process.env.MAX_TOPICS_PER_OFFER || "50", 10)
+    maxOffersPerRequest: parseInt(process.env.MAX_OFFERS_PER_REQUEST || "100", 10)
   };
 }
 
@@ -1130,11 +1243,9 @@ var import_better_sqlite3 = __toESM(require("better-sqlite3"));
 var import_node_crypto = require("node:crypto");
 
 // src/storage/hash-id.ts
-async function generateOfferHash(sdp, topics) {
+async function generateOfferHash(sdp) {
   const sanitizedOffer = {
-    sdp,
-    topics: [...topics].sort()
-    // Sort topics for consistency
+    sdp
   };
   const jsonString = JSON.stringify(sanitizedOffer);
   const encoder = new TextEncoder();
@@ -1161,10 +1272,11 @@ var SQLiteStorage = class {
    */
   initializeDatabase() {
     this.db.exec(`
-      -- Offers table (no topics)
+      -- WebRTC signaling offers
       CREATE TABLE IF NOT EXISTS offers (
         id TEXT PRIMARY KEY,
         peer_id TEXT NOT NULL,
+        service_id TEXT,
         sdp TEXT NOT NULL,
         created_at INTEGER NOT NULL,
         expires_at INTEGER NOT NULL,
@@ -1172,10 +1284,12 @@ var SQLiteStorage = class {
         secret TEXT,
         answerer_peer_id TEXT,
         answer_sdp TEXT,
-        answered_at INTEGER
+        answered_at INTEGER,
+        FOREIGN KEY (service_id) REFERENCES services(id) ON DELETE CASCADE
       );
 
       CREATE INDEX IF NOT EXISTS idx_offers_peer ON offers(peer_id);
+      CREATE INDEX IF NOT EXISTS idx_offers_service ON offers(service_id);
       CREATE INDEX IF NOT EXISTS idx_offers_expires ON offers(expires_at);
       CREATE INDEX IF NOT EXISTS idx_offers_last_seen ON offers(last_seen);
       CREATE INDEX IF NOT EXISTS idx_offers_answerer ON offers(answerer_peer_id);
@@ -1209,25 +1323,22 @@ var SQLiteStorage = class {
       CREATE INDEX IF NOT EXISTS idx_usernames_expires ON usernames(expires_at);
       CREATE INDEX IF NOT EXISTS idx_usernames_public_key ON usernames(public_key);
 
-      -- Services table
+      -- Services table (one service can have multiple offers)
       CREATE TABLE IF NOT EXISTS services (
         id TEXT PRIMARY KEY,
         username TEXT NOT NULL,
         service_fqn TEXT NOT NULL,
-        offer_id TEXT NOT NULL,
         created_at INTEGER NOT NULL,
         expires_at INTEGER NOT NULL,
         is_public INTEGER NOT NULL DEFAULT 0,
         metadata TEXT,
         FOREIGN KEY (username) REFERENCES usernames(username) ON DELETE CASCADE,
-        FOREIGN KEY (offer_id) REFERENCES offers(id) ON DELETE CASCADE,
         UNIQUE(username, service_fqn)
       );
 
       CREATE INDEX IF NOT EXISTS idx_services_username ON services(username);
       CREATE INDEX IF NOT EXISTS idx_services_fqn ON services(service_fqn);
       CREATE INDEX IF NOT EXISTS idx_services_expires ON services(expires_at);
-      CREATE INDEX IF NOT EXISTS idx_services_offer ON services(offer_id);
 
       -- Service index table (privacy layer)
       CREATE TABLE IF NOT EXISTS service_index (
@@ -1251,19 +1362,21 @@ var SQLiteStorage = class {
     const offersWithIds = await Promise.all(
       offers.map(async (offer) => ({
         ...offer,
-        id: offer.id || await generateOfferHash(offer.sdp, [])
+        serviceId: offer.serviceId || null,
+        id: offer.id || await generateOfferHash(offer.sdp)
       }))
     );
     const transaction = this.db.transaction((offersWithIds2) => {
       const offerStmt = this.db.prepare(`
-        INSERT INTO offers (id, peer_id, sdp, created_at, expires_at, last_seen, secret)
-        VALUES (?, ?, ?, ?, ?, ?, ?)
+        INSERT INTO offers (id, peer_id, service_id, sdp, created_at, expires_at, last_seen, secret)
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?)
       `);
       for (const offer of offersWithIds2) {
         const now = Date.now();
         offerStmt.run(
           offer.id,
           offer.peerId,
+          offer.serviceId || null,
           offer.sdp,
           now,
           offer.expiresAt,
@@ -1273,6 +1386,7 @@ var SQLiteStorage = class {
         created.push({
           id: offer.id,
           peerId: offer.peerId,
+          serviceId: offer.serviceId,
           sdp: offer.sdp,
           createdAt: now,
           expiresAt: offer.expiresAt,
@@ -1475,16 +1589,20 @@ var SQLiteStorage = class {
     const serviceId = (0, import_node_crypto.randomUUID)();
     const indexUuid = (0, import_node_crypto.randomUUID)();
     const now = Date.now();
+    const offerRequests = request.offers.map((offer) => ({
+      ...offer,
+      serviceId
+    }));
+    const offers = await this.createOffers(offerRequests);
     const transaction = this.db.transaction(() => {
       const serviceStmt = this.db.prepare(`
-        INSERT INTO services (id, username, service_fqn, offer_id, created_at, expires_at, is_public, metadata)
-        VALUES (?, ?, ?, ?, ?, ?, ?, ?)
+        INSERT INTO services (id, username, service_fqn, created_at, expires_at, is_public, metadata)
+        VALUES (?, ?, ?, ?, ?, ?, ?)
       `);
       serviceStmt.run(
         serviceId,
         request.username,
         request.serviceFqn,
-        request.offerId,
         now,
         request.expiresAt,
         request.isPublic ? 1 : 0,
@@ -1510,15 +1628,23 @@ var SQLiteStorage = class {
         id: serviceId,
         username: request.username,
         serviceFqn: request.serviceFqn,
-        offerId: request.offerId,
         createdAt: now,
         expiresAt: request.expiresAt,
         isPublic: request.isPublic || false,
         metadata: request.metadata
       },
-      indexUuid
+      indexUuid,
+      offers
     };
   }
+  async batchCreateServices(requests) {
+    const results = [];
+    for (const request of requests) {
+      const result = await this.createService(request);
+      results.push(result);
+    }
+    return results;
+  }
   async getServiceById(serviceId) {
     const stmt = this.db.prepare(`
       SELECT * FROM services
@@ -1591,6 +1717,7 @@ var SQLiteStorage = class {
     return {
       id: row.id,
       peerId: row.peer_id,
+      serviceId: row.service_id || void 0,
       sdp: row.sdp,
       createdAt: row.created_at,
       expiresAt: row.expires_at,
@@ -1609,13 +1736,24 @@ var SQLiteStorage = class {
       id: row.id,
       username: row.username,
       serviceFqn: row.service_fqn,
-      offerId: row.offer_id,
       createdAt: row.created_at,
       expiresAt: row.expires_at,
       isPublic: row.is_public === 1,
       metadata: row.metadata || void 0
     };
   }
+  /**
+   * Get all offers for a service
+   */
+  async getOffersForService(serviceId) {
+    const stmt = this.db.prepare(`
+      SELECT * FROM offers
+      WHERE service_id = ? AND expires_at > ?
+      ORDER BY created_at ASC
+    `);
+    const rows = stmt.all(serviceId, Date.now());
+    return rows.map((row) => this.rowToOffer(row));
+  }
 };
 
 // src/index.ts
@@ -1631,7 +1769,6 @@ async function main() {
     offerMinTtl: `${config.offerMinTtl}ms`,
     cleanupInterval: `${config.cleanupInterval}ms`,
     maxOffersPerRequest: config.maxOffersPerRequest,
-    maxTopicsPerOffer: config.maxTopicsPerOffer,
     corsOrigins: config.corsOrigins,
     version: config.version
   });