@xtr-dev/rondevu-server 0.2.3 → 0.3.0

package/migrations/0005_v2_schema.sql

@@ -0,0 +1,83 @@
+-- V2 Migration: Add offers, usernames, and services tables
+
+-- Offers table (replaces sessions)
+CREATE TABLE IF NOT EXISTS offers (
+  id TEXT PRIMARY KEY,
+  peer_id TEXT NOT NULL,
+  sdp TEXT NOT NULL,
+  created_at INTEGER NOT NULL,
+  expires_at INTEGER NOT NULL,
+  last_seen INTEGER NOT NULL,
+  secret TEXT,
+  answerer_peer_id TEXT,
+  answer_sdp TEXT,
+  answered_at INTEGER
+);
+
+CREATE INDEX IF NOT EXISTS idx_offers_peer ON offers(peer_id);
+CREATE INDEX IF NOT EXISTS idx_offers_expires ON offers(expires_at);
+CREATE INDEX IF NOT EXISTS idx_offers_last_seen ON offers(last_seen);
+CREATE INDEX IF NOT EXISTS idx_offers_answerer ON offers(answerer_peer_id);
+
+-- ICE candidates table
+CREATE TABLE IF NOT EXISTS ice_candidates (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  offer_id TEXT NOT NULL,
+  peer_id TEXT NOT NULL,
+  role TEXT NOT NULL CHECK(role IN ('offerer', 'answerer')),
+  candidate TEXT NOT NULL,
+  created_at INTEGER NOT NULL,
+  FOREIGN KEY (offer_id) REFERENCES offers(id) ON DELETE CASCADE
+);
+
+CREATE INDEX IF NOT EXISTS idx_ice_offer ON ice_candidates(offer_id);
+CREATE INDEX IF NOT EXISTS idx_ice_peer ON ice_candidates(peer_id);
+CREATE INDEX IF NOT EXISTS idx_ice_created ON ice_candidates(created_at);
+
+-- Usernames table
+CREATE TABLE IF NOT EXISTS usernames (
+  username TEXT PRIMARY KEY,
+  public_key TEXT NOT NULL UNIQUE,
+  claimed_at INTEGER NOT NULL,
+  expires_at INTEGER NOT NULL,
+  last_used INTEGER NOT NULL,
+  metadata TEXT,
+  CHECK(length(username) >= 3 AND length(username) <= 32)
+);
+
+CREATE INDEX IF NOT EXISTS idx_usernames_expires ON usernames(expires_at);
+CREATE INDEX IF NOT EXISTS idx_usernames_public_key ON usernames(public_key);
+
+-- Services table
+CREATE TABLE IF NOT EXISTS services (
+  id TEXT PRIMARY KEY,
+  username TEXT NOT NULL,
+  service_fqn TEXT NOT NULL,
+  offer_id TEXT NOT NULL,
+  created_at INTEGER NOT NULL,
+  expires_at INTEGER NOT NULL,
+  is_public INTEGER NOT NULL DEFAULT 0,
+  metadata TEXT,
+  FOREIGN KEY (username) REFERENCES usernames(username) ON DELETE CASCADE,
+  FOREIGN KEY (offer_id) REFERENCES offers(id) ON DELETE CASCADE,
+  UNIQUE(username, service_fqn)
+);
+
+CREATE INDEX IF NOT EXISTS idx_services_username ON services(username);
+CREATE INDEX IF NOT EXISTS idx_services_fqn ON services(service_fqn);
+CREATE INDEX IF NOT EXISTS idx_services_expires ON services(expires_at);
+CREATE INDEX IF NOT EXISTS idx_services_offer ON services(offer_id);
+
+-- Service index table (privacy layer)
+CREATE TABLE IF NOT EXISTS service_index (
+  uuid TEXT PRIMARY KEY,
+  service_id TEXT NOT NULL,
+  username TEXT NOT NULL,
+  service_fqn TEXT NOT NULL,
+  created_at INTEGER NOT NULL,
+  expires_at INTEGER NOT NULL,
+  FOREIGN KEY (service_id) REFERENCES services(id) ON DELETE CASCADE
+);
+
+CREATE INDEX IF NOT EXISTS idx_service_index_username ON service_index(username);
+CREATE INDEX IF NOT EXISTS idx_service_index_expires ON service_index(expires_at);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@xtr-dev/rondevu-server",
-  "version": "0.2.3",
+  "version": "0.3.0",
   "description": "DNS-like WebRTC signaling server with username claiming and service discovery",
   "main": "dist/index.js",
   "scripts": {

package/src/app.ts

@@ -3,11 +3,12 @@ import { cors } from 'hono/cors';
 import { Storage } from './storage/types.ts';
 import { Config } from './config.ts';
 import { createAuthMiddleware, getAuthenticatedPeerId } from './middleware/auth.ts';
-import { generatePeerId, encryptPeerId, validateUsernameClaim, validateServiceFqn } from './crypto.ts';
+import { generatePeerId, encryptPeerId, validateUsernameClaim, validateServicePublish, validateServiceFqn, parseServiceFqn, isVersionCompatible } from './crypto.ts';
 import type { Context } from 'hono';
 
 /**
  * Creates the Hono application with username and service-based WebRTC signaling
+ * RESTful API design - v0.11.0
  */
 export function createApp(storage: Storage, config: Config) {
   const app = new Hono();
@@ -61,7 +62,7 @@ export function createApp(storage: Storage, config: Config) {
 
   /**
    * POST /register
-   * Register a new peer (still needed for peer ID generation)
+   * Register a new peer
    */
   app.post('/register', async (c) => {
     try {
@@ -78,19 +79,50 @@ export function createApp(storage: Storage, config: Config) {
     }
   });
 
-  // ===== Username Management =====
+  // ===== User Management (RESTful) =====
 
   /**
-   * POST /usernames/claim
+   * GET /users/:username
+   * Check if username is available or get claim info
+   */
+  app.get('/users/:username', async (c) => {
+    try {
+      const username = c.req.param('username');
+
+      const claimed = await storage.getUsername(username);
+
+      if (!claimed) {
+        return c.json({
+          username,
+          available: true
+        }, 200);
+      }
+
+      return c.json({
+        username: claimed.username,
+        available: false,
+        claimedAt: claimed.claimedAt,
+        expiresAt: claimed.expiresAt,
+        publicKey: claimed.publicKey
+      }, 200);
+    } catch (err) {
+      console.error('Error checking username:', err);
+      return c.json({ error: 'Internal server error' }, 500);
+    }
+  });
+
+  /**
+   * POST /users/:username
    * Claim a username with cryptographic proof
    */
-  app.post('/usernames/claim', async (c) => {
+  app.post('/users/:username', async (c) => {
     try {
+      const username = c.req.param('username');
       const body = await c.req.json();
-      const { username, publicKey, signature, message } = body;
+      const { publicKey, signature, message } = body;
 
-      if (!username || !publicKey || !signature || !message) {
-        return c.json({ error: 'Missing required parameters: username, publicKey, signature, message' }, 400);
+      if (!publicKey || !signature || !message) {
+        return c.json({ error: 'Missing required parameters: publicKey, signature, message' }, 400);
       }
 
       // Validate claim
@@ -112,7 +144,7 @@ export function createApp(storage: Storage, config: Config) {
           username: claimed.username,
           claimedAt: claimed.claimedAt,
           expiresAt: claimed.expiresAt
-        }, 200);
+        }, 201);
       } catch (err: any) {
         if (err.message?.includes('already claimed')) {
           return c.json({ error: 'Username already claimed by different public key' }, 409);
@@ -126,68 +158,104 @@ export function createApp(storage: Storage, config: Config) {
   });
 
   /**
-   * GET /usernames/:username
-   * Check if username is available or get claim info
+   * GET /users/:username/services/:fqn
+   * Get service by username and FQN with semver-compatible matching
    */
-  app.get('/usernames/:username', async (c) => {
+  app.get('/users/:username/services/:fqn', async (c) => {
     try {
       const username = c.req.param('username');
+      const serviceFqn = decodeURIComponent(c.req.param('fqn'));
 
-      const claimed = await storage.getUsername(username);
+      // Parse the requested FQN
+      const parsed = parseServiceFqn(serviceFqn);
+      if (!parsed) {
+        return c.json({ error: 'Invalid service FQN format' }, 400);
+      }
 
-      if (!claimed) {
+      const { serviceName, version: requestedVersion } = parsed;
+
+      // Find all services with matching service name
+      const matchingServices = await storage.findServicesByName(username, serviceName);
+
+      if (matchingServices.length === 0) {
+        return c.json({ error: 'Service not found' }, 404);
+      }
+
+      // Filter to compatible versions
+      const compatibleServices = matchingServices.filter(service => {
+        const serviceParsed = parseServiceFqn(service.serviceFqn);
+        if (!serviceParsed) return false;
+        return isVersionCompatible(requestedVersion, serviceParsed.version);
+      });
+
+      if (compatibleServices.length === 0) {
         return c.json({
-          username,
-          available: true
-        }, 200);
+          error: 'No compatible version found',
+          message: `Requested ${serviceFqn}, but no compatible versions available`
+        }, 404);
       }
 
-      return c.json({
-        username: claimed.username,
-        available: false,
-        claimedAt: claimed.claimedAt,
-        expiresAt: claimed.expiresAt,
-        publicKey: claimed.publicKey
-      }, 200);
-    } catch (err) {
-      console.error('Error checking username:', err);
-      return c.json({ error: 'Internal server error' }, 500);
-    }
-  });
+      // Use the first compatible service (most recently created)
+      const service = compatibleServices[0];
 
-  /**
-   * GET /usernames/:username/services
-   * List services for a username (privacy-preserving)
-   */
-  app.get('/usernames/:username/services', async (c) => {
-    try {
-      const username = c.req.param('username');
+      // Get the UUID for this service
+      const uuid = await storage.queryService(username, service.serviceFqn);
 
-      const services = await storage.listServicesForUsername(username);
+      if (!uuid) {
+        return c.json({ error: 'Service index not found' }, 500);
+      }
+
+      // Get all offers for this service
+      const serviceOffers = await storage.getOffersForService(service.id);
+
+      if (serviceOffers.length === 0) {
+        return c.json({ error: 'No offers found for this service' }, 404);
+      }
+
+      // Find an unanswered offer
+      const availableOffer = serviceOffers.find(offer => !offer.answererPeerId);
+
+      if (!availableOffer) {
+        return c.json({
+          error: 'No available offers',
+          message: 'All offers from this service are currently in use. Please try again later.'
+        }, 503);
+      }
 
       return c.json({
-        username,
-        services
+        uuid: uuid,
+        serviceId: service.id,
+        username: service.username,
+        serviceFqn: service.serviceFqn,
+        offerId: availableOffer.id,
+        sdp: availableOffer.sdp,
+        isPublic: service.isPublic,
+        metadata: service.metadata ? JSON.parse(service.metadata) : undefined,
+        createdAt: service.createdAt,
+        expiresAt: service.expiresAt
       }, 200);
     } catch (err) {
-      console.error('Error listing services:', err);
+      console.error('Error getting service:', err);
       return c.json({ error: 'Internal server error' }, 500);
     }
   });
 
-  // ===== Service Management =====
-
   /**
-   * POST /services
-   * Publish a service
+   * POST /users/:username/services
+   * Publish a service with one or more offers (RESTful endpoint)
    */
-  app.post('/services', authMiddleware, async (c) => {
+  app.post('/users/:username/services', authMiddleware, async (c) => {
+    let serviceFqn: string | undefined;
+    let createdOffers: any[] = [];
+
     try {
+      const username = c.req.param('username');
       const body = await c.req.json();
-      const { username, serviceFqn, sdp, ttl, isPublic, metadata, signature, message } = body;
+      serviceFqn = body.serviceFqn;
+      const { offers, ttl, isPublic, metadata, signature, message } = body;
 
-      if (!username || !serviceFqn || !sdp) {
-        return c.json({ error: 'Missing required parameters: username, serviceFqn, sdp' }, 400);
+      if (!serviceFqn || !offers || !Array.isArray(offers) || offers.length === 0) {
+        return c.json({ error: 'Missing required parameters: serviceFqn, offers (must be non-empty array)' }, 400);
       }
 
       // Validate service FQN
@@ -207,18 +275,29 @@ export function createApp(storage: Storage, config: Config) {
       }
 
       // Verify signature matches username's public key
-      const signatureValidation = await validateUsernameClaim(username, usernameRecord.publicKey, signature, message);
+      const signatureValidation = await validateServicePublish(username, serviceFqn, usernameRecord.publicKey, signature, message);
       if (!signatureValidation.valid) {
         return c.json({ error: 'Invalid signature for username' }, 403);
       }
 
-      // Validate SDP
-      if (typeof sdp !== 'string' || sdp.length === 0) {
-        return c.json({ error: 'Invalid SDP' }, 400);
+      // Delete existing service if one exists (upsert behavior)
+      const existingUuid = await storage.queryService(username, serviceFqn);
+      if (existingUuid) {
+        const existingService = await storage.getServiceByUuid(existingUuid);
+        if (existingService) {
+          await storage.deleteService(existingService.id, username);
+        }
       }
 
-      if (sdp.length > 64 * 1024) {
-        return c.json({ error: 'SDP too large (max 64KB)' }, 400);
+      // Validate all offers
+      for (const offer of offers) {
+        if (!offer.sdp || typeof offer.sdp !== 'string' || offer.sdp.length === 0) {
+          return c.json({ error: 'Invalid SDP in offers array' }, 400);
+        }
+
+        if (offer.sdp.length > 64 * 1024) {
+          return c.json({ error: 'SDP too large (max 64KB)' }, 400);
+        }
       }
 
       // Calculate expiry
@@ -229,94 +308,79 @@ export function createApp(storage: Storage, config: Config) {
       );
       const expiresAt = Date.now() + offerTtl;
 
-      // Create offer first
-      const offers = await storage.createOffers([{
+      // Prepare offer requests
+      const offerRequests = offers.map(offer => ({
         peerId,
-        sdp,
+        sdp: offer.sdp,
         expiresAt
-      }]);
-
-      if (offers.length === 0) {
-        return c.json({ error: 'Failed to create offer' }, 500);
-      }
+      }));
 
-      const offer = offers[0];
-
-      // Create service
+      // Create service with offers
       const result = await storage.createService({
         username,
         serviceFqn,
-        offerId: offer.id,
         expiresAt,
         isPublic: isPublic || false,
-        metadata: metadata ? JSON.stringify(metadata) : undefined
+        metadata: metadata ? JSON.stringify(metadata) : undefined,
+        offers: offerRequests
       });
 
+      createdOffers = result.offers;
+
+      // Return full service details with all offers
       return c.json({
-        serviceId: result.service.id,
         uuid: result.indexUuid,
-        offerId: offer.id,
+        serviceFqn: serviceFqn,
+        username: username,
+        serviceId: result.service.id,
+        offers: result.offers.map(o => ({
+          offerId: o.id,
+          sdp: o.sdp,
+          createdAt: o.createdAt,
+          expiresAt: o.expiresAt
+        })),
+        isPublic: result.service.isPublic,
+        metadata: metadata,
+        createdAt: result.service.createdAt,
         expiresAt: result.service.expiresAt
       }, 201);
     } catch (err) {
       console.error('Error creating service:', err);
-      return c.json({ error: 'Internal server error' }, 500);
+      console.error('Error details:', {
+        message: (err as Error).message,
+        stack: (err as Error).stack,
+        username: c.req.param('username'),
+        serviceFqn,
+        offerIds: createdOffers.map(o => o.id)
+      });
+      return c.json({
+        error: 'Internal server error',
+        details: (err as Error).message
+      }, 500);
     }
   });
 
   /**
-   * GET /services/:uuid
-   * Get service details by index UUID
+   * DELETE /users/:username/services/:fqn
+   * Delete a service by username and FQN (RESTful)
    */
-  app.get('/services/:uuid', async (c) => {
+  app.delete('/users/:username/services/:fqn', authMiddleware, async (c) => {
     try {
-      const uuid = c.req.param('uuid');
-
-      const service = await storage.getServiceByUuid(uuid);
+      const username = c.req.param('username');
+      const serviceFqn = decodeURIComponent(c.req.param('fqn'));
 
-      if (!service) {
+      // Find service by username and FQN
+      const uuid = await storage.queryService(username, serviceFqn);
+      if (!uuid) {
         return c.json({ error: 'Service not found' }, 404);
       }
 
-      // Get associated offer
-      const offer = await storage.getOfferById(service.offerId);
-
-      if (!offer) {
-        return c.json({ error: 'Associated offer not found' }, 404);
-      }
-
-      return c.json({
-        serviceId: service.id,
-        username: service.username,
-        serviceFqn: service.serviceFqn,
-        offerId: service.offerId,
-        sdp: offer.sdp,
-        isPublic: service.isPublic,
-        metadata: service.metadata ? JSON.parse(service.metadata) : undefined,
-        createdAt: service.createdAt,
-        expiresAt: service.expiresAt
-      }, 200);
-    } catch (err) {
-      console.error('Error getting service:', err);
-      return c.json({ error: 'Internal server error' }, 500);
-    }
-  });
-
-  /**
-   * DELETE /services/:serviceId
-   * Delete a service (requires ownership)
-   */
-  app.delete('/services/:serviceId', authMiddleware, async (c) => {
-    try {
-      const serviceId = c.req.param('serviceId');
-      const body = await c.req.json();
-      const { username } = body;
-
-      if (!username) {
-        return c.json({ error: 'Missing required parameter: username' }, 400);
+      const service = await storage.getServiceByUuid(uuid);
+      if (!service) {
+        return c.json({ error: 'Service not found' }, 404);
       }
 
-      const deleted = await storage.deleteService(serviceId, username);
+      const deleted = await storage.deleteService(service.id, username);
 
       if (!deleted) {
         return c.json({ error: 'Service not found or not owned by this username' }, 404);
@@ -329,32 +393,53 @@ export function createApp(storage: Storage, config: Config) {
     }
   });
 
+  // ===== Service Management (Legacy - for UUID-based access) =====
+
   /**
-   * POST /index/:username/query
-   * Query service by FQN (returns UUID)
+   * GET /services/:uuid
+   * Get service details by index UUID (kept for privacy)
    */
-  app.post('/index/:username/query', async (c) => {
+  app.get('/services/:uuid', async (c) => {
     try {
-      const username = c.req.param('username');
-      const body = await c.req.json();
-      const { serviceFqn } = body;
+      const uuid = c.req.param('uuid');
+
+      const service = await storage.getServiceByUuid(uuid);
 
-      if (!serviceFqn) {
-        return c.json({ error: 'Missing required parameter: serviceFqn' }, 400);
+      if (!service) {
+        return c.json({ error: 'Service not found' }, 404);
       }
 
-      const uuid = await storage.queryService(username, serviceFqn);
+      // Get all offers for this service
+      const serviceOffers = await storage.getOffersForService(service.id);
 
-      if (!uuid) {
-        return c.json({ error: 'Service not found' }, 404);
+      if (serviceOffers.length === 0) {
+        return c.json({ error: 'No offers found for this service' }, 404);
+      }
+
+      // Find an unanswered offer
+      const availableOffer = serviceOffers.find(offer => !offer.answererPeerId);
+
+      if (!availableOffer) {
+        return c.json({
+          error: 'No available offers',
+          message: 'All offers from this service are currently in use. Please try again later.'
+        }, 503);
       }
 
       return c.json({
-        uuid,
-        allowed: true
+        uuid: uuid,
+        serviceId: service.id,
+        username: service.username,
+        serviceFqn: service.serviceFqn,
+        offerId: availableOffer.id,
+        sdp: availableOffer.sdp,
+        isPublic: service.isPublic,
+        metadata: service.metadata ? JSON.parse(service.metadata) : undefined,
+        createdAt: service.createdAt,
+        expiresAt: service.expiresAt
       }, 200);
     } catch (err) {
-      console.error('Error querying service:', err);
+      console.error('Error getting service:', err);
       return c.json({ error: 'Internal server error' }, 500);
     }
   });
@@ -449,6 +534,35 @@ export function createApp(storage: Storage, config: Config) {
     }
   });
 
+  /**
+   * GET /offers/:offerId
+   * Get offer details (added for completeness)
+   */
+  app.get('/offers/:offerId', authMiddleware, async (c) => {
+    try {
+      const offerId = c.req.param('offerId');
+      const offer = await storage.getOfferById(offerId);
+
+      if (!offer) {
+        return c.json({ error: 'Offer not found' }, 404);
+      }
+
+      return c.json({
+        id: offer.id,
+        peerId: offer.peerId,
+        sdp: offer.sdp,
+        createdAt: offer.createdAt,
+        expiresAt: offer.expiresAt,
+        answererPeerId: offer.answererPeerId,
+        answered: !!offer.answererPeerId,
+        answerSdp: offer.answerSdp
+      }, 200);
+    } catch (err) {
+      console.error('Error getting offer:', err);
+      return c.json({ error: 'Internal server error' }, 500);
+    }
+  });
+
   /**
    * DELETE /offers/:offerId
    * Delete an offer
@@ -509,24 +623,38 @@ export function createApp(storage: Storage, config: Config) {
   });
 
   /**
-   * GET /offers/answers
-   * Get answers for authenticated peer's offers
+   * GET /offers/:offerId/answer
+   * Get answer for a specific offer (RESTful endpoint)
    */
-  app.get('/offers/answers', authMiddleware, async (c) => {
+  app.get('/offers/:offerId/answer', authMiddleware, async (c) => {
     try {
+      const offerId = c.req.param('offerId');
       const peerId = getAuthenticatedPeerId(c);
-      const offers = await storage.getAnsweredOffers(peerId);
+
+      const offer = await storage.getOfferById(offerId);
+
+      if (!offer) {
+        return c.json({ error: 'Offer not found' }, 404);
+      }
+
+      // Verify ownership
+      if (offer.peerId !== peerId) {
+        return c.json({ error: 'Not authorized to view this answer' }, 403);
+      }
+
+      // Check if answered
+      if (!offer.answererPeerId || !offer.answerSdp) {
+        return c.json({ error: 'Offer not yet answered' }, 404);
+      }
 
       return c.json({
-        answers: offers.map(offer => ({
-          offerId: offer.id,
-          answererPeerId: offer.answererPeerId,
-          answerSdp: offer.answerSdp,
-          answeredAt: offer.answeredAt
-        }))
+        offerId: offer.id,
+        answererId: offer.answererPeerId,
+        sdp: offer.answerSdp,
+        answeredAt: offer.answeredAt
       }, 200);
     } catch (err) {
-      console.error('Error getting answers:', err);
+      console.error('Error getting answer:', err);
       return c.json({ error: 'Internal server error' }, 500);
     }
   });

package/src/config.ts

@@ -16,7 +16,6 @@ export interface Config {
   offerMinTtl: number;
   cleanupInterval: number;
   maxOffersPerRequest: number;
-  maxTopicsPerOffer: number;
 }
 
 /**
@@ -45,7 +44,6 @@ export function loadConfig(): Config {
     offerMaxTtl: parseInt(process.env.OFFER_MAX_TTL || '86400000', 10),
     offerMinTtl: parseInt(process.env.OFFER_MIN_TTL || '60000', 10),
     cleanupInterval: parseInt(process.env.CLEANUP_INTERVAL || '60000', 10),
-    maxOffersPerRequest: parseInt(process.env.MAX_OFFERS_PER_REQUEST || '100', 10),
-    maxTopicsPerOffer: parseInt(process.env.MAX_TOPICS_PER_OFFER || '50', 10),
+    maxOffersPerRequest: parseInt(process.env.MAX_OFFERS_PER_REQUEST || '100', 10)
   };
 }