@xtr-dev/rondevu-server 0.2.3 → 0.3.0

package/src/crypto.ts

@@ -228,6 +228,60 @@ export function validateServiceFqn(fqn: string): { valid: boolean; error?: strin
   return { valid: true };
 }
 
+/**
+ * Parse semantic version string into components
+ */
+export function parseVersion(version: string): { major: number; minor: number; patch: number; prerelease?: string } | null {
+  const match = version.match(/^([0-9]+)\.([0-9]+)\.([0-9]+)(-[a-z0-9.-]+)?$/);
+  if (!match) return null;
+
+  return {
+    major: parseInt(match[1], 10),
+    minor: parseInt(match[2], 10),
+    patch: parseInt(match[3], 10),
+    prerelease: match[4]?.substring(1), // Remove leading dash
+  };
+}
+
+/**
+ * Check if two versions are compatible (same major version)
+ * Following semver rules: ^1.0.0 matches 1.x.x but not 2.x.x
+ */
+export function isVersionCompatible(requested: string, available: string): boolean {
+  const req = parseVersion(requested);
+  const avail = parseVersion(available);
+
+  if (!req || !avail) return false;
+
+  // Major version must match
+  if (req.major !== avail.major) return false;
+
+  // If major is 0, minor must also match (0.x.y is unstable)
+  if (req.major === 0 && req.minor !== avail.minor) return false;
+
+  // Available version must be >= requested version
+  if (avail.minor < req.minor) return false;
+  if (avail.minor === req.minor && avail.patch < req.patch) return false;
+
+  // Prerelease versions are only compatible with exact matches
+  if (req.prerelease && req.prerelease !== avail.prerelease) return false;
+
+  return true;
+}
+
+/**
+ * Parse service FQN into service name and version
+ */
+export function parseServiceFqn(fqn: string): { serviceName: string; version: string } | null {
+  const parts = fqn.split('@');
+  if (parts.length !== 2) return null;
+
+  return {
+    serviceName: parts[0],
+    version: parts[1],
+  };
+}
+
 /**
  * Validates timestamp is within acceptable range (prevents replay attacks)
  */
@@ -317,3 +371,46 @@ export async function validateUsernameClaim(
 
   return { valid: true };
 }
+
+/**
+ * Validates a service publish signature
+ * Message format: publish:{username}:{serviceFqn}:{timestamp}
+ */
+export async function validateServicePublish(
+  username: string,
+  serviceFqn: string,
+  publicKey: string,
+  signature: string,
+  message: string
+): Promise<{ valid: boolean; error?: string }> {
+  // Validate username format
+  const usernameCheck = validateUsername(username);
+  if (!usernameCheck.valid) {
+    return usernameCheck;
+  }
+
+  // Parse message format: "publish:{username}:{serviceFqn}:{timestamp}"
+  const parts = message.split(':');
+  if (parts.length !== 4 || parts[0] !== 'publish' || parts[1] !== username || parts[2] !== serviceFqn) {
+    return { valid: false, error: 'Invalid message format (expected: publish:{username}:{serviceFqn}:{timestamp})' };
+  }
+
+  const timestamp = parseInt(parts[3], 10);
+  if (isNaN(timestamp)) {
+    return { valid: false, error: 'Invalid timestamp in message' };
+  }
+
+  // Validate timestamp
+  const timestampCheck = validateTimestamp(timestamp);
+  if (!timestampCheck.valid) {
+    return timestampCheck;
+  }
+
+  // Verify signature
+  const signatureValid = await verifyEd25519Signature(publicKey, signature, message);
+  if (!signatureValid) {
+    return { valid: false, error: 'Invalid signature' };
+  }
+
+  return { valid: true };
+}

package/src/index.ts

@@ -20,7 +20,6 @@ async function main() {
     offerMinTtl: `${config.offerMinTtl}ms`,
     cleanupInterval: `${config.cleanupInterval}ms`,
     maxOffersPerRequest: config.maxOffersPerRequest,
-    maxTopicsPerOffer: config.maxTopicsPerOffer,
     corsOrigins: config.corsOrigins,
     version: config.version,
   });

package/src/storage/d1.ts

@@ -34,7 +34,7 @@ export class D1Storage implements Storage {
    */
   async initializeDatabase(): Promise<void> {
     await this.db.exec(`
-      -- Offers table (no topics)
+      -- WebRTC signaling offers
       CREATE TABLE IF NOT EXISTS offers (
         id TEXT PRIMARY KEY,
         peer_id TEXT NOT NULL,
@@ -125,7 +125,7 @@ export class D1Storage implements Storage {
 
     // D1 doesn't support true transactions yet, so we do this sequentially
     for (const offer of offers) {
-      const id = offer.id || await generateOfferHash(offer.sdp, []);
+      const id = offer.id || await generateOfferHash(offer.sdp);
       const now = Date.now();
 
       await this.db.prepare(`
@@ -401,6 +401,7 @@ export class D1Storage implements Storage {
   async createService(request: CreateServiceRequest): Promise<{
     service: Service;
     indexUuid: string;
+    offers: Offer[];
   }> {
     const serviceId = crypto.randomUUID();
     const indexUuid = crypto.randomUUID();
@@ -408,13 +409,12 @@ export class D1Storage implements Storage {
 
     // Insert service
     await this.db.prepare(`
-      INSERT INTO services (id, username, service_fqn, offer_id, created_at, expires_at, is_public, metadata)
-      VALUES (?, ?, ?, ?, ?, ?, ?, ?)
+      INSERT INTO services (id, username, service_fqn, created_at, expires_at, is_public, metadata)
+      VALUES (?, ?, ?, ?, ?, ?, ?)
     `).bind(
       serviceId,
       request.username,
       request.serviceFqn,
-      request.offerId,
       now,
       request.expiresAt,
       request.isPublic ? 1 : 0,
@@ -434,6 +434,13 @@ export class D1Storage implements Storage {
       request.expiresAt
     ).run();
 
+    // Create offers with serviceId
+    const offerRequests = request.offers.map(offer => ({
+      ...offer,
+      serviceId,
+    }));
+    const offers = await this.createOffers(offerRequests);
+
     // Touch username to extend expiry
     await this.touchUsername(request.username);
 
@@ -442,16 +449,43 @@ export class D1Storage implements Storage {
         id: serviceId,
         username: request.username,
         serviceFqn: request.serviceFqn,
-        offerId: request.offerId,
         createdAt: now,
         expiresAt: request.expiresAt,
         isPublic: request.isPublic || false,
         metadata: request.metadata,
       },
       indexUuid,
+      offers,
     };
   }
 
+  async batchCreateServices(requests: CreateServiceRequest[]): Promise<Array<{
+    service: Service;
+    indexUuid: string;
+    offers: Offer[];
+  }>> {
+    const results = [];
+    for (const request of requests) {
+      const result = await this.createService(request);
+      results.push(result);
+    }
+    return results;
+  }
+
+  async getOffersForService(serviceId: string): Promise<Offer[]> {
+    const result = await this.db.prepare(`
+      SELECT * FROM offers
+      WHERE service_id = ? AND expires_at > ?
+      ORDER BY created_at ASC
+    `).bind(serviceId, Date.now()).all();
+
+    if (!result.results) {
+      return [];
+    }
+
+    return result.results.map(row => this.rowToOffer(row as any));
+  }
+
   async getServiceById(serviceId: string): Promise<Service | null> {
     const result = await this.db.prepare(`
       SELECT * FROM services
@@ -510,6 +544,20 @@ export class D1Storage implements Storage {
     return result ? (result as any).uuid : null;
   }
 
+  async findServicesByName(username: string, serviceName: string): Promise<Service[]> {
+    const result = await this.db.prepare(`
+      SELECT * FROM services
+      WHERE username = ? AND service_fqn LIKE ? AND expires_at > ?
+      ORDER BY created_at DESC
+    `).bind(username, `${serviceName}@%`, Date.now()).all();
+
+    if (!result.results) {
+      return [];
+    }
+
+    return result.results.map(row => this.rowToService(row as any));
+  }
+
   async deleteService(serviceId: string, username: string): Promise<boolean> {
     const result = await this.db.prepare(`
       DELETE FROM services
@@ -560,7 +608,6 @@ export class D1Storage implements Storage {
       id: row.id,
       username: row.username,
       serviceFqn: row.service_fqn,
-      offerId: row.offer_id,
       createdAt: row.created_at,
       expiresAt: row.expires_at,
       isPublic: row.is_public === 1,

package/src/storage/hash-id.ts

@@ -1,22 +1,17 @@
 /**
  * Generates a content-based offer ID using SHA-256 hash
- * Creates deterministic IDs based on offer content (sdp, topics)
+ * Creates deterministic IDs based on offer SDP content
  * PeerID is not included as it's inferred from authentication
  * Uses Web Crypto API for compatibility with both Node.js and Cloudflare Workers
  *
  * @param sdp - The WebRTC SDP offer
- * @param topics - Array of topic strings
- * @returns SHA-256 hash of the sanitized offer content
+ * @returns SHA-256 hash of the SDP content
  */
-export async function generateOfferHash(
-  sdp: string,
-  topics: string[]
-): Promise<string> {
+export async function generateOfferHash(sdp: string): Promise<string> {
   // Sanitize and normalize the offer content
   // Only include core offer content (not peerId - that's inferred from auth)
   const sanitizedOffer = {
-    sdp,
-    topics: [...topics].sort(), // Sort topics for consistency
+    sdp
   };
 
   // Create non-prettified JSON string

package/src/storage/sqlite.ts

@@ -36,10 +36,11 @@ export class SQLiteStorage implements Storage {
    */
   private initializeDatabase(): void {
     this.db.exec(`
-      -- Offers table (no topics)
+      -- WebRTC signaling offers
       CREATE TABLE IF NOT EXISTS offers (
         id TEXT PRIMARY KEY,
         peer_id TEXT NOT NULL,
+        service_id TEXT,
         sdp TEXT NOT NULL,
         created_at INTEGER NOT NULL,
         expires_at INTEGER NOT NULL,
@@ -47,10 +48,12 @@ export class SQLiteStorage implements Storage {
         secret TEXT,
         answerer_peer_id TEXT,
         answer_sdp TEXT,
-        answered_at INTEGER
+        answered_at INTEGER,
+        FOREIGN KEY (service_id) REFERENCES services(id) ON DELETE CASCADE
       );
 
       CREATE INDEX IF NOT EXISTS idx_offers_peer ON offers(peer_id);
+      CREATE INDEX IF NOT EXISTS idx_offers_service ON offers(service_id);
       CREATE INDEX IF NOT EXISTS idx_offers_expires ON offers(expires_at);
       CREATE INDEX IF NOT EXISTS idx_offers_last_seen ON offers(last_seen);
       CREATE INDEX IF NOT EXISTS idx_offers_answerer ON offers(answerer_peer_id);
@@ -84,25 +87,22 @@ export class SQLiteStorage implements Storage {
       CREATE INDEX IF NOT EXISTS idx_usernames_expires ON usernames(expires_at);
       CREATE INDEX IF NOT EXISTS idx_usernames_public_key ON usernames(public_key);
 
-      -- Services table
+      -- Services table (one service can have multiple offers)
       CREATE TABLE IF NOT EXISTS services (
         id TEXT PRIMARY KEY,
         username TEXT NOT NULL,
         service_fqn TEXT NOT NULL,
-        offer_id TEXT NOT NULL,
         created_at INTEGER NOT NULL,
         expires_at INTEGER NOT NULL,
         is_public INTEGER NOT NULL DEFAULT 0,
         metadata TEXT,
         FOREIGN KEY (username) REFERENCES usernames(username) ON DELETE CASCADE,
-        FOREIGN KEY (offer_id) REFERENCES offers(id) ON DELETE CASCADE,
         UNIQUE(username, service_fqn)
       );
 
       CREATE INDEX IF NOT EXISTS idx_services_username ON services(username);
       CREATE INDEX IF NOT EXISTS idx_services_fqn ON services(service_fqn);
       CREATE INDEX IF NOT EXISTS idx_services_expires ON services(expires_at);
-      CREATE INDEX IF NOT EXISTS idx_services_offer ON services(offer_id);
 
       -- Service index table (privacy layer)
       CREATE TABLE IF NOT EXISTS service_index (
@@ -132,15 +132,15 @@ export class SQLiteStorage implements Storage {
     const offersWithIds = await Promise.all(
       offers.map(async (offer) => ({
         ...offer,
-        id: offer.id || await generateOfferHash(offer.sdp, []),
+        id: offer.id || await generateOfferHash(offer.sdp),
       }))
     );
 
     // Use transaction for atomic creation
     const transaction = this.db.transaction((offersWithIds: (CreateOfferRequest & { id: string })[]) => {
       const offerStmt = this.db.prepare(`
-        INSERT INTO offers (id, peer_id, sdp, created_at, expires_at, last_seen, secret)
-        VALUES (?, ?, ?, ?, ?, ?, ?)
+        INSERT INTO offers (id, peer_id, service_id, sdp, created_at, expires_at, last_seen, secret)
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?)
       `);
 
       for (const offer of offersWithIds) {
@@ -150,6 +150,7 @@ export class SQLiteStorage implements Storage {
         offerStmt.run(
           offer.id,
           offer.peerId,
+          offer.serviceId || null,
           offer.sdp,
           now,
           offer.expiresAt,
@@ -160,6 +161,7 @@ export class SQLiteStorage implements Storage {
         created.push({
           id: offer.id,
           peerId: offer.peerId,
+          serviceId: offer.serviceId || undefined,
           sdp: offer.sdp,
           createdAt: now,
           expiresAt: offer.expiresAt,
@@ -426,23 +428,31 @@ export class SQLiteStorage implements Storage {
   async createService(request: CreateServiceRequest): Promise<{
     service: Service;
     indexUuid: string;
+    offers: Offer[];
   }> {
     const serviceId = randomUUID();
     const indexUuid = randomUUID();
     const now = Date.now();
 
+    // Create offers with serviceId
+    const offerRequests: CreateOfferRequest[] = request.offers.map(offer => ({
+      ...offer,
+      serviceId,
+    }));
+
+    const offers = await this.createOffers(offerRequests);
+
     const transaction = this.db.transaction(() => {
-      // Insert service
+      // Insert service (no offer_id column anymore)
       const serviceStmt = this.db.prepare(`
-        INSERT INTO services (id, username, service_fqn, offer_id, created_at, expires_at, is_public, metadata)
-        VALUES (?, ?, ?, ?, ?, ?, ?, ?)
+        INSERT INTO services (id, username, service_fqn, created_at, expires_at, is_public, metadata)
+        VALUES (?, ?, ?, ?, ?, ?, ?)
       `);
 
       serviceStmt.run(
         serviceId,
         request.username,
         request.serviceFqn,
-        request.offerId,
         now,
         request.expiresAt,
         request.isPublic ? 1 : 0,
@@ -475,16 +485,31 @@ export class SQLiteStorage implements Storage {
         id: serviceId,
         username: request.username,
         serviceFqn: request.serviceFqn,
-        offerId: request.offerId,
         createdAt: now,
         expiresAt: request.expiresAt,
         isPublic: request.isPublic || false,
         metadata: request.metadata,
       },
       indexUuid,
+      offers,
     };
   }
 
+  async batchCreateServices(requests: CreateServiceRequest[]): Promise<Array<{
+    service: Service;
+    indexUuid: string;
+    offers: Offer[];
+  }>> {
+    const results = [];
+
+    for (const request of requests) {
+      const result = await this.createService(request);
+      results.push(result);
+    }
+
+    return results;
+  }
+
   async getServiceById(serviceId: string): Promise<Service | null> {
     const stmt = this.db.prepare(`
       SELECT * FROM services
@@ -547,6 +572,18 @@ export class SQLiteStorage implements Storage {
     return row ? row.uuid : null;
   }
 
+  async findServicesByName(username: string, serviceName: string): Promise<Service[]> {
+    const stmt = this.db.prepare(`
+      SELECT * FROM services
+      WHERE username = ? AND service_fqn LIKE ? AND expires_at > ?
+      ORDER BY created_at DESC
+    `);
+
+    const rows = stmt.all(username, `${serviceName}@%`, Date.now()) as any[];
+
+    return rows.map(row => this.rowToService(row));
+  }
+
   async deleteService(serviceId: string, username: string): Promise<boolean> {
     const stmt = this.db.prepare(`
       DELETE FROM services
@@ -576,6 +613,7 @@ export class SQLiteStorage implements Storage {
     return {
       id: row.id,
       peerId: row.peer_id,
+      serviceId: row.service_id || undefined,
       sdp: row.sdp,
       createdAt: row.created_at,
       expiresAt: row.expires_at,
@@ -595,11 +633,24 @@ export class SQLiteStorage implements Storage {
       id: row.id,
       username: row.username,
       serviceFqn: row.service_fqn,
-      offerId: row.offer_id,
       createdAt: row.created_at,
       expiresAt: row.expires_at,
       isPublic: row.is_public === 1,
       metadata: row.metadata || undefined,
     };
   }
+
+  /**
+   * Get all offers for a service
+   */
+  async getOffersForService(serviceId: string): Promise<Offer[]> {
+    const stmt = this.db.prepare(`
+      SELECT * FROM offers
+      WHERE service_id = ? AND expires_at > ?
+      ORDER BY created_at ASC
+    `);
+
+    const rows = stmt.all(serviceId, Date.now()) as any[];
+    return rows.map(row => this.rowToOffer(row));
+  }
 }

package/src/storage/types.ts

@@ -1,15 +1,15 @@
 /**
- * Represents a WebRTC signaling offer (no topics)
+ * Represents a WebRTC signaling offer
  */
 export interface Offer {
   id: string;
   peerId: string;
+  serviceId?: string; // Optional link to service (null for standalone offers)
   sdp: string;
   createdAt: number;
   expiresAt: number;
   lastSeen: number;
   secret?: string;
-  info?: string;
   answererPeerId?: string;
   answerSdp?: string;
   answeredAt?: number;
@@ -34,10 +34,10 @@ export interface IceCandidate {
 export interface CreateOfferRequest {
   id?: string;
   peerId: string;
+  serviceId?: string; // Optional link to service
   sdp: string;
   expiresAt: number;
   secret?: string;
-  info?: string;
 }
 
 /**
@@ -63,13 +63,12 @@ export interface ClaimUsernameRequest {
 }
 
 /**
- * Represents a published service
+ * Represents a published service (can have multiple offers)
  */
 export interface Service {
   id: string; // UUID v4
   username: string;
   serviceFqn: string; // com.example.chat@1.0.0
-  offerId: string; // Links to offers table
   createdAt: number;
   expiresAt: number;
   isPublic: boolean;
@@ -77,15 +76,22 @@ export interface Service {
 }
 
 /**
- * Request to create a service
+ * Request to create a single service
  */
 export interface CreateServiceRequest {
   username: string;
   serviceFqn: string;
-  offerId: string;
   expiresAt: number;
   isPublic?: boolean;
   metadata?: string;
+  offers: CreateOfferRequest[]; // Multiple offers per service
+}
+
+/**
+ * Request to create multiple services in batch
+ */
+export interface BatchCreateServicesRequest {
+  services: CreateServiceRequest[];
 }
 
 /**
@@ -236,15 +242,34 @@ export interface Storage {
   // ===== Service Management =====
 
   /**
-   * Creates a new service
-   * @param request Service creation request
-   * @returns Created service with generated ID and index UUID
+   * Creates a new service with offers
+   * @param request Service creation request (includes offers)
+   * @returns Created service with generated ID, index UUID, and created offers
    */
   createService(request: CreateServiceRequest): Promise<{
     service: Service;
     indexUuid: string;
+    offers: Offer[];
   }>;
 
+  /**
+   * Creates multiple services with offers in batch
+   * @param requests Array of service creation requests
+   * @returns Array of created services with IDs, UUIDs, and offers
+   */
+  batchCreateServices(requests: CreateServiceRequest[]): Promise<Array<{
+    service: Service;
+    indexUuid: string;
+    offers: Offer[];
+  }>>;
+
+  /**
+   * Gets all offers for a service
+   * @param serviceId Service ID
+   * @returns Array of offers for the service
+   */
+  getOffersForService(serviceId: string): Promise<Offer[]>;
+
   /**
    * Gets a service by its service ID
    * @param serviceId Service ID
@@ -274,6 +299,14 @@ export interface Storage {
    */
   queryService(username: string, serviceFqn: string): Promise<string | null>;
 
+  /**
+   * Finds all services by username and service name (without version)
+   * @param username Username
+   * @param serviceName Service name (e.g., 'com.example.chat')
+   * @returns Array of services with matching service name
+   */
+  findServicesByName(username: string, serviceName: string): Promise<Service[]>;
+
   /**
    * Deletes a service (with ownership verification)
    * @param serviceId Service ID

package/src/worker.ts

@@ -13,7 +13,6 @@ export interface Env {
   OFFER_MAX_TTL?: string;
   OFFER_MIN_TTL?: string;
   MAX_OFFERS_PER_REQUEST?: string;
-  MAX_TOPICS_PER_OFFER?: string;
   CORS_ORIGINS?: string;
   VERSION?: string;
 }
@@ -43,8 +42,7 @@ export default {
       offerMaxTtl: env.OFFER_MAX_TTL ? parseInt(env.OFFER_MAX_TTL, 10) : 86400000,
       offerMinTtl: env.OFFER_MIN_TTL ? parseInt(env.OFFER_MIN_TTL, 10) : 60000,
       cleanupInterval: 60000, // Not used in Workers (scheduled handler instead)
-      maxOffersPerRequest: env.MAX_OFFERS_PER_REQUEST ? parseInt(env.MAX_OFFERS_PER_REQUEST, 10) : 100,
-      maxTopicsPerOffer: env.MAX_TOPICS_PER_OFFER ? parseInt(env.MAX_TOPICS_PER_OFFER, 10) : 50,
+      maxOffersPerRequest: env.MAX_OFFERS_PER_REQUEST ? parseInt(env.MAX_OFFERS_PER_REQUEST, 10) : 100
     };
 
     // Create Hono app

package/src/bloom.ts

@@ -1,66 +0,0 @@
-/**
- * Bloom filter utility for testing if peer IDs might be in a set
- * Used to filter out known peers from discovery results
- */
-
-export class BloomFilter {
-  private bits: Uint8Array;
-  private size: number;
-  private numHashes: number;
-
-  /**
-   * Creates a bloom filter from a base64 encoded bit array
-   */
-  constructor(base64Data: string, numHashes: number = 3) {
-    // Decode base64 to Uint8Array (works in both Node.js and Workers)
-    const binaryString = atob(base64Data);
-    const bytes = new Uint8Array(binaryString.length);
-    for (let i = 0; i < binaryString.length; i++) {
-      bytes[i] = binaryString.charCodeAt(i);
-    }
-    this.bits = bytes;
-    this.size = this.bits.length * 8;
-    this.numHashes = numHashes;
-  }
-
-  /**
-   * Test if a peer ID might be in the filter
-   * Returns true if possibly in set, false if definitely not in set
-   */
-  test(peerId: string): boolean {
-    for (let i = 0; i < this.numHashes; i++) {
-      const hash = this.hash(peerId, i);
-      const index = hash % this.size;
-      const byteIndex = Math.floor(index / 8);
-      const bitIndex = index % 8;
-
-      if (!(this.bits[byteIndex] & (1 << bitIndex))) {
-        return false;
-      }
-    }
-    return true;
-  }
-
-  /**
-   * Simple hash function (FNV-1a variant)
-   */
-  private hash(str: string, seed: number): number {
-    let hash = 2166136261 ^ seed;
-    for (let i = 0; i < str.length; i++) {
-      hash ^= str.charCodeAt(i);
-      hash += (hash << 1) + (hash << 4) + (hash << 7) + (hash << 8) + (hash << 24);
-    }
-    return hash >>> 0;
-  }
-}
-
-/**
- * Helper to parse bloom filter from base64 string
- */
-export function parseBloomFilter(base64: string): BloomFilter | null {
-  try {
-    return new BloomFilter(base64);
-  } catch {
-    return null;
-  }
-}