@xtr-dev/rondevu-server 0.4.0 → 0.5.1

package/src/config.ts

@@ -1,5 +1,3 @@
-import { generateSecretKey } from './crypto.ts';
-
 /**
  * Application configuration
  * Reads from environment variables with sensible defaults
@@ -10,7 +8,6 @@ export interface Config {
   storagePath: string;
   corsOrigins: string[];
   version: string;
-  authSecret: string;
   offerDefaultTtl: number;
   offerMaxTtl: number;
   offerMinTtl: number;
@@ -22,15 +19,6 @@ export interface Config {
  * Loads configuration from environment variables
  */
 export function loadConfig(): Config {
-  // Generate or load auth secret
-  let authSecret = process.env.AUTH_SECRET;
-  if (!authSecret) {
-    authSecret = generateSecretKey();
-    console.warn('WARNING: No AUTH_SECRET provided. Generated temporary secret:', authSecret);
-    console.warn('All peer credentials will be invalidated on server restart.');
-    console.warn('Set AUTH_SECRET environment variable to persist credentials across restarts.');
-  }
-
   return {
     port: parseInt(process.env.PORT || '3000', 10),
     storageType: (process.env.STORAGE_TYPE || 'sqlite') as 'sqlite' | 'memory',
@@ -39,7 +27,6 @@ export function loadConfig(): Config {
       ? process.env.CORS_ORIGINS.split(',').map(o => o.trim())
       : ['*'],
     version: process.env.VERSION || 'unknown',
-    authSecret,
     offerDefaultTtl: parseInt(process.env.OFFER_DEFAULT_TTL || '60000', 10),
     offerMaxTtl: parseInt(process.env.OFFER_MAX_TTL || '86400000', 10),
     offerMinTtl: parseInt(process.env.OFFER_MIN_TTL || '60000', 10),

package/src/crypto.ts

@@ -1,10 +1,11 @@
 /**
- * Crypto utilities for stateless peer authentication
- * Uses Web Crypto API for compatibility with both Node.js and Cloudflare Workers
+ * Crypto utilities for Ed25519-based authentication
  * Uses @noble/ed25519 for Ed25519 signature verification
+ * Uses Web Crypto API for compatibility with both Node.js and Cloudflare Workers
  */
 
 import * as ed25519 from '@noble/ed25519';
+import { Buffer } from 'node:buffer';
 
 // Set SHA-512 hash function for ed25519 (required in @noble/ed25519 v3+)
 // Uses Web Crypto API (compatible with both Node.js and Cloudflare Workers)
@@ -12,10 +13,6 @@ ed25519.hashes.sha512Async = async (message: Uint8Array) => {
   return new Uint8Array(await crypto.subtle.digest('SHA-512', message as BufferSource));
 };
 
-const ALGORITHM = 'AES-GCM';
-const IV_LENGTH = 12; // 96 bits for GCM
-const KEY_LENGTH = 32; // 256 bits
-
 // Username validation
 const USERNAME_REGEX = /^[a-z0-9][a-z0-9-]*[a-z0-9]$/;
 const USERNAME_MIN_LENGTH = 3;
@@ -25,144 +22,68 @@ const USERNAME_MAX_LENGTH = 32;
 const TIMESTAMP_TOLERANCE_MS = 5 * 60 * 1000;
 
 /**
- * Generates a random peer ID (16 bytes = 32 hex chars)
- */
-export function generatePeerId(): string {
-  const bytes = crypto.getRandomValues(new Uint8Array(16));
-  return Array.from(bytes).map(b => b.toString(16).padStart(2, '0')).join('');
-}
-
-/**
- * Generates a random secret key for encryption (32 bytes = 64 hex chars)
- */
-export function generateSecretKey(): string {
-  const bytes = crypto.getRandomValues(new Uint8Array(KEY_LENGTH));
-  return Array.from(bytes).map(b => b.toString(16).padStart(2, '0')).join('');
-}
-
-/**
- * Convert hex string to Uint8Array
+ * Generates an anonymous username for users who don't want to claim one
+ * Format: anon-{timestamp}-{random}
+ * This reduces collision probability to near-zero
  */
-function hexToBytes(hex: string): Uint8Array {
-  const bytes = new Uint8Array(hex.length / 2);
-  for (let i = 0; i < hex.length; i += 2) {
-    bytes[i / 2] = parseInt(hex.substring(i, i + 2), 16);
-  }
-  return bytes;
+export function generateAnonymousUsername(): string {
+  const timestamp = Date.now().toString(36);
+  const random = crypto.getRandomValues(new Uint8Array(3));
+  const hex = Array.from(random).map(b => b.toString(16).padStart(2, '0')).join('');
+  return `anon-${timestamp}-${hex}`;
 }
 
 /**
  * Convert Uint8Array to base64 string
+ * Uses Buffer for compatibility with Node.js-based clients
  */
 function bytesToBase64(bytes: Uint8Array): string {
-  const binString = Array.from(bytes, (byte) =>
-    String.fromCodePoint(byte)
-  ).join('');
-  return btoa(binString);
+  return Buffer.from(bytes).toString('base64');
 }
 
 /**
  * Convert base64 string to Uint8Array
+ * Uses Buffer for compatibility with Node.js-based clients
  */
 function base64ToBytes(base64: string): Uint8Array {
-  const binString = atob(base64);
-  return Uint8Array.from(binString, (char) => char.codePointAt(0)!);
+  return new Uint8Array(Buffer.from(base64, 'base64'));
 }
 
 /**
- * Encrypts a peer ID using the server secret key
- * Returns base64-encoded encrypted data (IV + ciphertext)
+ * Validates a generic auth message format
+ * Expected format: action:username:params:timestamp
+ * Validates that the message contains the expected username and has a valid timestamp
  */
-export async function encryptPeerId(peerId: string, secretKeyHex: string): Promise<string> {
-  const keyBytes = hexToBytes(secretKeyHex);
+export function validateAuthMessage(
+  expectedUsername: string,
+  message: string
+): { valid: boolean; error?: string } {
+  const parts = message.split(':');
 
-  if (keyBytes.length !== KEY_LENGTH) {
-    throw new Error(`Secret key must be ${KEY_LENGTH * 2} hex characters (${KEY_LENGTH} bytes)`);
+  if (parts.length < 3) {
+    return { valid: false, error: 'Invalid message format: must have at least action:username:timestamp' };
   }
 
-  // Import key
-  const key = await crypto.subtle.importKey(
-    'raw',
-    keyBytes,
-    { name: ALGORITHM, length: 256 },
-    false,
-    ['encrypt']
-  );
-
-  // Generate random IV
-  const iv = crypto.getRandomValues(new Uint8Array(IV_LENGTH));
-
-  // Encrypt peer ID
-  const encoder = new TextEncoder();
-  const data = encoder.encode(peerId);
-
-  const encrypted = await crypto.subtle.encrypt(
-    { name: ALGORITHM, iv },
-    key,
-    data
-  );
-
-  // Combine IV + ciphertext and encode as base64
-  const combined = new Uint8Array(iv.length + encrypted.byteLength);
-  combined.set(iv, 0);
-  combined.set(new Uint8Array(encrypted), iv.length);
-
-  return bytesToBase64(combined);
-}
+  // Extract username (second part) and timestamp (last part)
+  const messageUsername = parts[1];
+  const timestamp = parseInt(parts[parts.length - 1], 10);
 
-/**
- * Decrypts an encrypted peer ID secret
- * Returns the plaintext peer ID or throws if decryption fails
- */
-export async function decryptPeerId(encryptedSecret: string, secretKeyHex: string): Promise<string> {
-  try {
-    const keyBytes = hexToBytes(secretKeyHex);
-
-    if (keyBytes.length !== KEY_LENGTH) {
-      throw new Error(`Secret key must be ${KEY_LENGTH * 2} hex characters (${KEY_LENGTH} bytes)`);
-    }
+  // Validate username matches
+  if (messageUsername !== expectedUsername) {
+    return { valid: false, error: 'Username in message does not match authenticated username' };
+  }
 
-    // Decode base64
-    const combined = base64ToBytes(encryptedSecret);
-
-    // Extract IV and ciphertext
-    const iv = combined.slice(0, IV_LENGTH);
-    const ciphertext = combined.slice(IV_LENGTH);
-
-    // Import key
-    const key = await crypto.subtle.importKey(
-      'raw',
-      keyBytes,
-      { name: ALGORITHM, length: 256 },
-      false,
-      ['decrypt']
-    );
-
-    // Decrypt
-    const decrypted = await crypto.subtle.decrypt(
-      { name: ALGORITHM, iv },
-      key,
-      ciphertext
-    );
-
-    const decoder = new TextDecoder();
-    return decoder.decode(decrypted);
-  } catch (err) {
-    throw new Error('Failed to decrypt peer ID: invalid secret or secret key');
+  // Validate timestamp
+  if (isNaN(timestamp)) {
+    return { valid: false, error: 'Invalid timestamp in message' };
   }
-}
 
-/**
- * Validates that a peer ID and secret match
- * Returns true if valid, false otherwise
- */
-export async function validateCredentials(peerId: string, encryptedSecret: string, secretKey: string): Promise<boolean> {
-  try {
-    const decryptedPeerId = await decryptPeerId(encryptedSecret, secretKey);
-    return decryptedPeerId === peerId;
-  } catch {
-    return false;
+  const timestampCheck = validateTimestamp(timestamp);
+  if (!timestampCheck.valid) {
+    return timestampCheck;
   }
+
+  return { valid: true };
 }
 
 // ===== Username and Ed25519 Signature Utilities =====
@@ -192,31 +113,32 @@ export function validateUsername(username: string): { valid: boolean; error?: st
 }
 
 /**
- * Validates service FQN format (service-name@version)
- * Service name: reverse domain notation (com.example.service)
+ * Validates service FQN format (service:version@username or service:version)
+ * Service name: lowercase alphanumeric with dots/dashes (e.g., chat, file-share, com.example.chat)
  * Version: semantic versioning (1.0.0, 2.1.3-beta, etc.)
+ * Username: optional, lowercase alphanumeric with dashes
  */
 export function validateServiceFqn(fqn: string): { valid: boolean; error?: string } {
   if (typeof fqn !== 'string') {
     return { valid: false, error: 'Service FQN must be a string' };
   }
 
-  // Split into service name and version
-  const parts = fqn.split('@');
-  if (parts.length !== 2) {
-    return { valid: false, error: 'Service FQN must be in format: service-name@version' };
+  // Parse the FQN
+  const parsed = parseServiceFqn(fqn);
+  if (!parsed) {
+    return { valid: false, error: 'Service FQN must be in format: service:version[@username]' };
   }
 
-  const [serviceName, version] = parts;
+  const { serviceName, version, username } = parsed;
 
-  // Validate service name (reverse domain notation)
-  const serviceNameRegex = /^[a-z0-9]([a-z0-9-]*[a-z0-9])?(\.[a-z0-9]([a-z0-9-]*[a-z0-9])?)+$/;
+  // Validate service name (alphanumeric with dots/dashes)
+  const serviceNameRegex = /^[a-z0-9]([a-z0-9.-]*[a-z0-9])?$/;
   if (!serviceNameRegex.test(serviceName)) {
-    return { valid: false, error: 'Service name must be reverse domain notation (e.g., com.example.service)' };
+    return { valid: false, error: 'Service name must be lowercase alphanumeric with optional dots/dashes' };
   }
 
-  if (serviceName.length < 3 || serviceName.length > 128) {
-    return { valid: false, error: 'Service name must be 3-128 characters' };
+  if (serviceName.length < 1 || serviceName.length > 128) {
+    return { valid: false, error: 'Service name must be 1-128 characters' };
   }
 
   // Validate version (semantic versioning)
@@ -225,6 +147,14 @@ export function validateServiceFqn(fqn: string): { valid: boolean; error?: strin
     return { valid: false, error: 'Version must be semantic versioning (e.g., 1.0.0, 2.1.3-beta)' };
   }
 
+  // Validate username if present
+  if (username) {
+    const usernameCheck = validateUsername(username);
+    if (!usernameCheck.valid) {
+      return usernameCheck;
+    }
+  }
+
   return { valid: true };
 }
 
@@ -270,15 +200,41 @@ export function isVersionCompatible(requested: string, available: string): boole
 }
 
 /**
- * Parse service FQN into service name and version
+ * Parse service FQN into components
+ * Formats supported:
+ * - service:version@username (e.g., "chat:1.0.0@alice")
+ * - service:version (e.g., "chat:1.0.0") for discovery
  */
-export function parseServiceFqn(fqn: string): { serviceName: string; version: string } | null {
-  const parts = fqn.split('@');
-  if (parts.length !== 2) return null;
+export function parseServiceFqn(fqn: string): { serviceName: string; version: string; username: string | null } | null {
+  if (!fqn || typeof fqn !== 'string') return null;
+
+  // Check if username is present
+  const atIndex = fqn.lastIndexOf('@');
+  let serviceVersion: string;
+  let username: string | null = null;
+
+  if (atIndex > 0) {
+    // Format: service:version@username
+    serviceVersion = fqn.substring(0, atIndex);
+    username = fqn.substring(atIndex + 1);
+  } else {
+    // Format: service:version (no username)
+    serviceVersion = fqn;
+  }
+
+  // Split service:version
+  const colonIndex = serviceVersion.indexOf(':');
+  if (colonIndex <= 0) return null; // No colon or colon at start
+
+  const serviceName = serviceVersion.substring(0, colonIndex);
+  const version = serviceVersion.substring(colonIndex + 1);
+
+  if (!serviceName || !version) return null;
 
   return {
-    serviceName: parts[0],
-    version: parts[1],
+    serviceName,
+    version,
+    username,
   };
 }
 
@@ -390,16 +346,24 @@ export async function validateServicePublish(
   }
 
   // Parse message format: "publish:{username}:{serviceFqn}:{timestamp}"
+  // Note: serviceFqn can contain colons (e.g., "chat:2.0.0@user"), so we need careful parsing
   const parts = message.split(':');
-  if (parts.length !== 4 || parts[0] !== 'publish' || parts[1] !== username || parts[2] !== serviceFqn) {
+  if (parts.length < 4 || parts[0] !== 'publish' || parts[1] !== username) {
     return { valid: false, error: 'Invalid message format (expected: publish:{username}:{serviceFqn}:{timestamp})' };
   }
 
-  const timestamp = parseInt(parts[3], 10);
+  // The timestamp is the last part
+  const timestamp = parseInt(parts[parts.length - 1], 10);
   if (isNaN(timestamp)) {
     return { valid: false, error: 'Invalid timestamp in message' };
   }
 
+  // The serviceFqn is everything between username and timestamp
+  const extractedServiceFqn = parts.slice(2, parts.length - 1).join(':');
+  if (extractedServiceFqn !== serviceFqn) {
+    return { valid: false, error: `Service FQN mismatch (expected: ${serviceFqn}, got: ${extractedServiceFqn})` };
+  }
+
   // Validate timestamp
   const timestampCheck = validateTimestamp(timestamp);
   if (!timestampCheck.valid) {