@xtr-dev/rondevu-server 0.5.1 → 0.5.6

package/src/storage/types.ts

@@ -1,11 +1,10 @@
 /**
- * Represents a WebRTC signaling offer
+ * Represents a WebRTC signaling offer with tags for discovery
  */
 export interface Offer {
   id: string;
   username: string;
-  serviceId?: string; // Optional link to service (null for standalone offers)
-  serviceFqn?: string; // Denormalized service FQN for easier queries
+  tags: string[]; // Tags for discovery (match ANY)
   sdp: string;
   createdAt: number;
   expiresAt: number;
@@ -34,60 +33,46 @@ export interface IceCandidate {
 export interface CreateOfferRequest {
   id?: string;
   username: string;
-  serviceId?: string; // Optional link to service
-  serviceFqn?: string; // Optional service FQN
+  tags: string[]; // Tags for discovery
   sdp: string;
   expiresAt: number;
 }
 
 /**
- * Represents a claimed username with cryptographic proof
+ * Represents a credential (random name + secret pair)
+ * Replaces the old username/publicKey system for simpler authentication
  */
-export interface Username {
-  username: string;
-  publicKey: string; // Base64-encoded Ed25519 public key
-  claimedAt: number;
-  expiresAt: number; // 365 days from claim/last use
+export interface Credential {
+  name: string; // Random name (e.g., "brave-tiger-7a3f")
+  secret: string; // Random secret (API key style)
+  createdAt: number;
+  expiresAt: number; // 365 days from creation/last use
   lastUsed: number;
-  metadata?: string; // JSON optional user metadata
 }
 
 /**
- * Request to claim a username
+ * Request to generate new credentials
  */
-export interface ClaimUsernameRequest {
-  username: string;
-  publicKey: string;
-  signature: string;
-  message: string; // "claim:{username}:{timestamp}"
+export interface GenerateCredentialsRequest {
+  name?: string;      // Optional: claim specific username (must be unique, 4-32 chars)
+  expiresAt?: number; // Optional: override default expiry
 }
 
 /**
- * Represents a published service (can have multiple offers)
- * New format: service:version@username (e.g., chat:1.0.0@alice)
- */
-export interface Service {
-  id: string; // UUID v4
-  serviceFqn: string; // Full FQN: chat:1.0.0@alice
-  serviceName: string; // Extracted: chat
-  version: string; // Extracted: 1.0.0
-  username: string; // Extracted: alice
-  createdAt: number;
-  expiresAt: number;
-}
-
-/**
- * Request to create a single service
- */
-export interface CreateServiceRequest {
-  serviceFqn: string; // Full FQN with username: chat:1.0.0@alice
-  expiresAt: number;
-  offers: CreateOfferRequest[]; // Multiple offers per service
-}
-
-/**
- * Storage interface for rondevu DNS-like system
+ * Storage interface for rondevu signaling system
  * Implementations can use different backends (SQLite, D1, etc.)
+ *
+ * TRUST BOUNDARY: The storage layer assumes inputs are pre-validated by the RPC layer.
+ * This avoids duplication of validation logic across storage backends.
+ * The RPC layer is responsible for:
+ *  - Validating tags format
+ *  - Validating role is 'offerer' or 'answerer'
+ *  - Validating all string parameters are non-empty
+ *  - Validating timestamps and expirations
+ *  - Verifying authentication and authorization
+ *
+ * Storage implementations may add defensive checks for critical invariants,
+ * but should not duplicate all RPC-layer validation.
  */
 export interface Storage {
   // ===== Offer Management =====
@@ -147,6 +132,42 @@ export interface Storage {
    */
   getAnsweredOffers(offererUsername: string): Promise<Offer[]>;
 
+  /**
+   * Retrieves all offers answered by a specific user (where they are the answerer)
+   * @param answererUsername Answerer's username
+   * @returns Array of offers the user has answered
+   */
+  getOffersAnsweredBy(answererUsername: string): Promise<Offer[]>;
+
+  // ===== Discovery =====
+
+  /**
+   * Discovers offers by tags with pagination
+   * Returns available offers (where answerer_username IS NULL) matching ANY of the provided tags
+   * @param tags Array of tags to match (OR logic)
+   * @param excludeUsername Optional username to exclude from results (self-exclusion)
+   * @param limit Maximum number of offers to return
+   * @param offset Number of offers to skip
+   * @returns Array of available offers matching tags
+   */
+  discoverOffers(
+    tags: string[],
+    excludeUsername: string | null,
+    limit: number,
+    offset: number
+  ): Promise<Offer[]>;
+
+  /**
+   * Gets a random available offer matching any of the provided tags
+   * @param tags Array of tags to match (OR logic)
+   * @param excludeUsername Optional username to exclude (self-exclusion)
+   * @returns Random available offer, or null if none found
+   */
+  getRandomOffer(
+    tags: string[],
+    excludeUsername: string | null
+  ): Promise<Offer | null>;
+
   // ===== ICE Candidate Management =====
 
   /**
@@ -177,106 +198,85 @@ export interface Storage {
     since?: number
   ): Promise<IceCandidate[]>;
 
-  // ===== Username Management =====
-
-  /**
-   * Claims a username (or refreshes expiry if already owned)
-   * @param request Username claim request with signature
-   * @returns Created/updated username record
-   */
-  claimUsername(request: ClaimUsernameRequest): Promise<Username>;
-
   /**
-   * Gets a username record
-   * @param username Username to look up
-   * @returns Username record if claimed, null otherwise
-   */
-  getUsername(username: string): Promise<Username | null>;
-
-  /**
-   * Deletes all expired usernames
-   * @param now Current timestamp
-   * @returns Number of usernames deleted
+   * Retrieves ICE candidates for multiple offers (batch operation)
+   * @param offerIds Array of offer identifiers
+   * @param username Username requesting the candidates
+   * @param since Optional timestamp - only return candidates after this time
+   * @returns Map of offer ID to ICE candidates
    */
-  deleteExpiredUsernames(now: number): Promise<number>;
+  getIceCandidatesForMultipleOffers(
+    offerIds: string[],
+    username: string,
+    since?: number
+  ): Promise<Map<string, IceCandidate[]>>;
 
-  // ===== Service Management =====
+  // ===== Credential Management =====
 
   /**
-   * Creates a new service with offers
-   * @param request Service creation request (includes offers)
-   * @returns Created service with generated ID and created offers
+   * Generates a new credential (random name + secret)
+   * @param request Credential generation request
+   * @returns Created credential record
    */
-  createService(request: CreateServiceRequest): Promise<{
-    service: Service;
-    offers: Offer[];
-  }>;
-
+  generateCredentials(request: GenerateCredentialsRequest): Promise<Credential>;
 
   /**
-   * Gets all offers for a service
-   * @param serviceId Service ID
-   * @returns Array of offers for the service
+   * Gets a credential by name
+   * @param name Credential name
+   * @returns Credential record if found, null otherwise
    */
-  getOffersForService(serviceId: string): Promise<Offer[]>;
+  getCredential(name: string): Promise<Credential | null>;
 
   /**
-   * Gets a service by its service ID
-   * @param serviceId Service ID
-   * @returns Service if found, null otherwise
+   * Updates credential usage timestamp and expiry
+   * Called after successful signature verification
+   * @param name Credential name
+   * @param lastUsed Last used timestamp
+   * @param expiresAt New expiry timestamp
    */
-  getServiceById(serviceId: string): Promise<Service | null>;
+  updateCredentialUsage(name: string, lastUsed: number, expiresAt: number): Promise<void>;
 
   /**
-   * Gets a service by its fully qualified name (FQN)
-   * @param serviceFqn Full service FQN (e.g., "chat:1.0.0@alice")
-   * @returns Service if found, null otherwise
+   * Deletes all expired credentials
+   * @param now Current timestamp
+   * @returns Number of credentials deleted
    */
-  getServiceByFqn(serviceFqn: string): Promise<Service | null>;
-
-
-
+  deleteExpiredCredentials(now: number): Promise<number>;
 
+  // ===== Rate Limiting =====
 
   /**
-   * Discovers services by name and version with pagination
-   * Returns unique available offers (where answerer_peer_id IS NULL)
-   * @param serviceName Service name (e.g., 'chat')
-   * @param version Version string for semver matching (e.g., '1.0.0')
-   * @param limit Maximum number of unique services to return
-   * @param offset Number of services to skip
-   * @returns Array of services with available offers
+   * Check and increment rate limit for an identifier
+   * @param identifier Unique identifier (e.g., IP address)
+   * @param limit Maximum count allowed
+   * @param windowMs Time window in milliseconds
+   * @returns true if allowed, false if rate limit exceeded
    */
-  discoverServices(
-    serviceName: string,
-    version: string,
-    limit: number,
-    offset: number
-  ): Promise<Service[]>;
+  checkRateLimit(identifier: string, limit: number, windowMs: number): Promise<boolean>;
 
   /**
-   * Gets a random available service by name and version
-   * Returns a single random offer that is available (answerer_peer_id IS NULL)
-   * @param serviceName Service name (e.g., 'chat')
-   * @param version Version string for semver matching (e.g., '1.0.0')
-   * @returns Random service with available offer, or null if none found
+   * Deletes all expired rate limit entries
+   * @param now Current timestamp
+   * @returns Number of entries deleted
    */
-  getRandomService(serviceName: string, version: string): Promise<Service | null>;
+  deleteExpiredRateLimits(now: number): Promise<number>;
+
+  // ===== Nonce Tracking (Replay Protection) =====
 
   /**
-   * Deletes a service (with ownership verification)
-   * @param serviceId Service ID
-   * @param username Owner username (for verification)
-   * @returns true if deleted, false if not found or not owned
+   * Check if nonce has been used and mark it as used (atomic operation)
+   * @param nonceKey Unique nonce identifier (format: "nonce:{name}:{nonce}")
+   * @param expiresAt Timestamp when nonce expires (should be timestamp + timestampMaxAge)
+   * @returns true if nonce is new (allowed), false if already used (replay attack)
    */
-  deleteService(serviceId: string, username: string): Promise<boolean>;
+  checkAndMarkNonce(nonceKey: string, expiresAt: number): Promise<boolean>;
 
   /**
-   * Deletes all expired services
+   * Deletes all expired nonce entries
    * @param now Current timestamp
-   * @returns Number of services deleted
+   * @returns Number of entries deleted
    */
-  deleteExpiredServices(now: number): Promise<number>;
+  deleteExpiredNonces(now: number): Promise<number>;
 
   /**
    * Closes the storage connection and releases resources

package/src/worker.ts

@@ -1,66 +1,47 @@
 import { createApp } from './app.ts';
 import { D1Storage } from './storage/d1.ts';
-import { Config } from './config.ts';
+import { buildWorkerConfig, runCleanup } from './config.ts';
 
 /**
  * Cloudflare Workers environment bindings
  */
 export interface Env {
   DB: D1Database;
+  MASTER_ENCRYPTION_KEY: string;
   OFFER_DEFAULT_TTL?: string;
   OFFER_MAX_TTL?: string;
   OFFER_MIN_TTL?: string;
   MAX_OFFERS_PER_REQUEST?: string;
+  MAX_BATCH_SIZE?: string;
   CORS_ORIGINS?: string;
   VERSION?: string;
 }
 
-/**
- * Cloudflare Workers fetch handler
- */
 export default {
   async fetch(request: Request, env: Env, ctx: ExecutionContext): Promise<Response> {
-    // Initialize D1 storage
-    const storage = new D1Storage(env.DB);
-
-    // Build config from environment
-    const config: Config = {
-      port: 0, // Not used in Workers
-      storageType: 'sqlite', // D1 is SQLite-compatible
-      storagePath: '', // Not used with D1
-      corsOrigins: env.CORS_ORIGINS
-        ? env.CORS_ORIGINS.split(',').map(o => o.trim())
-        : ['*'],
-      version: env.VERSION || 'unknown',
-      offerDefaultTtl: env.OFFER_DEFAULT_TTL ? parseInt(env.OFFER_DEFAULT_TTL, 10) : 60000,
-      offerMaxTtl: env.OFFER_MAX_TTL ? parseInt(env.OFFER_MAX_TTL, 10) : 86400000,
-      offerMinTtl: env.OFFER_MIN_TTL ? parseInt(env.OFFER_MIN_TTL, 10) : 60000,
-      cleanupInterval: 60000, // Not used in Workers (scheduled handler instead)
-      maxOffersPerRequest: env.MAX_OFFERS_PER_REQUEST ? parseInt(env.MAX_OFFERS_PER_REQUEST, 10) : 100
-    };
+    if (!env.MASTER_ENCRYPTION_KEY || env.MASTER_ENCRYPTION_KEY.length !== 64) {
+      return new Response('MASTER_ENCRYPTION_KEY must be 64-char hex string', { status: 500 });
+    }
 
-    // Create Hono app
+    const storage = new D1Storage(env.DB, env.MASTER_ENCRYPTION_KEY);
+    const config = buildWorkerConfig(env);
     const app = createApp(storage, config);
 
-    // Handle request
     return app.fetch(request, env, ctx);
   },
 
-  /**
-   * Scheduled handler for cron triggers
-   * Runs periodically to clean up expired offers
-   */
   async scheduled(event: ScheduledEvent, env: Env, ctx: ExecutionContext): Promise<void> {
-    const storage = new D1Storage(env.DB);
+    const storage = new D1Storage(env.DB, env.MASTER_ENCRYPTION_KEY);
     const now = Date.now();
 
     try {
-      // Delete expired offers
-      const deletedCount = await storage.deleteExpiredOffers(now);
-
-      console.log(`Cleaned up ${deletedCount} expired offers at ${new Date(now).toISOString()}`);
+      const result = await runCleanup(storage, now);
+      const total = result.offers + result.credentials + result.rateLimits + result.nonces;
+      if (total > 0) {
+        console.log(`Cleanup: ${result.offers} offers, ${result.credentials} credentials, ${result.rateLimits} rate limits, ${result.nonces} nonces`);
+      }
     } catch (error) {
-      console.error('Error cleaning up offers:', error);
+      console.error('Cleanup error:', error);
     }
   },
 };