@xtr-dev/rondevu-server 0.5.12 → 0.5.13

package/migrations/0009_public_key_auth.sql

@@ -0,0 +1,74 @@
+-- Migration: Replace HMAC credentials with Ed25519 public key identities
+-- This is a breaking change - all existing data will be lost
+
+-- Drop existing tables (clean slate)
+DROP TABLE IF EXISTS ice_candidates;
+DROP TABLE IF EXISTS offers;
+DROP TABLE IF EXISTS credentials;
+DROP TABLE IF EXISTS rate_limits;
+DROP TABLE IF EXISTS nonces;
+
+-- Identities table (Ed25519 public key as identity)
+CREATE TABLE identities (
+  public_key TEXT PRIMARY KEY,  -- 64-char hex Ed25519 public key
+  created_at INTEGER NOT NULL,
+  expires_at INTEGER NOT NULL,  -- 1 year from creation/last use
+  last_used INTEGER NOT NULL,
+  CHECK(length(public_key) = 64)
+);
+
+CREATE INDEX idx_identities_expires ON identities(expires_at);
+
+-- Offers table (uses public_key instead of username)
+CREATE TABLE offers (
+  id TEXT PRIMARY KEY,
+  public_key TEXT NOT NULL,  -- Owner's Ed25519 public key
+  tags TEXT NOT NULL,  -- JSON array: '["tag1", "tag2"]'
+  sdp TEXT NOT NULL,
+  created_at INTEGER NOT NULL,
+  expires_at INTEGER NOT NULL,
+  last_seen INTEGER NOT NULL,
+  answerer_public_key TEXT,
+  answer_sdp TEXT,
+  answered_at INTEGER,
+  matched_tags TEXT,  -- JSON array: tags the answerer searched for
+  FOREIGN KEY (public_key) REFERENCES identities(public_key) ON DELETE CASCADE
+);
+
+CREATE INDEX idx_offers_public_key ON offers(public_key);
+CREATE INDEX idx_offers_expires ON offers(expires_at);
+CREATE INDEX idx_offers_last_seen ON offers(last_seen);
+CREATE INDEX idx_offers_answerer ON offers(answerer_public_key);
+
+-- ICE candidates table (uses public_key instead of username)
+CREATE TABLE ice_candidates (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  offer_id TEXT NOT NULL,
+  public_key TEXT NOT NULL,  -- Sender's Ed25519 public key
+  role TEXT NOT NULL CHECK(role IN ('offerer', 'answerer')),
+  candidate TEXT NOT NULL,
+  created_at INTEGER NOT NULL,
+  FOREIGN KEY (offer_id) REFERENCES offers(id) ON DELETE CASCADE
+);
+
+CREATE INDEX idx_ice_offer ON ice_candidates(offer_id);
+CREATE INDEX idx_ice_public_key ON ice_candidates(public_key);
+CREATE INDEX idx_ice_role ON ice_candidates(role);
+CREATE INDEX idx_ice_created ON ice_candidates(created_at);
+
+-- Rate limits table (unchanged)
+CREATE TABLE rate_limits (
+  identifier TEXT PRIMARY KEY,
+  count INTEGER NOT NULL,
+  reset_time INTEGER NOT NULL
+);
+
+CREATE INDEX idx_rate_limits_reset ON rate_limits(reset_time);
+
+-- Nonces table (unchanged)
+CREATE TABLE nonces (
+  nonce_key TEXT PRIMARY KEY,
+  expires_at INTEGER NOT NULL
+);
+
+CREATE INDEX idx_nonces_expires ON nonces(expires_at);

package/migrations/fresh_schema.sql

@@ -1,52 +1,51 @@
--- Fresh schema for Rondevu (Tags-based)
--- Offers are standalone with tags for discovery
+-- Fresh schema for Rondevu (Ed25519 Public Key Identity)
+-- The public key IS the identity - no usernames
 
 -- Drop existing tables if they exist
 DROP TABLE IF EXISTS ice_candidates;
 DROP TABLE IF EXISTS offers;
-DROP TABLE IF EXISTS services;
-DROP TABLE IF EXISTS credentials;
+DROP TABLE IF EXISTS identities;
+DROP TABLE IF EXISTS credentials;  -- Legacy, remove if exists
 DROP TABLE IF EXISTS rate_limits;
 DROP TABLE IF EXISTS nonces;
 
--- Credentials table (name + secret auth)
-CREATE TABLE credentials (
-  name TEXT PRIMARY KEY,
-  secret TEXT NOT NULL UNIQUE,
+-- Identities table (Ed25519 public key as identity)
+CREATE TABLE identities (
+  public_key TEXT PRIMARY KEY,  -- 64-char hex Ed25519 public key
   created_at INTEGER NOT NULL,
-  expires_at INTEGER NOT NULL,
+  expires_at INTEGER NOT NULL,  -- 1 year from creation/last use
   last_used INTEGER NOT NULL,
-  CHECK(length(name) >= 3 AND length(name) <= 32)
+  CHECK(length(public_key) = 64)
 );
 
-CREATE INDEX idx_credentials_expires ON credentials(expires_at);
-CREATE INDEX idx_credentials_secret ON credentials(secret);
+CREATE INDEX idx_identities_expires ON identities(expires_at);
 
--- Offers table (standalone with tags for discovery)
+-- Offers table (uses public_key instead of username)
 CREATE TABLE offers (
   id TEXT PRIMARY KEY,
-  username TEXT NOT NULL,
+  public_key TEXT NOT NULL,  -- Owner's Ed25519 public key
   tags TEXT NOT NULL,  -- JSON array: '["tag1", "tag2"]'
   sdp TEXT NOT NULL,
   created_at INTEGER NOT NULL,
   expires_at INTEGER NOT NULL,
   last_seen INTEGER NOT NULL,
-  answerer_username TEXT,
+  answerer_public_key TEXT,
   answer_sdp TEXT,
   answered_at INTEGER,
-  FOREIGN KEY (username) REFERENCES credentials(name) ON DELETE CASCADE
+  matched_tags TEXT,  -- JSON array: tags the answerer searched for
+  FOREIGN KEY (public_key) REFERENCES identities(public_key) ON DELETE CASCADE
 );
 
-CREATE INDEX idx_offers_username ON offers(username);
+CREATE INDEX idx_offers_public_key ON offers(public_key);
 CREATE INDEX idx_offers_expires ON offers(expires_at);
 CREATE INDEX idx_offers_last_seen ON offers(last_seen);
-CREATE INDEX idx_offers_answerer ON offers(answerer_username);
+CREATE INDEX idx_offers_answerer ON offers(answerer_public_key);
 
--- ICE candidates table
+-- ICE candidates table (uses public_key instead of username)
 CREATE TABLE ice_candidates (
   id INTEGER PRIMARY KEY AUTOINCREMENT,
   offer_id TEXT NOT NULL,
-  username TEXT NOT NULL,
+  public_key TEXT NOT NULL,  -- Sender's Ed25519 public key
   role TEXT NOT NULL CHECK(role IN ('offerer', 'answerer')),
   candidate TEXT NOT NULL,
   created_at INTEGER NOT NULL,
@@ -54,7 +53,7 @@ CREATE TABLE ice_candidates (
 );
 
 CREATE INDEX idx_ice_offer ON ice_candidates(offer_id);
-CREATE INDEX idx_ice_username ON ice_candidates(username);
+CREATE INDEX idx_ice_public_key ON ice_candidates(public_key);
 CREATE INDEX idx_ice_role ON ice_candidates(role);
 CREATE INDEX idx_ice_created ON ice_candidates(created_at);
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@xtr-dev/rondevu-server",
-  "version": "0.5.12",
+  "version": "0.5.13",
   "description": "DNS-like WebRTC signaling server with credential-based authentication and service discovery",
   "main": "dist/index.js",
   "scripts": {
@@ -24,6 +24,7 @@
   },
   "dependencies": {
     "@hono/node-server": "^1.19.6",
+    "@noble/ed25519": "^3.0.0",
     "@xtr-dev/rondevu-client": "^0.13.0",
     "better-sqlite3": "^12.4.1",
     "hono": "^4.10.4"

package/src/config.ts

@@ -30,13 +30,10 @@ export interface Config {
   maxTotalOperations: number;
   timestampMaxAge: number; // Max age for timestamps (replay protection)
   timestampMaxFuture: number; // Max future tolerance for timestamps (clock skew)
-  masterEncryptionKey: string; // 64-char hex string for encrypting secrets (32 bytes)
   // Resource limits (for abuse prevention)
   maxOffersPerUser: number; // Max concurrent offers per user
   maxTotalOffers: number; // Max total offers in storage
-  maxTotalCredentials: number; // Max total credentials in storage
   maxIceCandidatesPerOffer: number; // Max ICE candidates per offer
-  credentialsPerIpPerSecond: number; // Rate limit: credentials per IP per second
   requestsPerIpPerSecond: number; // Rate limit: requests per IP per second
 }
 
@@ -44,38 +41,6 @@ export interface Config {
  * Loads configuration from environment variables
  */
 export function loadConfig(): Config {
-  // Master encryption key for secret storage
-  // CRITICAL: Set MASTER_ENCRYPTION_KEY in production to a secure random value
-  let masterEncryptionKey = process.env.MASTER_ENCRYPTION_KEY;
-
-  if (!masterEncryptionKey) {
-    // SECURITY: Fail fast unless explicitly in development mode
-    // Default to production-safe behavior if NODE_ENV is unset
-    const isDevelopment = process.env.NODE_ENV === 'development';
-
-    if (!isDevelopment) {
-      throw new Error(
-        'MASTER_ENCRYPTION_KEY environment variable must be set. ' +
-        'Generate with: openssl rand -hex 32\n' +
-        'For development only, set NODE_ENV=development to use insecure dev key.'
-      );
-    }
-
-    // Use deterministic key ONLY in explicit development mode
-    // WARNING: DO NOT USE THIS IN PRODUCTION - only for local development
-    console.error('⚠️  WARNING: Using insecure deterministic development key');
-    console.error('⚠️  ONLY use NODE_ENV=development for local development');
-    console.error('⚠️  Generate production key with: openssl rand -hex 32');
-    // Random-looking dev key (not ASCII-readable to prevent accidental production use)
-    masterEncryptionKey = 'a3f8b9c2d1e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0';
-  }
-
-  // Validate master encryption key format
-  // NOTE: Using regex here is safe since this runs at startup, not during request processing
-  if (masterEncryptionKey.length !== 64 || !/^[0-9a-fA-F]{64}$/.test(masterEncryptionKey)) {
-    throw new Error('MASTER_ENCRYPTION_KEY must be 64-character hex string (32 bytes). Generate with: openssl rand -hex 32');
-  }
-
   // Helper to safely parse and validate integer config values
   function parsePositiveInt(value: string | undefined, defaultValue: string, name: string, min = 1): number {
     const parsed = parseInt(value || defaultValue, 10);
@@ -111,13 +76,10 @@ export function loadConfig(): Config {
     maxTotalOperations: parsePositiveInt(process.env.MAX_TOTAL_OPERATIONS, '1000', 'MAX_TOTAL_OPERATIONS', 1),
     timestampMaxAge: parsePositiveInt(process.env.TIMESTAMP_MAX_AGE, '60000', 'TIMESTAMP_MAX_AGE', 1000), // Min 1 second
     timestampMaxFuture: parsePositiveInt(process.env.TIMESTAMP_MAX_FUTURE, '60000', 'TIMESTAMP_MAX_FUTURE', 1000), // Min 1 second
-    masterEncryptionKey,
     // Resource limits
     maxOffersPerUser: parsePositiveInt(process.env.MAX_OFFERS_PER_USER, '1000', 'MAX_OFFERS_PER_USER', 1),
     maxTotalOffers: parsePositiveInt(process.env.MAX_TOTAL_OFFERS, '100000', 'MAX_TOTAL_OFFERS', 1),
-    maxTotalCredentials: parsePositiveInt(process.env.MAX_TOTAL_CREDENTIALS, '50000', 'MAX_TOTAL_CREDENTIALS', 1),
     maxIceCandidatesPerOffer: parsePositiveInt(process.env.MAX_ICE_CANDIDATES_PER_OFFER, '50', 'MAX_ICE_CANDIDATES_PER_OFFER', 1),
-    credentialsPerIpPerSecond: parsePositiveInt(process.env.CREDENTIALS_PER_IP_PER_SECOND, '5', 'CREDENTIALS_PER_IP_PER_SECOND', 1),
     requestsPerIpPerSecond: parsePositiveInt(process.env.REQUESTS_PER_IP_PER_SECOND, '50', 'REQUESTS_PER_IP_PER_SECOND', 1),
   };
 
@@ -144,9 +106,7 @@ export const CONFIG_DEFAULTS = {
   // Resource limits
   maxOffersPerUser: 1000,
   maxTotalOffers: 100000,
-  maxTotalCredentials: 50000,
   maxIceCandidatesPerOffer: 50,
-  credentialsPerIpPerSecond: 5,
   requestsPerIpPerSecond: 50,
 } as const;
 
@@ -154,7 +114,6 @@ export const CONFIG_DEFAULTS = {
  * Build config for Cloudflare Workers from env vars
  */
 export function buildWorkerConfig(env: {
-  MASTER_ENCRYPTION_KEY: string;
   OFFER_DEFAULT_TTL?: string;
   OFFER_MAX_TTL?: string;
   OFFER_MIN_TTL?: string;
@@ -184,13 +143,10 @@ export function buildWorkerConfig(env: {
     maxTotalOperations: CONFIG_DEFAULTS.maxTotalOperations,
     timestampMaxAge: CONFIG_DEFAULTS.timestampMaxAge,
     timestampMaxFuture: CONFIG_DEFAULTS.timestampMaxFuture,
-    masterEncryptionKey: env.MASTER_ENCRYPTION_KEY,
     // Resource limits
     maxOffersPerUser: CONFIG_DEFAULTS.maxOffersPerUser,
     maxTotalOffers: CONFIG_DEFAULTS.maxTotalOffers,
-    maxTotalCredentials: CONFIG_DEFAULTS.maxTotalCredentials,
     maxIceCandidatesPerOffer: CONFIG_DEFAULTS.maxIceCandidatesPerOffer,
-    credentialsPerIpPerSecond: CONFIG_DEFAULTS.credentialsPerIpPerSecond,
     requestsPerIpPerSecond: CONFIG_DEFAULTS.requestsPerIpPerSecond,
   };
 }
@@ -201,14 +157,12 @@ export function buildWorkerConfig(env: {
  */
 export async function runCleanup(storage: Storage, now: number): Promise<{
   offers: number;
-  credentials: number;
   rateLimits: number;
   nonces: number;
 }> {
   const offers = await storage.deleteExpiredOffers(now);
-  const credentials = await storage.deleteExpiredCredentials(now);
   const rateLimits = await storage.deleteExpiredRateLimits(now);
   const nonces = await storage.deleteExpiredNonces(now);
 
-  return { offers, credentials, rateLimits, nonces };
+  return { offers, rateLimits, nonces };
 }