npm - @xtr-dev/rondevu-server - Versions diffs - 0.5.12 → 0.5.14 - Mend

@xtr-dev/rondevu-server 0.5.12 → 0.5.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/README.md +9 -21
package/dist/index.js +939 -1110
package/dist/index.js.map +4 -4
package/migrations/0009_public_key_auth.sql +74 -0
package/migrations/fresh_schema.sql +20 -21
package/package.json +2 -1
package/src/config.ts +1 -47
package/src/crypto.ts +70 -304
package/src/index.ts +2 -3
package/src/rpc.ts +90 -272
package/src/storage/d1.ts +72 -235
package/src/storage/factory.ts +4 -17
package/src/storage/memory.ts +46 -151
package/src/storage/mysql.ts +66 -187
package/src/storage/postgres.ts +66 -186
package/src/storage/sqlite.ts +65 -194
package/src/storage/types.ts +30 -88
package/src/worker.ts +4 -9
package/wrangler.toml +1 -1

package/src/storage/types.ts CHANGED Viewed

@@ -3,13 +3,13 @@
  */
 export interface Offer {
   id: string;
-  username: string;
+  publicKey: string;  // Owner's Ed25519 public key
   tags: string[]; // Tags for discovery (match ANY)
   sdp: string;
   createdAt: number;
   expiresAt: number;
   lastSeen: number;
-  answererUsername?: string;
+  answererPublicKey?: string;
   answerSdp?: string;
   answeredAt?: number;
   matchedTags?: string[];  // Tags the answerer searched for to find this offer
@@ -22,7 +22,7 @@ export interface Offer {
 export interface IceCandidate {
   id: number;
   offerId: string;
-  username: string;
+  publicKey: string;  // Sender's Ed25519 public key
   role: 'offerer' | 'answerer';
   candidate: any; // Full candidate object as JSON - don't enforce structure
   createdAt: number;
@@ -33,32 +33,12 @@ export interface IceCandidate {
  */
 export interface CreateOfferRequest {
   id?: string;
-  username: string;
+  publicKey: string;  // Owner's Ed25519 public key
   tags: string[]; // Tags for discovery
   sdp: string;
   expiresAt: number;
 }
-/**
- * Represents a credential (random name + secret pair)
- * Replaces the old username/publicKey system for simpler authentication
- */
-export interface Credential {
-  name: string; // Random name (e.g., "brave-tiger-7a3f")
-  secret: string; // Random secret (API key style)
-  createdAt: number;
-  expiresAt: number; // 365 days from creation/last use
-  lastUsed: number;
-}
-/**
- * Request to generate new credentials
- */
-export interface GenerateCredentialsRequest {
-  name?: string;      // Optional: claim specific username (must be unique, 4-32 chars)
-  expiresAt?: number; // Optional: override default expiry
-}
 /**
  * Storage interface for rondevu signaling system
  * Implementations can use different backends (SQLite, D1, etc.)
@@ -86,11 +66,11 @@ export interface Storage {
   createOffers(offers: CreateOfferRequest[]): Promise<Offer[]>;
   /**
-   * Retrieves all offers from a specific user
-   * @param username Username identifier
-   * @returns Array of offers from the user
+   * Retrieves all offers from a specific owner
+   * @param publicKey Owner's Ed25519 public key
+   * @returns Array of offers from the owner
    */
-  getOffersByUsername(username: string): Promise<Offer[]>;
+  getOffersByPublicKey(publicKey: string): Promise<Offer[]>;
   /**
    * Retrieves a specific offer by ID
@@ -102,10 +82,10 @@ export interface Storage {
   /**
    * Deletes an offer (with ownership verification)
    * @param offerId Offer identifier
-   * @param ownerUsername Username of the owner (for verification)
+   * @param ownerPublicKey Public key of the owner (for verification)
    * @returns true if deleted, false if not found or not owned
    */
-  deleteOffer(offerId: string, ownerUsername: string): Promise<boolean>;
+  deleteOffer(offerId: string, ownerPublicKey: string): Promise<boolean>;
   /**
    * Deletes all expired offers
@@ -117,44 +97,44 @@ export interface Storage {
   /**
    * Answers an offer (locks it to the answerer)
    * @param offerId Offer identifier
-   * @param answererUsername Answerer's username
+   * @param answererPublicKey Answerer's public key
    * @param answerSdp WebRTC answer SDP
    * @param matchedTags Optional tags the answerer searched for to find this offer
    * @returns Success status and optional error message
    */
-  answerOffer(offerId: string, answererUsername: string, answerSdp: string, matchedTags?: string[]): Promise<{
+  answerOffer(offerId: string, answererPublicKey: string, answerSdp: string, matchedTags?: string[]): Promise<{
     success: boolean;
     error?: string;
   }>;
   /**
    * Retrieves all answered offers for a specific offerer
-   * @param offererUsername Offerer's username
+   * @param offererPublicKey Offerer's public key
    * @returns Array of answered offers
    */
-  getAnsweredOffers(offererUsername: string): Promise<Offer[]>;
+  getAnsweredOffers(offererPublicKey: string): Promise<Offer[]>;
   /**
    * Retrieves all offers answered by a specific user (where they are the answerer)
-   * @param answererUsername Answerer's username
+   * @param answererPublicKey Answerer's public key
    * @returns Array of offers the user has answered
    */
-  getOffersAnsweredBy(answererUsername: string): Promise<Offer[]>;
+  getOffersAnsweredBy(answererPublicKey: string): Promise<Offer[]>;
   // ===== Discovery =====
   /**
    * Discovers offers by tags with pagination
-   * Returns available offers (where answerer_username IS NULL) matching ANY of the provided tags
+   * Returns available offers (where answerer_public_key IS NULL) matching ANY of the provided tags
    * @param tags Array of tags to match (OR logic)
-   * @param excludeUsername Optional username to exclude from results (self-exclusion)
+   * @param excludePublicKey Optional public key to exclude from results (self-exclusion)
    * @param limit Maximum number of offers to return
    * @param offset Number of offers to skip
    * @returns Array of available offers matching tags
    */
   discoverOffers(
     tags: string[],
-    excludeUsername: string | null,
+    excludePublicKey: string | null,
     limit: number,
     offset: number
   ): Promise<Offer[]>;
@@ -162,12 +142,12 @@ export interface Storage {
   /**
    * Gets a random available offer matching any of the provided tags
    * @param tags Array of tags to match (OR logic)
-   * @param excludeUsername Optional username to exclude (self-exclusion)
+   * @param excludePublicKey Optional public key to exclude (self-exclusion)
    * @returns Random available offer, or null if none found
    */
   getRandomOffer(
     tags: string[],
-    excludeUsername: string | null
+    excludePublicKey: string | null
   ): Promise<Offer | null>;
   // ===== ICE Candidate Management =====
@@ -175,14 +155,14 @@ export interface Storage {
   /**
    * Adds ICE candidates for an offer
    * @param offerId Offer identifier
-   * @param username Username posting the candidates
+   * @param publicKey Public key posting the candidates
    * @param role Role of the user (offerer or answerer)
    * @param candidates Array of candidate objects (stored as plain JSON)
    * @returns Number of candidates added
    */
   addIceCandidates(
     offerId: string,
-    username: string,
+    publicKey: string,
     role: 'offerer' | 'answerer',
     candidates: any[]
   ): Promise<number>;
@@ -203,48 +183,16 @@ export interface Storage {
   /**
    * Retrieves ICE candidates for multiple offers (batch operation)
    * @param offerIds Array of offer identifiers
-   * @param username Username requesting the candidates
+   * @param publicKey Public key requesting the candidates
    * @param since Optional timestamp - only return candidates after this time
    * @returns Map of offer ID to ICE candidates
    */
   getIceCandidatesForMultipleOffers(
     offerIds: string[],
-    username: string,
+    publicKey: string,
     since?: number
   ): Promise<Map<string, IceCandidate[]>>;
-  // ===== Credential Management =====
-  /**
-   * Generates a new credential (random name + secret)
-   * @param request Credential generation request
-   * @returns Created credential record
-   */
-  generateCredentials(request: GenerateCredentialsRequest): Promise<Credential>;
-  /**
-   * Gets a credential by name
-   * @param name Credential name
-   * @returns Credential record if found, null otherwise
-   */
-  getCredential(name: string): Promise<Credential | null>;
-  /**
-   * Updates credential usage timestamp and expiry
-   * Called after successful signature verification
-   * @param name Credential name
-   * @param lastUsed Last used timestamp
-   * @param expiresAt New expiry timestamp
-   */
-  updateCredentialUsage(name: string, lastUsed: number, expiresAt: number): Promise<void>;
-  /**
-   * Deletes all expired credentials
-   * @param now Current timestamp
-   * @returns Number of credentials deleted
-   */
-  deleteExpiredCredentials(now: number): Promise<number>;
   // ===== Rate Limiting =====
   /**
@@ -267,7 +215,7 @@ export interface Storage {
   /**
    * Check if nonce has been used and mark it as used (atomic operation)
-   * @param nonceKey Unique nonce identifier (format: "nonce:{name}:{nonce}")
+   * @param nonceKey Unique nonce identifier (format: "nonce:{publicKey}:{nonce}")
    * @param expiresAt Timestamp when nonce expires (should be timestamp + timestampMaxAge)
    * @returns true if nonce is new (allowed), false if already used (replay attack)
    */
@@ -294,17 +242,11 @@ export interface Storage {
   getOfferCount(): Promise<number>;
   /**
-   * Gets number of offers for a specific user
-   * @param username Username identifier
-   * @returns Offer count for user
-   */
-  getOfferCountByUsername(username: string): Promise<number>;
-  /**
-   * Gets total number of credentials in storage
-   * @returns Total credential count
+   * Gets number of offers for a specific owner
+   * @param publicKey Owner's public key
+   * @returns Offer count for owner
    */
-  getCredentialCount(): Promise<number>;
+  getOfferCountByPublicKey(publicKey: string): Promise<number>;
   /**
    * Gets number of ICE candidates for a specific offer

package/src/worker.ts CHANGED Viewed

@@ -7,7 +7,6 @@ import { buildWorkerConfig, runCleanup } from './config.ts';
  */
 export interface Env {
   DB: D1Database;
-  MASTER_ENCRYPTION_KEY: string;
   OFFER_DEFAULT_TTL?: string;
   OFFER_MAX_TTL?: string;
   OFFER_MIN_TTL?: string;
@@ -19,11 +18,7 @@ export interface Env {
 export default {
   async fetch(request: Request, env: Env, ctx: ExecutionContext): Promise<Response> {
-    if (!env.MASTER_ENCRYPTION_KEY || env.MASTER_ENCRYPTION_KEY.length !== 64) {
-      return new Response('MASTER_ENCRYPTION_KEY must be 64-char hex string', { status: 500 });
-    }
-    const storage = new D1Storage(env.DB, env.MASTER_ENCRYPTION_KEY);
+    const storage = new D1Storage(env.DB);
     const config = buildWorkerConfig(env);
     const app = createApp(storage, config);
@@ -31,14 +26,14 @@ export default {
   },
   async scheduled(event: ScheduledEvent, env: Env, ctx: ExecutionContext): Promise<void> {
-    const storage = new D1Storage(env.DB, env.MASTER_ENCRYPTION_KEY);
+    const storage = new D1Storage(env.DB);
     const now = Date.now();
     try {
       const result = await runCleanup(storage, now);
-      const total = result.offers + result.credentials + result.rateLimits + result.nonces;
+      const total = result.offers + result.rateLimits + result.nonces;
       if (total > 0) {
-        console.log(`Cleanup: ${result.offers} offers, ${result.credentials} credentials, ${result.rateLimits} rate limits, ${result.nonces} nonces`);
+        console.log(`Cleanup: ${result.offers} offers, ${result.rateLimits} rate limits, ${result.nonces} nonces`);
       }
     } catch (error) {
       console.error('Cleanup error:', error);

package/wrangler.toml CHANGED Viewed

@@ -24,7 +24,7 @@ OFFER_MAX_TTL = "86400000"
 OFFER_MIN_TTL = "60000"
 MAX_OFFERS_PER_REQUEST = "100"
 CORS_ORIGINS = "*"
-VERSION = "0.5.2"
+VERSION = "0.5.13"
 # MASTER_ENCRYPTION_KEY must be set as a secret:
 # npx wrangler secret put MASTER_ENCRYPTION_KEY