@xtr-dev/rondevu-server 0.5.6 → 0.5.7

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@xtr-dev/rondevu-server",
-  "version": "0.5.6",
+  "version": "0.5.7",
   "description": "DNS-like WebRTC signaling server with credential-based authentication and service discovery",
   "main": "dist/index.js",
   "scripts": {

package/src/config.ts

@@ -27,6 +27,13 @@ export interface Config {
   timestampMaxAge: number; // Max age for timestamps (replay protection)
   timestampMaxFuture: number; // Max future tolerance for timestamps (clock skew)
   masterEncryptionKey: string; // 64-char hex string for encrypting secrets (32 bytes)
+  // Resource limits (for abuse prevention)
+  maxOffersPerUser: number; // Max concurrent offers per user
+  maxTotalOffers: number; // Max total offers in storage
+  maxTotalCredentials: number; // Max total credentials in storage
+  maxIceCandidatesPerOffer: number; // Max ICE candidates per offer
+  credentialsPerIpPerHour: number; // Rate limit: credentials per IP per hour
+  requestsPerIpPerSecond: number; // Rate limit: requests per IP per second
 }
 
 /**
@@ -56,7 +63,7 @@ export function loadConfig(): Config {
     console.error('⚠️  ONLY use NODE_ENV=development for local development');
     console.error('⚠️  Generate production key with: openssl rand -hex 32');
     // Random-looking dev key (not ASCII-readable to prevent accidental production use)
-    masterEncryptionKey = 'a3f8b9c2d1e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2';
+    masterEncryptionKey = 'a3f8b9c2d1e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0';
   }
 
   // Validate master encryption key format
@@ -101,6 +108,13 @@ export function loadConfig(): Config {
     timestampMaxAge: parsePositiveInt(process.env.TIMESTAMP_MAX_AGE, '60000', 'TIMESTAMP_MAX_AGE', 1000), // Min 1 second
     timestampMaxFuture: parsePositiveInt(process.env.TIMESTAMP_MAX_FUTURE, '60000', 'TIMESTAMP_MAX_FUTURE', 1000), // Min 1 second
     masterEncryptionKey,
+    // Resource limits
+    maxOffersPerUser: parsePositiveInt(process.env.MAX_OFFERS_PER_USER, '20', 'MAX_OFFERS_PER_USER', 1),
+    maxTotalOffers: parsePositiveInt(process.env.MAX_TOTAL_OFFERS, '10000', 'MAX_TOTAL_OFFERS', 1),
+    maxTotalCredentials: parsePositiveInt(process.env.MAX_TOTAL_CREDENTIALS, '50000', 'MAX_TOTAL_CREDENTIALS', 1),
+    maxIceCandidatesPerOffer: parsePositiveInt(process.env.MAX_ICE_CANDIDATES_PER_OFFER, '50', 'MAX_ICE_CANDIDATES_PER_OFFER', 1),
+    credentialsPerIpPerHour: parsePositiveInt(process.env.CREDENTIALS_PER_IP_PER_HOUR, '10', 'CREDENTIALS_PER_IP_PER_HOUR', 1),
+    requestsPerIpPerSecond: parsePositiveInt(process.env.REQUESTS_PER_IP_PER_SECOND, '50', 'REQUESTS_PER_IP_PER_SECOND', 1),
   };
 
   return config;
@@ -123,6 +137,13 @@ export const CONFIG_DEFAULTS = {
   maxTotalOperations: 1000,
   timestampMaxAge: 60000,
   timestampMaxFuture: 60000,
+  // Resource limits
+  maxOffersPerUser: 20,
+  maxTotalOffers: 10000,
+  maxTotalCredentials: 50000,
+  maxIceCandidatesPerOffer: 50,
+  credentialsPerIpPerHour: 10,
+  requestsPerIpPerSecond: 50,
 } as const;
 
 /**
@@ -160,6 +181,13 @@ export function buildWorkerConfig(env: {
     timestampMaxAge: CONFIG_DEFAULTS.timestampMaxAge,
     timestampMaxFuture: CONFIG_DEFAULTS.timestampMaxFuture,
     masterEncryptionKey: env.MASTER_ENCRYPTION_KEY,
+    // Resource limits
+    maxOffersPerUser: CONFIG_DEFAULTS.maxOffersPerUser,
+    maxTotalOffers: CONFIG_DEFAULTS.maxTotalOffers,
+    maxTotalCredentials: CONFIG_DEFAULTS.maxTotalCredentials,
+    maxIceCandidatesPerOffer: CONFIG_DEFAULTS.maxIceCandidatesPerOffer,
+    credentialsPerIpPerHour: CONFIG_DEFAULTS.credentialsPerIpPerHour,
+    requestsPerIpPerSecond: CONFIG_DEFAULTS.requestsPerIpPerSecond,
   };
 }
 

package/src/rpc.ts

@@ -16,13 +16,13 @@ const MAX_PAGE_SIZE = 100;
 
 // ===== Rate Limiting =====
 
-// Rate limiting for credential generation (per IP)
+// Rate limiting windows (these are fixed, limits come from config)
 // NOTE: Uses fixed-window rate limiting with full window reset on expiry
-//   - Window starts on first request and expires after CREDENTIAL_RATE_WINDOW
+//   - Window starts on first request and expires after window duration
 //   - When window expires, counter resets to 0 and new window starts
 //   - This is simpler than sliding windows but may allow bursts at window boundaries
-const CREDENTIAL_RATE_LIMIT = 1; // Max credentials per second per IP
-const CREDENTIAL_RATE_WINDOW = 1000; // 1 second in milliseconds
+const CREDENTIAL_RATE_WINDOW = 60 * 60 * 1000; // 1 hour in milliseconds
+const REQUEST_RATE_WINDOW = 1000; // 1 second in milliseconds
 
 /**
  * Check JSON object depth to prevent stack overflow from deeply nested objects
@@ -100,6 +100,9 @@ export const ErrorCodes = {
   SDP_TOO_LARGE: 'SDP_TOO_LARGE',
   BATCH_TOO_LARGE: 'BATCH_TOO_LARGE',
   RATE_LIMIT_EXCEEDED: 'RATE_LIMIT_EXCEEDED',
+  TOO_MANY_OFFERS_PER_USER: 'TOO_MANY_OFFERS_PER_USER',
+  STORAGE_FULL: 'STORAGE_FULL',
+  TOO_MANY_ICE_CANDIDATES: 'TOO_MANY_ICE_CANDIDATES',
 
   // Generic errors
   INTERNAL_ERROR: 'INTERNAL_ERROR',
@@ -276,6 +279,15 @@ const handlers: Record<string, RpcHandler> = {
    * SECURITY: Rate limited per IP to prevent abuse (database-backed for multi-instance support)
    */
   async generateCredentials(params: GenerateCredentialsParams, name, timestamp, signature, storage, config, request: RpcRequest & { clientIp?: string }) {
+    // Check total credentials limit
+    const credentialCount = await storage.getCredentialCount();
+    if (credentialCount >= config.maxTotalCredentials) {
+      throw new RpcError(
+        ErrorCodes.STORAGE_FULL,
+        `Server credential limit reached (${config.maxTotalCredentials}). Try again later.`
+      );
+    }
+
     // Rate limiting check (IP-based, stored in database)
     // SECURITY: Use stricter global rate limit for requests without identifiable IP
     let rateLimitKey: string;
@@ -289,7 +301,7 @@ const handlers: Record<string, RpcHandler> = {
       rateLimit = 2; // Only 2 credentials per hour globally for all unknown IPs combined
     } else {
       rateLimitKey = `cred_gen:${request.clientIp}`;
-      rateLimit = CREDENTIAL_RATE_LIMIT; // 10 per hour per IP
+      rateLimit = config.credentialsPerIpPerHour;
     }
 
     const allowed = await storage.checkRateLimit(
@@ -301,7 +313,7 @@ const handlers: Record<string, RpcHandler> = {
     if (!allowed) {
       throw new RpcError(
         ErrorCodes.RATE_LIMIT_EXCEEDED,
-        `Rate limit exceeded. Maximum ${rateLimit} credential per second${request.clientIp ? ' per IP' : ' (global limit for unidentified IPs)'}.`
+        `Rate limit exceeded. Maximum ${rateLimit} credentials per hour${request.clientIp ? ' per IP' : ' (global limit for unidentified IPs)'}.`
       );
     }
 
@@ -453,6 +465,24 @@ const handlers: Record<string, RpcHandler> = {
       );
     }
 
+    // Check per-user offer limit
+    const userOfferCount = await storage.getOfferCountByUsername(name);
+    if (userOfferCount + offers.length > config.maxOffersPerUser) {
+      throw new RpcError(
+        ErrorCodes.TOO_MANY_OFFERS_PER_USER,
+        `User offer limit exceeded. You have ${userOfferCount} offers, limit is ${config.maxOffersPerUser}.`
+      );
+    }
+
+    // Check total offers limit
+    const totalOfferCount = await storage.getOfferCount();
+    if (totalOfferCount + offers.length > config.maxTotalOffers) {
+      throw new RpcError(
+        ErrorCodes.STORAGE_FULL,
+        `Server offer limit reached (${config.maxTotalOffers}). Try again later.`
+      );
+    }
+
     // Validate each offer has valid SDP
     offers.forEach((offer, index) => {
       if (!offer || typeof offer !== 'object') {
@@ -723,6 +753,15 @@ const handlers: Record<string, RpcHandler> = {
       throw new RpcError(ErrorCodes.OFFER_NOT_FOUND, 'Offer not found');
     }
 
+    // Check ICE candidates limit per offer
+    const currentCandidateCount = await storage.getIceCandidateCount(offerId);
+    if (currentCandidateCount + candidates.length > config.maxIceCandidatesPerOffer) {
+      throw new RpcError(
+        ErrorCodes.TOO_MANY_ICE_CANDIDATES,
+        `ICE candidate limit exceeded for offer. Current: ${currentCandidateCount}, limit: ${config.maxIceCandidatesPerOffer}.`
+      );
+    }
+
     const role = offer.username === name ? 'offerer' : 'answerer';
     const count = await storage.addIceCandidates(
       offerId,
@@ -807,6 +846,25 @@ export async function handleRpc(
     ctx.req.header('x-forwarded-for')?.split(',')[0].trim() ||
     undefined; // Don't use fallback - let handlers decide how to handle missing IP
 
+  // General request rate limiting (per IP per second)
+  if (clientIp) {
+    const rateLimitKey = `req:${clientIp}`;
+    const allowed = await storage.checkRateLimit(
+      rateLimitKey,
+      config.requestsPerIpPerSecond,
+      REQUEST_RATE_WINDOW
+    );
+
+    if (!allowed) {
+      // Return error for all requests in the batch
+      return requests.map(() => ({
+        success: false,
+        error: `Rate limit exceeded. Maximum ${config.requestsPerIpPerSecond} requests per second per IP.`,
+        errorCode: ErrorCodes.RATE_LIMIT_EXCEEDED,
+      }));
+    }
+  }
+
   // Read auth headers (same for all requests in batch)
   const name = ctx.req.header('X-Name');
   const timestampHeader = ctx.req.header('X-Timestamp');

package/src/storage/d1.ts

@@ -631,6 +631,32 @@ export class D1Storage implements Storage {
     // Connections are managed by the Cloudflare Workers runtime
   }
 
+  // ===== Count Methods (for resource limits) =====
+
+  async getOfferCount(): Promise<number> {
+    const result = await this.db.prepare('SELECT COUNT(*) as count FROM offers').first() as { count: number } | null;
+    return result?.count ?? 0;
+  }
+
+  async getOfferCountByUsername(username: string): Promise<number> {
+    const result = await this.db.prepare('SELECT COUNT(*) as count FROM offers WHERE username = ?')
+      .bind(username)
+      .first() as { count: number } | null;
+    return result?.count ?? 0;
+  }
+
+  async getCredentialCount(): Promise<number> {
+    const result = await this.db.prepare('SELECT COUNT(*) as count FROM credentials').first() as { count: number } | null;
+    return result?.count ?? 0;
+  }
+
+  async getIceCandidateCount(offerId: string): Promise<number> {
+    const result = await this.db.prepare('SELECT COUNT(*) as count FROM ice_candidates WHERE offer_id = ?')
+      .bind(offerId)
+      .first() as { count: number } | null;
+    return result?.count ?? 0;
+  }
+
   // ===== Helper Methods =====
 
   /**

package/src/storage/memory.ts

@@ -522,6 +522,26 @@ export class MemoryStorage implements Storage {
     this.offersByAnswerer.clear();
   }
 
+  // ===== Count Methods (for resource limits) =====
+
+  async getOfferCount(): Promise<number> {
+    return this.offers.size;
+  }
+
+  async getOfferCountByUsername(username: string): Promise<number> {
+    const offerIds = this.offersByUsername.get(username);
+    return offerIds ? offerIds.size : 0;
+  }
+
+  async getCredentialCount(): Promise<number> {
+    return this.credentials.size;
+  }
+
+  async getIceCandidateCount(offerId: string): Promise<number> {
+    const candidates = this.iceCandidates.get(offerId);
+    return candidates ? candidates.length : 0;
+  }
+
   // ===== Helper Methods =====
 
   private removeOfferFromIndexes(offer: Offer): void {

package/src/storage/mysql.ts

@@ -558,6 +558,34 @@ export class MySQLStorage implements Storage {
     await this.pool.end();
   }
 
+  // ===== Count Methods (for resource limits) =====
+
+  async getOfferCount(): Promise<number> {
+    const [rows] = await this.pool.query<RowDataPacket[]>('SELECT COUNT(*) as count FROM offers');
+    return Number(rows[0].count);
+  }
+
+  async getOfferCountByUsername(username: string): Promise<number> {
+    const [rows] = await this.pool.query<RowDataPacket[]>(
+      'SELECT COUNT(*) as count FROM offers WHERE username = ?',
+      [username]
+    );
+    return Number(rows[0].count);
+  }
+
+  async getCredentialCount(): Promise<number> {
+    const [rows] = await this.pool.query<RowDataPacket[]>('SELECT COUNT(*) as count FROM credentials');
+    return Number(rows[0].count);
+  }
+
+  async getIceCandidateCount(offerId: string): Promise<number> {
+    const [rows] = await this.pool.query<RowDataPacket[]>(
+      'SELECT COUNT(*) as count FROM ice_candidates WHERE offer_id = ?',
+      [offerId]
+    );
+    return Number(rows[0].count);
+  }
+
   // ===== Helper Methods =====
 
   private rowToOffer(row: RowDataPacket): Offer {

package/src/storage/postgres.ts

@@ -565,6 +565,34 @@ export class PostgreSQLStorage implements Storage {
     await this.pool.end();
   }
 
+  // ===== Count Methods (for resource limits) =====
+
+  async getOfferCount(): Promise<number> {
+    const result = await this.pool.query('SELECT COUNT(*) as count FROM offers');
+    return Number(result.rows[0].count);
+  }
+
+  async getOfferCountByUsername(username: string): Promise<number> {
+    const result = await this.pool.query(
+      'SELECT COUNT(*) as count FROM offers WHERE username = $1',
+      [username]
+    );
+    return Number(result.rows[0].count);
+  }
+
+  async getCredentialCount(): Promise<number> {
+    const result = await this.pool.query('SELECT COUNT(*) as count FROM credentials');
+    return Number(result.rows[0].count);
+  }
+
+  async getIceCandidateCount(offerId: string): Promise<number> {
+    const result = await this.pool.query(
+      'SELECT COUNT(*) as count FROM ice_candidates WHERE offer_id = $1',
+      [offerId]
+    );
+    return Number(result.rows[0].count);
+  }
+
   // ===== Helper Methods =====
 
   private rowToOffer(row: any): Offer {

package/src/storage/sqlite.ts

@@ -642,6 +642,28 @@ export class SQLiteStorage implements Storage {
     this.db.close();
   }
 
+  // ===== Count Methods (for resource limits) =====
+
+  async getOfferCount(): Promise<number> {
+    const result = this.db.prepare('SELECT COUNT(*) as count FROM offers').get() as { count: number };
+    return result.count;
+  }
+
+  async getOfferCountByUsername(username: string): Promise<number> {
+    const result = this.db.prepare('SELECT COUNT(*) as count FROM offers WHERE username = ?').get(username) as { count: number };
+    return result.count;
+  }
+
+  async getCredentialCount(): Promise<number> {
+    const result = this.db.prepare('SELECT COUNT(*) as count FROM credentials').get() as { count: number };
+    return result.count;
+  }
+
+  async getIceCandidateCount(offerId: string): Promise<number> {
+    const result = this.db.prepare('SELECT COUNT(*) as count FROM ice_candidates WHERE offer_id = ?').get(offerId) as { count: number };
+    return result.count;
+  }
+
   // ===== Helper Methods =====
 
   /**

package/src/storage/types.ts

@@ -282,4 +282,32 @@ export interface Storage {
    * Closes the storage connection and releases resources
    */
   close(): Promise<void>;
+
+  // ===== Count Methods (for resource limits) =====
+
+  /**
+   * Gets total number of offers in storage
+   * @returns Total offer count
+   */
+  getOfferCount(): Promise<number>;
+
+  /**
+   * Gets number of offers for a specific user
+   * @param username Username identifier
+   * @returns Offer count for user
+   */
+  getOfferCountByUsername(username: string): Promise<number>;
+
+  /**
+   * Gets total number of credentials in storage
+   * @returns Total credential count
+   */
+  getCredentialCount(): Promise<number>;
+
+  /**
+   * Gets number of ICE candidates for a specific offer
+   * @param offerId Offer identifier
+   * @returns ICE candidate count for offer
+   */
+  getIceCandidateCount(offerId: string): Promise<number>;
 }

package/wrangler.toml

@@ -6,7 +6,7 @@ compatibility_flags = ["nodejs_compat"]
 workers_dev = true
 preview_urls = true
 
-routes = [{ pattern = "api.ronde.vu/*", zone_name = "ronde.vu" }]
+routes = [{ pattern = "test.ronde.vu/*", zone_name = "ronde.vu" }]
 
 # Cleanup runs every 5 minutes
 [triggers]