api-response-manager 2.5.4 → 2.6.0

package/README.md

@@ -6,7 +6,7 @@
 
 Command-line interface for API Response Manager. Manage tunnels, webhooks, and projects from your terminal.
 
-**Version:** 2.5.3 | **Live Service:** https://tunnelapi.in
+**Version:** 2.6.0 | **Live Service:** https://tunnelapi.in
 
 ## Installation
 

package/bin/arm.js

@@ -26,6 +26,7 @@ const ingressCommand = require('../commands/ingress');
 const accountCommand = require('../commands/account');
 const installCommand = require('../commands/install');
 const uninstallCommand = require('../commands/uninstall');
+const serveCommand = require('../commands/serve');
 
 // CLI setup
 program
@@ -58,9 +59,10 @@ program
   .option('-n, --name <name>', 'Tunnel name')
   .option('-a, --auth', 'Enable basic authentication')
   .option('-r, --rate-limit <limit>', 'Rate limit (requests per minute)', '60')
-  .option('-p, --protocol <protocol>', 'Protocol (http, https, tcp, ssh, ws, wss)', 'http')
+  .option('-p, --protocol <protocol>', 'Protocol (http, https, tcp, ssh, ws, wss, udp)', 'http')
   .option('--ssl', 'Enable SSL/HTTPS')
   .option('-d, --domain <domain>', 'Custom domain')
+  .option('--e2e', 'Enable end-to-end encryption')
   .option('--json', 'Output in JSON format (for CI/CD automation)')
   .action(tunnelCommand.start);
 
@@ -143,6 +145,15 @@ program
   .option('--tls', 'Enable TLS for ingress')
   .action(tunnelCommand.configureIngress);
 
+// Serve command - file sharing
+program
+  .command('serve')
+  .description('Share a directory over the internet')
+  .argument('[directory]', 'Directory to serve (default: current directory)', '.')
+  .option('-p, --port <port>', 'Local port for file server', '8000')
+  .option('-s, --subdomain <subdomain>', 'Custom subdomain')
+  .action(serveCommand.serve);
+
 // IP Whitelist commands
 program
   .command('tunnel:ip-whitelist:add')

package/commands/serve.js

@@ -0,0 +1,569 @@
+const chalk = require('chalk');
+const ora = require('ora');
+const path = require('path');
+const fs = require('fs');
+const http = require('http');
+const url = require('url');
+const mime = require('mime-types');
+const api = require('../utils/api');
+const config = require('../utils/config');
+
+// File server for serving static files
+class FileServer {
+  constructor(directory, port) {
+    this.directory = path.resolve(directory);
+    this.port = port;
+    this.server = null;
+  }
+
+  start() {
+    return new Promise((resolve, reject) => {
+      this.server = http.createServer((req, res) => {
+        this.handleRequest(req, res);
+      });
+
+      this.server.on('error', (err) => {
+        if (err.code === 'EADDRINUSE') {
+          reject(new Error(`Port ${this.port} is already in use`));
+        } else {
+          reject(err);
+        }
+      });
+
+      this.server.listen(this.port, () => {
+        resolve();
+      });
+    });
+  }
+
+  handleRequest(req, res) {
+    const parsedUrl = url.parse(req.url, true);
+    let pathname = decodeURIComponent(parsedUrl.pathname);
+    
+    // Prevent directory traversal
+    pathname = pathname.replace(/\.\./g, '');
+    
+    let filePath = path.join(this.directory, pathname);
+
+    // Check if path exists
+    fs.stat(filePath, (err, stats) => {
+      if (err) {
+        if (err.code === 'ENOENT') {
+          res.writeHead(404, { 'Content-Type': 'text/html' });
+          res.end(this.generate404Page(pathname));
+        } else {
+          res.writeHead(500, { 'Content-Type': 'text/plain' });
+          res.end('Internal Server Error');
+        }
+        return;
+      }
+
+      if (stats.isDirectory()) {
+        // Check for index.html
+        const indexPath = path.join(filePath, 'index.html');
+        if (fs.existsSync(indexPath)) {
+          this.serveFile(indexPath, res);
+        } else {
+          // Generate directory listing
+          this.serveDirectoryListing(filePath, pathname, res);
+        }
+      } else {
+        this.serveFile(filePath, res);
+      }
+    });
+  }
+
+  serveFile(filePath, res) {
+    const ext = path.extname(filePath).toLowerCase();
+    // Handle JSX/TSX files as JavaScript for development
+    let contentType;
+    if (ext === '.jsx' || ext === '.tsx') {
+      contentType = 'application/javascript';
+    } else if (ext === '.ts') {
+      contentType = 'application/javascript';
+    } else {
+      contentType = mime.lookup(ext) || 'application/octet-stream';
+    }
+
+    fs.readFile(filePath, (err, data) => {
+      if (err) {
+        res.writeHead(500, { 'Content-Type': 'text/plain' });
+        res.end('Error reading file');
+        return;
+      }
+
+      const stats = fs.statSync(filePath);
+      res.writeHead(200, {
+        'Content-Type': contentType,
+        'Content-Length': stats.size,
+        'Cache-Control': 'no-cache',
+        'Access-Control-Allow-Origin': '*'
+      });
+      res.end(data);
+    });
+  }
+
+  serveDirectoryListing(dirPath, urlPath, res) {
+    fs.readdir(dirPath, { withFileTypes: true }, (err, entries) => {
+      if (err) {
+        res.writeHead(500, { 'Content-Type': 'text/plain' });
+        res.end('Error reading directory');
+        return;
+      }
+
+      const html = this.generateDirectoryHTML(entries, urlPath, dirPath);
+      res.writeHead(200, { 
+        'Content-Type': 'text/html',
+        'Cache-Control': 'no-cache'
+      });
+      res.end(html);
+    });
+  }
+
+  generateDirectoryHTML(entries, urlPath, dirPath) {
+    const normalizedPath = urlPath.endsWith('/') ? urlPath : urlPath + '/';
+    
+    let items = entries.map(entry => {
+      const isDir = entry.isDirectory();
+      const name = entry.name;
+      const href = normalizedPath + encodeURIComponent(name) + (isDir ? '/' : '');
+      const icon = isDir ? '📁' : this.getFileIcon(name);
+      const stats = fs.statSync(path.join(dirPath, name));
+      const size = isDir ? '-' : this.formatSize(stats.size);
+      const modified = stats.mtime.toLocaleString();
+      
+      return `
+        <tr>
+          <td class="icon">${icon}</td>
+          <td class="name"><a href="${href}">${name}${isDir ? '/' : ''}</a></td>
+          <td class="size">${size}</td>
+          <td class="modified">${modified}</td>
+        </tr>
+      `;
+    }).join('');
+
+    // Add parent directory link if not at root
+    if (urlPath !== '/' && urlPath !== '') {
+      const parentPath = path.dirname(urlPath) || '/';
+      items = `
+        <tr>
+          <td class="icon">📂</td>
+          <td class="name"><a href="${parentPath}">..</a></td>
+          <td class="size">-</td>
+          <td class="modified">-</td>
+        </tr>
+      ` + items;
+    }
+
+    return `
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Index of ${urlPath || '/'}</title>
+  <style>
+    * { box-sizing: border-box; margin: 0; padding: 0; }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      background: linear-gradient(135deg, #1a1a2e 0%, #16213e 100%);
+      color: #e4e4e7;
+      min-height: 100vh;
+      padding: 2rem;
+    }
+    .container {
+      max-width: 1000px;
+      margin: 0 auto;
+    }
+    h1 {
+      font-size: 1.5rem;
+      margin-bottom: 1.5rem;
+      color: #a78bfa;
+    }
+    .path {
+      color: #94a3b8;
+      font-family: monospace;
+    }
+    table {
+      width: 100%;
+      border-collapse: collapse;
+      background: rgba(255,255,255,0.05);
+      border-radius: 0.5rem;
+      overflow: hidden;
+    }
+    th, td {
+      padding: 0.75rem 1rem;
+      text-align: left;
+      border-bottom: 1px solid rgba(255,255,255,0.1);
+    }
+    th {
+      background: rgba(255,255,255,0.1);
+      font-weight: 600;
+      color: #94a3b8;
+      font-size: 0.875rem;
+    }
+    tr:hover {
+      background: rgba(255,255,255,0.05);
+    }
+    a {
+      color: #60a5fa;
+      text-decoration: none;
+    }
+    a:hover {
+      text-decoration: underline;
+    }
+    .icon { width: 40px; text-align: center; }
+    .size { width: 100px; color: #94a3b8; font-size: 0.875rem; }
+    .modified { color: #94a3b8; font-size: 0.875rem; }
+    .footer {
+      margin-top: 2rem;
+      text-align: center;
+      color: #64748b;
+      font-size: 0.875rem;
+    }
+    .footer a { color: #a78bfa; }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <h1>📂 Index of <span class="path">${urlPath || '/'}</span></h1>
+    <table>
+      <thead>
+        <tr>
+          <th></th>
+          <th>Name</th>
+          <th>Size</th>
+          <th>Modified</th>
+        </tr>
+      </thead>
+      <tbody>
+        ${items}
+      </tbody>
+    </table>
+    <div class="footer">
+      Served by <a href="https://tunnelapi.in">TunnelAPI</a> File Server
+    </div>
+  </div>
+</body>
+</html>
+    `;
+  }
+
+  generate404Page(pathname) {
+    return `
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="UTF-8">
+  <title>404 Not Found</title>
+  <style>
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      background: linear-gradient(135deg, #1a1a2e 0%, #16213e 100%);
+      color: #e4e4e7;
+      min-height: 100vh;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      text-align: center;
+    }
+    h1 { font-size: 4rem; color: #ef4444; }
+    p { color: #94a3b8; margin-top: 1rem; }
+    a { color: #60a5fa; }
+  </style>
+</head>
+<body>
+  <div>
+    <h1>404</h1>
+    <p>File not found: ${pathname}</p>
+    <p><a href="/">← Back to root</a></p>
+  </div>
+</body>
+</html>
+    `;
+  }
+
+  getFileIcon(filename) {
+    const ext = path.extname(filename).toLowerCase();
+    const icons = {
+      '.html': '🌐', '.htm': '🌐',
+      '.css': '🎨',
+      '.js': '📜', '.ts': '📜', '.jsx': '📜', '.tsx': '📜',
+      '.json': '📋',
+      '.md': '📝', '.txt': '📝',
+      '.png': '🖼️', '.jpg': '🖼️', '.jpeg': '🖼️', '.gif': '🖼️', '.svg': '🖼️', '.webp': '🖼️',
+      '.pdf': '📕',
+      '.zip': '📦', '.tar': '📦', '.gz': '📦', '.rar': '📦',
+      '.mp3': '🎵', '.wav': '🎵', '.ogg': '🎵',
+      '.mp4': '🎬', '.webm': '🎬', '.avi': '🎬', '.mov': '🎬',
+      '.py': '🐍',
+      '.go': '🐹',
+      '.rs': '🦀',
+      '.java': '☕',
+      '.rb': '💎',
+      '.php': '🐘',
+      '.sh': '🖥️', '.bash': '🖥️',
+      '.yml': '⚙️', '.yaml': '⚙️',
+      '.xml': '📰',
+      '.sql': '🗃️',
+      '.env': '🔐',
+    };
+    return icons[ext] || '📄';
+  }
+
+  formatSize(bytes) {
+    if (bytes === 0) return '0 B';
+    const k = 1024;
+    const sizes = ['B', 'KB', 'MB', 'GB'];
+    const i = Math.floor(Math.log(bytes) / Math.log(k));
+    return parseFloat((bytes / Math.pow(k, i)).toFixed(1)) + ' ' + sizes[i];
+  }
+
+  stop() {
+    return new Promise((resolve) => {
+      if (this.server) {
+        this.server.close(() => resolve());
+      } else {
+        resolve();
+      }
+    });
+  }
+}
+
+// Serve command - share a directory over the internet
+async function serve(directory, options) {
+  const dir = directory || '.';
+  const port = parseInt(options.port) || 8000;
+  const subdomain = options.subdomain;
+
+  // Validate directory exists
+  const resolvedDir = path.resolve(dir);
+  if (!fs.existsSync(resolvedDir)) {
+    console.error(chalk.red(`\n✗ Directory not found: ${resolvedDir}\n`));
+    process.exit(1);
+  }
+
+  if (!fs.statSync(resolvedDir).isDirectory()) {
+    console.error(chalk.red(`\n✗ Not a directory: ${resolvedDir}\n`));
+    process.exit(1);
+  }
+
+  console.log(chalk.blue.bold('\n📂 Starting File Server...\n'));
+
+  const spinner = ora('Checking file transfer limits...').start();
+
+  try {
+    // Check file transfer limit before starting
+    const limitCheck = await api.checkFileTransferLimit();
+    if (!limitCheck.allowed) {
+      spinner.fail(chalk.red('File transfer limit reached'));
+      console.error(chalk.red(`\n✗ ${limitCheck.msg}\n`));
+      console.log(chalk.yellow('💡 Upgrade your plan at https://tunnelapi.in/pricing to get more transfer quota.\n'));
+      process.exit(1);
+    }
+
+    // Show remaining quota
+    if (limitCheck.limitMB) {
+      spinner.succeed(chalk.green(`Transfer quota: ${limitCheck.usedMB} MB / ${limitCheck.limitMB} MB used (${limitCheck.remainingMB} MB remaining)`));
+    } else {
+      spinner.succeed(chalk.green('Transfer quota: Unlimited'));
+    }
+
+    spinner.start('Starting local file server...');
+    
+    // Start local file server
+    const fileServer = new FileServer(resolvedDir, port);
+    await fileServer.start();
+    spinner.succeed(chalk.green(`Local file server running on port ${port}`));
+
+    // Create tunnel
+    spinner.start('Creating tunnel...');
+    
+    const tunnelData = {
+      name: subdomain || `file-server-${Date.now()}`,
+      subdomain: subdomain,
+      localPort: port,
+      protocol: 'http'
+    };
+
+    const response = await api.createTunnel(tunnelData);
+    const tunnel = response.tunnel;
+
+    spinner.succeed(chalk.green('Tunnel created successfully!'));
+
+    // Display info
+    console.log(chalk.gray('\n┌─────────────────────────────────────────────────────────┐'));
+    console.log(chalk.gray('│') + chalk.white.bold('  File Server Information                                ') + chalk.gray('│'));
+    console.log(chalk.gray('├─────────────────────────────────────────────────────────┤'));
+    console.log(chalk.gray('│') + chalk.gray('  Directory:   ') + chalk.white(resolvedDir.substring(0, 40).padEnd(40)) + chalk.gray('│'));
+    console.log(chalk.gray('│') + chalk.gray('  Local Port:  ') + chalk.white(String(port).padEnd(40)) + chalk.gray('│'));
+    console.log(chalk.gray('│') + chalk.gray('  Public URL:  ') + chalk.cyan(tunnel.publicUrl.padEnd(40)) + chalk.gray('│'));
+    console.log(chalk.gray('└─────────────────────────────────────────────────────────┘\n'));
+
+    // Display QR code
+    const qrcode = require('qrcode-terminal');
+    console.log(chalk.yellow.bold('📱 Scan QR Code to access on mobile:\n'));
+    qrcode.generate(tunnel.publicUrl, { small: true }, (qr) => {
+      console.log(qr);
+    });
+
+    console.log(chalk.gray('\nPress Ctrl+C to stop serving files\n'));
+
+    // Connect tunnel client
+    const tunnelCommand = require('./tunnel');
+    // We need to connect the tunnel client to forward requests
+    await connectFileTunnel(tunnel.id || tunnel._id, tunnel.subdomain, port);
+
+    // Handle shutdown
+    process.on('SIGINT', async () => {
+      console.log(chalk.yellow('\n\n🛑 Stopping file server...'));
+      await fileServer.stop();
+      try {
+        await api.deleteTunnel(tunnel.id || tunnel._id);
+      } catch (e) {
+        // Ignore errors on cleanup
+      }
+      console.log(chalk.green('File server stopped.\n'));
+      process.exit(0);
+    });
+
+  } catch (error) {
+    spinner.fail(chalk.red('Failed to start file server'));
+    console.error(chalk.red(`\n✗ ${error.response?.data?.msg || error.message}\n`));
+    process.exit(1);
+  }
+}
+
+// Connect tunnel client for file serving
+async function connectFileTunnel(tunnelId, subdomain, localPort) {
+  const WebSocket = require('ws');
+  const axios = require('axios');
+  
+  const tunnelServerUrl = config.get('tunnelServerUrl') || 'wss://tunnel.tunnelapi.in';
+  const token = api.getToken();
+  const userId = config.get('userId');
+
+  const ws = new WebSocket(tunnelServerUrl);
+
+  ws.on('open', () => {
+    console.log(chalk.green('✓ Connected to tunnel server'));
+    
+    ws.send(JSON.stringify({
+      type: 'register',
+      tunnelId,
+      subdomain,
+      localPort,
+      protocol: 'http',
+      authToken: token,
+      userId
+    }));
+
+    // Heartbeat
+    setInterval(() => {
+      if (ws.readyState === WebSocket.OPEN) {
+        ws.send(JSON.stringify({ type: 'heartbeat', tunnelId, subdomain }));
+      }
+    }, 30000);
+  });
+
+  // Track total bytes transferred
+  let totalBytesTransferred = 0;
+  let limitReached = false;
+
+  ws.on('message', async (data) => {
+    const message = JSON.parse(data.toString());
+
+    if (message.type === 'registered') {
+      console.log(chalk.green.bold('\n🎉 File Server is now publicly accessible!\n'));
+      console.log(chalk.white('Share this URL:'));
+      console.log(chalk.cyan.bold(`   ${message.publicUrl}\n`));
+    } else if (message.type === 'request') {
+      const timestamp = new Date().toLocaleTimeString();
+      
+      // Check if limit was reached
+      if (limitReached) {
+        console.log(chalk.red(`[${timestamp}]`), chalk.red('BLOCKED'), chalk.white(message.path), chalk.red('- Transfer limit reached'));
+        ws.send(JSON.stringify({
+          type: 'response',
+          requestId: message.requestId,
+          statusCode: 429,
+          headers: { 'content-type': 'application/json' },
+          body: Buffer.from(JSON.stringify({ 
+            error: 'Monthly file transfer limit reached',
+            message: 'Upgrade your plan at https://tunnelapi.in/pricing for more transfer quota.'
+          })).toString('base64'),
+          encoding: 'base64'
+        }));
+        return;
+      }
+
+      console.log(chalk.gray(`[${timestamp}]`), chalk.blue(message.method), chalk.white(message.path));
+      
+      try {
+        const localUrl = `http://localhost:${localPort}${message.path}`;
+        
+        const response = await axios({
+          method: message.method.toLowerCase(),
+          url: localUrl,
+          headers: { ...message.headers, host: `localhost:${localPort}` },
+          data: message.body,
+          validateStatus: () => true,
+          responseType: 'arraybuffer',
+          maxRedirects: 0,
+          timeout: 30000
+        });
+
+        const cleanHeaders = { ...response.headers };
+        delete cleanHeaders['transfer-encoding'];
+        delete cleanHeaders['connection'];
+
+        const responseData = Buffer.from(response.data);
+        const bodyBase64 = responseData.toString('base64');
+        const bytesTransferred = responseData.length;
+
+        // Track file transfer usage
+        try {
+          await api.trackFileTransfer(userId, bytesTransferred);
+          totalBytesTransferred += bytesTransferred;
+        } catch (trackError) {
+          if (trackError.response?.data?.limitReached) {
+            limitReached = true;
+            console.log(chalk.red.bold('\n⚠️  Monthly file transfer limit reached!'));
+            console.log(chalk.yellow('💡 Upgrade your plan at https://tunnelapi.in/pricing for more transfer quota.\n'));
+          }
+        }
+
+        ws.send(JSON.stringify({
+          type: 'response',
+          requestId: message.requestId,
+          statusCode: response.status,
+          headers: cleanHeaders,
+          body: bodyBase64,
+          encoding: 'base64'
+        }));
+      } catch (error) {
+        console.error(chalk.red(`Error: ${error.message}`));
+        ws.send(JSON.stringify({
+          type: 'response',
+          requestId: message.requestId,
+          statusCode: 502,
+          headers: { 'content-type': 'application/json' },
+          body: Buffer.from(JSON.stringify({ error: 'File server error' })).toString('base64'),
+          encoding: 'base64'
+        }));
+      }
+    }
+  });
+
+  ws.on('error', (error) => {
+    console.error(chalk.red(`WebSocket error: ${error.message}`));
+  });
+
+  ws.on('close', () => {
+    console.log(chalk.yellow('Tunnel connection closed'));
+  });
+}
+
+module.exports = {
+  serve
+};

package/commands/tunnel.js

@@ -4,12 +4,21 @@ const WebSocket = require('ws');
 const Table = require('cli-table3');
 const axios = require('axios');
 const net = require('net');
+const qrcode = require('qrcode-terminal');
 const api = require('../utils/api');
 const config = require('../utils/config');
 
 // Track TCP connections for SSH/TCP tunnels
 const tcpConnections = new Map();
 
+// Generate and display QR code for URL
+function displayQRCode(url, small = true) {
+  console.log(chalk.yellow.bold('\n📱 Scan QR Code to access on mobile:\n'));
+  qrcode.generate(url, { small }, (qr) => {
+    console.log(qr);
+  });
+}
+
 // Start tunnel
 async function start(port, options) {
   const jsonOutput = options.json || false;
@@ -157,6 +166,9 @@ async function connectTunnelClient(tunnelId, subdomain, localPort, protocol = 'h
             console.log(chalk.gray('SSH with Key (passwordless):'));
             console.log(chalk.cyan(`   ssh -i ~/.ssh/your_key.pem -o ProxyCommand="echo 'SUBDOMAIN:${subdomain}' | nc %h %p" user@${message.tcpHost} -p ${message.tcpPort}\n`));
           }
+        } else {
+          // Display QR code for HTTP/HTTPS tunnels (not for TCP/SSH)
+          displayQRCode(message.publicUrl);
         }
         
         console.log(chalk.gray('Press Ctrl+C to stop the tunnel\n'));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "api-response-manager",
-  "version": "2.5.4",
+  "version": "2.6.0",
   "description": "Command-line interface for API Response Manager",
   "main": "index.js",
   "bin": {
@@ -62,8 +62,10 @@
     "conf": "^10.2.0",
     "dotenv": "^16.3.1",
     "inquirer": "^8.2.5",
+    "mime-types": "^3.0.2",
     "open": "^8.4.0",
     "ora": "^5.4.1",
+    "qrcode-terminal": "^0.12.0",
     "update-notifier": "^6.0.2",
     "ws": "^8.14.2"
   },

package/utils/api.js

@@ -109,6 +109,17 @@ class APIClient {
     return response.data;
   }
 
+  // File Transfer
+  async checkFileTransferLimit() {
+    const response = await this.client.get('/tunnels/file-transfer/check');
+    return response.data;
+  }
+
+  async trackFileTransfer(userId, bytes) {
+    const response = await this.client.post('/tunnels/file-transfer/track', { userId, bytes });
+    return response.data;
+  }
+
   // Webhooks
   async createWebhook(data) {
     const response = await this.client.post('/webhooks', data);

package/utils/e2eEncryption.js

@@ -0,0 +1,162 @@
+const crypto = require('crypto');
+
+class E2EEncryptionClient {
+  constructor() {
+    this.algorithm = 'aes-256-gcm';
+    this.keyLength = 32;
+    this.ivLength = 16;
+    this.authTagLength = 16;
+    this.ecdh = null;
+    this.publicKey = null;
+    this.privateKey = null;
+    this.sharedSecret = null;
+    this.serverPublicKey = null;
+  }
+
+  // Initialize client-side encryption
+  initialize() {
+    this.ecdh = crypto.createECDH('secp256k1');
+    this.ecdh.generateKeys();
+    this.publicKey = this.ecdh.getPublicKey('base64');
+    this.privateKey = this.ecdh.getPrivateKey('base64');
+    return this.publicKey;
+  }
+
+  // Set server public key and compute shared secret
+  setServerPublicKey(serverPublicKey) {
+    this.serverPublicKey = serverPublicKey;
+    const publicKeyBuffer = Buffer.from(serverPublicKey, 'base64');
+    const sharedSecret = this.ecdh.computeSecret(publicKeyBuffer);
+    this.sharedSecret = crypto.createHash('sha256').update(sharedSecret).digest();
+    return true;
+  }
+
+  // Check if E2E is ready
+  isReady() {
+    return this.sharedSecret !== null;
+  }
+
+  // Get client public key
+  getPublicKey() {
+    return this.publicKey;
+  }
+
+  // Encrypt data
+  encrypt(plaintext) {
+    if (!this.sharedSecret) {
+      throw new Error('E2E encryption not initialized');
+    }
+
+    const iv = crypto.randomBytes(this.ivLength);
+    const cipher = crypto.createCipheriv(this.algorithm, this.sharedSecret, iv, {
+      authTagLength: this.authTagLength
+    });
+
+    let encrypted = cipher.update(plaintext, 'utf8', 'base64');
+    encrypted += cipher.final('base64');
+    const authTag = cipher.getAuthTag();
+
+    return {
+      encrypted,
+      iv: iv.toString('base64'),
+      authTag: authTag.toString('base64')
+    };
+  }
+
+  // Decrypt data
+  decrypt(encryptedData) {
+    if (!this.sharedSecret) {
+      throw new Error('E2E encryption not initialized');
+    }
+
+    const { encrypted, iv, authTag } = encryptedData;
+    const ivBuffer = Buffer.from(iv, 'base64');
+    const authTagBuffer = Buffer.from(authTag, 'base64');
+
+    const decipher = crypto.createDecipheriv(this.algorithm, this.sharedSecret, ivBuffer, {
+      authTagLength: this.authTagLength
+    });
+    decipher.setAuthTag(authTagBuffer);
+
+    let decrypted = decipher.update(encrypted, 'base64', 'utf8');
+    decrypted += decipher.final('utf8');
+
+    return decrypted;
+  }
+
+  // Encrypt binary data
+  encryptBinary(buffer) {
+    if (!this.sharedSecret) {
+      throw new Error('E2E encryption not initialized');
+    }
+
+    const iv = crypto.randomBytes(this.ivLength);
+    const cipher = crypto.createCipheriv(this.algorithm, this.sharedSecret, iv, {
+      authTagLength: this.authTagLength
+    });
+
+    const encrypted = Buffer.concat([cipher.update(buffer), cipher.final()]);
+    const authTag = cipher.getAuthTag();
+
+    return {
+      encrypted: encrypted.toString('base64'),
+      iv: iv.toString('base64'),
+      authTag: authTag.toString('base64')
+    };
+  }
+
+  // Decrypt binary data
+  decryptBinary(encryptedData) {
+    if (!this.sharedSecret) {
+      throw new Error('E2E encryption not initialized');
+    }
+
+    const { encrypted, iv, authTag } = encryptedData;
+    const encryptedBuffer = Buffer.from(encrypted, 'base64');
+    const ivBuffer = Buffer.from(iv, 'base64');
+    const authTagBuffer = Buffer.from(authTag, 'base64');
+
+    const decipher = crypto.createDecipheriv(this.algorithm, this.sharedSecret, ivBuffer, {
+      authTagLength: this.authTagLength
+    });
+    decipher.setAuthTag(authTagBuffer);
+
+    return Buffer.concat([decipher.update(encryptedBuffer), decipher.final()]);
+  }
+
+  // Encrypt a message object
+  encryptMessage(message) {
+    if (!this.isReady()) {
+      return message;
+    }
+
+    const plaintext = JSON.stringify(message);
+    const encrypted = this.encrypt(plaintext);
+
+    return {
+      type: 'e2e-encrypted',
+      payload: encrypted
+    };
+  }
+
+  // Decrypt a message object
+  decryptMessage(encryptedMessage) {
+    if (encryptedMessage.type !== 'e2e-encrypted') {
+      return encryptedMessage;
+    }
+
+    const decrypted = this.decrypt(encryptedMessage.payload);
+    return JSON.parse(decrypted);
+  }
+
+  // Reset encryption state
+  reset() {
+    this.ecdh = null;
+    this.publicKey = null;
+    this.privateKey = null;
+    this.sharedSecret = null;
+    this.serverPublicKey = null;
+  }
+}
+
+module.exports = E2EEncryptionClient;