From 49d398464037edd93f93a0d6a7abf55aa46debd6 Mon Sep 17 00:00:00 2001
From: Bas van den Aakster <bvdaakster@gmail.com>
Date: Sat, 22 Nov 2025 23:19:07 +0100
Subject: [PATCH] Remove custom peer ID feature for security
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Always generate cryptographically random 128-bit peer IDs to prevent peer ID hijacking vulnerability. This ensures peer IDs are secure through collision resistance rather than relying on expiration-based protection.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 package.json   |  2 +-
 src/auth.ts    | 13 ++++---------
 src/rondevu.ts |  6 +++---
 3 files changed, 8 insertions(+), 13 deletions(-)

diff --git a/package.json b/package.json
index 107308a..cfb213a 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@xtr-dev/rondevu-client",
-  "version": "0.7.11",
+  "version": "0.7.12",
   "description": "TypeScript client for Rondevu topic-based peer discovery and signaling server",
   "type": "module",
   "main": "dist/index.js",
diff --git a/src/auth.ts b/src/auth.ts
index 10e1d3c..8fc5c33 100644
--- a/src/auth.ts
+++ b/src/auth.ts
@@ -29,21 +29,16 @@ export class RondevuAuth {
 
   /**
    * Register a new peer and receive credentials
-   * @param customPeerId - Optional custom peer ID (1-128 characters). If not provided, a random ID will be generated.
-   * @throws Error if registration fails (e.g., peer ID already in use)
+   * Generates a cryptographically random peer ID (128-bit)
+   * @throws Error if registration fails
    */
-  async register(customPeerId?: string): Promise<Credentials> {
-    const body: { peerId?: string } = {};
-    if (customPeerId !== undefined) {
-      body.peerId = customPeerId;
-    }
-
+  async register(): Promise<Credentials> {
     const response = await this.fetchFn(`${this.baseUrl}/register`, {
       method: 'POST',
       headers: {
         'Content-Type': 'application/json',
       },
-      body: JSON.stringify(body),
+      body: JSON.stringify({}),
     });
 
     if (!response.ok) {
diff --git a/src/rondevu.ts b/src/rondevu.ts
index 0428e26..6f30a93 100644
--- a/src/rondevu.ts
+++ b/src/rondevu.ts
@@ -100,10 +100,10 @@ export class Rondevu {
 
   /**
    * Register and initialize authenticated client
-   * @param customPeerId - Optional custom peer ID (1-128 characters). If not provided, a random ID will be generated.
+   * Generates a cryptographically random peer ID (128-bit)
    */
-  async register(customPeerId?: string): Promise<Credentials> {
-    this.credentials = await this.auth.register(customPeerId);
+  async register(): Promise<Credentials> {
+    this.credentials = await this.auth.register();
 
     // Create offers API instance
     this._offers = new RondevuOffers(