Remove custom peer ID feature for security

Always generate cryptographically random 128-bit peer IDs to prevent peer ID hijacking vulnerability. This ensures peer IDs are secure through collision resistance rather than relying on expiration-based protection. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-10 10:53:24 +00:00 · 2025-11-22 23:19:07 +01:00
parent 6057c3c582
commit 49d3984640
3 changed files with 8 additions and 13 deletions
--- a/src/auth.ts
+++ b/src/auth.ts
@@ -29,21 +29,16 @@ export class RondevuAuth {

  /**
   * Register a new peer and receive credentials
-   * @param customPeerId - Optional custom peer ID (1-128 characters). If not provided, a random ID will be generated.
-   * @throws Error if registration fails (e.g., peer ID already in use)
+   * Generates a cryptographically random peer ID (128-bit)
+   * @throws Error if registration fails
   */
-  async register(customPeerId?: string): Promise<Credentials> {
-    const body: { peerId?: string } = {};
-    if (customPeerId !== undefined) {
-      body.peerId = customPeerId;
-    }
-
+  async register(): Promise<Credentials> {
    const response = await this.fetchFn(`${this.baseUrl}/register`, {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json',
      },
-      body: JSON.stringify(body),
+      body: JSON.stringify({}),
    });

    if (!response.ok) {