xtr.dev/rondevu-client
1
0
Fork 0
mirror of https://github.com/xtr-dev/rondevu-client.git synced 2025-12-10 02:43:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove custom peer ID feature for security

Browse Source 
Always generate cryptographically random 128-bit peer IDs to prevent peer ID hijacking vulnerability. This ensures peer IDs are secure through collision resistance rather than relying on expiration-based protection.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Bas van den Aakster
2025-11-22 23:19:07 +01:00
parent 6057c3c582
commit 49d3984640
3 changed files with 8 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@@ -1,6 +1,6 @@
{ {
"name": "@xtr-dev/rondevu-client", "name": "@xtr-dev/rondevu-client",
"version": "0.7.11", "version": "0.7.12",
"description": "TypeScript client for Rondevu topic-based peer discovery and signaling server", "description": "TypeScript client for Rondevu topic-based peer discovery and signaling server",
"type": "module", "type": "module",
"main": "dist/index.js", "main": "dist/index.js",

13
src/auth.ts
View File

@@ -29,21 +29,16 @@ export class RondevuAuth {
/** /**
* Register a new peer and receive credentials * Register a new peer and receive credentials
* @param customPeerId - Optional custom peer ID (1-128 characters). If not provided, a random ID will be generated. * Generates a cryptographically random peer ID (128-bit)
* @throws Error if registration fails (e.g., peer ID already in use) * @throws Error if registration fails
*/ */
async register(customPeerId?: string): Promise<Credentials> { async register(): Promise<Credentials> {
const body: { peerId?: string } = {};
if (customPeerId !== undefined) {
body.peerId = customPeerId;
}
const response = await this.fetchFn(`${this.baseUrl}/register`, { const response = await this.fetchFn(`${this.baseUrl}/register`, {
method: 'POST', method: 'POST',
headers: { headers: {
'Content-Type': 'application/json', 'Content-Type': 'application/json',
}, },
body: JSON.stringify(body), body: JSON.stringify({}),
}); });
if (!response.ok) { if (!response.ok) {

6
src/rondevu.ts
View File

@@ -100,10 +100,10 @@ export class Rondevu {
/** /**
* Register and initialize authenticated client * Register and initialize authenticated client
* @param customPeerId - Optional custom peer ID (1-128 characters). If not provided, a random ID will be generated. * Generates a cryptographically random peer ID (128-bit)
*/ */
async register(customPeerId?: string): Promise<Credentials> { async register(): Promise<Credentials> {
this.credentials = await this.auth.register(customPeerId); this.credentials = await this.auth.register();
// Create offers API instance // Create offers API instance
this._offers = new RondevuOffers( this._offers = new RondevuOffers(