xtr.dev/rondevu-client
1
0
Fork 0
mirror of https://github.com/xtr-dev/rondevu-client.git synced 2025-12-10 10:53:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove custom peer ID feature for security

Browse Source 
Always generate cryptographically random 128-bit peer IDs to prevent peer ID hijacking vulnerability. This ensures peer IDs are secure through collision resistance rather than relying on expiration-based protection.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Bas van den Aakster
2025-11-22 23:19:07 +01:00
parent 6057c3c582
commit 49d3984640
3 changed files with 8 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@@ -1,6 +1,6 @@
{
"name": "@xtr-dev/rondevu-client",
"version": "0.7.11",
"version": "0.7.12",
"description": "TypeScript client for Rondevu topic-based peer discovery and signaling server",
"type": "module",
"main": "dist/index.js",

13
src/auth.ts
View File

@@ -29,21 +29,16 @@ export class RondevuAuth {
/**
* Register a new peer and receive credentials
* @param customPeerId - Optional custom peer ID (1-128 characters). If not provided, a random ID will be generated.
* @throws Error if registration fails (e.g., peer ID already in use)
* Generates a cryptographically random peer ID (128-bit)
* @throws Error if registration fails
*/
async register(customPeerId?: string): Promise<Credentials> {
const body: { peerId?: string } = {};
if (customPeerId !== undefined) {
body.peerId = customPeerId;
}
async register(): Promise<Credentials> {
const response = await this.fetchFn(`${this.baseUrl}/register`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify(body),
body: JSON.stringify({}),
});
if (!response.ok) {

6
src/rondevu.ts
View File

@@ -100,10 +100,10 @@ export class Rondevu {
/**
* Register and initialize authenticated client
* @param customPeerId - Optional custom peer ID (1-128 characters). If not provided, a random ID will be generated.
* Generates a cryptographically random peer ID (128-bit)
*/
async register(customPeerId?: string): Promise<Credentials> {
this.credentials = await this.auth.register(customPeerId);
async register(): Promise<Credentials> {
this.credentials = await this.auth.register();
// Create offers API instance
this._offers = new RondevuOffers(