xtr.dev/rondevu-server
1
0
Fork 0
mirror of https://github.com/xtr-dev/rondevu-server.git synced 2025-12-10 10:53:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: xtr.dev:v0.1.4
Branches Tags
xtr.dev:main
xtr.dev:v0.1.4 xtr.dev:v0.1.3 xtr.dev:v0.1.2 xtr.dev:webrtc-works
...
compare: xtr.dev:08e1433088ecd3d2ed0b03a5505701cf1e7211dc
Branches Tags
xtr.dev:main
xtr.dev:v0.1.4 xtr.dev:v0.1.3 xtr.dev:v0.1.2 xtr.dev:webrtc-works

2 Commits
v0.1.4 ... 08e1433088

Author SHA1 Message Date
Bas van den Aakster
08e1433088 Update README: Remove custom peer ID documentation 
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-22 23:23:09 +01:00
Bas van den Aakster
70d018c666 Remove custom peer ID feature for security 
Always generate cryptographically random 128-bit peer IDs to prevent peer ID hijacking vulnerability. This ensures peer IDs are secure through collision resistance rather than relying on expiration-based protection.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-22 23:19:16 +01:00
3 changed files with 5 additions and 39 deletions
Expand all files Collapse all files

11
README.md
View File

@@ -53,16 +53,7 @@ Health check endpoint with version
#### `POST /register` #### `POST /register`
Register a new peer and receive credentials (peerId + secret) Register a new peer and receive credentials (peerId + secret)
**Request (optional):** Generates a cryptographically random 128-bit peer ID.
```json
{
"peerId": "my-custom-peer-id"
}
```
**Notes:**
- `peerId` (optional): Custom peer ID (1-128 characters). If not provided, a random ID will be generated.
- Returns 409 Conflict if the custom peer ID is already in use.
**Response:** **Response:**
```json ```json

2
package.json
View File

@@ -1,6 +1,6 @@
{ {
"name": "@xtr-dev/rondevu-server", "name": "@xtr-dev/rondevu-server",
"version": "0.1.4", "version": "0.1.5",
"description": "Topic-based peer discovery and signaling server for distributed P2P applications", "description": "Topic-based peer discovery and signaling server for distributed P2P applications",
"main": "dist/index.js", "main": "dist/index.js",
"scripts": { "scripts": {

31
src/app.ts
View File

@@ -64,37 +64,12 @@ export function createApp(storage: Storage, config: Config) {
/** /**
* POST /register * POST /register
* Register a new peer and receive credentials * Register a new peer and receive credentials
* Accepts optional peerId in request body for custom peer IDs * Generates a cryptographically random peer ID (128-bit)
*/ */
app.post('/register', async (c) => { app.post('/register', async (c) => {
try { try {
let peerId: string; // Always generate a random peer ID
const peerId = generatePeerId();
// Check if custom peer ID is provided
const body = await c.req.json().catch(() => ({}));
const customPeerId = body.peerId;
if (customPeerId !== undefined) {
// Validate custom peer ID
if (typeof customPeerId !== 'string' || customPeerId.length === 0) {
return c.json({ error: 'Peer ID must be a non-empty string' }, 400);
}
if (customPeerId.length > 128) {
return c.json({ error: 'Peer ID must be 128 characters or less' }, 400);
}
// Check if peer ID is already in use by checking for active offers
const existingOffers = await storage.getOffersByPeerId(customPeerId);
if (existingOffers.length > 0) {
return c.json({ error: 'Peer ID is already in use' }, 409);
}
peerId = customPeerId;
} else {
// Generate new peer ID
peerId = generatePeerId();
}
// Encrypt peer ID with server secret (async operation) // Encrypt peer ID with server secret (async operation)
const secret = await encryptPeerId(peerId, config.authSecret); const secret = await encryptPeerId(peerId, config.authSecret);