@bsv/authsocket
Version:
Mutually Authenticated Web Socket (Server-side)
109 lines • 4.11 kB
TypeScript
import { Server as HttpServer } from 'http';
import { ServerOptions, Socket as IoSocket } from 'socket.io';
import { WalletInterface, Peer, SessionManager } from '@bsv/sdk';
export interface AuthSocketServerOptions extends Partial<ServerOptions> {
wallet: WalletInterface;
requestedCertificates?: any;
sessionManager?: SessionManager;
}
/**
* A server-side wrapper for Socket.IO that integrates BRC-103 mutual authentication
* to ensure secure, identity-aware communication between clients and the server.
*
* This class functions as a drop-in replacement for the `Server` class from Socket.IO,
* with added support for:
* - Automatic BRC-103 handshake for secure client authentication.
* - Management of authenticated client sessions, avoiding redundant handshakes.
* - Event-based communication through signed and verified BRC-103 messages.
*
* Features:
* - Tracks client connections and their associated `Peer` and `AuthSocket` instances.
* - Allows broadcasting messages to all authenticated clients.
* - Provides a seamless API for developers by wrapping Socket.IO functionality.
**/
export declare class AuthSocketServer {
private options;
private realIo;
/**
* Map from socket.id -> peer info
*
* Once we discover the identity key, we store `identityKey`
* for that connection to skip re-handshaking.
*/
private peers;
private connectionCallbacks;
/**
* @param httpServer - The underlying HTTP server
* @param options - Contains both standard Socket.IO server config and BRC-103 config.
*/
constructor(httpServer: HttpServer, options: AuthSocketServerOptions);
/**
* A direct pass-through to `io.on('connection', cb)`,
* but the callback is invoked with an AuthSocket instead.
*/
on(eventName: 'connection', callback: (socket: AuthSocket) => void): void;
/**
* Provide a classic pass-through to `io.emit(...)`.
*
* Under the hood, we sign a separate BRC-103 AuthMessage for each
* authenticated peer. We'll embed eventName + data in the payload.
*/
emit(eventName: string, data: any): void;
/**
* If the developer needs direct access to the underlying raw Socket.IO server,
* we can provide a getter.
*/
private handleNewConnection;
private encodeEventPayload;
}
/**
* A wrapper around a real `IoSocket` used by a server that performs BRC-103
* signing and verification via the Peer class.
*/
export declare class AuthSocket {
readonly ioSocket: IoSocket;
private peer;
/**
* A function the server passes in so we can
* notify it once we discover the peer's identity key.
*/
private onIdentityKeyDiscovered;
private eventCallbacks;
/**
* Current known identity key of the server, if discovered
* (i.e. after the handshake yields a general message or
* or we've forced a getAuthenticatedSession).
*/
private peerIdentityKey?;
constructor(ioSocket: IoSocket, peer: Peer,
/**
* A function the server passes in so we can
* notify it once we discover the peer's identity key.
*/
onIdentityKeyDiscovered: (socketId: string, identityKey: string) => void);
/**
* Register a callback for an event name, just like `socket.on(...)`.
*/
on(eventName: string, callback: (data: any) => void): void;
/**
* Emulate `socket.emit(eventName, data)`.
* We'll sign a BRC-103 `general` message via Peer,
* embedding the event name & data in the payload.
*
* If we do not yet have the peer's identity key (handshake not done?),
* the Peer will attempt the handshake. Once known, subsequent calls
* will pass identityKey to skip the initial handshake.
*/
emit(eventName: string, data: any): Promise<void>;
/**
* The Socket.IO 'id'
*/
get id(): string;
/**
* The client's identity key, if discovered
*/
get identityKey(): string | undefined;
private encodeEventPayload;
private decodeEventPayload;
}
//# sourceMappingURL=AuthSocketServer.d.ts.map