Name: secret-stack
Owner: Secure Scuttlebutt Consortium
Description: connect peers to each other using secret-handshakes
Created: 2015-07-23 20:48:58.0
Updated: 2018-05-04 19:01:20.0
Pushed: 2018-05-04 19:01:18.0
Homepage: null
Size: 116
Language: JavaScript
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
create secure peer to peer networks using secret-handshakes.
SecretStack is built on secret-handshake and muxrpc. This provides a framework to make building secure, decentralized systems easier. (such as scuttlebot which this was refactored out of ;)
SecretStack = require('secret-stack')
createApp = SecretStack({
pKey: appKey //32 random bytes
({
plugin
name of the plugin, this is where it will be "mounted"
me: 'foo',
muxrpc manifest
nifest: {
bar: 'async'
permissions will be merged into the main permissions,
prefixed with the plugin name.
so theirfore this becomes 'foo.bar'.
rmissions: {
anonymous: [
'bar'
]
it: function (api, opts) {
//set up and return some methods...
return {
bar: function (arg, cb) {
//do something async
cb(null, result)
}
}
initialize a new app factory.
opts must have a property appKey
which should
be a high entropy (i.e. random) 32 byte value.
It is fixed for your app. Actors who do not know this value
will not be able to connect to instances of your app.
set up the factory by adding plugins. see the example above.
each plugin init function is called in the order they where
added and it may return an object which is combined into the api.
if plugin.name
is a string, then it's added as api[plugin.name]=plugin.init(api, opts)
else, it's merged with the api object.
Note, each method on the api gets wrapped with hoox so that plugins may intercept that function. So far, the ways i have used this is to manage permissions, for example, to extend the auth method (see below) or to filter the output of a stream.
sometimes you need to create a connection using a different key pair,
and/or to connect without providing access for the remote to your local api.
opts
must have a sodium ed25519 key pair, or a seed
(32 byte random)
value, from which a private key will be generated.
connect
then takes the same arguments as node.connect
create an actual instance! opts must have a keys
property
which is a sodium ed25519 key pair.
get a string representing the address of this node.
it will be ip:port:<base64:pubkey>
.
create a rpc connection to another instance.
Address should be the form returned by getAddress
Query what permissions a given public key is assigned. it's not intended for this to be exposed over the network, but rather to extend this method to create plugable permissions systems.
.auth.hook(function (auth, args) {
r pub = args[0]
r cb = args[1]
call the first auth fn, and then hook the callback.
th(pub, function (err, perms) {
if(err) cb(err)
//optionally set your own perms for this pubkey.
else if(accepted)
cb(null, permissions)
//or if you wish to reject them
else if(rejected)
cb(new Error('reject'))
//fallback to default (the next hook, or the anonymous config, if defined)
else
cb()
MIT