open-chat icon indicating copy to clipboard operation
open-chat copied to clipboard

Published 20 hours ago verified publisher icon open-chat-labs

Enhance peerjs server

Open julianjelfs opened this issue 1 year ago • 1 comments

There are a few potential problems with our peerjs signalling server.

  1. shared service controlled by someone else - this is a vulnerability if not a current problem
  2. The server maps a userId to at most one connection. This does not cover the common case where a user has more than one device open.
  3. Signalling messages are not authenticated in any way which means that in principle it would be possible to fake a webrtc message if you know another user's userId (which is not secret information).

There is potential to fix all three of these problems by forking the peerjs server and modifying it and then hosting it ourselves.

Since this implies multiple webrtc connections to a single peer (on multiple devices) this would also require changes to peerjs client. At which point it might be simpler to switch to simple-peer and use a completely custom signalling server that meets our requirements exactly.

julianjelfs avatar May 12 '23 08:05 julianjelfs