1ae051f066
* chore: update prisma to 6.11 more prisma future proofing due to experimental features * chore: update dependencies twemoji - new unicode update argon2 - bux fixes vue3-carousel - improve mobile experiance vue-tsc - more stable * fix: incorrect prisma version in docker Also remove default value for BUILD_DROP_VERSION, that is now handled in nuxt config * fix: no logging in prod * chore: optimize docker builds even more * fix: revert adoption of prisma driverAdapters see: https://github.com/prisma/prisma/issues/27486 * chore: optimize dockerignore some more * Fix `pino-pretty` not being included in build (#135) * Remove `pino` from frontend * Fix for downloads and removing of library source (#136) * fix: downloads and removing library source * fix: linting * Fix max file size of 4GB (update droplet) (#137) * Fix manual metadata import (#138) * chore(deps): bump vue-i18n from 10.0.7 to 10.0.8 (#140) Bumps [vue-i18n](https://github.com/intlify/vue-i18n/tree/HEAD/packages/vue-i18n) from 10.0.7 to 10.0.8. - [Release notes](https://github.com/intlify/vue-i18n/releases) - [Changelog](https://github.com/intlify/vue-i18n/blob/master/CHANGELOG.md) - [Commits](https://github.com/intlify/vue-i18n/commits/v10.0.8/packages/vue-i18n) --- updated-dependencies: - dependency-name: vue-i18n dependency-version: 10.0.8 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump @intlify/core from 10.0.7 to 10.0.8 (#139) --- updated-dependencies: - dependency-name: "@intlify/core" dependency-version: 10.0.8 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Small fixes (#141) * fix: save task as Json rather than string * fix: pull objects before creating game in database * fix: strips relative dirs from version information * fix: #132 * fix: lint * fix: news object ids and small tweaks * fix: notification styling errors * fix: lint * fix: build issues by regenerating lockfile --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: DecDuck <declanahofmeyr@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Client Handshake process
Drop clients need to complete a handshake in order to connect to a Drop server. It also trades certificates for encrypted P2P connections.
1. Client requests a handshake
Client makes request: POST /api/v1/client/auth/initiate with information about the client.
Server responds with a URL to send the user to. It generates a device ID, which has all the metadata attached.
2. User signs in
Client sends user to the provided URL (in external browser). User signs in using the existing authentication stack.
Server sends redirect to drop://handshake/[id]/[token], where the token is an authentication token to generate the necessary certificates, and the ID is the client ID as generated by the server.
3. Client requests certificates
Client makes request: POST /api/v1/client/auth/handshake with the token recieved in the previous step.
The server uses it's CA to generate a public-private key pair, the CN of the client ID. It then sends that pair, plus the CA's public key, to the client, which stores it all.
The certificate lasts for a year, and is rotated when it has 3 months or less left on it's expiry.
4.a Client requests one-time device endpoint
The client uses a millisecond UNIX timestamp and signs it with their private key. This is then attached to any device-related request. It has 30 seconds to make the request before the nonce becomes invalid (this is to prevent credential stealing & reusing).
4.b Client wants a long-lived session
The client does the same as above, but instead makes the request to POST /api/v1/client/auth/session, which generates a session token that lasts for a day. This can then be used in the request to provide authentication.