Ryan/drop
1
0
Fork 0
mirror of https://github.com/Drop-OSS/drop.git synced 2025-11-14 16:51:15 +10:00
Code Issues Packages Projects Releases Wiki Activity
Files
54801d944871fb52ce54898b18c1689fbb5f6353
drop/server/internal/clients
History
DecDuck 251ddb8ff8 Rearchitecture for v0.4.0 (#197) 
* feat: database redist support

* feat: rearchitecture of database schemas, migration reset, and #180

* feat: import redists

* fix: giantbomb logging bug

* feat: partial user platform support + statusMessage -> message

* feat: add user platform filters to store view

* fix: sanitize svg uploads

... copilot suggested this

I feel dirty.

* feat: beginnings of platform & redist management

* feat: add server side redist patching

* fix: update drop-base commit

* feat: import of custom platforms & file extensions

* fix: redelete platform

* fix: remove platform

* feat: uninstall commands, new R UI

* checkpoint: before migrating to nuxt v4

* update to nuxt 4

* fix: fixes for Nuxt v4 update

* fix: remaining type issues

* feat: initial feedback to import other kinds of versions

* working commit

* fix: lint

* feat: redist import
2025-11-10 10:36:13 +11:00
..
ca-store.ts
feat: new unified data folder
2025-05-10 16:18:28 -04:00
ca.ts
Rearchitecture for v0.4.0 (#197)
2025-11-10 10:36:13 +11:00
capabilities.ts
Rearchitecture for v0.4.0 (#197)
2025-11-10 10:36:13 +11:00
event-handler.ts
Rearchitecture for v0.4.0 (#197)
2025-11-10 10:36:13 +11:00
handler.ts
Rearchitecture for v0.4.0 (#197)
2025-11-10 10:36:13 +11:00
README.md
Fix various typos (#156)
2025-08-01 21:53:31 +10:00

README.md

Client Handshake process

Drop clients need to complete a handshake in order to connect to a Drop server. It also trades certificates for encrypted P2P connections.

1. Client requests a handshake

Client makes request: POST /api/v1/client/auth/initiate with information about the client.

Server responds with a URL to send the user to. It generates a device ID, which has all the metadata attached.

2. User signs in

Client sends user to the provided URL (in external browser). User signs in using the existing authentication stack.

Server sends redirect to drop://handshake/[id]/[token], where the token is an authentication token to generate the necessary certificates, and the ID is the client ID as generated by the server.

3. Client requests certificates

Client makes request: POST /api/v1/client/auth/handshake with the token received in the previous step.

The server uses it's CA to generate a public-private key pair, the CN of the client ID. It then sends that pair, plus the CA's public key, to the client, which stores it all.

The certificate lasts for a year, and is rotated when it has 3 months or less left on it's expiry.

4.a Client requests one-time device endpoint

The client uses a millisecond UNIX timestamp and signs it with their private key. This is then attached to any device-related request. It has 30 seconds to make the request before the nonce becomes invalid (this is to prevent credential stealing & reusing).

4.b Client wants a long-lived session

The client does the same as above, but instead makes the request to POST /api/v1/client/auth/session, which generates a session token that lasts for a day. This can then be used in the request to provide authentication.