search

fails-components / webtransport

Http/3 webtransport support for node
Other
149 stars 21 forks source link

feat: support query strings #280

Closed achingbrain closed 6 months ago

achingbrain commented 6 months ago

Adds support for creating WebTransport session with URLs that include query strings:

const wt = new WebTransport('https://example.com/some-endpoint?foo=bar')

...and also accessing the path via the .url property which is consistent with Node http/http2 requests

const sessionReader = server.sessionStream('/some-endpoint').getReader()
const { value: session } = await sessionReader.read()

console.info(session.url)
// /some-endpoint?foo=bar

Fixes #279

martenrichter commented 6 months ago

No, I do not think I will include the change. It is too specific for your application case. Please see the callback mechanism, which is very flexible for many use cases. And I will be happy to answer questions if the mechanism is unclear. (Especially as I assume, that you want to deny requests early, that are not authorized.)

achingbrain commented 6 months ago

No, I do not think I will include the change. It is too specific for your application case

That's a pity, all it's doing is enabling sending/reading query strings and paths, like any web server. I do not feel this is application-specific.

I assume, that you want to deny requests early, that are not authorized.

No, this is not what I'm trying to do.

In the scenario I'm trying to implement, a client and a server both have a public/private keypair (unrelated to the server's SSL certificate, which is self signed and ephemeral).

They both desire encryption and authentication (e.g. for each to prove to the other that they possess the private key that corresponds to the public key).

There are multiple ways to prove possession of the private key, one way is a noise handshake, in the future there may be others, so we need to be able to specify which authentication scheme we want to use.

  1. The client has obtained the server's address, the hash of it's SSL certificate and it's public key out of band
  2. The client connects to the server using the certificate hash, giving it encryption, and specifies which method it wants to use for authentication: 
    const wt = new WebTransport('https://example.com/.well-known/libp2p-webtransport?type=noise', {
serverCertificateHashes: [ ... ]
})
  3. After the WebTransport session is established, the client opens a bidirectional stream, and carries out the authentication handshake according to the type query parameter that was sent when the session was opened
  4. If the authentication handshake is successful, the bidi stream is closed and the WebTransport session is made available to the application for general use, if not the session is closed and an error is thrown to the user

I don't think the callback mechanism helps here. All I need from this module is the ability to send a query string from the client (as Chrome and Firefox both do) and to read that query string on the server which is all that's in this PR.

martenrichter commented 6 months ago

But you can do it already with the other mechanism.., which is transport independent, as a middleware in express would handle it. I will post to the issue an untested example.