@super-protocol/tunnels-lib
v0.1.21
Published
Library with Tunnel Server and Tunnel Client for secure distrubuted connection with SGX
Downloads
577
Maintainers
Keywords
Readme
Superprotocol Tunnel Library
Tunnel Client
Connecting custom local server to Tunnel Server. Example of usage:
const fs = require('node:fs');
const { TunnelClient } = require('@super-protocol/tunnels-lib');
const pino = require('pino');
const serverFile = __dirname + '/server.js';
const domainConfigs = [
{
tunnels: [
{
sgxMrEnclave: '64cd7bc8bc121b9b71470ba185e83cde90c0d8a3b81661b5bd5e44ab451d5aad',
sgxMrSigner: '22c4c4c40ebf9874905cfc44782eec5149bf07429ec0bd3e7fd018e9942d0513',
},
],
authToken: 'b97e4be4-6546-43a1-85d9-fa28a447dd07',
site: {
key: fs.readFileSync('private.pem'),
cert: fs.readFileSync('ssl_fullchain.crt'),
},
},
];
const logger = pino({ level: 'trace' });
const options = { logger };
const tunnelClient = new TunnelClient(serverFile, domainConfigs, options);
tunnelClient.run().catch((error) => {
logger.fatal({ error }, `Fail to start Tunnel Client`);
});
Tunnel Client properties:
- serverFile - absolute path to some js-file that has to up and run application as https server on port "applicationPort" from
options
. This file will be run from NodeJS worker*threads. Tunnel Client will path HTTPS_PORT env variable that equals "applicationPort" property fromoptions
. Also it will pass TLS_CERT and TLS_KEY env variables that should be used to start https server. It's important to note that this certificate is not obtained from the domainConfigs - domainConfigs - array of objects that contains necessary information for connecting to Tunnel Server
- tunnels - array of combination of mrEnclave and mrSigner that Tunnel Client should trust
- authToken - auth token for Tunnel Server access
- site - private key and SSL certificate of the domain in PEM format as Buffers
- options - some additional configurations:
- logger - instance of
pino
logger.pino
is a peer dependency of the library. Default: undefined - sgxMockEnabled - SGX methods will work only on Intel processor with SGX support. Change this param to "true" if you want to run the library in the test mode with mocked data. Default: false
- dnsMockedTunnelServerIps - set ips that will be returned from fake DNS request in test purposes. Default: []
- applicationPort - application port that will be passed to server-file as HTTPS_PORT and Tunnel Client will expect https server on localhost on this port. Default: 9000
- tunnelServerPort - Tunnel Server port number. Default: 443
- tunnelDnsCheckInterval - interval in ms, which uses library to check domains in DNS. Default: 120000ms
- dnsNotFoundTimes - the number of times the library failed to find the domain in DNS before interrupting the connection. Default: 5
- registerDomainConcurrently - the number of concurrent requests for domain registering. Default: 32
- dnsCheckConcurrently - the number of concurrent requests to DNS. Default: 8
- processSignalsToForward - signals that will be forwarded to worker_thread local server as message. Default: ['SIGTERM', 'SIGINT', 'SIGABRT']. To handle these messages, please follow next example:
const { isMainThread, parentPort } = require('node:worker_threads'); if(!isMainThread) { parentPort.on('message', (message) => { if(['SIGTERM', 'SIGINT', 'SIGABRT'].includes(message)) { ... shutdownHandler(); ... } }) }
- logger - instance of