summaryrefslogtreecommitdiffstats
path: root/internal/relay/relay.go
diff options
context:
space:
mode:
authorGab Virebent <gabriel1@virebent.art>2026-07-11 13:37:23 +0200
committerGab Virebent <gabriel1@virebent.art>2026-07-11 13:37:23 +0200
commitbec3734676faf3868ea225e0316e77ad5a7e4421 (patch)
tree78bc62532fcdb9f42eb92c41f0841b5fdeeb063d /internal/relay/relay.go
parentf21e4d8781c06c0686f4a8697ce0697f9bf6a5cc (diff)
downloadnymdrop-bec3734676faf3868ea225e0316e77ad5a7e4421.tar.gz
nymdrop-bec3734676faf3868ea225e0316e77ad5a7e4421.tar.xz
nymdrop-bec3734676faf3868ea225e0316e77ad5a7e4421.zip
Switch Nym WS transport to nym-client's binary protocol, drop second base64 layer
Client.Send now speaks nym-client's native binary websocket protocol (tag || recipient || conn_id || data_len || data) instead of wrapping the ciphertext in a JSON text message, which required base64-encoding it a second time on top of the browser's own base64 layer. The reader's self-address query also switched to the binary protocol: nym-client picks text-vs-binary for every later "received" push based on the format of the last request seen on a connection, so leaving the reader in JSON/text mode would have made nym-client run a lossy UTF-8 conversion over the now-unencoded binary payload, corrupting it. Fixed the binary Received-frame parsing along the way (previous code assumed a fixed 16-byte tag with no length prefix, which never matched the real protocol and was never exercised while the connection stayed text-mode). Verified end-to-end against the real embedded nym-client 1.1.76 binary, with the exact wire format cross-checked against upstream nym source at the pinned build commit.
Diffstat (limited to 'internal/relay/relay.go')
-rw-r--r--internal/relay/relay.go24
1 files changed, 12 insertions, 12 deletions
diff --git a/internal/relay/relay.go b/internal/relay/relay.go
index 9a17fab..54d4571 100644
--- a/internal/relay/relay.go
+++ b/internal/relay/relay.go
@@ -8,18 +8,18 @@ import (
"nymdrop/internal/nym"
)
-// Two base64 layers stack between the raw file and the wire: the client
-// base64-encodes the file into the plaintext before encrypting (see
-// static/crypto.js, ~4/3 inflation), then nym.Client.Send base64-encodes
-// the whole ciphertext again to embed it in the JSON message sent to the
-// local nym-client over its control WebSocket (~4/3 again). The combined
-// ~1.78x inflation is bounded above by nym-client's own hardcoded 16MB
-// WebSocket message limit, not by anything in this codebase, so this
-// buffer (and the nginx/http-layer cap) must stay well under 16MB / 1.78
-// once the second layer is applied. 11MB here keeps the second-layer
-// base64 (~14.7MB) with real margin below the 16MB nym-client ceiling,
-// which works out to a safe raw file size of roughly 8MB, not 10MB.
-const maxPayloadBytes = 11 * 1024 * 1024 // 11 MB wire (first base64 layer only)
+// One base64 layer remains between the raw file and the wire: the browser
+// client base64-encodes the file into the plaintext before encrypting (see
+// static/crypto.js, ~4/3 inflation). nym.Client.Send used to base64-encode
+// the whole ciphertext a second time to embed it in a JSON message for the
+// local nym-client's WebSocket control channel; it now sends the raw bytes
+// via nym-client's binary protocol instead, so that second inflation is
+// gone. The remaining ~4/3 inflation is still bounded above by nym-client's
+// own hardcoded 16MB WebSocket message limit. This cap (11MB) predates the
+// binary-protocol fix and still reflects the old two-layer math (safe raw
+// file size ~8MB) — raising it towards the ~16MB/1.33 headroom the fix
+// actually unlocked is a deliberate follow-up, not done here.
+const maxPayloadBytes = 11 * 1024 * 1024 // 11 MB wire
// Relay receives ciphertext and forwards it through Nym. Nothing is written to disk.
type Relay struct {