diff options
| author | Gab Virebent <gabriel1@virebent.art> | 2026-07-11 13:37:23 +0200 |
|---|---|---|
| committer | Gab Virebent <gabriel1@virebent.art> | 2026-07-11 13:37:23 +0200 |
| commit | bec3734676faf3868ea225e0316e77ad5a7e4421 (patch) | |
| tree | 78bc62532fcdb9f42eb92c41f0841b5fdeeb063d /internal/relay | |
| parent | f21e4d8781c06c0686f4a8697ce0697f9bf6a5cc (diff) | |
| download | nymdrop-bec3734676faf3868ea225e0316e77ad5a7e4421.tar.gz nymdrop-bec3734676faf3868ea225e0316e77ad5a7e4421.tar.xz nymdrop-bec3734676faf3868ea225e0316e77ad5a7e4421.zip | |
Switch Nym WS transport to nym-client's binary protocol, drop second base64 layer
Client.Send now speaks nym-client's native binary websocket protocol
(tag || recipient || conn_id || data_len || data) instead of wrapping
the ciphertext in a JSON text message, which required base64-encoding
it a second time on top of the browser's own base64 layer.
The reader's self-address query also switched to the binary protocol:
nym-client picks text-vs-binary for every later "received" push based
on the format of the last request seen on a connection, so leaving the
reader in JSON/text mode would have made nym-client run a lossy UTF-8
conversion over the now-unencoded binary payload, corrupting it. Fixed
the binary Received-frame parsing along the way (previous code assumed
a fixed 16-byte tag with no length prefix, which never matched the real
protocol and was never exercised while the connection stayed text-mode).
Verified end-to-end against the real embedded nym-client 1.1.76 binary,
with the exact wire format cross-checked against upstream nym source at
the pinned build commit.
Diffstat (limited to 'internal/relay')
| -rw-r--r-- | internal/relay/relay.go | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/internal/relay/relay.go b/internal/relay/relay.go index 9a17fab..54d4571 100644 --- a/internal/relay/relay.go +++ b/internal/relay/relay.go @@ -8,18 +8,18 @@ import ( "nymdrop/internal/nym" ) -// Two base64 layers stack between the raw file and the wire: the client -// base64-encodes the file into the plaintext before encrypting (see -// static/crypto.js, ~4/3 inflation), then nym.Client.Send base64-encodes -// the whole ciphertext again to embed it in the JSON message sent to the -// local nym-client over its control WebSocket (~4/3 again). The combined -// ~1.78x inflation is bounded above by nym-client's own hardcoded 16MB -// WebSocket message limit, not by anything in this codebase, so this -// buffer (and the nginx/http-layer cap) must stay well under 16MB / 1.78 -// once the second layer is applied. 11MB here keeps the second-layer -// base64 (~14.7MB) with real margin below the 16MB nym-client ceiling, -// which works out to a safe raw file size of roughly 8MB, not 10MB. -const maxPayloadBytes = 11 * 1024 * 1024 // 11 MB wire (first base64 layer only) +// One base64 layer remains between the raw file and the wire: the browser +// client base64-encodes the file into the plaintext before encrypting (see +// static/crypto.js, ~4/3 inflation). nym.Client.Send used to base64-encode +// the whole ciphertext a second time to embed it in a JSON message for the +// local nym-client's WebSocket control channel; it now sends the raw bytes +// via nym-client's binary protocol instead, so that second inflation is +// gone. The remaining ~4/3 inflation is still bounded above by nym-client's +// own hardcoded 16MB WebSocket message limit. This cap (11MB) predates the +// binary-protocol fix and still reflects the old two-layer math (safe raw +// file size ~8MB) — raising it towards the ~16MB/1.33 headroom the fix +// actually unlocked is a deliberate follow-up, not done here. +const maxPayloadBytes = 11 * 1024 * 1024 // 11 MB wire // Relay receives ciphertext and forwards it through Nym. Nothing is written to disk. type Relay struct { |
