summaryrefslogtreecommitdiffstats
path: root/internal
Commit message (Collapse)AuthorAgeFilesLines
* Switch Nym WS transport to nym-client's binary protocol, drop second base64 ↵Gab Virebent45 hours5-35/+303
| | | | | | | | | | | | | | | | | | | | | | layer Client.Send now speaks nym-client's native binary websocket protocol (tag || recipient || conn_id || data_len || data) instead of wrapping the ciphertext in a JSON text message, which required base64-encoding it a second time on top of the browser's own base64 layer. The reader's self-address query also switched to the binary protocol: nym-client picks text-vs-binary for every later "received" push based on the format of the last request seen on a connection, so leaving the reader in JSON/text mode would have made nym-client run a lossy UTF-8 conversion over the now-unencoded binary payload, corrupting it. Fixed the binary Received-frame parsing along the way (previous code assumed a fixed 16-byte tag with no length prefix, which never matched the real protocol and was never exercised while the connection stayed text-mode). Verified end-to-end against the real embedded nym-client 1.1.76 binary, with the exact wire format cross-checked against upstream nym source at the pinned build commit.
* Add Nym community favicon and allow img-src in CSPGab Virebent4 days1-2/+1
| | | | | | favicon.ico/32/48 reference the official Nym icon so the site is recognizable as Nym-community. CSP img-src 'self' data: was needed for the PNG variants to load under the strict script-src 'self' policy.
* Fix payload cap: double base64 inflation broke files near the old 10MB limitGab Virebent10 days2-2/+13
| | | | | | | | | | | | | | | | The old 10MB cap was checked against the wire body, but two base64 layers sit between the raw file and that body: crypto.js base64-encodes the file before AEAD encryption, then nym.Client.Send base64-encodes the ciphertext again to embed it in the JSON sent to the local nym-client over its control WebSocket. A file at exactly the old cap produced a wire body just over the limit after the first layer, and would have blown nym-client's own hardcoded 16MB WebSocket message limit after the second, surfacing as an opaque 500. Lower the wire-body cap to 11MB, which keeps the second base64 layer with real margin under nym-client's 16MB ceiling. Effective safe raw file size is now roughly 8MB, not 10MB. Reported by Ch1ffr3punk on nym.forum, reproduced with an exact 10MB file.
* Add client-side proof of work and fix X25519 WebCrypto API usageGab Virebent12 days2-2/+103
| | | | | | | | | | | | | Self-contained hashcash-style PoW on /submit: client finds a nonce so SHA-256("<unix-ts>:<nonce>") has enough leading zero bits, sent as an X-Nymdrop-Pow header; server verifies and rejects expired or replayed stamps, no challenge round-trip required. Difficulty tunable via --pow-difficulty without a rebuild. Also fixes a latent bug in the browser crypto: X25519 was being requested as ECDH with namedCurve "X25519", which is not a valid WebCrypto combination and always throws. Modern WebCrypto exposes X25519 as its own algorithm identifier.
* Initial public release: Nym-native anonymous submission systemGab Virebent2026-06-205-0/+255
End-to-end verified pipeline (browser -> HTTP relay -> Nym mixnet -> reader). Client-side X25519+HKDF+AES-GCM-256, no-log blind relay, AGPL-3.0.