DifferentDirection/Relay
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: DifferentDirection:be797c55c288bc8c5b336a13c586fc84536e239b
Branches Tags
DifferentDirection:main DifferentDirection:CoreAuth DifferentDirection:RTC-Rewrite
..
compare: DifferentDirection:main
Branches Tags
DifferentDirection:main DifferentDirection:CoreAuth DifferentDirection:RTC-Rewrite

24 Commits
be797c55c2 ... main

Author SHA1 Message Date
RuKira
2916d17868 Summary Update. 2026-06-06 23:38:50 -04:00
RuKira
dd75ca4b06 Merge remote-tracking branch 'origin/main' 
# Conflicts:
#	RelayClient/MainPage.xaml.cs
#	RelayClient/Services/RelaySocketClient.cs
#	RelayServer/Services/Chat/ChatSocketBehavior.cs
#	RelayServer/Services/Chat/ConnectedClientService.cs
#	RelayShared/Services/WsControlMessage.cs
 2026-06-03 13:20:15 -04:00
RuKira
f819d7284e Update: Text Channel Stuff 
Bugs: Files don't work
Bugs: Video In-Line don't work

Added: idk, everything?
 2026-06-03 13:19:21 -04:00
RuKira
b62ceb1949 Updated, the update... should be working now hopefully... 2026-05-30 21:11:33 -04:00
RuKira
cd2d809322 Update: Seems everything is working now? 2026-05-25 01:06:19 -04:00
Cody Larkin
1ed3efcc68 License Gen and Verification added to core 2026-05-17 04:06:28 -04:00
Cody Larkin
9fbe795660 fixed IPs back to local 2026-05-14 23:18:11 -04:00
Cody Larkin
63d3806936 working on server authenticate users 2026-05-13 23:47:33 -04:00
Cody Larkin
a9d2fd64de Signin and Register now give a token added ps1 script to start servers 2026-05-04 21:46:48 -04:00
Cody Larkin
f8b595f609 need to solve DB read issue 2026-05-04 20:51:46 -04:00
Cody Larkin
885db41ba9 Merge branch 'CoreAuth' 2026-05-03 18:04:55 -04:00
Cody Larkin
3460ce6b04 need server and core webapp to work at same time for testing purposes 2026-05-03 18:04:40 -04:00
Cody Larkin
4974663128 removed test delay 2026-05-02 16:13:19 -04:00
Cody Larkin
ec6a8c446a Auth setup continued 2026-05-02 16:06:08 -04:00
RuKira
3901542141 AUDIO FUCKING WORKS - Test Camera. 2026-05-02 16:04:23 -04:00
Cody Larkin
33eee17c43 Beginnings of Core Auth 2026-04-30 19:08:37 -04:00
Cody Larkin
dd1aa45f6e Fixed connections 2026-04-29 14:39:28 -04:00
Cody Larkin
38662f6655 Fix attempts for RTC calls 2026-04-29 13:52:35 -04:00
Cody Larkin
777328caed Merge branch 'RTC-Rewrite' 2026-04-29 09:13:58 -04:00
RuKira
87ade75f1d Merge remote-tracking branch 'origin/RTC-Rewrite' into RTC-Rewrite 
# Conflicts:
#	RelayClient/MainPage.xaml.cs
 2026-04-29 09:11:58 -04:00
RuKira
798652cb4d Set the target of RTC to _rtc and removed all Pass Through Methods. 2026-04-29 09:10:49 -04:00
Cody Larkin
6a650a282b fixed spacing and added todo 2026-04-27 14:32:40 -04:00
RuKira
5b10afcec2 Rewrote all of MainPage.xaml.cs 2026-04-27 10:01:59 -04:00
RuKira
1220654656 Setup new services required for change 2026-04-27 10:01:02 -04:00
46 changed files with 5542 additions and 1171 deletions
Expand all files Collapse all files

3
RelayClient/App.xaml.cs
View File

@@ -15,7 +15,8 @@ public partial class App : Application
if (string.IsNullOrWhiteSpace(username))
{
throw new Exception("Missing required --user argument. Example: --user Keeper317");
username = "Test";
// throw new Exception("Missing required --user argument. Example: --user Keeper317");
}
ClientSession.Username = username;

3
RelayClient/AppShell.xaml
View File

@@ -4,7 +4,8 @@
xmlns="http://schemas.microsoft.com/dotnet/2021/maui"
xmlns:x="http://schemas.microsoft.com/winfx/2009/xaml"
xmlns:local="clr-namespace:RelayClient"
Title="RelayClient">
Title="RelayClient"
FlyoutBehavior="Flyout">
<ShellContent
Title="Home"

17
RelayClient/Crypto/E2EeHelper.cs
View File

@@ -3,8 +3,14 @@ using System.Text;
namespace RelayClient.Crypto;
/// <summary>
/// Client-side mirror of RelayServer.Services.Crypto.E2EeHelper. Identical algorithms +
/// key formats so blobs round-trip cleanly between server and client.
/// See the server class for full algorithm details.
/// </summary>
public static class E2EeHelper
{
/// <summary>Generates a fresh RSA-2048 keypair. Called once per user on first launch and persisted via KeyStorage.</summary>
public static (string publicKey, string privateKey) GenerateRsaKeyPair()
{
using var rsa = RSA.Create(2048);
@@ -15,6 +21,11 @@ public static class E2EeHelper
);
}
/// <summary>
/// Hybrid encrypts a plaintext string for a specific recipient: fresh AES-256 key encrypts
/// the payload (AES-GCM), then RSA-OAEP-SHA256 wraps the AES key with the recipient's
/// public key. Returns base64-encoded fields ready to ship in a SocketEncryptedMessage.
/// </summary>
public static EncryptedPayload EncryptForRecipient(string plainText, string recipientPublicKeyBase64)
{
byte[] aesKey = RandomNumberGenerator.GetBytes(32);
@@ -44,6 +55,11 @@ public static class E2EeHelper
};
}
/// <summary>
/// Reverse of EncryptForRecipient: RSA-decrypt the AES key with the recipient's private
/// key, then AES-GCM-decrypt the ciphertext. Throws on tampered/corrupt payloads
/// (auth tag mismatch). Returns the original UTF-8 plaintext string.
/// </summary>
public static string DecryptForRecipient(EncryptedPayload payload, string recipientPrivateKeyBase64)
{
byte[] aesKey;
@@ -69,6 +85,7 @@ public static class E2EeHelper
}
}
/// <summary>The 4-tuple ciphertext bundle. Same shape on both client and server; matches SocketEncryptedMessage's encrypted fields.</summary>
public class EncryptedPayload
{
public required string CipherText { get; set; }

15
RelayClient/Crypto/KeyStorage.cs
View File

@@ -1,7 +1,17 @@
namespace RelayClient.Crypto;
/// <summary>
/// Per-user RSA keypair persistence. Keys live as base64-encoded files in
/// {AppData}/keys/{username}.{public|private}.key
///
/// Plaintext on disk. For now this is fine because the only attack model is "someone else
/// has access to your filesystem" — at which point everything is compromised. A future
/// enhancement could encrypt the private key with a passphrase derived from the user's
/// password, similar to how SSH/PGP do it.
/// </summary>
public static class KeyStorage
{
/// <summary>Returns (and creates if needed) the per-app keys directory.</summary>
private static string GetKeyFolder()
{
var folder = Path.Combine(FileSystem.AppDataDirectory, "keys");
@@ -9,26 +19,31 @@ public static class KeyStorage
return folder;
}
/// <summary>Writes the base64 RSA private key to disk. Used at first-launch after GenerateRsaKeyPair.</summary>
public static void SavePrivateKey(string username, string privateKey)
{
File.WriteAllText(Path.Combine(GetKeyFolder(), $"{username}.private.key"), privateKey);
}
/// <summary>Writes the base64 RSA public key to disk. Sent to the server via WsAction.RegisterKey.</summary>
public static void SavePublicKey(string username, string publicKey)
{
File.WriteAllText(Path.Combine(GetKeyFolder(), $"{username}.public.key"), publicKey);
}
/// <summary>Reads the user's RSA private key. Used by TryDecryptAndParseContent on every inbound message.</summary>
public static string LoadPrivateKey(string username)
{
return File.ReadAllText(Path.Combine(GetKeyFolder(), $"{username}.private.key"));
}
/// <summary>Reads the user's RSA public key. Used during the boot handshake to send to the server.</summary>
public static string LoadPublicKey(string username)
{
return File.ReadAllText(Path.Combine(GetKeyFolder(), $"{username}.public.key"));
}
/// <summary>True if BOTH halves of the user's keypair already exist on disk. False means we need to generate.</summary>
public static bool HasKeys(string username)
{
return File.Exists(Path.Combine(GetKeyFolder(), $"{username}.private.key")) &&

498
RelayClient/Helpers/EmbedHelper.cs Normal file
View File

@@ -0,0 +1,498 @@
using System.Net.Http;
using System.Text.RegularExpressions;
namespace RelayClient.Helpers;
/// <summary>
/// Detects URLs in message text and builds embed views:
/// • Direct image URLs → inline Image (loaded lazily from URI or base64).
/// • relay:// jump links → tappable "Jump to message" card.
/// • Everything else → a link card with an async OG-tag preview loaded in the background.
/// </summary>
public static class EmbedHelper
{
private static readonly Regex UrlPattern = new(
@"https?://[^\s<>""]+",
RegexOptions.Compiled | RegexOptions.IgnoreCase);
private static readonly Regex RelayJumpPattern = new(
@"relay://jump/([^/]+)/(.+)",
RegexOptions.Compiled | RegexOptions.IgnoreCase);
private static readonly HashSet<string> ImageExtensions =
[".jpg", ".jpeg", ".png", ".gif", ".webp", ".bmp", ".avif"];
/// <summary>Extracts every distinct http/https URL from message text. De-duped so multiple occurrences don't double-embed.</summary>
public static List<string> DetectUrls(string text)
{
if (string.IsNullOrWhiteSpace(text)) return [];
return UrlPattern.Matches(text).Select(m => m.Value).Distinct().ToList();
}
/// <summary>
/// Dispatcher: classifies each URL and delegates to the appropriate Build* method.
/// Order matters — jump links and YouTube/Vimeo IDs are checked before the generic
/// image-extension and link-card paths so the more specific embed wins.
/// </summary>
public static List<View> BuildEmbeds(string text)
{
var views = new List<View>();
foreach (var url in DetectUrls(text))
{
try
{
if (RelayJumpPattern.IsMatch(url))
views.Add(BuildJumpCard(url));
else if (TryGetYouTubeId(url, out var ytId))
views.Add(BuildYouTubeCard(url, ytId));
else if (TryGetVimeoId(url, out var vimeoId))
views.Add(BuildVimeoCard(url, vimeoId));
else if (IsImageUrl(url))
views.Add(BuildImageEmbed(url));
else
views.Add(BuildLinkCard(url));
}
catch { /* never crash the UI */ }
}
return views;
}
/// <summary>
/// Decodes a base64 attachment to bytes and renders it as an inline Image. Used by
/// MainPage.BuildBubbleContent when a message has an image attachment.
/// </summary>
public static View BuildBase64ImageEmbed(string base64, string fileName)
{
try
{
var bytes = Convert.FromBase64String(base64);
var source = ImageSource.FromStream(() => new MemoryStream(bytes));
var image = new Image
{
Source = source,
Aspect = Aspect.AspectFit,
WidthRequest = 400,
MaximumHeightRequest = 300,
HorizontalOptions = LayoutOptions.Start
};
return new Border
{
StrokeThickness = 1,
Padding = new Thickness(4),
Margin = new Thickness(0, 4, 0, 0),
Content = image
};
}
catch
{
return new Label
{
Text = $"⚠ Could not render image: {fileName}",
FontSize = 12,
TextColor = Colors.Gray
};
}
}
/// <summary>
/// Renders a non-image attachment as a tappable card. Tap → writes the bytes to a temp
/// file and hands off to the system handler via Launcher.OpenAsync.
/// </summary>
public static View BuildFileCard(string base64, string fileName, string mimeType)
{
var label = new Label
{
Text = $"📎 {fileName}",
FontSize = 13,
TextColor = Color.FromArgb("#5DA8FF"),
TextDecorations = TextDecorations.Underline
};
var tap = new TapGestureRecognizer();
tap.Tapped += async (_, _) =>
{
try
{
var bytes = Convert.FromBase64String(base64);
var tempPath = Path.Combine(Path.GetTempPath(), fileName);
await File.WriteAllBytesAsync(tempPath, bytes);
await Launcher.OpenAsync(new OpenFileRequest
{
File = new ReadOnlyFile(tempPath)
});
}
catch { /* ignore launch errors */ }
};
label.GestureRecognizers.Add(tap);
return new Border
{
StrokeThickness = 1,
Padding = new Thickness(8, 6),
Margin = new Thickness(0, 4, 0, 0),
Content = label
};
}
/// <summary>Direct image URL → inline Image (loaded async by MAUI from the URI). Tap opens in browser.</summary>
private static View BuildImageEmbed(string url)
{
var image = new Image
{
Source = ImageSource.FromUri(new Uri(url)),
Aspect = Aspect.AspectFit,
WidthRequest = 400,
MaximumHeightRequest = 300,
HorizontalOptions = LayoutOptions.Start
};
var tap = new TapGestureRecognizer();
tap.Tapped += (_, _) => _ = Launcher.OpenAsync(new Uri(url));
image.GestureRecognizers.Add(tap);
return new Border
{
StrokeThickness = 1,
Padding = new Thickness(4),
Margin = new Thickness(0, 4, 0, 0),
Content = image
};
}
/// <summary>
/// Builds the "💬 Jump to linked message" card for relay://jump URLs. The actual tap
/// handler is wired by MainPage.WireJumpLinks because it needs access to the message
/// bubble dictionary that EmbedHelper doesn't know about.
/// </summary>
private static View BuildJumpCard(string relayUrl)
{
var label = new Label
{
Text = "💬 Jump to linked message",
FontSize = 12,
TextColor = Color.FromArgb("#9ECEFF"),
TextDecorations = TextDecorations.Underline
};
label.SetValue(JumpUrlProperty, relayUrl);
return new Border
{
StrokeThickness = 1,
Padding = new Thickness(8, 4),
Margin = new Thickness(0, 4, 0, 0),
Content = label
};
}
/// <summary>Attached property that stores the relay:// URL on the jump label so MainPage.WireJumpLinks can find it.</summary>
public static readonly BindableProperty JumpUrlProperty =
BindableProperty.CreateAttached("JumpUrl", typeof(string), typeof(EmbedHelper), null);
/// <summary>
/// Generic URL card. Starts with just the URL itself; spawns a background task to fetch
/// OG meta tags from the page and append a title/description/preview-image when the
/// response arrives. The whole card is tappable to open the URL in the browser.
/// </summary>
private static View BuildLinkCard(string url)
{
var displayUrl = url.Length > 55 ? url[..52] + "…" : url;
var card = new VerticalStackLayout { Spacing = 4 };
var urlLabel = new Label
{
Text = "🔗 " + displayUrl,
FontSize = 12,
TextColor = Color.FromArgb("#5DA8FF"),
TextDecorations = TextDecorations.Underline,
LineBreakMode = LineBreakMode.TailTruncation
};
var tapUrl = new TapGestureRecognizer();
tapUrl.Tapped += (_, _) => _ = Launcher.OpenAsync(new Uri(url));
urlLabel.GestureRecognizers.Add(tapUrl);
card.Children.Add(urlLabel);
_ = Task.Run(async () =>
{
var og = await FetchOgTagsAsync(url);
if (og is null) return;
MainThread.BeginInvokeOnMainThread(() =>
{
if (!string.IsNullOrWhiteSpace(og.Title))
{
card.Children.Add(new Label
{
Text = og.Title,
FontSize = 13,
FontAttributes = FontAttributes.Bold,
MaxLines = 2,
LineBreakMode = LineBreakMode.TailTruncation
});
}
if (!string.IsNullOrWhiteSpace(og.Description))
{
card.Children.Add(new Label
{
Text = og.Description,
FontSize = 11,
TextColor = Colors.LightGray,
MaxLines = 3,
LineBreakMode = LineBreakMode.TailTruncation
});
}
if (!string.IsNullOrWhiteSpace(og.ImageUrl) && IsImageUrl(og.ImageUrl))
{
card.Children.Add(new Image
{
Source = ImageSource.FromUri(new Uri(og.ImageUrl)),
Aspect = Aspect.AspectFit,
WidthRequest = 360,
MaximumHeightRequest = 200,
HorizontalOptions = LayoutOptions.Start
});
}
});
});
return new Border
{
StrokeThickness = 1,
Padding = new Thickness(8, 6),
Margin = new Thickness(0, 4, 0, 0),
Content = card
};
}
private sealed record OgData(string? Title, string? Description, string? ImageUrl);
/// <summary>
/// 4-second-budget HTTP GET + regex extract of og:title, og:description, og:image meta
/// tags from a page's HTML. Returns null on any failure (so the link card just stays bare).
/// </summary>
private static async Task<OgData?> FetchOgTagsAsync(string url)
{
try
{
using var client = new HttpClient { Timeout = TimeSpan.FromSeconds(4) };
client.DefaultRequestHeaders.Add("User-Agent", "Relay/1.0 (link preview)");
var html = await client.GetStringAsync(url);
var title = GetMetaContent(html, "og:title")
?? GetTitleTag(html);
var description = GetMetaContent(html, "og:description");
var image = GetMetaContent(html, "og:image");
if (title is null && description is null && image is null) return null;
return new OgData(title, description, image);
}
catch { return null; }
}
private static string? GetMetaContent(string html, string property)
{
var pattern = $"""<meta[^>]+property=["']{Regex.Escape(property)}["'][^>]+content=["']([^"']+)["']""";
var m = Regex.Match(html, pattern, RegexOptions.IgnoreCase);
if (m.Success) return System.Net.WebUtility.HtmlDecode(m.Groups[1].Value.Trim());
var pattern2 = $"""<meta[^>]+content=["']([^"']+)["'][^>]+property=["']{Regex.Escape(property)}["']""";
m = Regex.Match(html, pattern2, RegexOptions.IgnoreCase);
return m.Success ? System.Net.WebUtility.HtmlDecode(m.Groups[1].Value.Trim()) : null;
}
private static string? GetTitleTag(string html)
{
var m = Regex.Match(html, @"<title[^>]*>([^<]+)</title>", RegexOptions.IgnoreCase);
return m.Success ? System.Net.WebUtility.HtmlDecode(m.Groups[1].Value.Trim()) : null;
}
/// <summary>True if the URL's path ends with a known image extension. Used to choose between BuildImageEmbed and BuildLinkCard.</summary>
private static bool IsImageUrl(string url)
{
try
{
var path = new Uri(url).AbsolutePath;
var ext = Path.GetExtension(path).ToLowerInvariant();
return ImageExtensions.Contains(ext);
}
catch { return false; }
}
private static readonly Regex YouTubePattern = new(
@"(?:youtube\.com/(?:watch\?(?:.*&)?v=|embed/|shorts/|v/)|youtu\.be/)([A-Za-z0-9_-]{6,})",
RegexOptions.Compiled | RegexOptions.IgnoreCase);
/// <summary>Extracts the 11-char video ID from any YouTube URL form (watch, youtu.be, embed, shorts, /v/).</summary>
private static bool TryGetYouTubeId(string url, out string id)
{
var match = YouTubePattern.Match(url);
if (match.Success)
{
id = match.Groups[1].Value;
return true;
}
id = string.Empty;
return false;
}
private static readonly Regex VimeoPattern = new(
@"vimeo\.com/(?:video/|channels/[^/]+/|groups/[^/]+/videos/)?(\d{6,})",
RegexOptions.Compiled | RegexOptions.IgnoreCase);
/// <summary>Extracts the numeric video ID from Vimeo URLs. Handles vimeo.com/{id}, /video/{id}, channels/x/{id}, groups/x/videos/{id}.</summary>
private static bool TryGetVimeoId(string url, out string id)
{
var match = VimeoPattern.Match(url);
if (match.Success)
{
id = match.Groups[1].Value;
return true;
}
id = string.Empty;
return false;
}
/// <summary>YouTube embed card. Thumbnail comes from img.youtube.com; player swaps to the youtube.com/embed/ URL on tap.</summary>
private static View BuildYouTubeCard(string url, string videoId) =>
BuildVideoCardWithEmbed(
providerLabel: "🎬 YouTube",
providerColor: Color.FromArgb("#FF4444"),
externalUrl: url,
thumbnailUrl: $"https://img.youtube.com/vi/{videoId}/hqdefault.jpg",
embedUrl: $"https://www.youtube.com/embed/{videoId}?autoplay=1&rel=0");
/// <summary>Vimeo embed card. No thumbnail (Vimeo's API requires OAuth); placeholder stays black with a play badge until tap.</summary>
private static View BuildVimeoCard(string url, string videoId) =>
BuildVideoCardWithEmbed(
providerLabel: "🎬 Vimeo",
providerColor: Color.FromArgb("#1AB7EA"),
externalUrl: url,
thumbnailUrl: null, // Vimeo thumbs require an API call; skip and show a black placeholder
embedUrl: $"https://player.vimeo.com/video/{videoId}?autoplay=1");
/// <summary>
/// The lazy-swap player. Default content is BuildThumbnailPlaceholder (cheap — no WebView
/// spawned). On tap, the ContentView's content swaps to a WebView pointing at embedUrl.
/// Means 50 videos in scrollback = 50 thumbnails, not 50 WebViews.
/// </summary>
private static View BuildVideoCardWithEmbed(
string providerLabel,
Color providerColor,
string externalUrl,
string? thumbnailUrl,
string embedUrl)
{
var card = new VerticalStackLayout { Spacing = 4 };
var headerRow = new HorizontalStackLayout { Spacing = 10 };
headerRow.Children.Add(new Label
{
Text = providerLabel,
FontSize = 11,
FontAttributes = FontAttributes.Bold,
TextColor = providerColor
});
var openExternal = new Label
{
Text = "↗ Open in browser",
FontSize = 10,
TextColor = Color.FromArgb("#8E8E93"),
TextDecorations = TextDecorations.Underline
};
var openTap = new TapGestureRecognizer();
openTap.Tapped += (_, _) => _ = Launcher.OpenAsync(new Uri(externalUrl));
openExternal.GestureRecognizers.Add(openTap);
headerRow.Children.Add(openExternal);
card.Children.Add(headerRow);
var playerHost = new ContentView
{
HorizontalOptions = LayoutOptions.Start,
Content = BuildThumbnailPlaceholder(thumbnailUrl, () =>
{
// On tap → swap the placeholder for a real player.
})
};
playerHost.Content = BuildThumbnailPlaceholder(thumbnailUrl, () =>
{
playerHost.Content = BuildEmbeddedPlayer(embedUrl);
});
card.Children.Add(playerHost);
return new Border
{
StrokeThickness = 1,
Padding = new Thickness(8, 6),
Margin = new Thickness(0, 4, 0, 0),
Content = card
};
}
/// <summary>
/// 16:9 thumbnail (or solid black if no thumb URL) with a translucent black play-badge
/// overlay. Calling onPlay swaps the parent ContentView's content to the real WebView.
/// </summary>
private static View BuildThumbnailPlaceholder(string? thumbnailUrl, Action onPlay)
{
var grid = new Grid
{
WidthRequest = 400,
HeightRequest = 225,
BackgroundColor = Colors.Black,
HorizontalOptions = LayoutOptions.Start
};
if (!string.IsNullOrWhiteSpace(thumbnailUrl))
{
grid.Children.Add(new Image
{
Source = ImageSource.FromUri(new Uri(thumbnailUrl)),
Aspect = Aspect.AspectFill
});
}
var playBadge = new Label
{
Text = "▶",
FontSize = 36,
TextColor = Colors.White,
BackgroundColor = Color.FromArgb("#CC000000"),
HorizontalTextAlignment = TextAlignment.Center,
VerticalTextAlignment = TextAlignment.Center,
WidthRequest = 64,
HeightRequest = 64,
HorizontalOptions = LayoutOptions.Center,
VerticalOptions = LayoutOptions.Center
};
grid.Children.Add(playBadge);
var tap = new TapGestureRecognizer();
tap.Tapped += (_, _) => onPlay();
grid.GestureRecognizers.Add(tap);
return grid;
}
/// <summary>The actual in-client video player. WebView2 (Windows) and WebKit (mobile) both handle YouTube/Vimeo embed pages.</summary>
private static View BuildEmbeddedPlayer(string embedUrl)
{
return new WebView
{
Source = embedUrl,
WidthRequest = 480,
HeightRequest = 270,
HorizontalOptions = LayoutOptions.Start
};
}
}

411
RelayClient/Helpers/MarkdownHelper.cs Normal file
View File

@@ -0,0 +1,411 @@
using System.Text;
using System.Text.RegularExpressions;
namespace RelayClient.Helpers;
public static class MarkdownHelper
{
private static readonly Regex FencedCode =
new(@"```([A-Za-z0-9_+#-]*)\r?\n?(.*?)```", RegexOptions.Singleline | RegexOptions.Compiled);
private static readonly Color MentionText = Color.FromArgb("#9EA8FF");
private static readonly Color MentionBg = Color.FromArgb("#2D2F5C");
private static readonly Color SpoilerBg = Color.FromArgb("#1F1F23");
/// <summary>
/// The entry point. Returns either a single Label (simple inline text) or a
/// VerticalStackLayout (anything with paragraphs, code blocks, or headers).
/// First pass extracts fenced code blocks (verbatim, can span multiple lines), then
/// AppendTextSegment handles per-line headers and the inline parser.
/// </summary>
public static View Render(string markdown, double fontSize = 14)
{
if (string.IsNullOrEmpty(markdown))
return new Label { Text = string.Empty, FontSize = fontSize };
var stack = new VerticalStackLayout { Spacing = 2 };
var matches = FencedCode.Matches(markdown);
int cursor = 0;
foreach (Match m in matches)
{
if (m.Index > cursor)
AppendTextSegment(stack, markdown[cursor..m.Index], fontSize);
stack.Children.Add(CreateCodeBlock(m.Groups[1].Value.Trim(), m.Groups[2].Value.TrimEnd()));
cursor = m.Index + m.Length;
}
if (cursor < markdown.Length)
AppendTextSegment(stack, markdown[cursor..], fontSize);
return stack.Children.Count == 1 ? (View)stack.Children[0] : stack;
}
/// <summary>
/// Splits a non-code segment by newline and emits the right view per line. Headers/subtext
/// get their own labels; consecutive normal lines accumulate into a paragraph buffer so
/// they wrap naturally as one paragraph.
/// </summary>
private static void AppendTextSegment(VerticalStackLayout stack, string segment, double fontSize)
{
var paragraphBuffer = new StringBuilder();
void FlushParagraph()
{
if (paragraphBuffer.Length == 0) return;
stack.Children.Add(CreateInlineLabel(paragraphBuffer.ToString(), fontSize));
paragraphBuffer.Clear();
}
foreach (var rawLine in segment.Split('\n'))
{
var line = rawLine.TrimEnd('\r');
if (string.IsNullOrWhiteSpace(line))
{
FlushParagraph();
continue;
}
if (line.StartsWith("### "))
{
FlushParagraph();
stack.Children.Add(CreateHeaderLabel(line[4..], fontSize + 3));
continue;
}
if (line.StartsWith("## "))
{
FlushParagraph();
stack.Children.Add(CreateHeaderLabel(line[3..], fontSize + 6));
continue;
}
if (line.StartsWith("# "))
{
FlushParagraph();
stack.Children.Add(CreateHeaderLabel(line[2..], fontSize + 10));
continue;
}
if (line.StartsWith("-# "))
{
FlushParagraph();
stack.Children.Add(CreateSubtextLabel(line[3..], fontSize - 3));
continue;
}
if (paragraphBuffer.Length > 0)
paragraphBuffer.Append('\n');
paragraphBuffer.Append(line);
}
FlushParagraph();
}
/// <summary>
/// Builds the dark-pane code block. If a language is specified, delegates token coloring
/// to SyntaxHighlighter and prepends a small green language label (Discord-style).
/// </summary>
private static View CreateCodeBlock(string language, string code)
{
var label = new Label
{
FontFamily = "AnonymousProRegular",
FontSize = 12,
TextColor = Color.FromArgb("#D4D4D4"),
LineBreakMode = LineBreakMode.WordWrap
};
var spans = SyntaxHighlighter.Highlight(code, language, 12);
if (spans.Count > 0)
{
var fs = new FormattedString();
foreach (var s in spans) fs.Spans.Add(s);
label.FormattedText = fs;
}
else
{
label.Text = code;
}
var stack = new VerticalStackLayout { Spacing = 4 };
if (!string.IsNullOrWhiteSpace(language))
{
stack.Children.Add(new Label
{
Text = language.ToLowerInvariant(),
FontFamily = "AnonymousProRegular",
FontSize = 10,
TextColor = Color.FromArgb("#6A9955"),
FontAttributes = FontAttributes.Bold
});
}
stack.Children.Add(label);
return new Border
{
BackgroundColor = Color.FromArgb("#1E1E1E"),
StrokeThickness = 0,
Padding = new Thickness(10, 6),
Content = stack
};
}
/// <summary>Bold, larger Label for # / ## / ### lines. Inline markdown still works inside (e.g. `# Hello **world**`).</summary>
private static Label CreateHeaderLabel(string text, double size)
{
var label = new Label
{
FontSize = size,
FontAttributes = FontAttributes.Bold,
LineBreakMode = LineBreakMode.WordWrap,
Margin = new Thickness(0, 4, 0, 2)
};
var fs = new FormattedString();
var spoilerSpans = new List<Span>();
ParseInline(text, fs.Spans, size, spoilerSpans);
if (fs.Spans.Count > 0) label.FormattedText = fs;
else label.Text = text;
WireSpoilerTap(label, spoilerSpans);
return label;
}
/// <summary>Smaller, grey Label for "-#" lines (Discord calls it subtext). Inherits inline markdown.</summary>
private static Label CreateSubtextLabel(string text, double size)
{
var label = new Label
{
FontSize = size,
TextColor = Color.FromArgb("#8E8E93"),
LineBreakMode = LineBreakMode.WordWrap
};
var fs = new FormattedString();
var spoilerSpans = new List<Span>();
ParseInline(text, fs.Spans, size, spoilerSpans);
if (fs.Spans.Count > 0)
{
foreach (var s in fs.Spans)
s.TextColor ??= Color.FromArgb("#8E8E93");
label.FormattedText = fs;
}
else
{
label.Text = text;
}
WireSpoilerTap(label, spoilerSpans);
return label;
}
/// <summary>Standard paragraph Label. Runs the inline parser to build a FormattedString of spans.</summary>
private static Label CreateInlineLabel(string text, double fontSize)
{
var label = new Label { FontSize = fontSize, LineBreakMode = LineBreakMode.WordWrap };
var fs = new FormattedString();
var spoilerSpans = new List<Span>();
ParseInline(text, fs.Spans, fontSize, spoilerSpans);
if (fs.Spans.Count > 0) label.FormattedText = fs;
else label.Text = text;
WireSpoilerTap(label, spoilerSpans);
return label;
}
/// <summary>
/// Attaches a TapGestureRecognizer that reveals every spoiler span in the label when
/// tapped once. MAUI Spans can't fire their own gesture events, so per-spoiler reveal
/// would require splitting the line into separate labels — this is the pragmatic compromise.
/// </summary>
private static void WireSpoilerTap(Label label, List<Span> spoilerSpans)
{
if (spoilerSpans.Count == 0) return;
var tap = new TapGestureRecognizer();
tap.Tapped += (_, _) =>
{
foreach (var s in spoilerSpans)
{
s.BackgroundColor = Colors.Transparent;
s.TextColor = null; // fall back to default label color
}
};
label.GestureRecognizers.Add(tap);
}
/// <summary>
/// Single-pass character walk. For each markdown sigil (||, @, ~~, __, **, *, `), tries
/// to find a matching closer; if found, emits a styled Span and skips past. Otherwise the
/// char accumulates into a "plain" buffer that's flushed as a plain Span when the next
/// sigil hits or the string ends. Spoiler spans are registered in spoilerSpans for reveal.
/// </summary>
private static void ParseInline(string text, IList<Span> spans, double fontSize, List<Span> spoilerSpans)
{
var plain = new StringBuilder();
int i = 0;
void Flush()
{
if (plain.Length == 0) return;
spans.Add(new Span { Text = plain.ToString(), FontSize = fontSize });
plain.Clear();
}
while (i < text.Length)
{
char c = text[i];
if (c == '|' && Peek(text, i + 1) == '|')
{
int end = text.IndexOf("||", i + 2, StringComparison.Ordinal);
if (end > i + 2)
{
Flush();
var span = new Span
{
Text = text[(i + 2)..end],
FontSize = fontSize,
BackgroundColor = SpoilerBg,
TextColor = SpoilerBg // text invisible until revealed
};
spans.Add(span);
spoilerSpans.Add(span);
i = end + 2;
continue;
}
}
if (c == '@' && i + 1 < text.Length &&
(char.IsLetter(text[i + 1]) || text[i + 1] == '_'))
{
int end = i + 1;
while (end < text.Length && (char.IsLetterOrDigit(text[end]) || text[end] == '_'))
end++;
Flush();
spans.Add(new Span
{
Text = text[i..end],
TextColor = MentionText,
BackgroundColor = MentionBg,
FontAttributes = FontAttributes.Bold,
FontSize = fontSize
});
i = end;
continue;
}
if (c == '~' && Peek(text, i + 1) == '~')
{
int end = text.IndexOf("~~", i + 2, StringComparison.Ordinal);
if (end > i + 2)
{
Flush();
spans.Add(new Span
{
Text = text[(i + 2)..end],
FontSize = fontSize,
TextDecorations = TextDecorations.Strikethrough
});
i = end + 2; continue;
}
}
if (c == '_' && Peek(text, i + 1) == '_')
{
int end = text.IndexOf("__", i + 2, StringComparison.Ordinal);
if (end > i + 2)
{
Flush();
spans.Add(new Span
{
Text = text[(i + 2)..end],
FontSize = fontSize,
TextDecorations = TextDecorations.Underline
});
i = end + 2; continue;
}
}
if (c == '*' && Peek(text, i + 1) == '*')
{
int end = text.IndexOf("**", i + 2, StringComparison.Ordinal);
if (end > i + 2)
{
Flush();
spans.Add(new Span
{
Text = text[(i + 2)..end],
FontSize = fontSize,
FontAttributes = FontAttributes.Bold
});
i = end + 2; continue;
}
}
if (c == '*' && Peek(text, i + 1) != '*')
{
int end = FindClosingSingle(text, '*', i + 1);
if (end > i + 1)
{
Flush();
spans.Add(new Span
{
Text = text[(i + 1)..end],
FontSize = fontSize,
FontAttributes = FontAttributes.Italic
});
i = end + 1; continue;
}
}
if (c == '`')
{
int end = text.IndexOf('`', i + 1);
if (end > i + 1)
{
Flush();
spans.Add(new Span
{
Text = text[(i + 1)..end],
FontFamily = "AnonymousProRegular",
FontSize = fontSize - 1,
BackgroundColor = Color.FromArgb("#2D2D2D"),
TextColor = Color.FromArgb("#CE9178")
});
i = end + 1; continue;
}
}
plain.Append(c);
i++;
}
Flush();
}
/// <summary>Safe one-character lookahead. Returns '\0' past end-of-string.</summary>
private static char Peek(string text, int index) => index < text.Length ? text[index] : '\0';
/// <summary>
/// Finds the next single occurrence of marker that is NOT immediately followed by
/// another marker. Used to disambiguate "*italic*" from "**bold**".
/// </summary>
private static int FindClosingSingle(string text, char marker, int start)
{
for (int i = start; i < text.Length; i++)
if (text[i] == marker && Peek(text, i + 1) != marker)
return i;
return -1;
}
}

361
RelayClient/Helpers/SyntaxHighlighter.cs Normal file
View File

@@ -0,0 +1,361 @@
using System.Text.RegularExpressions;
namespace RelayClient.Helpers;
/// <summary>
/// Discord-style syntax highlighting for ```lang...``` fenced code blocks. Builds a list of
/// MAUI Spans (with colors from the VS Code Dark+ palette) that the caller drops into a
/// FormattedString.
///
/// How it works:
/// - The opening fence captures an optional language tag (e.g. ```cs, ```python).
/// - Aliases resolves "cs" → "csharp", "js" → "javascript", etc.
/// - Tokenizers[lang] is a compiled regex with named groups (comment/string/number/word/…).
/// - For each match, SpanForMatch picks a colour based on which group matched + whether
/// a "word" hit a language keyword set.
///
/// Adding a new language: register an alias (if needed), a Keywords set, and a tokenizer regex.
/// </summary>
public static class SyntaxHighlighter
{
/// <summary>Fallback identifier color (light grey). Used for any token we don't recognise.</summary>
private static readonly Color DefaultColor = Color.FromArgb("#D4D4D4");
/// <summary>Language keywords (if, for, return, etc.) — VS Code's "control flow" blue.</summary>
private static readonly Color KeywordColor = Color.FromArgb("#569CD6");
/// <summary>String literals — orange/salmon.</summary>
private static readonly Color StringColor = Color.FromArgb("#CE9178");
/// <summary>Numeric literals — soft green.</summary>
private static readonly Color NumberColor = Color.FromArgb("#B5CEA8");
/// <summary>Comments — green, rendered italic.</summary>
private static readonly Color CommentColor = Color.FromArgb("#6A9955");
/// <summary>Type names (heuristic: uppercase-start words in C#/JS/TS) — teal.</summary>
private static readonly Color TypeColor = Color.FromArgb("#4EC9B0");
/// <summary>Function names — yellow. Currently unused (we don't disambiguate function calls).</summary>
private static readonly Color FunctionColor = Color.FromArgb("#DCDCAA");
/// <summary>Operators — same as default. Reserved for future use.</summary>
private static readonly Color OperatorColor = Color.FromArgb("#D4D4D4");
/// <summary>HTML tag names (&lt;div&gt;, &lt;/p&gt;) — blue.</summary>
private static readonly Color TagColor = Color.FromArgb("#569CD6");
/// <summary>HTML/CSS attribute names, YAML keys, bash variables — light blue.</summary>
private static readonly Color AttrColor = Color.FromArgb("#9CDCFE");
/// <summary>Monospace font registered in MauiProgram. Used for all code-block spans.</summary>
private const string FontFamily = "AnonymousProRegular";
/// <summary>
/// Short language tags → canonical names. So users can write ```cs (instead of ```csharp),
/// ```py instead of ```python, etc. Case-insensitive.
/// </summary>
private static readonly Dictionary<string, string> Aliases = new(StringComparer.OrdinalIgnoreCase)
{
["cs"] = "csharp",
["c#"] = "csharp",
["js"] = "javascript",
["jsx"] = "javascript",
["ts"] = "typescript",
["tsx"] = "typescript",
["py"] = "python",
["sh"] = "bash",
["shell"] = "bash",
["zsh"] = "bash",
["htm"] = "html",
["xml"] = "html",
["yml"] = "yaml"
};
/// <summary>
/// Per-language keyword sets. A token in a "word" match-group that hits one of these
/// gets rendered with KeywordColor. Case-sensitivity matches the language — Ordinal
/// for most languages, OrdinalIgnoreCase for SQL and CSS.
/// </summary>
private static readonly Dictionary<string, HashSet<string>> Keywords = new(StringComparer.OrdinalIgnoreCase)
{
["csharp"] = new(StringComparer.Ordinal)
{
"abstract","as","async","await","base","bool","break","byte","case","catch","char","checked",
"class","const","continue","decimal","default","delegate","do","double","else","enum","event",
"explicit","extern","false","finally","fixed","float","for","foreach","get","goto","if",
"implicit","in","int","interface","internal","is","lock","long","namespace","new","null",
"object","operator","out","override","params","partial","private","protected","public",
"readonly","record","ref","return","sbyte","sealed","set","short","sizeof","stackalloc",
"static","string","struct","switch","this","throw","true","try","typeof","uint","ulong",
"unchecked","unsafe","ushort","using","var","virtual","void","volatile","while","yield",
"nameof","when","where","global","init","required","file","scoped","with"
},
["javascript"] = new(StringComparer.Ordinal)
{
"async","await","break","case","catch","class","const","continue","debugger","default",
"delete","do","else","enum","export","extends","false","finally","for","from","function",
"get","if","implements","import","in","instanceof","let","new","null","of","package",
"private","protected","public","return","set","static","super","switch","this","throw",
"true","try","typeof","undefined","var","void","while","with","yield"
},
["typescript"] = new(StringComparer.Ordinal)
{
"any","as","async","await","boolean","break","case","catch","class","const","continue",
"debugger","declare","default","delete","do","else","enum","export","extends","false",
"finally","for","from","function","get","if","implements","import","in","instanceof",
"interface","is","keyof","let","namespace","never","new","null","number","of","package",
"private","protected","public","readonly","return","set","static","string","super",
"switch","this","throw","true","try","type","typeof","undefined","unknown","var","void",
"while","with","yield"
},
["python"] = new(StringComparer.Ordinal)
{
"and","as","assert","async","await","break","class","continue","def","del","elif","else",
"except","False","finally","for","from","global","if","import","in","is","lambda","None",
"nonlocal","not","or","pass","raise","return","True","try","while","with","yield","self",
"cls","match","case"
},
["sql"] = new(StringComparer.OrdinalIgnoreCase)
{
"select","from","where","insert","update","delete","create","alter","drop","table","index",
"view","join","inner","outer","left","right","full","cross","on","as","group","by","order",
"having","distinct","union","all","into","values","set","null","not","and","or","in","like",
"between","is","true","false","primary","key","foreign","references","default","limit",
"offset","with","case","when","then","else","end","exists","cast","begin","commit","rollback"
},
["bash"] = new(StringComparer.Ordinal)
{
"if","then","else","elif","fi","for","in","do","done","while","until","case","esac",
"function","return","break","continue","exit","echo","printf","export","local","readonly",
"source","alias","unset","trap","set","eval","exec","shift","let","declare","typeset"
},
["json"] = new(StringComparer.Ordinal) { "true","false","null" },
["yaml"] = new(StringComparer.Ordinal) { "true","false","null","yes","no","on","off" },
["css"] = new(StringComparer.OrdinalIgnoreCase)
{
"important","inherit","initial","unset","auto","none","normal","bold","italic","center",
"left","right","top","bottom","flex","grid","block","inline","absolute","relative","fixed",
"sticky","static"
}
};
/// <summary>
/// Per-language compiled token regex. Each pattern uses named groups (comment/string/
/// number/word/tag/attr/…) which SpanForMatch dispatches on. Initialised lazily in the
/// static constructor so the heavy regex compilation is paid once at startup.
/// </summary>
private static readonly Dictionary<string, Regex> Tokenizers = new(StringComparer.Ordinal);
static SyntaxHighlighter()
{
const RegexOptions opts = RegexOptions.Compiled | RegexOptions.Singleline;
Tokenizers["csharp"] = new Regex(
@"(?<comment>//[^\n]*|/\*.*?\*/)" +
@"|(?<string>@""(?:""""|[^""])*""|\$""(?:\\.|[^""\\])*""|""(?:\\.|[^""\\])*""|'(?:\\.|[^'\\])*')" +
@"|(?<number>\b\d+(?:\.\d+)?[fFdDmMuUlL]*\b)" +
@"|(?<word>[A-Za-z_]\w*)",
opts);
Tokenizers["javascript"] = new Regex(
@"(?<comment>//[^\n]*|/\*.*?\*/)" +
@"|(?<string>""(?:\\.|[^""\\])*""|'(?:\\.|[^'\\])*'|`(?:\\.|[^`\\])*`)" +
@"|(?<number>\b\d+(?:\.\d+)?\b)" +
@"|(?<word>[A-Za-z_$][\w$]*)",
opts);
Tokenizers["typescript"] = Tokenizers["javascript"];
Tokenizers["python"] = new Regex(
@"(?<comment>\#[^\n]*)" +
@"|(?<string>""""""[\s\S]*?""""""|'''[\s\S]*?'''|""(?:\\.|[^""\\])*""|'(?:\\.|[^'\\])*')" +
@"|(?<number>\b\d+(?:\.\d+)?\b)" +
@"|(?<word>[A-Za-z_]\w*)",
opts);
Tokenizers["sql"] = new Regex(
@"(?<comment>--[^\n]*|/\*.*?\*/)" +
@"|(?<string>'(?:''|[^'])*')" +
@"|(?<number>\b\d+(?:\.\d+)?\b)" +
@"|(?<word>[A-Za-z_]\w*)",
opts);
Tokenizers["bash"] = new Regex(
@"(?<comment>\#[^\n]*)" +
@"|(?<string>""(?:\\.|[^""\\])*""|'[^']*')" +
@"|(?<number>\b\d+\b)" +
@"|(?<variable>\$\{?[A-Za-z_]\w*\}?)" +
@"|(?<word>[A-Za-z_][\w-]*)",
opts);
Tokenizers["json"] = new Regex(
@"(?<string>""(?:\\.|[^""\\])*"")" +
@"|(?<number>-?\b\d+(?:\.\d+)?(?:[eE][+-]?\d+)?\b)" +
@"|(?<word>true|false|null)",
opts);
Tokenizers["yaml"] = new Regex(
@"(?<comment>\#[^\n]*)" +
@"|(?<string>""(?:\\.|[^""\\])*""|'[^']*')" +
@"|(?<key>^[ \t]*[A-Za-z_][\w-]*(?=\s*:))" +
@"|(?<number>\b\d+(?:\.\d+)?\b)" +
@"|(?<word>[A-Za-z_][\w-]*)",
opts | RegexOptions.Multiline);
Tokenizers["html"] = new Regex(
@"(?<comment><!--.*?-->)" +
@"|(?<string>""[^""]*""|'[^']*')" +
@"|(?<tag></?[A-Za-z][A-Za-z0-9-]*)" +
@"|(?<attr>\b[A-Za-z_][\w-]*(?==))",
opts);
Tokenizers["css"] = new Regex(
@"(?<comment>/\*.*?\*/)" +
@"|(?<string>""[^""]*""|'[^']*')" +
@"|(?<number>-?\b\d+(?:\.\d+)?(?:px|em|rem|%|vh|vw|s|ms|deg)?\b)" +
@"|(?<selector>[.#]?[A-Za-z_][\w-]*(?=\s*[{,]))" +
@"|(?<prop>[A-Za-z-]+(?=\s*:))" +
@"|(?<word>[A-Za-z_][\w-]*)",
opts);
Tokenizers["diff"] = new Regex(
@"(?<add>^\+[^\n]*)" +
@"|(?<del>^-[^\n]*)" +
@"|(?<hunk>^@@[^\n]*)",
opts | RegexOptions.Multiline);
Tokenizers["markdown"] = new Regex(
@"(?<header>^#{1,6}[^\n]*)" +
@"|(?<bold>\*\*[^*\n]+\*\*|__[^_\n]+__)" +
@"|(?<italic>\*[^*\n]+\*|_[^_\n]+_)" +
@"|(?<code>`[^`\n]+`)" +
@"|(?<link>\[[^\]]+\]\([^)]+\))",
opts | RegexOptions.Multiline);
}
/// <summary>
/// Entry point. Walks every regex match in the code, emits plain spans for the gaps and
/// styled spans for the matches. If the language is unknown (or not specified), returns a
/// single default-colored span — code still renders in the monospace font, just no colors.
/// </summary>
public static List<Span> Highlight(string code, string? language, double fontSize)
{
var lang = Resolve(language);
var spans = new List<Span>();
if (lang is null || !Tokenizers.TryGetValue(lang, out var tokenizer))
{
spans.Add(MakeSpan(code, DefaultColor, fontSize));
return spans;
}
var keywords = Keywords.GetValueOrDefault(lang);
int cursor = 0;
foreach (Match m in tokenizer.Matches(code))
{
if (m.Index > cursor)
spans.Add(MakeSpan(code[cursor..m.Index], DefaultColor, fontSize));
spans.Add(SpanForMatch(m, lang, keywords, fontSize));
cursor = m.Index + m.Length;
}
if (cursor < code.Length)
spans.Add(MakeSpan(code[cursor..], DefaultColor, fontSize));
return spans;
}
/// <summary>
/// Maps a regex Match to a colored Span by inspecting which named group succeeded. Words
/// fall through to a keyword-set lookup; in C#/JS/TS, uppercase-start words that aren't
/// keywords are treated as type names (a cheap heuristic that works surprisingly well).
/// </summary>
private static Span SpanForMatch(Match m, string lang, HashSet<string>? keywords, double fontSize)
{
if (m.Groups["comment"].Success)
return MakeSpan(m.Value, CommentColor, fontSize, italic: true);
if (m.Groups["string"].Success)
return MakeSpan(m.Value, StringColor, fontSize);
if (m.Groups["number"].Success)
return MakeSpan(m.Value, NumberColor, fontSize);
if (m.Groups["variable"].Success)
return MakeSpan(m.Value, AttrColor, fontSize);
if (m.Groups["tag"].Success)
return MakeSpan(m.Value, TagColor, fontSize);
if (m.Groups["attr"].Success)
return MakeSpan(m.Value, AttrColor, fontSize);
if (m.Groups["selector"].Success)
return MakeSpan(m.Value, TypeColor, fontSize);
if (m.Groups["prop"].Success)
return MakeSpan(m.Value, AttrColor, fontSize);
if (m.Groups["key"].Success)
return MakeSpan(m.Value, AttrColor, fontSize);
if (m.Groups["add"].Success)
return MakeSpan(m.Value, Color.FromArgb("#6A9955"), fontSize);
if (m.Groups["del"].Success)
return MakeSpan(m.Value, Color.FromArgb("#F48771"), fontSize);
if (m.Groups["hunk"].Success)
return MakeSpan(m.Value, KeywordColor, fontSize);
if (m.Groups["header"].Success)
return MakeSpan(m.Value, KeywordColor, fontSize, bold: true);
if (m.Groups["bold"].Success)
return MakeSpan(m.Value, DefaultColor, fontSize, bold: true);
if (m.Groups["italic"].Success)
return MakeSpan(m.Value, DefaultColor, fontSize, italic: true);
if (m.Groups["code"].Success)
return MakeSpan(m.Value, StringColor, fontSize);
if (m.Groups["link"].Success)
return MakeSpan(m.Value, AttrColor, fontSize);
if (m.Groups["word"].Success)
{
var word = m.Value;
var compareSet = keywords;
if (compareSet is not null && compareSet.Contains(word))
return MakeSpan(word, KeywordColor, fontSize);
if (lang is "csharp" or "javascript" or "typescript" && word.Length > 0 && char.IsUpper(word[0]))
return MakeSpan(word, TypeColor, fontSize);
return MakeSpan(word, DefaultColor, fontSize);
}
return MakeSpan(m.Value, DefaultColor, fontSize);
}
/// <summary>Helper: build a Span with the monospace code font and the given colour + bold/italic flags.</summary>
private static Span MakeSpan(string text, Color color, double fontSize, bool bold = false, bool italic = false)
{
var attrs = FontAttributes.None;
if (bold) attrs |= FontAttributes.Bold;
if (italic) attrs |= FontAttributes.Italic;
return new Span
{
Text = text,
TextColor = color,
FontSize = fontSize,
FontFamily = FontFamily,
FontAttributes = attrs
};
}
/// <summary>Normalises a user-supplied language tag through the Aliases table. Returns null for empty/whitespace input.</summary>
private static string? Resolve(string? language)
{
if (string.IsNullOrWhiteSpace(language)) return null;
var lower = language.Trim().ToLowerInvariant();
return Aliases.GetValueOrDefault(lower, lower);
}
}

116
RelayClient/MainPage.xaml
View File

@@ -1,4 +1,4 @@
<?xml version="1.0" encoding="utf-8" ?>
<?xml version="1.0" encoding="utf-8" ?>
<ContentPage
x:Class="RelayClient.MainPage"
xmlns="http://schemas.microsoft.com/dotnet/2021/maui"
@@ -12,82 +12,88 @@
ColumnSpacing="10">
<!-- Header -->
<Border Grid.Row="0"
Grid.ColumnSpan="2"
StrokeThickness="1"
Padding="10">
<VerticalStackLayout Spacing="4">
<Label x:Name="UserLabel"
Text="Logged in as: Unknown"
FontAttributes="Bold"
FontSize="18" />
<Label x:Name="ChannelLabel"
Text="No channel selected"
FontSize="14" />
<Border Grid.Row="0" Grid.ColumnSpan="2" StrokeThickness="1" Padding="10">
<VerticalStackLayout Spacing="2">
<Label x:Name="UserLabel" Text="Logged in as: Unknown"
FontAttributes="Bold" FontSize="18" />
<Label x:Name="ChannelLabel" Text="No channel selected" FontSize="14" />
<Label x:Name="TypingLabel" Text="" FontSize="11"
FontAttributes="Italic" TextColor="Gray" IsVisible="False" />
</VerticalStackLayout>
</Border>
<!-- Sidebar -->
<Border Grid.Row="1"
Grid.Column="0"
StrokeThickness="1"
Padding="10">
<!-- Sidebar: channel list -->
<Border Grid.Row="1" Grid.Column="0" StrokeThickness="1" Padding="10">
<ScrollView>
<VerticalStackLayout Spacing="8">
<Label Text="Channels"
FontAttributes="Bold"
FontSize="16" />
<VerticalStackLayout x:Name="SidebarList"
Spacing="6" />
<Grid ColumnDefinitions="*,Auto">
<Label Grid.Column="0" Text="Channels"
FontAttributes="Bold" FontSize="16"
VerticalOptions="Center" />
<Button Grid.Column="1" Text="+"
FontSize="16" Padding="6,2"
HeightRequest="30" WidthRequest="30"
Clicked="AddChannel_OnClicked" />
</Grid>
<VerticalStackLayout x:Name="SidebarList" Spacing="4" />
</VerticalStackLayout>
</ScrollView>
</Border>
<!-- Messages -->
<Border Grid.Row="1"
Grid.Column="1"
StrokeThickness="1"
Padding="10">
<!-- Messages view (text channels) -->
<Border x:Name="MessagesView" Grid.Row="1" Grid.Column="1" StrokeThickness="1" Padding="10">
<ScrollView x:Name="MessagesScrollView">
<VerticalStackLayout x:Name="MessagesLayout"
Spacing="8" />
<VerticalStackLayout x:Name="MessagesLayout" Spacing="8" />
</ScrollView>
</Border>
<Border x:Name="RtcView"
Grid.Row="1"
Grid.Column="1"
StrokeThickness="1"
Padding="10"
IsVisible="False">
<!-- <WebView Source="test.html"/> -->
<Grid RowDefinitions="Auto,*"
ColumnDefinitions="*">
<!-- RTC view (voice channels) -->
<Border x:Name="RtcView" Grid.Row="1" Grid.Column="1"
StrokeThickness="1" Padding="10" IsVisible="False">
<Grid RowDefinitions="Auto,*">
<HybridWebView x:Name="hybridWebView"
RawMessageReceived="OnHybridWebViewRawMessageReceived"
Grid.Row="1" />
</Grid>
</Border>
<!-- Input -->
<Grid Grid.Row="2"
Grid.Column="1"
ColumnDefinitions="*,Auto"
ColumnSpacing="10">
<Entry x:Name="MessageEntry"
Grid.Column="0"
Placeholder="Type a message..."
ReturnType="Send"
Completed="MessageEntry_OnCompleted" />
<!-- Input area -->
<VerticalStackLayout x:Name="InputArea" Grid.Row="2" Grid.Column="1" Spacing="4">
<Button Grid.Column="1"
Text="Send"
<!-- Context bar (reply / edit mode) -->
<Border x:Name="ContextBar" IsVisible="False" StrokeThickness="1" Padding="8,4">
<Grid ColumnDefinitions="*,Auto" ColumnSpacing="8">
<Label x:Name="ContextBarLabel" Grid.Column="0"
VerticalOptions="Center" FontSize="12"
LineBreakMode="TailTruncation" />
<Button Grid.Column="1" Text="✕" FontSize="11"
Padding="6,2" HeightRequest="30"
Clicked="CancelContext_OnClicked" />
</Grid>
</Border>
<!-- Entry row: attach button + editor + send -->
<Grid ColumnDefinitions="Auto,*,Auto" ColumnSpacing="6">
<Button Grid.Column="0" Text="📎"
FontSize="16" Padding="6,2"
HeightRequest="40" WidthRequest="40"
Clicked="AttachFile_OnClicked"
ToolTipProperties.Text="Attach a file or image" />
<Editor x:Name="MessageEntry"
Grid.Column="1"
Placeholder="Type a message… (Shift+Enter for newline)"
AutoSize="TextChanges"
MaximumHeightRequest="120"
TextChanged="MessageEntry_OnTextChanged" />
<Button x:Name="SendButton" Grid.Column="2"
Text="Send" VerticalOptions="End"
Clicked="SendButton_OnClicked" />
</Grid>
<!-- Swap View -->
<Button x:Name="ViewSwapped" Grid.Row="2" Grid.Column="0"
Text="Swap to WebView"
Clicked="SwapView_OnClicked" />
</VerticalStackLayout>
<!-- Bottom-left: kept empty (swap button removed) -->
<ContentView Grid.Row="2" Grid.Column="0" />
</Grid>
</ContentPage>

1528
RelayClient/MainPage.xaml.cs
View File

File diff suppressed because it is too large Load Diff

21
RelayClient/Resources/Raw/wwwroot/index.js
View File

@@ -50,3 +50,24 @@ window.addEventListener("load", async () => {
await Media.loadDevices();
await Media.ensureLocalMedia();
});
function testIndex(rawJson)
{
const data = typeof rawJson === "string" ? JSON.parse(rawJson) : rawJson;
if (data.sdp) {
data.sdp = data.sdp.replaceAll("(rn)", "\r\n");
}
handleRtcSignal(JSON.stringify(data));
// if (data.type === "rtc_offer") {
// handleOffer(data)
// }
// if (data.type === "rtc_answer") {
// data.sdp = data.sdp.replaceAll("(rn)", "\r\n");
// handleAnswer(data)
// }
}
function noDataTest()
{
LogMessage("No Data Called!!");
}

20
RelayClient/Resources/Raw/wwwroot/rtc.js
View File

@@ -1,4 +1,4 @@
const peerConnections = {};
const peerConnections = {};
async function joinChannelCall() {
LogMessage("Current username: " + currentUsername);
@@ -24,7 +24,7 @@ async function joinChannelCall() {
}
for (const username of existingUsers) {
await sendOffer(username);
await sendOffer(username); //Creates an offer to each person in call for MESH RTC
}
}
@@ -34,6 +34,7 @@ async function sendOffer(username) {
await Media.applyLocalStreamToPeerConnection(pc, username);
const offer = await pc.createOffer();
// LogMessage(`Offer created: ${JSON.stringify(offer)}`);
await pc.setLocalDescription(offer);
await RelaySocket.sendRtcSignal({
@@ -88,11 +89,12 @@ async function handleRtcSignal(rawJson) {
}
async function handleOffer(msg) {
LogMessage(`Offer handler: ${msg}`);
const pc = await ensurePeerConnectionForUser(msg.from);
await Media.ensureLocalMedia();
await Media.applyLocalStreamToPeerConnection(pc, msg.from);
// const offer = JSON.parse(msg.offer);
await pc.setRemoteDescription({
type: "offer",
sdp: msg.sdp
@@ -138,7 +140,13 @@ async function handleIce(msg) {
if (!msg.candidate) return;
await pc.addIceCandidate(msg.candidate);
const candidateInit = {
candidate: msg.candidate,
sdpMid: msg.sdpMid,
sdpMLineIndex: msg.sdpMLineIndex
};
await pc.addIceCandidate(candidateInit);
LogMessage(`Applied ICE from ${msg.from}`);
}
@@ -159,7 +167,9 @@ async function ensurePeerConnectionForUser(username) {
channelId: currentChannelId,
from: currentUsername,
to: username,
candidate: JSON.stringify(event.candidate)
candidate: event.candidate.candidate,
sdpMid: event.candidate.sdpMid,
sdpMLineIndex: event.candidate.sdpMLineIndex
});
};

37
RelayClient/ServerAPI.cs
View File

@@ -1,18 +1,51 @@
using System.Net.Http.Headers;
using System.Net.Http.Json;
using System.Text.Json;
using RelayShared.Services;
namespace RelayClient;
public class ServerAPI
{
static HttpClient client = new HttpClient { BaseAddress = new Uri("http://localhost:5000/") };
static HttpClient client = new HttpClient { BaseAddress = new Uri("http://127.0.0.1:5000/") };
static HttpClient core = new HttpClient { BaseAddress = new Uri("http://127.0.0.1:1337/") };
// static HttpClient client = new HttpClient { BaseAddress = new Uri("http://192.168.1.92:5000/") };
// static HttpClient core = new HttpClient { BaseAddress = new Uri("http://192.168.1.92:1337/") };
public static void setupClient()
public static async Task setupClient()
{
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(
new MediaTypeWithQualityHeaderValue("application/json"));
core.DefaultRequestHeaders.Accept.Clear();
core.DefaultRequestHeaders.Accept.Add(
new MediaTypeWithQualityHeaderValue("application/json"));
core.DefaultRequestHeaders.Add("User-Agent", "RelayClient");
MainPage._userToken = await CoreUserSignin(new AuthSignin
{
UserName = MainPage._username,
Password = "password"
});
await CoreUserAlive(new AuthSignin
{
UserName = MainPage._username,
Password = MainPage._userToken
});
}
public static async Task<Uri> CoreUserAlive(AuthSignin data)
{
HttpResponseMessage response = await core.PostAsJsonAsync("user/isAlive", data);
response.EnsureSuccessStatusCode();
return response.Headers.Location;
}
public static async Task<string> CoreUserSignin(AuthSignin data)
{
HttpResponseMessage response = await core.PostAsJsonAsync("user/signin", data);
response.EnsureSuccessStatusCode();
return await response.Content.ReadAsStringAsync();
}
public static async Task<Uri> PostOfferAsync(DBOffer offer)

281
RelayClient/Services/RelaySocketClient.cs Normal file
View File

@@ -0,0 +1,281 @@
using System.Text.Json;
using RelayClient.Crypto;
using RelayShared.Services;
using WebSocketSharp;
namespace RelayClient.Services;
/// <summary>
/// The client-side WebSocket transport. Mirrors ChatSocketBehavior on the server.
///
/// Sending: typed helpers (SendGetHistory, SendRtcJoinChannel, SendEditMessage, …) build the
/// appropriate WsControlMessage or SocketEncryptedMessage and route through SendRaw. SendRaw
/// always uses synchronous _socket.Send because WebSocketSharp's SendAsync calls
/// Action.BeginInvoke internally, which throws PlatformNotSupportedException on .NET 5+.
/// Callers that need non-blocking sends (e.g. MainPage.SendMessage for image attachments)
/// wrap the call in Task.Run.
///
/// Receiving: OnMessage peeks the JSON. If it has an "Event" property → WsEventMessage (acks).
/// If it has a "Type" property → SignalType discriminator, deserialise into the right Socket*
/// type, fire the matching C# event. MainPage subscribes to these events.
///
/// Connect order matters: the first frame after the handshake is Authenticate (so the server
/// can verify the Core-issued token), then RegisterKey (so the server has our public key
/// before any encrypted message arrives), then GetServerKey + GetChannels.
/// </summary>
public sealed class RelaySocketClient
{
/// <summary>Username this socket is authenticated as. Captured at construction.</summary>
private readonly string _username;
/// <summary>The underlying WebSocketSharp client. Owned (constructed) by this class.</summary>
private readonly WebSocket _socket;
/// <summary>
/// The server's RSA public key, cached after the first GetServerKey response.
/// MainPage reads this to encrypt outbound chat payloads.
/// </summary>
public string? ServerPublicKey { get; private set; }
/// <summary>Fires for every raw incoming text frame. Mostly used for debug logging.</summary>
public event Action<string>? RawMessageReceived;
/// <summary>Fires when the server pushes a fresh channel list (initial connect or after CRUD).</summary>
public event Action<SocketChannelList>? ChannelListReceived;
/// <summary>Fires for newly-arrived chat messages (SignalType.EncryptedChat).</summary>
public event Action<SocketEncryptedMessage>? EncryptedChatReceived;
/// <summary>Fires when an existing message is edited by its author (SignalType.MessageEdited).</summary>
public event Action<SocketEncryptedMessage>? MessageEdited;
/// <summary>Fires when a message is deleted (SignalType.MessageDeleted).</summary>
public event Action<SocketMessageDeletedEvent>? MessageDeleted;
/// <summary>Fires when another user is typing in a channel.</summary>
public event Action<SocketTypingEvent>? TypingReceived;
/// <summary>Fires in response to a SendGetEditHistory request.</summary>
public event Action<SocketEditHistoryResponse>? EditHistoryReceived;
/// <summary>Fires for encrypted RTC SDP/ICE signals — RtcBridgeService forwards into the JS engine.</summary>
public event Action<SocketRtcSignalMessage>? EncryptedRtcSignalReceived;
/// <summary>Fires once when the server's public key arrives. Mainly used by tests; production reads ServerPublicKey directly.</summary>
public event Action<string>? ServerPublicKeyReceived;
/// <summary>Diagnostic logger. MainPage subscribes Console.WriteLine here.</summary>
public event Action<string>? Log;
/// <summary>Default URL points at localhost dev server. Production passes a remote URL.</summary>
public RelaySocketClient(string username, string url = "ws://127.0.0.1:5001/")
{
_username = username;
_socket = new WebSocket(url);
_socket.OnMessage += OnMessage;
}
/// <summary>
/// Opens the WebSocket and fires the four-step boot handshake IN ORDER:
/// Authenticate → RegisterKey → GetServerKey → GetChannels. Order matters because the
/// server uses RegisterKey to populate its session→username map (needed for permission
/// checks on subsequent messages).
/// </summary>
public void Connect()
{
_socket.Connect();
var publicKey = KeyStorage.LoadPublicKey(_username);
SendControlMessage(new WsControlMessage { Action = WsAction.Authenticate, Username = _username, Token = MainPage._userToken });
SendControlMessage(new WsControlMessage { Action = WsAction.RegisterKey, Username = _username, PublicKey = publicKey });
SendControlMessage(new WsControlMessage { Action = WsAction.GetServerKey });
SendControlMessage(new WsControlMessage { Action = WsAction.GetChannels });
}
/// <summary>Detaches the message handler and closes the socket. Called from MainPage.OnDisappearing.</summary>
public void Disconnect()
{
_socket.OnMessage -= OnMessage;
if (_socket.ReadyState == WebSocketState.Open)
_socket.Close();
}
/// <summary>Generic control-plane send. Serialises the WsControlMessage to JSON and ships it.</summary>
public void SendControlMessage(WsControlMessage message) =>
SendRaw(JsonSerializer.Serialize(message));
/// <summary>Request the message history for a channel. Server streams it back as individual EncryptedChat frames.</summary>
public void SendGetHistory(string channelId) =>
SendControlMessage(new WsControlMessage { Action = WsAction.GetHistory, Username = _username, ChannelId = channelId });
/// <summary>Tell the server we've joined a voice channel. Fires Speak permission check server-side.</summary>
public void SendRtcJoinChannel(string channelId) =>
SendControlMessage(new WsControlMessage { Action = WsAction.RtcJoin, Username = _username, ChannelId = channelId });
/// <summary>Tell the server we've left the voice channel. Idempotent server-side.</summary>
public void SendRtcLeaveChannel(string channelId) =>
SendControlMessage(new WsControlMessage { Action = WsAction.RtcLeave, Username = _username, ChannelId = channelId });
/// <summary>Notify channel peers that we're typing. Server broadcasts a SocketTypingEvent to everyone but us.</summary>
public void SendTyping(string channelId) =>
SendControlMessage(new WsControlMessage { Action = WsAction.SendTyping, Username = _username, ChannelId = channelId });
/// <summary>Request all historical versions of a message. Server replies with SocketEditHistoryResponse.</summary>
public void SendGetEditHistory(string messageId, string channelId) =>
SendControlMessage(new WsControlMessage { Action = WsAction.GetEditHistory, Username = _username, MessageId = messageId, ChannelId = channelId });
/// <summary>Create a new channel. Permission-gated server-side; on success the server broadcasts a fresh channel list.</summary>
public void SendCreateChannel(string name, ChannelType type, string group = "") =>
SendControlMessage(new WsControlMessage
{
Action = WsAction.CreateChannel,
ChannelName = name,
ChannelType = (int)type,
ChannelGroup = group
});
/// <summary>Soft-delete a channel. Permission-gated server-side.</summary>
public void SendDeleteChannel(string channelId) =>
SendControlMessage(new WsControlMessage { Action = WsAction.DeleteChannel, ChannelId = channelId });
/// <summary>
/// Send an edit for an existing message. Caller is responsible for encrypting the new
/// content (with the server's public key) before calling — same encryption shape as a new send.
/// </summary>
public void SendEditMessage(string messageId, string channelId, EncryptedPayload encrypted) =>
SendJson(new SocketEncryptedMessage
{
Type = SignalType.ClientEditMessage, MessageId = messageId,
SenderUsername = _username, ChannelId = channelId,
CipherText = encrypted.CipherText, Nonce = encrypted.Nonce,
Tag = encrypted.Tag, EncryptedKey = encrypted.EncryptedKey
});
/// <summary>Request soft-delete of one of our own messages. Server checks ownership before honoring.</summary>
public void SendDeleteMessage(string messageId, string channelId) =>
SendJson(new SocketEncryptedMessage
{
Type = SignalType.ClientDeleteMessage, MessageId = messageId,
SenderUsername = _username, ChannelId = channelId
});
/// <summary>
/// The single send pinch point. Synchronous (WebSocketSharp's SendAsync is broken on .NET 5+
/// due to Action.BeginInvoke). All exceptions are logged AND rethrown so the calling
/// Task.Run can surface them to the user via DisplayAlert.
/// </summary>
public void SendRaw(string message)
{
if (_socket.ReadyState != WebSocketState.Open)
{
Log?.Invoke($"[{_username}] Drop: socket not open ({_socket.ReadyState}), {message.Length} bytes.");
return;
}
try
{
_socket.Send(message);
}
catch (Exception ex)
{
Log?.Invoke($"[{_username}] Send failed ({message.Length} bytes): {ex.Message}");
throw;
}
}
/// <summary>Convenience: JSON-serialise any payload and ship it. Used for all SocketEncryptedMessage and WsControlMessage sends.</summary>
public void SendJson<T>(T payload) => SendRaw(JsonSerializer.Serialize(payload));
/// <summary>
/// WebSocketSharp callback for every incoming text frame. Peeks the JSON to decide whether
/// it's a control-plane ack (Event property) or data-plane message (Type property), then
/// fires the matching public C# event. Exceptions are caught locally so a malformed frame
/// can't drop the connection.
/// </summary>
private void OnMessage(object? sender, MessageEventArgs e)
{
RawMessageReceived?.Invoke(e.Data);
Log?.Invoke($"[{_username}] RAW: {e.Data[..Math.Min(200, e.Data.Length)]}");
try
{
using var doc = JsonDocument.Parse(e.Data);
var root = doc.RootElement;
if (root.TryGetProperty("Event", out var evEl))
{
var wsEvent = (WsEvent)evEl.GetInt32();
switch (wsEvent)
{
case WsEvent.KeyRegistered: Log?.Invoke($"[{_username}] Key registered."); return;
case WsEvent.Authenticated: Log?.Invoke($"[{_username}] Authenticated."); return;
case WsEvent.Error:
var det = root.TryGetProperty("Detail", out var d) ? d.GetString() : null;
Log?.Invoke($"[{_username}] Server error: {det}");
return;
}
return;
}
if (!root.TryGetProperty("Type", out var typeEl)) return;
var type = (SignalType)typeEl.GetInt32();
switch (type)
{
case SignalType.ChannelList:
{
var p = JsonSerializer.Deserialize<SocketChannelList>(e.Data);
if (p is not null) ChannelListReceived?.Invoke(p);
return;
}
case SignalType.ServerPublicKey:
{
var p = JsonSerializer.Deserialize<ServerPublicKeyMessage>(e.Data);
if (p is not null) { ServerPublicKey = p.PublicKey; ServerPublicKeyReceived?.Invoke(p.PublicKey); }
return;
}
case SignalType.EncryptedSignal:
{
var p = JsonSerializer.Deserialize<SocketRtcSignalMessage>(e.Data);
if (p is not null) EncryptedRtcSignalReceived?.Invoke(p);
return;
}
case SignalType.EncryptedChat:
{
var p = JsonSerializer.Deserialize<SocketEncryptedMessage>(e.Data);
if (p is not null) EncryptedChatReceived?.Invoke(p);
return;
}
case SignalType.MessageEdited:
{
var p = JsonSerializer.Deserialize<SocketEncryptedMessage>(e.Data);
if (p is not null) MessageEdited?.Invoke(p);
return;
}
case SignalType.MessageDeleted:
{
var p = JsonSerializer.Deserialize<SocketMessageDeletedEvent>(e.Data);
if (p is not null) MessageDeleted?.Invoke(p);
return;
}
case SignalType.TypingIndicator:
{
var p = JsonSerializer.Deserialize<SocketTypingEvent>(e.Data);
if (p is not null) TypingReceived?.Invoke(p);
return;
}
case SignalType.EditHistory:
{
var p = JsonSerializer.Deserialize<SocketEditHistoryResponse>(e.Data);
if (p is not null) EditHistoryReceived?.Invoke(p);
return;
}
}
}
catch (Exception ex)
{
Log?.Invoke($"[{_username}] WS parse error: {ex.Message}");
}
}
}

304
RelayClient/Services/RtcBridgeService.cs Normal file
View File

@@ -0,0 +1,304 @@
using System.Text.Json;
using System.Text.Json.Serialization;
using RelayClient.Crypto;
using RelayShared.Rtc;
using RelayShared.Services;
namespace RelayClient.Services;
/// <summary>
/// The bridge between the C# WebSocket pipe and the JavaScript WebRTC engine
/// running inside the HybridWebView (which is shown when a Voice channel is open).
///
/// Outbound (JS → C# → server): the WebView JS calls into C# via SendRtcSignal(json).
/// We deserialise to RtcSignalMessage, encrypt with the server's public key, wrap in
/// SocketRtcSignalMessage, and send through the WebSocket.
///
/// Inbound (server → C# → JS): the WebSocket fires EncryptedRtcSignalReceived. MainPage
/// hands it to HandleIncomingRtcSignalAsync, which decrypts with the user's private key
/// and calls back into JS via hybridWebView.InvokeJavaScriptAsync("testIndex", …).
///
/// JoinRtcChannel / LeaveRtcChannel just send WsAction control messages; presence tracking
/// happens server-side in RtcChannelPresenceService.
/// </summary>
public sealed class RtcBridgeService
{
/// <summary>The currently-signed-in username. Stamped onto outgoing RTC signals.</summary>
private readonly string _username;
/// <summary>The shared WebSocket to RelayServer. Outbound RTC signals ride on this.</summary>
private readonly RelaySocketClient _socket;
/// <summary>The MAUI HybridWebView that hosts the JS WebRTC engine. We push JS calls into it.</summary>
private readonly HybridWebView _hybridWebView;
/// <summary>Lazy view into MainPage._currentChannelId so we always have the current voice channel.</summary>
private readonly Func<string?> _getCurrentChannelId;
/// <summary>Diagnostic logger that surfaces messages back to the WebView UI. Used for status/error reporting.</summary>
private readonly Action<string> _sendRawToWebView;
/// <summary>Captures collaborators. MainPage constructs this once and never replaces it.</summary>
public RtcBridgeService(string username, RelaySocketClient socket, HybridWebView hybridWebView,
Func<string?> getCurrentChannelId, Action<string> sendRawToWebView)
{
_username = username;
_socket = socket;
_hybridWebView = hybridWebView;
_getCurrentChannelId = getCurrentChannelId;
_sendRawToWebView = sendRawToWebView;
}
/// <summary>Sends RtcJoin for the currently-selected channel. Server-side, this triggers the Speak permission check and presence registration.</summary>
public Task JoinRtcChannel()
{
var channelId = _getCurrentChannelId();
if (string.IsNullOrWhiteSpace(channelId))
return Task.CompletedTask;
_socket.SendRtcJoinChannel(channelId);
return Task.CompletedTask;
}
/// <summary>Sends RtcLeave for the currently-selected channel. Clears server-side voice presence so peers stop seeing us.</summary>
public void LeaveRtcChannel()
{
var channelId = _getCurrentChannelId();
if (string.IsNullOrWhiteSpace(channelId))
return;
_socket.SendRtcLeaveChannel(channelId);
}
/// <summary>
/// Called from JavaScript (via the HybridWebView bridge) when the WebRTC engine wants to
/// send an SDP offer/answer or ICE candidate to other peers. Parses the JSON, fills in
/// missing ChannelId/From, encrypts with the server's public key, ships as
/// SocketRtcSignalMessage. The server then forwards it (re-encrypted per-recipient) to
/// every other session in the same voice channel.
/// </summary>
public void SendRtcSignal(string json)
{
if (string.IsNullOrWhiteSpace(_socket.ServerPublicKey))
{
_sendRawToWebView("SendRtcSignal failed: server public key not loaded.");
return;
}
RtcSignalMessage? rtcSignal;
try
{
rtcSignal = JsonSerializer.Deserialize<RtcSignalMessage>(json);
}
catch (Exception ex)
{
_sendRawToWebView("SendRtcSignal failed to parse RTC signal: " + ex.Message);
return;
}
if (rtcSignal is null)
return;
rtcSignal.ChannelId ??= _getCurrentChannelId();
rtcSignal.From ??= _username;
// _sendRawToWebView($"RTC_SIGNAL file: {JsonSerializer.Serialize(rtcSignal)}");
if (string.IsNullOrWhiteSpace(rtcSignal.ChannelId))
{
_sendRawToWebView("SendRtcSignal failed: missing channel id.");
return;
}
var outgoingJson = JsonSerializer.Serialize(rtcSignal);
try
{
var encrypted = E2EeHelper.EncryptForRecipient(outgoingJson, _socket.ServerPublicKey);
var payload = new SocketRtcSignalMessage
{
Type = SignalType.EncryptedSignal,
SenderUsername = _username,
ChannelId = rtcSignal.ChannelId,
CipherText = encrypted.CipherText,
Nonce = encrypted.Nonce,
Tag = encrypted.Tag,
EncryptedKey = encrypted.EncryptedKey
};
_socket.SendJson(payload);
_sendRawToWebView($"SendRtcSignal sent: {rtcSignal.Type} -> {rtcSignal.To}");
}
catch (Exception ex)
{
_sendRawToWebView("SendRtcSignal failed: " + ex.Message);
}
}
/// <summary>JS bridge: returns the current voice-channel roster as JSON. Hits ServerAPI's REST endpoint, not the WebSocket.</summary>
public async Task<string> GetRtcParticipants()
{
var channelId = _getCurrentChannelId();
if (string.IsNullOrWhiteSpace(channelId))
return "[]";
var participants = await ServerAPI.GetRtcParticipantsAsync(channelId);
return JsonSerializer.Serialize(participants ?? []);
}
/// <summary>
/// MainPage hands incoming SocketRtcSignalMessage frames here. Filters out our own
/// frames, validates the channel scope, decrypts with the user's private key, parses to
/// RtcSignalMessage, then pushes into the JS RTC engine via SendRtcSignalToJsAsync.
/// </summary>
public async Task HandleIncomingRtcSignalAsync(SocketRtcSignalMessage payload)
{
// _sendRawToWebView("HandleIncomingRtcSignal called");
var currentChannelId = _getCurrentChannelId();
if (payload.ChannelId != currentChannelId)
{
_sendRawToWebView("Channel id does not match");
return;
}
if (payload.SenderUsername == _username)
{
_sendRawToWebView("Received own message");
return;
}
string decryptedJson;
try
{
var privateKey = KeyStorage.LoadPrivateKey(_username);
decryptedJson = E2EeHelper.DecryptForRecipient(
new EncryptedPayload
{
CipherText = payload.CipherText,
Nonce = payload.Nonce,
Tag = payload.Tag,
EncryptedKey = payload.EncryptedKey
},
privateKey
);
}
catch (Exception ex)
{
_sendRawToWebView("RTC decrypt failed: " + ex.Message);
return;
}
RtcSignalMessage? rtcSignal;
try
{
rtcSignal = JsonSerializer.Deserialize<RtcSignalMessage>(decryptedJson);
// _sendRawToWebView($"Received Encrypted Signal: [{rtcSignal.From}]: {rtcSignal.Offer}");
}
catch (Exception ex)
{
_sendRawToWebView("RTC signal parse failed: " + ex.Message);
return;
}
if (rtcSignal is null)
{
_sendRawToWebView("rtcSignal is null");
return;
}
if (!string.IsNullOrWhiteSpace(rtcSignal.To) &&
!string.Equals(rtcSignal.To, _username, StringComparison.OrdinalIgnoreCase))
{
_sendRawToWebView($"Ignoring RTC signal meant for {rtcSignal.To}");
return;
}
// _sendRawToWebView("Received encrypted RTC signal: " + decryptedJson);
await SendRtcSignalToJsAsync(rtcSignal);
}
/// <summary>
/// Pushes the current username and channelId into JS globals (window.setUsername, window.setChannelId).
/// Called whenever the user switches voice channels OR the JS engine reports rtc_page_ready.
/// </summary>
public Task PushRtcContextToJsAsync()
{
MainThread.BeginInvokeOnMainThread(async () =>
{
var usernameJson = JsonSerializer.Serialize(_username);
var channelIdJson = JsonSerializer.Serialize(_getCurrentChannelId());
await _hybridWebView.EvaluateJavaScriptAsync($"window.setUsername({usernameJson})");
await _hybridWebView.EvaluateJavaScriptAsync($"window.setChannelId({channelIdJson})");
});
return Task.CompletedTask;
}
/// <summary>
/// Final hop: hands a decrypted RtcSignalMessage off to the JS engine via
/// hybridWebView.InvokeJavaScriptAsync("testIndex", …). SDP strings have their newlines
/// escaped as "(rn)" because the JSON marshalling otherwise breaks them.
/// </summary>
private Task SendRtcSignalToJsAsync(RtcSignalMessage data)
{
if (data.Type == "rtc_offer" || data.Type == "rtc_answer")
{
data.Sdp = data.Sdp.Replace("\r\n", "(rn)");
}
MainThread.BeginInvokeOnMainThread(async () =>
{
try
{
// await _hybridWebView.InvokeJavaScriptAsync("testIndex", [JsonSerializer.Serialize(data)], [RtcJsType.Default.String]);
await _hybridWebView.InvokeJavaScriptAsync("testIndex", [data], [RtcJsType.Default.RtcSignalMessage]);
#region OldDebugger
// var jsArg = JsonSerializer.Serialize(data);
//
// await _hybridWebView.EvaluateJavaScriptAsync($@"
// try {{
// window.HybridWebView.SendRawMessage('C# eval entered');
//
// if (!window.RelaySocket) {{
// window.HybridWebView.SendRawMessage('window.RelaySocket missing');
// }} else if (typeof window.RelaySocket.receiveRtcSignal !== 'function') {{
// window.HybridWebView.SendRawMessage('RelaySocket.receiveRtcSignal missing');
// }} else {{
// window.HybridWebView.SendRawMessage('Calling RelaySocket.receiveRtcSignal');
// window.RelaySocket.receiveRtcSignal({jsArg});
// }}
// }} catch (err) {{
// window.HybridWebView.SendRawMessage('RTC JS dispatch failed: ' + err);
// }}
// ");
#endregion
}
catch (Exception ex)
{
_sendRawToWebView("SendRtcSignalToJsAsync failed: " + ex.Message);
}
});
return Task.CompletedTask;
}
}
[JsonSourceGenerationOptions(WriteIndented = false)]
[JsonSerializable(typeof(RtcDescription))]
[JsonSerializable(typeof(List<RtcSignalMessage>))]
[JsonSerializable(typeof(RtcSignalMessage))]
[JsonSerializable(typeof(IceCandidate))]
[JsonSerializable(typeof(List<IceCandidate>))]
[JsonSerializable(typeof(string))]
internal partial class RtcJsType : JsonSerializerContext
{
}

63
RelayCore/Endpoints/AuthEndpoints.cs Normal file
View File

@@ -0,0 +1,63 @@
using Microsoft.Extensions.Primitives;
using RelayCore.Services;
using RelayShared.Services;
namespace RelayCore.Endpoints;
public static class AuthEndpoints
{
public static void MapAuthEndpoints(this WebApplication app)
{
app.MapPost("/user/signin", async (AuthSignin request, APIAuthService service, HttpContext context) =>
{
string ip = "";
StringValues userAgent = "";
if (context != null)
{
ip = context.Connection.RemoteIpAddress?.MapToIPv4().ToString();
context.Request.Headers.TryGetValue("User-Agent", out userAgent);
}
var token = await service.UserSigninAsync(request, ip, userAgent.ToString());
return token != null ? Results.Ok(token) : Results.Unauthorized();
});
app.MapGet("/users", async (APIAuthService service) =>
{
return Results.Ok(await service.GetUsersAsync());
});
app.MapPost("/user/register", async (AuthRegister request, APIAuthService service, HttpContext context) =>
{
var ip = context.Connection.RemoteIpAddress?.MapToIPv4().ToString();
context.Request.Headers.TryGetValue("User-Agent", out var userAgent);
var token = await service.UserRegisterAsync(request, ip, userAgent);
return token != null ? Results.Ok(token) : Results.Ok("Username or Email already exists!");
});
app.MapPost("/user/isAlive", async (AuthSignin request, HttpContext context) =>
{
var ip = context.Connection.RemoteIpAddress?.MapToIPv4().ToString();
context.Request.Headers.TryGetValue("User-Agent", out var userAgent);
Console.WriteLine($"UN: {request.UserName}\nToken: {request.Password}\nIP: {ip}\nUserAgent: {userAgent}");
return Results.Ok();
});
app.MapPost("/server/verify/user", async (AuthUserVerify request, APIAuthService service) =>
{
bool valid = await service.ServerVerifyUser(request);
Console.WriteLine($"UN: {request.Username}\nToken: {request.Token}");
return Results.Ok(valid);
});
app.MapPost("/server/license/generate", async (AuthServerLicenseGenerate request, APIAuthService service) =>
{
var license = await service.ServerLicenseGenerate(request);
return license != null ? Results.Ok(license) : Results.BadRequest();
});
app.MapPost("/server/license/verify", async (AuthServerLicenseVerify request, APIAuthService service) =>
{
bool valid = await service.ServerVerifyLicense(request);
return Results.Ok(valid);
});
}
}

2
RelayCore/Models/PasswordHasher.cs
View File

@@ -22,7 +22,7 @@ namespace RelayCore.Models
/// <summary>
/// Number of threads to use for parallel computation
/// </summary>
private const int DegreeOfParallelism = 1;
private const int DegreeOfParallelism = 2;
/// <summary>
/// Number of iterations for the Argon2id algorithm

2
RelayCore/Models/Sessions.cs
View File

@@ -4,7 +4,7 @@ namespace RelayCore.Models;
public class Sessions : Record
{
public required string UserId { get; set; }
public required RecordId UserId { get; set; }
public required string TokenHash { get; set; }
public required DateTime IssuedAt { get; set; }
public required DateTime ExpiresAt { get; set; }

1
RelayCore/Models/Users.cs
View File

@@ -1,3 +1,4 @@
using System.Text.Json.Serialization;
using SurrealDb.Net.Models;
namespace RelayCore.Models;

32
RelayCore/Program.cs
View File

@@ -1,14 +1,13 @@
using SurrealDb.Net;
using SurrealDb.Net.Models.Auth;
using System.Text.Json;
using System;
using System.Net;
using System.Threading.Tasks;
using System.Text;
using System.Text.Json;
using RelayCore.Enums;
using RelayCore.Models;
using RelayCore.Endpoints;
using RelayCore.Services;
await using var db = new SurrealDbClient("ws://127.0.0.1:8000/rpc");
@@ -25,8 +24,26 @@ Console.WriteLine($"Keeper created: {ToJsonString(keeper)}");
Console.WriteLine($"Kira created: {ToJsonString(kira)}");
Console.WriteLine($"Test created: {ToJsonString(test)}");
await server.Main(db);
var builder = WebApplication.CreateBuilder(args);
builder.WebHost.UseUrls("http://127.0.0.1:1337/");
// builder.WebHost.UseUrls("http://192.168.1.92:1337");
builder.Services.AddSingleton(db);
builder.Services.AddScoped<APIAuthService>();
var app = builder.Build();
app.MapGet("/", () => "Auth Server Running!");
app.MapAuthEndpoints();
// await server.Main(db);
await app.StartAsync();
Console.WriteLine("API Started");
Console.WriteLine("\n\n\n");
Console.Write("Press any key to stop.");
Console.ReadKey(true);
await app.StopAsync();
return;
static string ToJsonString(object? o)
@@ -51,7 +68,7 @@ static async Task<Users> CreateUserAsync(SurrealDbClient db, string username, st
OnlineStatus = (int)OnlineStatuses.Online,
};
var created = await db.Create("users", user);
var created = await db.Create("auth_users", user);
var hasher = new PasswordHasher();
var passwordHash = hasher.HashPassword(created.Id.ToString() + rawPassword);
@@ -65,16 +82,15 @@ static async Task<Users> CreateUserAsync(SurrealDbClient db, string username, st
return updated;
}
partial class Program
{
public async Task Main(SurrealDbClient db)
{
// Set up listener
using var listener = new HttpListener();
listener.Prefixes.Add("http://localhost:8080/");
listener.Prefixes.Add("http://127.0.0.1:8080/");
listener.Start();
Console.WriteLine("API Started: http://localhost:8080/");
Console.WriteLine("API Started: http://127.0.0.1:8080/");
while (true)
{

5
RelayCore/RelayCore.csproj
View File

@@ -1,4 +1,4 @@
<Project Sdk="Microsoft.NET.Sdk">
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<OutputType>Exe</OutputType>
@@ -10,11 +10,12 @@
<ItemGroup>
<PackageReference Include="Konscious.Security.Cryptography.Argon2" Version="1.3.1" />
<PackageReference Include="Microsoft.AspNetCore.SignalR" Version="1.2.9" />
<PackageReference Include="SurrealDb.Net" Version="0.9.0" />
</ItemGroup>
<ItemGroup>
<Folder Include="Services\" />
<ProjectReference Include="..\RelayShared\RelayShared.csproj" />
</ItemGroup>
</Project>

126
RelayCore/Services/APIAuthService.cs Normal file
View File

@@ -0,0 +1,126 @@
using Microsoft.AspNetCore.WebUtilities;
using Newtonsoft.Json;
using RelayCore.Endpoints;
using RelayCore.Enums;
using RelayCore.Models;
using RelayShared.Services;
using SurrealDb.Net;
using SurrealDb.Net.Models;
namespace RelayCore.Services;
public class APIAuthService(SurrealDbClient _db)
{
public async Task<List<Users>> GetUsersAsync()
{
var users = await _db.Select<Users>("auth_users");
return users.Where(x => x.Username is not null).OrderByDescending(x=>x.CreatedAt).ToList();
}
public async Task<string?> UserSigninAsync(AuthSignin request, string ip, string userAgent)
{
var hasher = new PasswordHasher();
var users = await _db.Select<Users>("auth_users");
var user = users.FirstOrDefault(x => (x.Username.ToLower() == request.UserName.ToLower() ||
x.Email.ToLower() == request.UserName.ToLower()) &&
hasher.VerifyPassword(x.Id + request.Password, x.Password));
if (user == null)
return null;
var tokens = await _db.Select<Sessions>("auth_sessions");
var token = tokens.Where(x => x.UserId == user.Id && x.IpAddress == ip && x.UserAgent == userAgent && !x.Revoked)
.OrderByDescending(x => x.ExpiresAt).FirstOrDefault();
if (token != null)
if (token.ExpiresAt > DateTime.UtcNow)
return token.TokenHash;
//TODO: Generate TOKEN
var newToken = hasher.HashPassword($"{request.UserName}{userAgent}");
//TODO: Store TOKEN and Username for verification
var sessionId = await _db.Create("auth_sessions", new Sessions
{
UserId = user.Id,
TokenHash = newToken,
IssuedAt = DateTime.UtcNow,
ExpiresAt = DateTime.UtcNow.AddDays(30),
DeviceName = "",
Revoked = false,
IpAddress = ip,
UserAgent = userAgent
});
//TODO: Add invalidation to TOKENs
return newToken;
}
public async Task<string?> UserRegisterAsync(AuthRegister request, string ip, string userAgent)
{
var hasher = new PasswordHasher();
var users = await _db.Select<Users>("auth_users");
var user = users.FirstOrDefault(x => x.Username.ToLower() == request.Username.ToLower() || x.Email.ToLower() == request.Email.ToLower());
if (user == null)
{
var now = DateTime.Now;
var created = await _db.Create("auth_users", new Users
{
Username = request.Username,
Email = request.Email,
CreatedAt = now,
UpdatedAt = now,
LastLogin = now,
TwoFactorEnabled = false,
EmailVerified = false,
AccountStatus = (int)AccountStatuses.Active,
OnlineStatus = (int)OnlineStatuses.Online,
});
var passwordHash = hasher.HashPassword(created.Id + request.Password);
await _db.Merge<PasswordHash, Users>(new PasswordHash
{
Id = created.Id,
Password = passwordHash
});
return await UserSigninAsync(new AuthSignin{UserName=request.Username, Password = request.Password}, ip, userAgent);
}
return null;
}
public async Task<bool> ServerVerifyUser(AuthUserVerify request)
{
var users = await _db.Select<Users>("auth_users");
var user = users.FirstOrDefault(x => x.Username == request.Username);
if (user == null)
return false;
var sessions = await _db.Select<Sessions>("auth_sessions");
var session = sessions.FirstOrDefault(x => x.TokenHash == request.Token && x.UserId == user.Id);
if (session == null)
return false;
return true;
}
public async Task<string?> ServerLicenseGenerate(AuthServerLicenseGenerate request)
{
var hasher = new PasswordHasher();
string token = null;
token = hasher.HashPassword(DateTime.Now.ToString("yyyyMMddHHmmss"));
var created = await _db.Create("auth_licenses", new DBLicense
{
Token = token,
IsClient = false,
CreatedAt = DateTime.UtcNow,
ExpiresAt = DateTime.UtcNow.AddDays(365),
IsExpired = false,
});
return token;
}
public async Task<bool> ServerVerifyLicense(AuthServerLicenseVerify request)
{
var tokens = await _db.Select<DBLicense>("auth_licenses");
var token = tokens.FirstOrDefault(x => x.Token == request.License);
if (token != null)
return true;
return false;
}
}

25
RelayServer/Models/Chat/ChannelMessageEdits.cs Normal file
View File

@@ -0,0 +1,25 @@
using SurrealDb.Net.Models;
namespace RelayServer.Models;
/// <summary>
/// Surreal record for the `channel_message_edits` table. One row per historical version of
/// an edited message — written by HandleEditMessage BEFORE overwriting the live row.
///
/// Encrypted with the channel AES key (same as ChannelMessages), so HandleGetEditHistory
/// can decrypt + re-encrypt per requester.
/// </summary>
public class ChannelMessageEdits : Record
{
/// <summary>"channel_messages:abc" — which live message this version belonged to.</summary>
public required string MessageId { get; set; }
/// <summary>Base64 AES-GCM ciphertext of the JSON-serialised previous ChatMessageContent.</summary>
public required string CipherText { get; set; }
public required string Nonce { get; set; }
public required string Tag { get; set; }
/// <summary>When this version was the current text (i.e. when it was replaced).</summary>
public required DateTime EditedAt { get; set; }
}

24
RelayServer/Models/Chat/ChannelMessages.cs
View File

@@ -2,12 +2,36 @@ using SurrealDb.Net.Models;
namespace RelayServer.Models;
/// <summary>
/// Surreal record for the `channel_messages` table. One row per message.
///
/// Encryption: CipherText/Nonce/Tag use the channel AES key (ChannelDbKey), NOT any user's
/// RSA keypair. This means the server can decrypt for history queries; the per-recipient
/// RSA wrapping happens at delivery time in DeliverToServerMembers.
/// </summary>
public class ChannelMessages : Record
{
/// <summary>"channels:xyz" — which channel this belongs to.</summary>
public required string ChannelId { get; set; }
/// <summary>"users:keeper317" — who wrote it. Lowercased to match CoreClientService's id format.</summary>
public required string SenderUserId { get; set; }
/// <summary>Base64 AES-GCM ciphertext of the JSON-serialised ChatMessageContent.</summary>
public required string CipherText { get; set; }
/// <summary>Base64 AES-GCM 96-bit nonce. Different every message.</summary>
public required string Nonce { get; set; }
/// <summary>Base64 AES-GCM 128-bit authentication tag.</summary>
public required string Tag { get; set; }
/// <summary>UTC timestamp of original send. Drives history ordering.</summary>
public required DateTime CreatedAt { get; set; }
/// <summary>UTC timestamp of last edit. Null = never edited. Drives the (edited) bubble footer.</summary>
public DateTime? EditedAt { get; set; }
/// <summary>Soft-delete flag. Tombstones in history responses; bubbles show "deleted" placeholder.</summary>
public bool IsDeleted { get; set; }
}

31
RelayServer/Models/Chat/Channels.cs
View File

@@ -1,9 +1,40 @@
using SurrealDb.Net.Models;
using RelayShared.Services;
namespace RelayServer.Models;
/// <summary>
/// Surreal record for the `channels` table. One row per channel.
///
/// Lifecycle: created by HandleCreateChannel (or seeded by ServerBootstrapService at boot).
/// Soft-deleted by HandleDeleteChannel (IsDeleted flipped, row stays for audit).
/// </summary>
public class Channels : Record
{
/// <summary>Sidebar display name. Lowercased and dash-separated for new channels.</summary>
public required string Name { get; set; }
/// <summary>Creation timestamp. Drives sidebar sort order.</summary>
public required DateTime CreatedAt { get; set; }
/// <summary>Drives client rendering and server routing — Text/Voice/File/Forum/Stage.</summary>
public ChannelType Type { get; set; } = ChannelType.Text;
/// <summary>Sidebar category header (e.g. "General"). Empty means default group.</summary>
public string Group { get; set; } = string.Empty;
/// <summary>
/// True for announcement-style channels (#welcome, #files). Non-admins are blocked from
/// posting via PermissionService.CanSendMessagesAsync.
/// </summary>
public bool IsReadOnly { get; set; }
/// <summary>Soft-delete flag. Filtered out of channel-list builds in BuildChannelListForUser.</summary>
public bool IsDeleted { get; set; }
/// <summary>
/// Surreal record id of a File channel ("channels:xyz"). When set, ChatSocketBehavior's
/// MirrorAttachmentIfNeeded auto-copies non-gif attachments into the linked channel.
/// </summary>
public string? LinkedFileChannelId { get; set; }
}

17
RelayServer/Models/Crypto/ClientPublicKeys.cs
View File

@@ -1,11 +1,26 @@
using SurrealDb.Net.Models;
using SurrealDb.Net.Models;
namespace RelayServer.Models;
/// <summary>
/// Surreal record for the `client_public_keys` table. Stores the RSA public key each user
/// has registered. Written by HandleRegisterKey, read by DeliverToServerMembers and history
/// fetches to encrypt outbound messages per recipient.
///
/// When a client reinstalls and regenerates a keypair, the existing row is updated rather
/// than duplicated (ClientKeyService.RegisterOrUpdateKeyAsync).
/// </summary>
public class ClientPublicKeys : Record
{
/// <summary>Mixed-case username as the user registered it. Used as the lookup key.</summary>
public required string Username { get; set; }
/// <summary>Base64 SubjectPublicKeyInfo (DER) of the user's RSA public key.</summary>
public required string PublicKey { get; set; }
/// <summary>When the user first registered.</summary>
public required DateTime CreatedAt { get; set; }
/// <summary>When the key was last updated (key rotation, reinstall).</summary>
public required DateTime UpdatedAt { get; set; }
}

17
RelayServer/Models/Crypto/ServerEncryptionKeys.cs
View File

@@ -2,11 +2,28 @@ using SurrealDb.Net.Models;
namespace RelayServer.Models;
/// <summary>
/// Surreal record for the `server_encryption_keys` table. Stores both:
/// - The server's RSA keypair (for receiving encrypted client→server payloads).
/// - The single AES-256 key used to encrypt channel_messages at rest.
///
/// Generated once on first boot by ServerBootstrapService. Loaded into static fields on
/// ChatSocketBehavior at boot so handlers can use them without a DB round-trip.
/// </summary>
public class ServerEncryptionKeys : Record
{
/// <summary>Base64 AES-256 key used by ChannelCryptoService for at-rest message encryption.</summary>
public required string KeyBase64 { get; set; }
/// <summary>Base64 SubjectPublicKeyInfo of the server's RSA public key. Sent to clients on GetServerKey.</summary>
public required string PublicKey { get; set; }
/// <summary>Base64 PKCS8 of the server's RSA private key. Never leaves the server.</summary>
public required string PrivateKey { get; set; }
/// <summary>When the keys were generated.</summary>
public required DateTime CreatedAt { get; set; }
/// <summary>When the keys were last rotated. Currently same as CreatedAt — rotation isn't implemented.</summary>
public required DateTime UpdatedAt { get; set; }
}

25
RelayServer/Models/Server/ChannelPermissions.cs Normal file
View File

@@ -0,0 +1,25 @@
using SurrealDb.Net.Models;
namespace RelayServer.Models;
/// <summary>
/// Surreal record for the `channel_permissions` table. Per-(channel, role) override of a
/// role's base permissions.
///
/// Allow and Deny are independent masks (NOT a tri-state). Deny wins over Allow when both
/// have the same flag set. Bits not set in either fall through to the role's base permissions.
/// </summary>
public class ChannelPermissions : Record
{
/// <summary>"channels:xyz" — which channel this override applies in.</summary>
public required string ChannelId { get; set; }
/// <summary>"roles:abc" — which role this override applies to.</summary>
public required string RoleId { get; set; }
/// <summary>Permissions explicitly granted here (overrides "role doesn't have it" for this channel).</summary>
public PermissionFlags Allow { get; set; }
/// <summary>Permissions explicitly denied here. Wins over Allow.</summary>
public PermissionFlags Deny { get; set; }
}

50
RelayServer/Models/Server/Roles.cs Normal file
View File

@@ -0,0 +1,50 @@
using SurrealDb.Net.Models;
namespace RelayServer.Models;
/// <summary>
/// The permission bitfield. The whole permission model is just:
///
/// ServerMembers.IsOwner = true → unconditional Administrator
/// roles.Permissions has Administrator flag → unconditional everything
/// channel_permissions.Deny has a specific flag → that permission denied here
/// channel_permissions.Allow has a specific flag → that permission allowed here
/// roles.Permissions has the flag → fallback (channel-independent)
///
/// PermissionService.HasPermissionAsync walks that ladder in order. See that class for the
/// authoritative implementation.
/// </summary>
[Flags]
public enum PermissionFlags
{
None = 0,
ReadMessages = 1 << 0,
SendMessages = 1 << 1,
ManageMessages = 1 << 2, // Edit / delete others' messages
ManageChannels = 1 << 3, // Create channels (umbrella manage permission)
ManageMembers = 1 << 4, // Kick / ban members
Administrator = 1 << 5, // All permissions, bypasses channel overrides
ViewChannel = 1 << 6, // "Visibility" — can see the channel at all
Speak = 1 << 7, // Can transmit in a voice channel
EditChannel = 1 << 8, // Rename / reconfigure a channel
DeleteChannel = 1 << 9 // Delete a channel
}
/// <summary>
/// Surreal record for the `roles` table. Defines a named permission bundle that can be
/// assigned to users via UserRoles.
/// </summary>
public class Roles : Record
{
/// <summary>Display name ("Admin", "Moderator", "Member").</summary>
public required string Name { get; set; }
/// <summary>Base permission bitfield. Channel-level overrides in ChannelPermissions can add or remove.</summary>
public required PermissionFlags Permissions { get; set; }
/// <summary>When the role was seeded.</summary>
public required DateTime CreatedAt { get; set; }
/// <summary>Tie-breaker for future multi-role-per-user scenarios. Lower = higher priority. Not used by the current ladder.</summary>
public int Priority { get; set; }
}

13
RelayServer/Models/Server/ServerMembers.cs
View File

@@ -2,9 +2,22 @@ using SurrealDb.Net.Models;
namespace RelayServer.Models;
/// <summary>
/// Surreal record for the `server_members` table. Membership list.
/// Drives DeliverToServerMembers (the fan-out target list for every chat message) and the
/// authoritative ownership flag for PermissionService.
/// </summary>
public class ServerMembers : Record
{
/// <summary>"users:keeper317" — references the Core users table by name convention.</summary>
public required string UserId { get; set; }
/// <summary>When the user was added to this server.</summary>
public required DateTime JoinedAt { get; set; }
/// <summary>
/// Authoritative owner flag. Owner gets unconditional Administrator via
/// PermissionService.IsServerOwnerAsync, independent of role assignments.
/// </summary>
public bool IsOwner { get; set; }
}

9
RelayServer/Models/Server/Servers.cs
View File

@@ -2,9 +2,18 @@ using SurrealDb.Net.Models;
namespace RelayServer.Models;
/// <summary>
/// Surreal record for the `servers` table. Currently single-row (one server per deployment),
/// but the schema supports multi-server in the future.
/// </summary>
public class Servers : Record
{
/// <summary>Display name (currently "Test Server" from bootstrap).</summary>
public required string Name { get; set; }
/// <summary>"users:keeper317" — the owner. Mirrored as IsOwner=true on the matching ServerMembers row.</summary>
public required string OwnerUserId { get; set; }
/// <summary>Server creation timestamp.</summary>
public required DateTime CreatedAt { get; set; }
}

22
RelayServer/Models/Server/UserRoles.cs Normal file
View File

@@ -0,0 +1,22 @@
using SurrealDb.Net.Models;
namespace RelayServer.Models;
/// <summary>
/// Surreal record for the `user_roles` table. Join table linking users to roles.
///
/// Invariant: ServerBootstrapService.SetUserRoleAsync guarantees exactly one row per user.
/// Multi-role-per-user isn't currently supported by the permission ladder — adding it would
/// just be a matter of removing the bootstrap's "delete stale rows" step.
/// </summary>
public class UserRoles : Record
{
/// <summary>"users:keeper317" — the assignee.</summary>
public required string UserId { get; set; }
/// <summary>"roles:abc" — the role being granted.</summary>
public required string RoleId { get; set; }
/// <summary>When the assignment was made.</summary>
public required DateTime AssignedAt { get; set; }
}

26
RelayServer/Program.cs
View File

@@ -1,3 +1,23 @@
// =============================================================================
// RelayServer entrypoint.
//
// Boot sequence:
// 1. Connect to SurrealDB (port 8000) via SurrealService.
// 2. Wire static singletons onto ChatSocketBehavior (it's a WebSocketSharp
// WebSocketBehavior, so DI is impossible — fields are static).
// 3. Run ServerBootstrapService.InitializeAsync — seeds users, server, members,
// channels (welcome, general, files, voice-general), roles, role assignments,
// channel permission overrides, and encryption keys. Idempotent across reboots.
// 4. Start two listeners in parallel:
// - HTTP API on 127.0.0.1:5000 (RtcEndpoints — REST for RTC call orchestration)
// - WebSocket server on 127.0.0.1:5001 (ChatSocketBehavior — the chat/RTC-signal pipe)
// 5. Block on ConsoleCommandService.ShutdownTokenSource for graceful shutdown.
//
// Why two listeners? The HTTP API is used for one-shot RPC-style calls (e.g. "fetch
// the participant list for this voice channel"). The WebSocket is the persistent
// duplex pipe used for chat, typing, presence, encrypted RTC signalling.
// =============================================================================
using RelayServer.Endpoints;
using RelayServer.Services.Chat;
using RelayServer.Services.Core;
@@ -14,6 +34,7 @@ var cryptoService = new ChannelCryptoService();
await using var db = await surrealService.ConnectAsync();
ChatSocketBehavior.ClientKeyService = new ClientKeyService(db);
ChatSocketBehavior.PermissionService = new PermissionService(db);
ChatSocketBehavior.Db = db;
ChatSocketBehavior.ChannelCryptoService = cryptoService;
@@ -21,6 +42,8 @@ var bootstrapService = new ServerBootstrapService(db, coreClient, cryptoService)
await bootstrapService.InitializeAsync();
var builder = WebApplication.CreateBuilder(args);
builder.WebHost.UseUrls("http://127.0.0.1:5000/");
// builder.WebHost.UseUrls("http://192.168.1.92:5000/");
builder.Services.AddSingleton(db);
builder.Services.AddScoped<RtcCallService>();
@@ -30,7 +53,8 @@ var app = builder.Build();
app.MapGet("/", () => "Server Running!");
app.MapRtcEndpoints();
var wssv = new WebSocketServer("ws://localhost:1337");
var wssv = new WebSocketServer("ws://127.0.0.1:5001");
// var wssv = new WebSocketServer("ws://192.168.1.92:5001");
wssv.AddWebSocketService<ChatSocketBehavior>("/");
RtcNotificationService.Server = wssv;

19
RelayServer/Services/Chat/ChannelCryptoService.cs
View File

@@ -3,6 +3,25 @@ using System.Text;
namespace RelayServer.Services.Chat;
/// <summary>
/// AES-GCM-256 only (no RSA). Used exclusively for "at-rest" encryption of channel messages
/// in the SurrealDB channel_messages table.
///
/// Why a separate service from E2EeHelper:
/// - E2EeHelper is for *transit* between a specific sender and a specific recipient — it
/// wraps an ephemeral AES key with the recipient's RSA public key.
/// - ChannelCryptoService is for *storage* — the server is both the encryptor and the
/// decryptor, and it stores the symmetric channel key in server_encryption_keys.KeyBase64.
/// There's no recipient to wrap for.
///
/// Server flow for a chat message:
/// incoming SocketEncryptedMessage (encrypted with server's RSA public key, by client)
/// → E2EeHelper.DecryptForRecipient(serverPrivateKey) → plaintext
/// → ChannelCryptoService.Encrypt(channelDbKey) → stored ciphertext
/// → … later, on history fetch …
/// → ChannelCryptoService.Decrypt(channelDbKey) → plaintext
/// → E2EeHelper.EncryptForRecipient(clientPublicKey) → delivered ciphertext
/// </summary>
public sealed class ChannelCryptoService
{
public string GenerateKey()

1343
RelayServer/Services/Chat/ChatSocketBehavior.cs
View File

File diff suppressed because it is too large Load Diff

100
RelayServer/Services/Chat/ConnectedClientService.cs Normal file
View File

@@ -0,0 +1,100 @@
using System.Collections.Concurrent;
namespace RelayServer.Services.Chat;
/// <summary>
/// Two-way in-memory mapping between WebSocket session IDs and usernames.
///
/// Why both directions: when a chat message arrives, we need to look up "which sessions does
/// this server member have open right now?" (username → sessions) so we can deliver to each
/// of their devices. When a connection closes, we need to know "which user owned this session?"
/// (session → username) to clean up correctly.
///
/// Multi-device support: one username can have multiple sessions (phone + desktop + web all
/// connected simultaneously). UsernameToSessions stores a HashSet per username; each lock
/// is scoped to that specific HashSet so different users never block each other.
///
/// Username comparisons are case-insensitive (OrdinalIgnoreCase on the outer dictionary)
/// because the DB stores usernames lowercase but clients may register with mixed case.
/// </summary>
public static class ConnectedClientService
{
private static readonly ConcurrentDictionary<string, string> SessionToUsername = new();
private static readonly ConcurrentDictionary<string, HashSet<string>> UsernameToSessions =
new(StringComparer.OrdinalIgnoreCase);
/// <summary>
/// Associates a session ID with a username. Called from HandleRegisterKey. If the same
/// session re-registers under a different username (rare — basically only if the client
/// reauthenticates), the old mapping is cleaned up first to avoid double-bookkeeping.
/// </summary>
public static void Register(string sessionId, string username)
{
if (SessionToUsername.TryGetValue(sessionId, out var oldUsername) &&
!string.Equals(oldUsername, username, StringComparison.OrdinalIgnoreCase))
{
RemoveSessionFromUsername(sessionId, oldUsername);
}
SessionToUsername[sessionId] = username;
var sessions = UsernameToSessions.GetOrAdd(
username,
_ => new HashSet<string>(StringComparer.Ordinal));
lock (sessions)
sessions.Add(sessionId);
}
/// <summary>
/// Removes a session from both mappings. Called from OnClose. Idempotent — calling for
/// a session that's already gone is a no-op.
/// </summary>
public static void Unregister(string sessionId)
{
if (SessionToUsername.TryRemove(sessionId, out var username))
RemoveSessionFromUsername(sessionId, username);
}
/// <summary>
/// Returns every active session ID for a given username (case-insensitive lookup).
/// Empty collection if the user is offline. Snapshot-safe: the returned list is a copy,
/// not a live view of the underlying HashSet.
/// </summary>
public static IReadOnlyCollection<string> GetSessionsForUser(string username)
{
if (UsernameToSessions.TryGetValue(username, out var sessions))
{
lock (sessions)
return sessions.ToList();
}
return Array.Empty<string>();
}
/// <summary>
/// Reverse lookup: which user owns this session? Returns the mixed-case username the
/// client registered with (preserves casing for display). Null if the session is unknown.
/// </summary>
public static string? GetUsernameForSession(string sessionId)
{
return SessionToUsername.TryGetValue(sessionId, out var u) ? u : null;
}
/// <summary>
/// Internal cleanup: pulls a session out of the username→sessions HashSet, and removes
/// the username entry entirely if no sessions remain (keeps the dictionary lean).
/// </summary>
private static void RemoveSessionFromUsername(string sessionId, string username)
{
if (!UsernameToSessions.TryGetValue(username, out var sessions))
return;
lock (sessions)
{
sessions.Remove(sessionId);
if (sessions.Count == 0)
UsernameToSessions.TryRemove(username, out _);
}
}
}

285
RelayServer/Services/Core/ServerBootstrapService.cs
View File

@@ -2,16 +2,35 @@ using System.Text.Json;
using RelayServer.Models;
using RelayServer.Services.Chat;
using RelayServer.Services.Crypto;
using RelayShared.Services;
using SurrealDb.Net;
namespace RelayServer.Services.Core;
/// <summary>
/// Idempotent server setup. Runs once at boot from Program.cs.
///
/// Each "Ensure*" helper either inserts a missing row or patches an existing one so the
/// declared state matches the code. Running this twice in a row is a no-op.
///
/// What it provisions:
/// - Verifies the three test users exist via CoreClientService (currently a hardcoded stub).
/// - Creates the "Test Server" row in the servers table if missing.
/// - Adds those users to server_members, with Keeper317 as IsOwner=true.
/// - Creates the four premade channels with correct ChannelType and IsReadOnly flags:
/// welcome (Text, read-only) general (Text)
/// files (File, read-only) voice-general (Voice)
/// - Links #general → #files so attachments posted in #general auto-mirror to #files.
/// - Creates the three roles: Admin (all perms), Moderator (manage messages), Member (read+send).
/// - Assigns exactly one role per user (Keeper→Admin, Kira→Moderator, Test→Member).
/// SetUserRoleAsync DELETES stale assignments to guarantee single-role-per-user.
/// - Writes channel_permissions overrides explicitly denying Members SendMessages in
/// #welcome and #files.
/// - Generates the server's RSA keypair + the channel AES key on first boot, stores both
/// in server_encryption_keys, and copies them into ChatSocketBehavior's static fields.
/// </summary>
public sealed class ServerBootstrapService
{
// TODO: Make channels dynamically addable
// TODO: Add logic for channel types (ENUM)
// TODO: Add logic for channel groups for future UI use
private readonly SurrealDbClient _db;
private readonly CoreClientService _coreClient;
private readonly ChannelCryptoService _cryptoService;
@@ -38,9 +57,7 @@ public sealed class ServerBootstrapService
if (!keeper.Licensed || !kira.Licensed || !test.Licensed)
throw new InvalidOperationException("One or more required users are not licensed.");
Console.WriteLine($"Core verified user: {keeper.Username}");
Console.WriteLine($"Core verified user: {kira.Username}");
Console.WriteLine($"Core verified user: {test.Username}");
Console.WriteLine($"Core verified: {keeper.Username}, {kira.Username}, {test.Username}");
var server = await GetServerByNameAsync("Test Server");
@@ -52,29 +69,46 @@ public sealed class ServerBootstrapService
OwnerUserId = keeper.Id,
CreatedAt = DateTime.UtcNow
});
Console.WriteLine($"Server created: {ToJsonString(server)}");
Console.WriteLine($"Server created: {ToJson(server)}");
}
else
{
Console.WriteLine($"Server already exists: {ToJsonString(server)}");
Console.WriteLine($"Server already exists: {server.Name}");
}
await EnsureServerMemberAsync(keeper.Id, true);
await EnsureServerMemberAsync(kira.Id, false);
await EnsureServerMemberAsync(test.Id, false);
await EnsureServerMemberAsync(keeper.Id, isOwner: true);
await EnsureServerMemberAsync(kira.Id, isOwner: false);
await EnsureServerMemberAsync(test.Id, isOwner: false);
Console.WriteLine("Server members ensured.");
var channel = await EnsureChannelAsync("general", DateTime.UtcNow);
var channel2 = await EnsureChannelAsync("files", DateTime.UtcNow.Subtract(new TimeSpan(0, 4, 0, 0)));
var channel3 = await EnsureChannelAsync("welcome", DateTime.UtcNow.Subtract(new TimeSpan(1, 4, 4, 4)));
var channel4 = await EnsureChannelAsync("voice-general", DateTime.UtcNow.Subtract(new TimeSpan(0, 2, 0, 0)));
var tBase = new DateTime(2024, 1, 1, 0, 0, 0, DateTimeKind.Utc);
Console.WriteLine($"Resolved channelId: {GetRecordId(channel.Id)}");
Console.WriteLine($"Resolved channelId: {GetRecordId(channel2.Id)}");
Console.WriteLine($"Resolved channelId: {GetRecordId(channel3.Id)}");
Console.WriteLine($"Resolved channelId: {GetRecordId(channel4.Id)}");
var chWelcome = await EnsureChannelAsync("welcome", ChannelType.Text, group: "General", isReadOnly: true, createdAt: tBase);
var chGeneral = await EnsureChannelAsync("general", ChannelType.Text, group: "General", isReadOnly: false, createdAt: tBase.AddHours(1));
var chFiles = await EnsureChannelAsync("files", ChannelType.File, group: "General", isReadOnly: true, createdAt: tBase.AddHours(2));
var chVoice = await EnsureChannelAsync("voice-general", ChannelType.Voice, group: "General", isReadOnly: false, createdAt: tBase.AddHours(3));
Console.WriteLine($"Channels: {GetRecordId(chWelcome.Id)} | {GetRecordId(chGeneral.Id)} | {GetRecordId(chFiles.Id)} | {GetRecordId(chVoice.Id)}");
await EnsureFileChannelLinkAsync(chGeneral, GetRecordId(chFiles.Id));
var adminRole = await EnsureRoleAsync("Admin", PermissionFlags.Administrator, priority: 0);
var modRole = await EnsureRoleAsync("Moderator", PermissionFlags.ReadMessages | PermissionFlags.SendMessages | PermissionFlags.ManageMessages, priority: 1);
var memberRole = await EnsureRoleAsync("Member", PermissionFlags.ReadMessages | PermissionFlags.SendMessages, priority: 2);
Console.WriteLine($"Roles ensured: Admin={GetRecordId(adminRole.Id)}, Mod={GetRecordId(modRole.Id)}, Member={GetRecordId(memberRole.Id)}");
await SetUserRoleAsync(keeper.Id, GetRecordId(adminRole.Id));
await SetUserRoleAsync(kira.Id, GetRecordId(modRole.Id));
await SetUserRoleAsync(test.Id, GetRecordId(memberRole.Id));
Console.WriteLine("User roles set.");
await EnsureChannelPermissionAsync(GetRecordId(chWelcome.Id), GetRecordId(memberRole.Id),
allow: PermissionFlags.ReadMessages, deny: PermissionFlags.SendMessages);
await EnsureChannelPermissionAsync(GetRecordId(chFiles.Id), GetRecordId(memberRole.Id),
allow: PermissionFlags.ReadMessages, deny: PermissionFlags.SendMessages);
Console.WriteLine("Channel permissions ensured.");
var existingKey = await GetLatestServerEncryptionKeyAsync();
@@ -104,63 +138,23 @@ public sealed class ServerBootstrapService
ChatSocketBehavior.ChannelDbKey = existingKey.KeyBase64;
}
private static string ToJsonString(object? obj)
{
return JsonSerializer.Serialize(obj, new JsonSerializerOptions
{
WriteIndented = true,
Encoder = System.Text.Encodings.Web.JavaScriptEncoder.UnsafeRelaxedJsonEscaping
});
}
private static string GetRecordId(object? id)
{
if (id is null)
return string.Empty;
var json = JsonSerializer.Serialize(id);
using var doc = JsonDocument.Parse(json);
var root = doc.RootElement;
var recordId = root.GetProperty("Id").GetString() ?? string.Empty;
var table = root.GetProperty("Table").GetString() ?? string.Empty;
return $"{table}:{recordId}";
}
private async Task<Servers?> GetServerByNameAsync(string name)
{
var servers = await _db.Select<Servers>("servers");
return servers.FirstOrDefault(x => x.Name == name);
}
private async Task<ServerMembers?> GetServerMemberByUserIdAsync(string userId)
{
var members = await _db.Select<ServerMembers>("server_members");
return members.FirstOrDefault(x => x.UserId == userId);
}
private async Task<Channels?> GetChannelByNameAsync(string name)
{
var channels = await _db.Select<Channels>("channels");
return channels.FirstOrDefault(x => x.Name == name);
}
private async Task<ServerEncryptionKeys?> GetLatestServerEncryptionKeyAsync()
{
var keys = await _db.Select<ServerEncryptionKeys>("server_encryption_keys");
return keys
.OrderByDescending(x => x.CreatedAt)
.FirstOrDefault();
}
private async Task EnsureServerMemberAsync(string userId, bool isOwner)
{
var existing = await GetServerMemberByUserIdAsync(userId);
var members = await _db.Select<ServerMembers>("server_members");
var existing = members.FirstOrDefault(m => m.UserId == userId);
if (existing is not null)
{
Console.WriteLine($"Server member already exists for {userId}");
if (existing.IsOwner != isOwner)
{
existing.IsOwner = isOwner;
await _db.Merge<ServerMembers, ServerMembers>(existing);
Console.WriteLine($"Member IsOwner updated: {userId} → {isOwner}");
}
else
{
Console.WriteLine($"Member already correct: {userId}");
}
return;
}
@@ -170,26 +164,155 @@ public sealed class ServerBootstrapService
JoinedAt = DateTime.UtcNow,
IsOwner = isOwner
});
Console.WriteLine($"Server member created for {userId}");
Console.WriteLine($"Member created: {userId} (IsOwner={isOwner})");
}
private async Task<Channels> EnsureChannelAsync(string name, DateTime createdAt)
private async Task<Channels> EnsureChannelAsync(
string name, ChannelType type, string group, bool isReadOnly, DateTime createdAt)
{
var existing = await GetChannelByNameAsync(name);
var channels = await _db.Select<Channels>("channels");
var existing = channels.FirstOrDefault(c => c.Name == name);
if (existing is not null)
{
Console.WriteLine($"Channel already exists: {name}");
bool dirty = existing.Type != type || existing.Group != group || existing.IsReadOnly != isReadOnly;
if (dirty)
{
existing.Type = type;
existing.Group = group;
existing.IsReadOnly = isReadOnly;
await _db.Merge<Channels, Channels>(existing);
Console.WriteLine($"Channel updated: {name}");
}
else
{
Console.WriteLine($"Channel already correct: {name}");
}
return existing;
}
var channel = await _db.Create("channels", new Channels
{
Name = name,
Type = type,
Group = group,
IsReadOnly = isReadOnly,
CreatedAt = createdAt
});
Console.WriteLine($"Channel created: {ToJsonString(channel)}");
Console.WriteLine($"Channel created: {name} ({type})");
return channel;
}
private async Task EnsureFileChannelLinkAsync(Channels channel, string fileChannelId)
{
if (channel.LinkedFileChannelId == fileChannelId)
{
Console.WriteLine($"File link already correct: {channel.Name} → {fileChannelId}");
return;
}
channel.LinkedFileChannelId = fileChannelId;
await _db.Merge<Channels, Channels>(channel);
Console.WriteLine($"File link set: {channel.Name} → {fileChannelId}");
}
private async Task<Roles> EnsureRoleAsync(string name, PermissionFlags permissions, int priority)
{
var roles = await _db.Select<Roles>("roles");
var existing = roles.FirstOrDefault(r => r.Name == name);
if (existing is not null)
{
Console.WriteLine($"Role already exists: {name}");
return existing;
}
var role = await _db.Create("roles", new Roles
{
Name = name,
Permissions = permissions,
Priority = priority,
CreatedAt = DateTime.UtcNow
});
Console.WriteLine($"Role created: {name}");
return role;
}
private async Task SetUserRoleAsync(string userId, string roleId)
{
var userRoles = await _db.Select<UserRoles>("user_roles");
var existing = userRoles
.Where(ur => string.Equals(ur.UserId, userId, StringComparison.OrdinalIgnoreCase))
.ToList();
bool alreadyCorrect = existing.Count == 1 && existing[0].RoleId == roleId;
if (alreadyCorrect)
{
Console.WriteLine($"UserRole already correct: {userId} → {roleId}");
return;
}
foreach (var stale in existing)
{
if (stale.Id is not null)
await _db.Delete(stale.Id);
}
await _db.Create("user_roles", new UserRoles
{
UserId = userId,
RoleId = roleId,
AssignedAt = DateTime.UtcNow
});
Console.WriteLine($"UserRole set: {userId} → {roleId}");
}
private async Task EnsureChannelPermissionAsync(
string channelId, string roleId, PermissionFlags allow, PermissionFlags deny)
{
var perms = await _db.Select<ChannelPermissions>("channel_permissions");
if (perms.Any(cp => cp.ChannelId == channelId && cp.RoleId == roleId))
{
Console.WriteLine($"ChannelPermission already exists: {channelId} → {roleId}");
return;
}
await _db.Create("channel_permissions", new ChannelPermissions
{
ChannelId = channelId,
RoleId = roleId,
Allow = allow,
Deny = deny
});
Console.WriteLine($"ChannelPermission created: {channelId} → {roleId} | allow={allow}, deny={deny}");
}
private async Task<Servers?> GetServerByNameAsync(string name)
{
var servers = await _db.Select<Servers>("servers");
return servers.FirstOrDefault(x => x.Name == name);
}
private async Task<ServerEncryptionKeys?> GetLatestServerEncryptionKeyAsync()
{
var keys = await _db.Select<ServerEncryptionKeys>("server_encryption_keys");
return keys.OrderByDescending(x => x.CreatedAt).FirstOrDefault();
}
private static string GetRecordId(object? id)
{
if (id is null) return string.Empty;
var json = JsonSerializer.Serialize(id);
using var doc = JsonDocument.Parse(json);
var root = doc.RootElement;
return $"{root.GetProperty("Table").GetString()}:{root.GetProperty("Id").GetString()}";
}
private static string ToJson(object? obj) =>
JsonSerializer.Serialize(obj, new JsonSerializerOptions
{
WriteIndented = true,
Encoder = System.Text.Encodings.Web.JavaScriptEncoder.UnsafeRelaxedJsonEscaping
});
}

20
RelayServer/Services/Crypto/E2EeHelper.cs
View File

@@ -3,6 +3,26 @@ using System.Text;
namespace RelayServer.Services.Crypto;
/// <summary>
/// Hybrid RSA-2048 + AES-GCM-256 encryption. Used for any payload that needs to be
/// readable by exactly one party (the holder of a specific RSA private key).
///
/// Encrypt:
/// 1. Generate a fresh 256-bit AES key and 96-bit nonce.
/// 2. Encrypt the plaintext with AES-GCM → CipherText + Tag (auth tag, 128-bit).
/// 3. Encrypt the AES key with the recipient's RSA public key (OAEP-SHA256).
/// 4. Return all four as base64 strings in an EncryptedPayload.
///
/// Decrypt: reverse — RSA-decrypt the AES key, then AES-GCM-decrypt the ciphertext.
///
/// Why hybrid: RSA can only encrypt small inputs (~190 bytes for 2048-bit OAEP-SHA256).
/// Wrapping a symmetric key with RSA lets us encrypt arbitrarily large payloads while
/// still using the recipient's RSA keypair as the access mechanism. This is the same
/// design as PGP, TLS handshakes, etc.
///
/// The identical implementation exists in RelayClient.Crypto.E2EeHelper — they're
/// mirrored on both ends so any payload encrypted on one side decrypts on the other.
/// </summary>
public static class E2EeHelper
{
public static (string publicKey, string privateKey) GenerateRsaKeyPair()

209
RelayServer/Services/Data/PermissionService.cs Normal file
View File

@@ -0,0 +1,209 @@
using RelayServer.Models;
using SurrealDb.Net;
namespace RelayServer.Services.Data;
public sealed class PermissionService
{
private readonly SurrealDbClient _db;
public PermissionService(SurrealDbClient db)
{
_db = db;
}
/// <summary>
/// Owners/admins always allowed. Non-admins blocked from read-only channels (#welcome,
/// #files). Everyone else passes through the normal channel-level Deny → Allow → role ladder.
/// </summary>
public async Task<bool> CanSendMessagesAsync(string username, string channelId)
{
if (await IsOwnerOrAdminAsync(username))
return true;
if (await IsChannelReadOnlyAsync(channelId))
return false;
return await HasPermissionAsync(username, channelId, PermissionFlags.SendMessages);
}
/// <summary>Server-wide ability to create channels. Gates the "+" button on the sidebar.</summary>
public async Task<bool> CanManageChannelsAsync(string username) =>
await IsOwnerOrAdminAsync(username) ||
await HasGlobalPermissionAsync(username, PermissionFlags.ManageChannels);
/// <summary>Per-channel ability to delete/edit OTHER people's messages. Authors can always delete their own.</summary>
public async Task<bool> CanManageMessagesAsync(string username, string channelId) =>
await IsOwnerOrAdminAsync(username) ||
await HasPermissionAsync(username, channelId, PermissionFlags.ManageMessages);
/// <summary>Convenience query — exposes the owner-or-admin shortcut as a public method.</summary>
public async Task<bool> IsAdministratorAsync(string username) =>
await IsOwnerOrAdminAsync(username);
/// <summary>
/// "Visibility" — default-allow. Only blocks if a channel-level Deny mask explicitly
/// removes ViewChannel for the user's role. Owners/admins bypass.
/// </summary>
public async Task<bool> CanViewChannelAsync(string username, string channelId)
{
if (await IsOwnerOrAdminAsync(username)) return true;
return !await IsDeniedByChannelAsync(username, channelId, PermissionFlags.ViewChannel);
}
/// <summary>
/// Voice-channel Speak. Default-allow. Blocked by channel-level Deny. Used at RtcJoin
/// time so denied users can't even register voice presence.
/// </summary>
public async Task<bool> CanSpeakAsync(string username, string channelId)
{
if (await IsOwnerOrAdminAsync(username)) return true;
return !await IsDeniedByChannelAsync(username, channelId, PermissionFlags.Speak);
}
/// <summary>Server-wide ability to delete channels. ManageChannels OR explicit DeleteChannel.</summary>
public async Task<bool> CanDeleteChannelAsync(string username) =>
await IsOwnerOrAdminAsync(username) ||
await HasGlobalPermissionAsync(username, PermissionFlags.ManageChannels) ||
await HasGlobalPermissionAsync(username, PermissionFlags.DeleteChannel);
/// <summary>Server-wide ability to edit channels. ManageChannels OR explicit EditChannel.</summary>
public async Task<bool> CanEditChannelAsync(string username) =>
await IsOwnerOrAdminAsync(username) ||
await HasGlobalPermissionAsync(username, PermissionFlags.ManageChannels) ||
await HasGlobalPermissionAsync(username, PermissionFlags.EditChannel);
/// <summary>
/// Step 1 of the ladder: owner flag OR Administrator permission on any assigned role.
/// Owner check goes first because it doesn't require roles to be seeded — server owner
/// is authoritative regardless of role-table state.
/// </summary>
private async Task<bool> IsOwnerOrAdminAsync(string username)
{
if (await IsServerOwnerAsync(username))
return true;
var roles = await GetUserRolesAsync(username);
return roles.Any(r => r.Permissions.HasFlag(PermissionFlags.Administrator));
}
/// <summary>
/// The canonical permission ladder for per-channel checks:
/// 1. Owner/admin → true.
/// 2. Channel-level Deny mask for any of the user's roles → false (Deny wins).
/// 3. Channel-level Allow mask for any of the user's roles → true.
/// 4. Base role permissions → fallback.
/// </summary>
private async Task<bool> HasPermissionAsync(
string username, string channelId, PermissionFlags flag)
{
if (await IsOwnerOrAdminAsync(username))
return true;
var userRoles = await GetUserRolesAsync(username);
if (userRoles.Count == 0) return false;
var channelOverrides = await GetChannelPermissionsAsync(channelId);
var userRoleIds = new HashSet<string>(userRoles.Select(r => GetRecordIdString(r.Id)));
foreach (var co in channelOverrides.Where(co => userRoleIds.Contains(co.RoleId)))
if (co.Deny.HasFlag(flag)) return false;
foreach (var co in channelOverrides.Where(co => userRoleIds.Contains(co.RoleId)))
if (co.Allow.HasFlag(flag)) return true;
return userRoles.Any(r => r.Permissions.HasFlag(flag));
}
/// <summary>
/// Server-wide (not channel-scoped) permission check. Used for things like ManageChannels
/// where there's no specific channel context. Admin flag short-circuits.
/// </summary>
private async Task<bool> HasGlobalPermissionAsync(string username, PermissionFlags flag)
{
var roles = await GetUserRolesAsync(username);
return roles.Any(r =>
r.Permissions.HasFlag(PermissionFlags.Administrator) ||
r.Permissions.HasFlag(flag));
}
/// <summary>
/// "Was this permission explicitly denied here?" — used by default-allow permissions
/// (ViewChannel, Speak) which only become restrictive when there's a Deny override.
/// </summary>
private async Task<bool> IsDeniedByChannelAsync(string username, string channelId, PermissionFlags flag)
{
var userRoles = await GetUserRolesAsync(username);
if (userRoles.Count == 0) return false;
var channelOverrides = await GetChannelPermissionsAsync(channelId);
var userRoleIds = new HashSet<string>(userRoles.Select(r => GetRecordIdString(r.Id)));
return channelOverrides
.Where(co => userRoleIds.Contains(co.RoleId))
.Any(co => co.Deny.HasFlag(flag));
}
/// <summary>
/// Checks ServerMembers.IsOwner directly. This is the authoritative ownership test —
/// independent of the role table, so ownership keeps working even if roles aren't seeded.
/// </summary>
private async Task<bool> IsServerOwnerAsync(string username)
{
var userId = $"users:{username.ToLower()}";
var members = await _db.Select<ServerMembers>("server_members");
return members.Any(m =>
string.Equals(m.UserId, userId, StringComparison.OrdinalIgnoreCase) &&
m.IsOwner);
}
/// <summary>
/// Loads every Role row currently assigned to the user via UserRoles. Empty list if the
/// user has no role assignments (which means they implicitly fail every permission check
/// unless they happen to be the server owner).
/// </summary>
private async Task<List<Roles>> GetUserRolesAsync(string username)
{
var userId = $"users:{username.ToLower()}";
var userRoleLinks = await _db.Select<UserRoles>("user_roles");
var userRoleIds = userRoleLinks
.Where(ur => string.Equals(ur.UserId, userId, StringComparison.OrdinalIgnoreCase))
.Select(ur => ur.RoleId)
.ToHashSet();
if (userRoleIds.Count == 0) return [];
var allRoles = await _db.Select<Roles>("roles");
return allRoles
.Where(r => userRoleIds.Contains(GetRecordIdString(r.Id)))
.ToList();
}
/// <summary>Loads every channel_permissions override row for a channel (all roles, all flags).</summary>
private async Task<List<ChannelPermissions>> GetChannelPermissionsAsync(string channelId)
{
var all = await _db.Select<ChannelPermissions>("channel_permissions");
return all.Where(cp => cp.ChannelId == channelId).ToList();
}
/// <summary>True if the channel's IsReadOnly flag is set on its row in the channels table.</summary>
private async Task<bool> IsChannelReadOnlyAsync(string channelId)
{
var channels = await _db.Select<Channels>("channels");
var channel = channels.FirstOrDefault(c => GetRecordIdString(c.Id) == channelId);
return channel?.IsReadOnly ?? false;
}
/// <summary>SurrealDB's Id object → "table:id" string. Local copy because PermissionService isn't a friend of ChatSocketBehavior.</summary>
private static string GetRecordIdString(object? id)
{
if (id is null) return string.Empty;
var json = System.Text.Json.JsonSerializer.Serialize(id);
using var doc = System.Text.Json.JsonDocument.Parse(json);
var root = doc.RootElement;
var recordId = root.GetProperty("Id").GetString() ?? string.Empty;
var table = root.GetProperty("Table").GetString() ?? string.Empty;
return $"{table}:{recordId}";
}
}

40
RelayShared/Services/Authentication.cs Normal file
View File

@@ -0,0 +1,40 @@
namespace RelayShared.Services;
public class AuthSignin
{
public string UserName { get; set; }
public string Password { get; set; }
}
public class AuthRegister
{
public string Username { get; set; }
public string Password { get; set; }
public string Email { get; set; }
}
public class AuthUserVerify
{
public string Username { get; set; }
public string Token { get; set; }
}
public class AuthServerLicenseVerify
{
public string License { get; set; }
}
public class AuthServerLicenseGenerate
{
public string Server { get; set; }
public string Length {get; set;} //TODO: Convert to Enum
}
public class DBLicense
{
public string Token {get; set;}
public bool IsClient {get; set;}
public DateTime CreatedAt {get; set;}
public DateTime ExpiresAt {get; set;}
public bool IsExpired {get; set;}
}

25
RelayShared/Services/ChannelEnums.cs
View File

@@ -1,10 +1,23 @@
namespace RelayShared.Services;
namespace RelayShared.Services;
/// <summary>
/// Drives both rendering (sidebar icon, message view vs RTC view) and server-side routing
/// (file mirror destination must be ChannelType.File, RTC join only on Voice/Stage).
/// </summary>
public enum ChannelType
{
Text, //Default channel type, handles text, links, files*, all in a linear live chat format
Voice, //Used for general voice and video calls, utilizes WebRTC in its intended use
File, //File browser for connected text channels, used for browsing files rather than scrolling through text channel
Forum, //Specific forum posts, meant to keep conversations grouped and on topic while keeping all in an easy to find place
Stage //Used for announcements and presentations, voice/video call utilizing a modified WebRTC protocol through server
/// <summary>Default. Linear chat: text, markdown, embeds, attachments. Sidebar prefix "#".</summary>
Text,
/// <summary>WebRTC voice/video. Sidebar prefix 🔊. Selecting auto-swaps to the RTC view.</summary>
Voice,
/// <summary>File browser. Receives auto-mirrored attachments from any Text channel that points here via LinkedFileChannelId. Sidebar prefix 📁.</summary>
File,
/// <summary>Forum-style threaded posts. Sidebar prefix 📋. Currently a placeholder type.</summary>
Forum,
/// <summary>Announcement-style voice. Modified WebRTC where most participants are listeners. Sidebar prefix 🎤. Placeholder.</summary>
Stage
}

28
RelayShared/Services/ChannelTransmissions.cs
View File

@@ -1,18 +1,44 @@
namespace RelayShared.Services;
namespace RelayShared.Services;
/// <summary>
/// One row in the sidebar channel list. The server computes the permission-derived fields
/// (CanPost, CanManage) per-user so the client never has to evaluate permissions itself.
/// </summary>
public sealed class ChannelItem
{
/// <summary>Surreal record id (e.g. "channels:abc").</summary>
public string ChannelId { get; set; } = string.Empty;
/// <summary>Sidebar display name ("general", "welcome", etc.).</summary>
public string Name { get; set; } = string.Empty;
/// <summary>Drives icon and behavior: Text/Voice/File/Forum/Stage.</summary>
public ChannelType Type { get; set; }
/// <summary>Sidebar category label (e.g. "General"). Empty groups fall under a default "Channels" header.</summary>
public string Group { get; set; } = string.Empty;
/// <summary>Creation timestamp. Drives sidebar sort order (oldest → newest).</summary>
public DateTime CreatedAt { get; set; }
/// <summary>True if the channel is announcement-style (welcome, files). Drives the 🔒 suffix in the sidebar.</summary>
public bool IsReadOnly { get; set; }
/// <summary>Permission-resolved: can the receiving user send messages here. Drives input enable/disable.</summary>
public bool CanPost { get; set; }
/// <summary>Permission-resolved: can the receiving user edit/delete this channel. Drives context-menu visibility.</summary>
public bool CanManage { get; set; }
}
/// <summary>
/// Server-to-client channel list. Sent in response to WsAction.GetChannels and broadcast
/// to all sessions after every channel create / delete.
/// </summary>
public sealed class SocketChannelList
{
public SignalType Type { get; set; } = SignalType.ChannelList;
/// <summary>Channels the receiving user is allowed to view. Permission filtering happens server-side.</summary>
public List<ChannelItem> Channels { get; set; } = [];
}

43
RelayShared/Services/ChatMessageContent.cs Normal file
View File

@@ -0,0 +1,43 @@
namespace RelayShared.Services;
/// <summary>
/// The plaintext payload of a chat message before E2E encryption is applied.
///
/// Lifecycle of a message:
/// 1. Client builds a ChatMessageContent (text + optional reply/attachment/mentions).
/// 2. Client JSON-serialises it, encrypts with the server's public key (RSA wrapping an
/// AES-GCM key), and sends the encrypted blob wrapped in a SocketEncryptedMessage.
/// 3. Server decrypts with its private key, re-encrypts with the channel DB key, stores it.
/// 4. For each recipient, server decrypts from DB key and re-encrypts with that recipient's
/// public key, then delivers via SocketEncryptedMessage.
/// 5. Recipient decrypts with their private key and JSON-deserialises back to ChatMessageContent.
///
/// This type is intentionally shared by RelayClient and RelayServer so both ends agree on the
/// JSON shape. Adding a field here lights up the whole pipeline automatically.
/// </summary>
public sealed class ChatMessageContent
{
/// <summary>The raw message body, including Markdown syntax and @mentions.</summary>
public string Text { get; set; } = string.Empty;
/// <summary>When set, this message is a reply. Carries the Surreal record id of the message being replied to.</summary>
public string? ReplyToId { get; set; }
/// <summary>Display name of the user being replied to. Lets the client render the quote bar without a lookup.</summary>
public string? ReplyToSenderUsername { get; set; }
/// <summary>Trimmed preview of the replied-to text (≤100 chars). Captured at send time so the server never has to look it up.</summary>
public string? ReplyPreview { get; set; }
/// <summary>Extracted usernames + special tokens ("everyone", "here"). Drives the ping-badge in the sidebar.</summary>
public List<string>? Mentions { get; set; }
/// <summary>Base64-encoded attachment bytes. Null when there's no attachment.</summary>
public string? AttachmentBase64 { get; set; }
/// <summary>MIME type of the attachment (e.g. "image/png"). Used to choose between BuildBase64ImageEmbed and BuildFileCard.</summary>
public string? AttachmentMimeType { get; set; }
/// <summary>Original filename as chosen by the sender. Shown as the file card label and used for the download path.</summary>
public string? AttachmentFileName { get; set; }
}

154
RelayShared/Services/SocketTransmissions.cs
View File

@@ -1,38 +1,160 @@
namespace RelayShared.Services;
namespace RelayShared.Services;
//TODO: review name of file, potentially rename for Encryption services rather than sockets
/// <summary>
/// The "data plane" wire types for the WebSocket protocol.
///
/// Every type here carries a SignalType discriminator so a generic JsonDocument peek
/// can identify the variant. The server dispatches on SignalType in ChatSocketBehavior.OnMessage;
/// the client dispatches on it in RelaySocketClient.OnMessage.
///
/// Encrypted payloads share a uniform 4-tuple shape: (CipherText, Nonce, Tag, EncryptedKey).
/// That tuple is hybrid RSA+AES-GCM: EncryptedKey is the per-message AES key wrapped with the
/// recipient's RSA public key; CipherText/Nonce/Tag are the AES-GCM ciphertext, nonce, and
/// authentication tag for the actual JSON-serialised ChatMessageContent.
/// </summary>
public sealed class SocketRtcSignalMessage
{
/// <summary>Always SignalType.EncryptedSignal in flight.</summary>
public SignalType Type { get; set; }
/// <summary>Username of the user generating the SDP/ICE signal.</summary>
public string SenderUsername { get; set; } = string.Empty;
/// <summary>The voice channel this signal belongs to.</summary>
public string ChannelId { get; set; } = string.Empty;
/// <summary>Base64 AES-GCM ciphertext of the JSON-serialised RtcSignalMessage.</summary>
public string CipherText { get; set; } = string.Empty;
/// <summary>Base64 AES-GCM 96-bit nonce.</summary>
public string Nonce { get; set; } = string.Empty;
/// <summary>Base64 AES-GCM 128-bit authentication tag.</summary>
public string Tag { get; set; } = string.Empty;
/// <summary>Base64 RSA-OAEP-encrypted AES key (encrypted with recipient's public key).</summary>
public string EncryptedKey { get; set; } = string.Empty;
}
/// <summary>
/// The workhorse envelope for chat messages and message lifecycle events.
/// Used for both directions and for new sends / edits / delete tombstones.
/// </summary>
public sealed class SocketEncryptedMessage
{
/// <summary>
/// EncryptedChat (server→client), ClientEncryptedChat (client→server new message),
/// ClientEditMessage / ClientDeleteMessage (client→server lifecycle), MessageEdited (server→client).
/// </summary>
public SignalType Type { get; set; } = SignalType.EncryptedChat;
/// <summary>Surreal record id (e.g. "channel_messages:abc"). Populated by the server on outbound delivery.</summary>
public string MessageId { get; set; } = string.Empty;
/// <summary>Who wrote the message.</summary>
public string SenderUsername { get; set; } = string.Empty;
/// <summary>Who this specific delivery is encrypted for. Different per recipient on the same logical message.</summary>
public string RecipientUsername { get; set; } = string.Empty;
/// <summary>The channel the message belongs to.</summary>
public string ChannelId { get; set; } = string.Empty;
/// <summary>Base64 AES-GCM ciphertext of the JSON-serialised ChatMessageContent. Empty on tombstone deliveries.</summary>
public string CipherText { get; set; } = string.Empty;
/// <summary>Base64 AES-GCM 96-bit nonce.</summary>
public string Nonce { get; set; } = string.Empty;
/// <summary>Base64 AES-GCM 128-bit authentication tag.</summary>
public string Tag { get; set; } = string.Empty;
/// <summary>Base64 RSA-OAEP-encrypted AES key (encrypted with recipient's public key on outbound, server's on inbound).</summary>
public string EncryptedKey { get; set; } = string.Empty;
/// <summary>True when this message has been edited at least once. Drives the (edited) footer in the bubble.</summary>
public bool IsEdited { get; set; }
/// <summary>True for tombstone deliveries (history only). Client renders a placeholder; no decryption is attempted.</summary>
public bool IsDeleted { get; set; }
}
/// <summary>
/// Server-broadcast tombstone fired the moment a message is deleted. Carries no content —
/// recipients use MessageId to find the existing bubble and swap it to a "deleted" placeholder.
/// </summary>
public sealed class SocketMessageDeletedEvent
{
public SignalType Type { get; set; } = SignalType.MessageDeleted;
/// <summary>The message being tombstoned.</summary>
public string MessageId { get; set; } = string.Empty;
/// <summary>Channel scope — clients that aren't viewing this channel can defer the bubble update.</summary>
public string ChannelId { get; set; } = string.Empty;
}
/// <summary>
/// "{Username} is typing…" hint. Server forwards to every connected member except the sender.
/// Client auto-clears the indicator 3 seconds after the last such event.
/// </summary>
public sealed class SocketTypingEvent
{
public SignalType Type { get; set; } = SignalType.TypingIndicator;
/// <summary>Who is typing.</summary>
public string Username { get; set; } = string.Empty;
/// <summary>Which channel they're typing in. Clients ignore events for channels they're not viewing.</summary>
public string ChannelId { get; set; } = string.Empty;
}
/// <summary>One historical version of an edited message, re-encrypted for the requester.</summary>
public sealed class SocketEditHistoryEntry
{
/// <summary>Base64 AES-GCM ciphertext of the JSON-serialised previous ChatMessageContent.</summary>
public string CipherText { get; set; } = string.Empty;
public string Nonce { get; set; } = string.Empty;
public string Tag { get; set; } = string.Empty;
/// <summary>Base64 RSA-OAEP-encrypted AES key (encrypted with requester's public key).</summary>
public string EncryptedKey { get; set; } = string.Empty;
/// <summary>When this version was the current text (i.e. when it was replaced).</summary>
public DateTime EditedAt { get; set; }
}
/// <summary>Server reply to a GetEditHistory request. Entries are ordered oldest→newest.</summary>
public sealed class SocketEditHistoryResponse
{
public SignalType Type { get; set; } = SignalType.EditHistory;
/// <summary>Which message this history is for.</summary>
public string MessageId { get; set; } = string.Empty;
/// <summary>Every previous version of the message. Empty if the message has never been edited.</summary>
public List<SocketEditHistoryEntry> Entries { get; set; } = [];
}
/// <summary>
/// Server-to-client delivery of the server's public RSA key. Sent once per session in
/// response to WsAction.GetServerKey. Clients cache this for all outbound encryption.
/// </summary>
public sealed class ServerPublicKeyMessage
{
public SignalType Type { get; set; } = SignalType.ServerPublicKey;
/// <summary>Base64 SubjectPublicKeyInfo (DER) of the server's RSA public key.</summary>
public string PublicKey { get; set; } = string.Empty;
}
/// <summary>The wire discriminator for every data-plane Socket*Message.</summary>
public enum SignalType
{
// RTC SDP/ICE wire types (used by the WebView RTC engine, not handled directly here)
Offer,
Answer,
Candidate,
@@ -40,9 +162,37 @@ public enum SignalType
AnswerUpdated,
CandidateAdded,
CallLeft,
/// <summary>Server→client: paginated channel list (SocketChannelList).</summary>
ChannelList,
/// <summary>Server→client: ServerPublicKeyMessage delivery.</summary>
ServerPublicKey,
/// <summary>Bidirectional: encrypted RTC SDP/ICE signal (SocketRtcSignalMessage).</summary>
EncryptedSignal,
/// <summary>Server→client: delivered chat message (SocketEncryptedMessage).</summary>
EncryptedChat,
ClientEncryptedChat
/// <summary>Client→server: new chat message send (SocketEncryptedMessage).</summary>
ClientEncryptedChat,
/// <summary>Client→server: request to edit own message (SocketEncryptedMessage with new content).</summary>
ClientEditMessage,
/// <summary>Client→server: request to delete own message (SocketEncryptedMessage with only MessageId).</summary>
ClientDeleteMessage,
/// <summary>Server→clients: edit broadcast carrying re-encrypted new content (SocketEncryptedMessage).</summary>
MessageEdited,
/// <summary>Server→clients: deletion tombstone (SocketMessageDeletedEvent).</summary>
MessageDeleted,
/// <summary>Server→peers: typing indicator (SocketTypingEvent).</summary>
TypingIndicator,
/// <summary>Server→requester: edit-history response (SocketEditHistoryResponse).</summary>
EditHistory
}

111
RelayShared/Services/WsControlMessage.cs Normal file
View File

@@ -0,0 +1,111 @@
namespace RelayShared.Services;
/// <summary>
/// JSON-dispatch contract for the WebSocket "control plane" (non-encrypted,
/// non-realtime requests like auth, key registration, channel CRUD, history fetches).
///
/// The server's ChatSocketBehavior.OnMessage looks at the first JSON property of every
/// incoming text frame:
/// - "Action" present → deserialise into WsControlMessage and dispatch on WsAction.
/// - "Type" present → deserialise into SocketEncryptedMessage/SocketRtcSignalMessage
/// and dispatch on SignalType (the "data plane" — chat messages,
/// RTC signals, edit/delete requests).
///
/// Responses come back as either WsEventMessage (for acks/errors) or one of the
/// Socket*Message types (for streaming data).
/// </summary>
public enum WsAction
{
/// <summary>Verify a Core-issued user token. Fields used: Username, Token.</summary>
Authenticate,
/// <summary>Register/update the client's RSA public key. Fields used: Username, PublicKey.</summary>
RegisterKey,
/// <summary>Request the server's public RSA key for outbound encryption. No fields.</summary>
GetServerKey,
/// <summary>Request the full channel list for this user. No fields.</summary>
GetChannels,
/// <summary>Request decrypted message history for a channel. Fields used: Username, ChannelId.</summary>
GetHistory,
/// <summary>Join a voice channel (presence tracking). Fields used: Username, ChannelId.</summary>
RtcJoin,
/// <summary>Leave a voice channel. Fields used: Username, ChannelId.</summary>
RtcLeave,
/// <summary>Broadcast "user is typing" to channel peers. Fields used: ChannelId.</summary>
SendTyping,
/// <summary>Request the edit-history chain for a specific message. Fields used: Username, MessageId, ChannelId.</summary>
GetEditHistory,
/// <summary>Create a new channel (permission-gated). Fields used: ChannelName, ChannelType, ChannelGroup.</summary>
CreateChannel,
/// <summary>Soft-delete a channel (permission-gated). Fields used: ChannelId.</summary>
DeleteChannel
}
/// <summary>Server-to-client event types for acks and errors.</summary>
public enum WsEvent
{
/// <summary>Reply to Authenticate. Detail = username.</summary>
Authenticated,
/// <summary>Reply to RegisterKey. Detail = username.</summary>
KeyRegistered,
/// <summary>Generic error. Detail = human-readable reason shown to the user.</summary>
Error
}
/// <summary>
/// Control-plane envelope. All fields are nullable because each action only uses a subset
/// of them. Serialised as JSON; identified by the presence of the "Action" property.
/// </summary>
public sealed class WsControlMessage
{
/// <summary>The action to perform. Server dispatches on this.</summary>
public WsAction Action { get; set; }
/// <summary>Mixed-case username as the user typed it on sign-in. Server preserves casing for display.</summary>
public string? Username { get; set; }
/// <summary>Core-issued auth token. Only set on Authenticate.</summary>
public string? Token { get; set; }
/// <summary>Base64-encoded RSA public key. Only set on RegisterKey.</summary>
public string? PublicKey { get; set; }
/// <summary>Surreal record id of a channel (e.g. "channels:xyz"). Used by most channel-scoped actions.</summary>
public string? ChannelId { get; set; }
/// <summary>Surreal record id of a message. Used by GetEditHistory.</summary>
public string? MessageId { get; set; }
/// <summary>Channel name on create (e.g. "memes"). Server normalises to lowercase-dashes.</summary>
public string? ChannelName { get; set; }
/// <summary>Integer cast of ChannelType enum (Text=0, Voice=1, …). Used on CreateChannel.</summary>
public int ChannelType { get; set; }
/// <summary>Group/category label shown in the sidebar (e.g. "General"). Optional on CreateChannel.</summary>
public string? ChannelGroup { get; set; }
}
/// <summary>
/// Server-to-client ack envelope. Identified by the "Event" JSON property
/// (vs WsControlMessage's "Action" or Socket*Message's "Type").
/// </summary>
public sealed class WsEventMessage
{
/// <summary>Which event this is acknowledging.</summary>
public WsEvent Event { get; set; }
/// <summary>Human-readable context (username on success, error message on Error).</summary>
public string? Detail { get; set; }
}

2
start-all.ps1
View File

@@ -66,7 +66,7 @@ Start-Sleep -Seconds 5
$testScript = New-TabScript -Name "Test" -Content @"
Set-Location '$root'
Start-Sleep -Seconds 25
Start-Sleep -Seconds 5
& '$clientExe' --user Test
"@

63
start-servers.ps1 Normal file
View File

@@ -0,0 +1,63 @@
$root = Split-Path -Parent $MyInvocation.MyCommand.Path
Set-Location $root
$dockerExe = (Get-Command docker.exe).Source
$dotnetExe = (Get-Command dotnet.exe).Source
$ps = (Get-Command powershell.exe).Source
Write-Host "Building RelayCore..."
& $dotnetExe build .\RelayCore\RelayCore.csproj
if ($LASTEXITCODE -ne 0) { throw "RelayCore build failed." }
Write-Host "Building RelayServer..."
& $dotnetExe build .\RelayServer\RelayServer.csproj
if ($LASTEXITCODE -ne 0) { throw "RelayServer build failed." }
Write-Host "Building RelayClient (Windows only)..."
& $dotnetExe build .\RelayClient\RelayClient.csproj -f net10.0-windows10.0.19041.0
if ($LASTEXITCODE -ne 0) { throw "RelayClient build failed." }
$coreDll = Join-Path $root "RelayCore\bin\Debug\net9.0\RelayCore.dll"
$serverDll = Join-Path $root "RelayServer\bin\Debug\net10.0\RelayServer.dll"
$tempDir = Join-Path $env:TEMP "RelayTabs"
New-Item -ItemType Directory -Force -Path $tempDir | Out-Null
function New-TabScript {
param(
[string]$Name,
[string]$Content
)
$path = Join-Path $tempDir "$Name.ps1"
Set-Content -Path $path -Value $Content -Encoding UTF8
return $path
}
$dockerScript = New-TabScript -Name "SurrealDB" -Content @"
Set-Location '$root'
& '$dockerExe' run --rm -p 8000:8000 -v /mydata:/mydata surrealdb/surrealdb:v2.2.1 start --user root --pass secret
"@
$coreScript = New-TabScript -Name "RelayCore" -Content @"
Set-Location '$root'
Start-Sleep -Seconds 1
& '$dotnetExe' '$coreDll'
"@
$serverScript = New-TabScript -Name "RelayServer" -Content @"
Set-Location '$root'
Start-Sleep -Seconds 1
& '$dotnetExe' '$serverDll'
"@
$wtArgs = @(
"new-tab --title `"SurrealDB`" `"$ps`" -NoExit -ExecutionPolicy Bypass -File `"$dockerScript`"",
"new-tab --title `"RelayCore`" `"$ps`" -NoExit -ExecutionPolicy Bypass -File `"$coreScript`"",
"new-tab --title `"RelayServer`" `"$ps`" -NoExit -ExecutionPolicy Bypass -File `"$serverScript`""
) -join " ; "
Write-Host ""
Write-Host "Everything started."
Write-Host "Close out terminal to end all applications."
Start-Process wt.exe -ArgumentList $wtArgs