From 4edc2e5176ae8ff56e0be4d08a78027faa4ab7b9 Mon Sep 17 00:00:00 2001 From: ghost Date: Wed, 12 Nov 2025 16:57:34 +0100 Subject: [PATCH] Add module-level docs and first milestone plan. --- README.md | 22 ++++++++++++++++++++++ src/alloc.rs | 2 ++ src/auth.rs | 2 ++ src/config.rs | 2 ++ src/main.rs | 2 ++ src/stun.rs | 2 ++ src/tls.rs | 2 ++ 7 files changed, 34 insertions(+) diff --git a/README.md b/README.md index 0725007..abc38a2 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,28 @@ Auth caveat this with a secure credential workflow (ephemeral/REST credentials, PBKDF/KDF storage, or mTLS) before any production deployment. See `src/auth.rs` for the current simple store and helpers. +Milestone 1 — Protocol Backlog +------------------------------ +This milestone focuses on turning the current MVP into a feature-complete TURN core that can be used +reliably by `niom-webrtc`. + +- **Authentication Hardening**: nonce lifecycle, realm configuration, Argon2-backed credential + storage, and detailed error handling for 401/438 responses. +- **TURN Method Coverage**: implement `Allocate` attributes, `CreatePermission`, `ChannelBind`, + `Refresh`, and full relay path (peer data forwarding, Send/Data indications). +- **Allocation Lifecycle**: timers, refresh logic, cleanup of expired allocations, and resource + limits per user/IP. +- **Protocol Compliance**: FINGERPRINT support, XOR-MAPPED-ADDRESS, IPv6 evaluation, checksum + validation, and robustness against malformed packets. +- **Observability & Limits**: structured tracing, metrics, rate limiting, and integration tests + (including the bundled `smoke_client`). + +Artifacts that track this milestone live in two places: + +1. This README section is kept up to date while the milestone is in progress. +2. Inline module docs (`//!`) inside `src/` record the current responsibilities and open backlog + items for each subsystem as we iterate. + License: MIT Smoke-Test (End-to-End) diff --git a/src/alloc.rs b/src/alloc.rs index 76658ef..cccac2c 100644 --- a/src/alloc.rs +++ b/src/alloc.rs @@ -1,3 +1,5 @@ +//! Allocation manager: provisions relay sockets and forwards packets for TURN allocations. +//! Backlog: permission tables, channel bindings, allocation refresh timers, and rate limits. use std::collections::HashMap; use std::net::SocketAddr; use std::sync::{Arc, Mutex}; diff --git a/src/auth.rs b/src/auth.rs index 1b80eee..22f8640 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -1,3 +1,5 @@ +//! Authentication helpers and the in-memory credential store used for the MVP server. +//! Backlog: Argon2-backed storage, nonce lifecycle, and integration with persistent secrets. use async_trait::async_trait; use std::sync::Arc; use crate::traits::CredentialStore; diff --git a/src/config.rs b/src/config.rs index a268ccd..c18111b 100644 --- a/src/config.rs +++ b/src/config.rs @@ -1,3 +1,5 @@ +//! Configuration loader for server bind addresses, TLS artifacts, and seed credentials. +//! Backlog: hot-reload support, secret injection, and environment overrides per deployment. use serde::Deserialize; use std::path::Path; diff --git a/src/main.rs b/src/main.rs index af9b798..003ab90 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,3 +1,5 @@ +//! Binary entry point that wires configuration, UDP listener, optional TLS listener, and allocation handling. +//! Backlog: graceful shutdown signals, structured metrics, and coordinated lifecycle management across listeners. use std::net::SocketAddr; use std::sync::Arc; use tokio::net::UdpSocket; diff --git a/src/stun.rs b/src/stun.rs index 049bc32..de6555c 100644 --- a/src/stun.rs +++ b/src/stun.rs @@ -1,3 +1,5 @@ +//! STUN/TURN message parsing and builders for the server. +//! Backlog: full attribute coverage, fingerprint helpers, IPv6 handling, and fuzz testing. use std::convert::TryInto; use crate::models::stun::{StunHeader, StunAttribute, StunMessage}; use crate::constants::*; diff --git a/src/tls.rs b/src/tls.rs index 52a272e..d42fdf3 100644 --- a/src/tls.rs +++ b/src/tls.rs @@ -1,3 +1,5 @@ +//! TLS listener that wraps the STUN/TURN logic for `turns:` clients. +//! Backlog: ALPN negotiation, TCP relay support, and shared flow-control with the UDP path. use std::sync::Arc; use anyhow::Context; use tokio::net::TcpListener;