{"id":19742180,"url":"https://github.com/laverna/laverna-server","last_synced_at":"2025-04-30T06:31:00.469Z","repository":{"id":77133831,"uuid":"77429279","full_name":"Laverna/laverna-server","owner":"Laverna","description":"Signaling Server for Laverna's P2P Differential Synchronization","archived":false,"fork":false,"pushed_at":"2018-02-18T11:06:09.000Z","size":99,"stargazers_count":24,"open_issues_count":1,"forks_count":17,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-04-05T23:32:18.024Z","etag":null,"topics":["openpgpjs","socket-io","synchronization","websocket"],"latest_commit_sha":null,"homepage":"https://laverna.cc","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Laverna.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-12-27T05:47:16.000Z","updated_at":"2024-08-03T22:09:01.000Z","dependencies_parsed_at":null,"dependency_job_id":"5c1be30a-97ce-472f-a2f9-d0685ddf9af1","html_url":"https://github.com/Laverna/laverna-server","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Laverna%2Flaverna-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Laverna%2Flaverna-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Laverna%2Flaverna-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Laverna%2Flaverna-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Laverna","download_url":"https://codeload.github.com/Laverna/laverna-server/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251653974,"owners_count":21622232,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["openpgpjs","socket-io","synchronization","websocket"],"created_at":"2024-11-12T01:29:28.301Z","updated_at":"2025-04-30T06:31:00.463Z","avatar_url":"https://github.com/Laverna.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Signaling Server for Laverna's P2P Differential Synchronization\n\n[Wiki](https://github.com/Laverna/laverna/wiki) |\n[IRC](https://webchat.freenode.net/?channels=laverna) |\n[Gitter Chat](https://gitter.im/Laverna/laverna)\n\n[![Build Status](https://travis-ci.org/Laverna/laverna-server.svg?branch=master)](https://travis-ci.org/Laverna/laverna-server)\n[![Coverage Status](https://coveralls.io/repos/github/Laverna/laverna-server/badge.svg?branch=master)](https://coveralls.io/github/Laverna/laverna-server)\n[![Code Climate](https://codeclimate.com/github/Laverna/laverna-server/badges/gpa.svg)](https://codeclimate.com/github/Laverna/laverna-server)\n\n\n## Dependencies\n\n1. [Git](https://git-scm.com/book/en/v2)\n2. [Node.js](http://nodejs.org/) v8 or higher\n3. [MongoDB](https://docs.mongodb.com/manual/installation/)\n\n\n## Installation\n---------------\n\n1. Clone the repository\n\n```bash\n$ git clone git@github.com:Laverna/server.git\n# navigate to the project directory\ncd server\n```\n\n2. Install dependencies\n\n```bash\n$ npm install\n```\n\n3. Configure the signal server\nCopy .env.example to .env and change configs in the new file.\n\n4. Start the server\n\n```bash\n$ npm start\n```\n\n\n## Security\n-----------\n\n### Authentication\nTo authenticate a client on the server it uses token based authentication by using [JSON Web Tokens](https://jwt.io/) and [OpenPGP](https://github.com/openpgpjs/openpgpjs) signatures.\n\nThe authentication method is based on **[public key authentication method](https://tools.ietf.org/html/rfc4252#section-7)** where the possession of the private key serves as authentication.\n\nHow does it work?\n\n1. A client requests a session token by sending a GET request to `/api/token/username/:username`\n2. The server generates and sends a **JWT** token (HS256 algorithm) for the client which will expire after 8 minutes\n3. The client signs the session token with their private OpenPGP key and sends a POST request to `/api/auth`\n4. The server:\n    1. Checks the authenticity of the signature\n    2. Checks the signed **JWT** session token\n    3. If there is no error, it generates an authentication token using JWT. The token will expire after 24 hours\n5. The authentication token is used to authenticate the client on the signaling socket server.\n\n### What Personal Information is Stored on the Server?\nThe server stores a minimum amount of information which includes your username and public OpenPGP key and fingerprint. Keep in mind if your OpenPGP key includes your email, it can be easily extracted.\n\n### Personal Information which is Publicly Available\nSome of your personal information will be available to the public. It is necessary for our REST API.\n\nThe following data should be considered public:\n\n1. Your username\n2. Your public OpenPGP key\n3. Your OpenPGP key fingerprint\n\n## Security Audit\n-----------------\nThe authentication method used in this project was implemented by us and it hasn't been vetted nor audited by security experts. Use it at your own risk.\n\n\n## License\n----------\n\nPublished under [MPL-2.0 License](https://www.mozilla.org/en-US/MPL/2.0/).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaverna%2Flaverna-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flaverna%2Flaverna-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaverna%2Flaverna-server/lists"}