security: harden E2EE, sanitise errors, fix types, and real crypto tests

P1 security fixes:
- SEC-1: RSA-wrap AES key before sharing — relay server no longer sees
  plaintext AES key; shareEncryptedAesKey() encrypts JWK with peer's
  RSA public key; receiving side decrypts with own RSA private key
- SEC-2: asyncHandler now returns generic 'Internal server error' in
  production and console.error()s the full error server-side only
- SEC-3: share-public-key endpoint returns 409 if a key is already
  registered for (channel, user), preventing key-slot overwrite attacks

P2 bug fixes:
- BUG-1: request body limit reduced from 10 mb to 64 kb; urlencoded
  bodies also capped at 64 kb

Tests (TEST-1):
- Replaced all mocked window.crypto stubs with real Web Crypto API
- 6 new tests: RSA keypair generation, encrypt/decrypt round-trip,
  wrong-key rejection; AES key caching, encrypt/decrypt round-trip,
  missing-remote-key error
- jest.config.js: explicit testEnvironment: 'node'

Code quality (CODE-1):
- webrtc.ts: replaced every `any` cast with proper interfaces
  (RTCRtpSenderWithStreams, RTCRtpReceiverWithStreams,
  RTCPeerConnectionWithInsertableStreams, IceCandidateSignalData);
  fixed typo appenVideoStreamToDom → appendVideoStreamToDom
- socket.ts: typed handler() args and markDelivered() param
- cryptoAES.ts: removed spurious `iv as any` cast (Uint8Array is
  already a valid BufferSource)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: muke1908

app.ts

@@ -10,7 +10,8 @@ require("dotenv").config();
 const app = express();
 app.disable("x-powered-by");
 app.use(cors());
-app.use(bodyParser.json({ limit: "10mb" }));
+app.use(bodyParser.json({ limit: '64kb' }));
+app.use(bodyParser.urlencoded({ extended: true, limit: '64kb' }));
 app.use((req, res, next) => {
   res.header("Access-Control-Allow-Origin", "*");
   next();

backend/api/messaging/index.ts

@@ -66,7 +66,10 @@ router.post(
     if (!valid) {
       return res.sendStatus(404);
     }
-    // TODO: do not store if already exists
+    const existing = await db.findOneFromDB({ channel, user: sender }, PUBLIC_KEY_COLLECTION);
+    if (existing) {
+      return res.status(409).send({ error: "Key already registered for this session" });
+    }
     await db.insertInDb({ aesKey, publicKey, user: sender, channel }, PUBLIC_KEY_COLLECTION);
     return res.send({ status: "ok" });
   })

backend/middleware/asyncHandler.ts

@@ -1,6 +1,8 @@
 import { Request, Response } from 'express';
 export default (fn) => (req: Request, res: Response, next) => {
   Promise.resolve(fn(req, res, next)).catch((e) => {
-    return res.status(500).send({ error: e.message });
+    console.error(e);
+    const message = process.env.NODE_ENV === 'production' ? 'Internal server error' : e.message;
+    return res.status(500).send({ error: message });
   });
 };

service/jest.config.js

@@ -4,6 +4,7 @@ module.exports = {
   collectCoverage: true,
   collectCoverageFrom: ['**/*.ts'],
   preset: 'ts-jest',
+  testEnvironment: 'node',
   transform: {
     '^.+\\.(ts|tsx)?$': 'ts-jest',
   },

service/src/crypto.test.ts

@@ -1,81 +1,126 @@
-import { cryptoUtils } from "./cryptoRSA";
-
-describe('cryptoUtils', () => {
-  const mockBase64String = 'ZW5jcnlwdGVkLXRleHQ='; // decoded = encrypted-text
-  const subtle = {
-    // Generates a new key (for symmetric algorithms) or key pair (for public-key algorithms).
-    // Returns a promise that fulfills with a CryptoKey (for symmetric algorithms) or a CryptoKeyPair (for public-key algorithms).
-    generateKey: jest.fn().mockResolvedValue({
-      publicKey: 'public-key',
-      privateKey: 'private-key',
-    }),
-    // Takes as input a CryptoKey object and gives you the key in an external, portable format.
-    // Returns a promise - If format was jwk, then the promise fulfills with a JSON object containing the key.
-    exportKey: jest.fn().mockImplementation((type, str) => str),
-    // Takes as input a key in an external, portable format and gives you a CryptoKey object that you can use in the Web Crypto API.
-    // Returns a promise that fulfills with the imported key as a CryptoKey object.
-    importKey: jest.fn().mockImplementation((type, str) => str),
-    // It takes as its arguments a key to encrypt with, some algorithm-specific parameters, and the data to encrypt (also known as "plaintext").
-    // Returns a promise that fulfills with an ArrayBuffer containing the "ciphertext".
-    encrypt: jest.fn().mockImplementation((algorithm, publicKey, encoded) => encoded),
-    decrypt: jest.fn().mockImplementation((algorithm, privateKey, ciphertext) => ciphertext)
-  };
-
-  // Receives a Uint8Array to encode to base-64 
-  // Returns ASCII string containing the Base64 representation of stringToEncode.
-  const btoa = jest.fn().mockImplementation(function (str) {
-    return mockBase64String;
-  });
-  // Receives a base-64 encoded string to decode to Uint8Array
-  const atob = jest.fn().mockImplementation(function (str) {
-    return "This is another message";
-  });
-
-  let window = {} as any;
-  window.crypto = {
-      subtle: subtle
-  } as any;
-
-  window.btoa = btoa;
-  window.atob = atob;
-
-  beforeEach(() => {
-    global.window = window;
-    jest.clearAllMocks();
-  });
-
-  describe('generateKeypairs', () => {
-    it('should generate an object with a private and a public key', async () => {
-      const keyPair = await cryptoUtils.generateKeypairs();
-
-      expect(window.crypto.subtle.exportKey).toHaveBeenCalledWith('jwk', expect.any(String));
-      expect(keyPair.privateKey).toBe(JSON.stringify('private-key'));
-      expect(keyPair.publicKey).toBe(JSON.stringify('public-key'));
+/**
+ * Crypto tests using the real Web Crypto API.
+ *
+ * Node 19+ exposes `globalThis.crypto.subtle` natively.
+ * The production code accesses crypto via `window.crypto`, so we alias
+ * `globalThis.window` to `globalThis` once before all tests so that
+ * `window.crypto`, `window.btoa`, and `window.atob` resolve correctly
+ * without any mocking.
+ */
+
+import { webcrypto } from 'crypto';
+
+// Polyfill for Node versions < 19 that do not expose globalThis.crypto
+if (!globalThis.crypto) {
+    (globalThis as any).crypto = webcrypto;
+}
+
+// cryptoRSA.ts accesses `window.crypto`, `window.btoa`, and `window.atob`.
+// In a Node (non-jsdom) environment `window` is undefined, so we point it at
+// globalThis which already has btoa/atob (Node 16+) and crypto (Node 19+).
+if (typeof window === 'undefined') {
+    (globalThis as any).window = globalThis;
+}
+
+import { cryptoUtils } from './cryptoRSA';
+import { AesGcmEncryption } from './cryptoAES';
+
+// ---------------------------------------------------------------------------
+// RSA round-trip tests
+// ---------------------------------------------------------------------------
+describe('cryptoUtils (RSA-OAEP) – real Web Crypto', () => {
+    it('generateKeypairs() returns non-empty serialised public and private keys', async () => {
+        const keyPair = await cryptoUtils.generateKeypairs();
+
+        expect(typeof keyPair.publicKey).toBe('string');
+        expect(typeof keyPair.privateKey).toBe('string');
+        expect(keyPair.publicKey.length).toBeGreaterThan(0);
+        expect(keyPair.privateKey.length).toBeGreaterThan(0);
+
+        // Keys should be valid JSON (JWK format wrapped in JSON.stringify)
+        expect(() => JSON.parse(keyPair.publicKey)).not.toThrow();
+        expect(() => JSON.parse(keyPair.privateKey)).not.toThrow();
     });
-  });
 
-  describe('encryptMessage', () => {
-    it('should encrypt plaintext using a public key and return a base64-encoded string', async () => {
-      const plaintext = 'This is a message';
-      const { publicKey } = await cryptoUtils.generateKeypairs();
-      const ciphertext = await cryptoUtils.encryptMessage(plaintext, publicKey);
+    it('encryptMessage() + decryptMessage() recover the original plaintext', async () => {
+        const plaintext = 'Hello, end-to-end encryption!';
+
+        const { publicKey, privateKey } = await cryptoUtils.generateKeypairs();
 
-      expect(window.crypto.subtle.importKey).toHaveBeenCalledWith('jwk', expect.any(String), { name: 'RSA-OAEP', hash: 'SHA-256' }, true, ['encrypt']);
-      expect(window.btoa).toHaveBeenCalledWith(expect.any(String));
-      expect(ciphertext).toBe('ZW5jcnlwdGVkLXRleHQ=');
+        const ciphertext = await cryptoUtils.encryptMessage(plaintext, publicKey);
+        expect(typeof ciphertext).toBe('string');
+        expect(ciphertext).not.toBe(plaintext);
+
+        const recovered = await cryptoUtils.decryptMessage(ciphertext, privateKey);
+        expect(recovered).toBe(plaintext);
     });
-  });
-
-  describe('decryptMessage', () => {
-    it('should decrypt a ciphertext using a private key', async () => {
-      const plaintext = 'This is another message';
-      const keyPair = await cryptoUtils.generateKeypairs();
-      const ciphertext = await cryptoUtils.encryptMessage(plaintext, keyPair.publicKey);
-      const decryptedText = await cryptoUtils.decryptMessage(ciphertext, keyPair.privateKey);
-
-      expect(window.crypto.subtle.importKey).toHaveBeenCalledWith('jwk', expect.any(String), { name: 'RSA-OAEP', hash: 'SHA-256' }, true, ['encrypt']);
-      expect(window.atob).toHaveBeenCalledWith(expect.any(String));
-      expect(decryptedText).toBe("This is another message");
+
+    it('decryptMessage() fails when using the wrong private key', async () => {
+        const plaintext = 'Secret message';
+
+        const { publicKey } = await cryptoUtils.generateKeypairs();
+        const { privateKey: wrongPrivateKey } = await cryptoUtils.generateKeypairs();
+
+        const ciphertext = await cryptoUtils.encryptMessage(plaintext, publicKey);
+
+        await expect(
+            cryptoUtils.decryptMessage(ciphertext, wrongPrivateKey)
+        ).rejects.toThrow();
+    });
+});
+
+// ---------------------------------------------------------------------------
+// AES-GCM round-trip tests
+// ---------------------------------------------------------------------------
+describe('AesGcmEncryption (AES-GCM) – real Web Crypto', () => {
+    it('int() generates a CryptoKey and returns it on subsequent calls', async () => {
+        const aes = new AesGcmEncryption();
+        const key1 = await aes.int();
+        const key2 = await aes.int();
+
+        expect(key1).toBeDefined();
+        // Second call should return the same cached instance
+        expect(key1).toBe(key2);
+    });
+
+    it('encryptData() + decryptData() recover the original data', async () => {
+        const aes = new AesGcmEncryption();
+
+        // Initialise the local key (used for encryption)
+        await aes.int();
+
+        // Export the local key and re-import it as the "remote" key so that
+        // decryptData() (which uses aesKeyRemote) can decrypt what encryptData()
+        // produced.
+        const exportedKey = await aes.getRawAesKeyToExport();
+        await aes.setRemoteAesKey(exportedKey);
+
+        const originalText = 'AES test payload 🔒';
+        const originalData = new TextEncoder().encode(originalText).buffer;
+
+        const { encryptedData, iv } = await aes.encryptData(originalData);
+
+        expect(encryptedData).toBeInstanceOf(Uint8Array);
+        expect(iv).toBeInstanceOf(Uint8Array);
+        expect(iv.length).toBe(12); // AES-GCM IV is 12 bytes
+
+        const decryptedBuffer = await aes.decryptData(encryptedData, iv);
+        const decryptedText = new TextDecoder().decode(decryptedBuffer);
+
+        expect(decryptedText).toBe(originalText);
+    });
+
+    it('decryptData() throws when remote key has not been set', async () => {
+        const aes = new AesGcmEncryption();
+        await aes.int();
+
+        const { encryptedData, iv } = await aes.encryptData(
+            new TextEncoder().encode('data').buffer
+        );
+
+        // No setRemoteAesKey() call → should throw
+        await expect(aes.decryptData(encryptedData, iv)).rejects.toThrow(
+            'Remote AES key not set.'
+        );
     });
-  });
-});
+});

service/src/cryptoAES.ts

@@ -59,7 +59,7 @@ export class AesGcmEncryption {
         const encryptedData = await crypto.subtle.encrypt(
             {
                 name: "AES-GCM",
-                iv: iv as any
+                iv: iv
             },
             this.aesKeyLocal,      // Symmetric key for encryption
             data    // The frame data to be encrypted

service/src/sdk.ts

@@ -77,9 +77,13 @@ class ChatE2EE implements IChatE2EE {
         this.privateKey = privateKey;
         this.publicKey = publicKey;
 
-        this.on('on-alice-join', () => {
+        this.on('on-alice-join', async () => {
             evetLogger.log("Receiver connected.");
-            this.getPublicKey(initLogger);
+            await this.getPublicKey(initLogger);
+            // Now that we have the receiver's RSA public key, share AES key encrypted with it
+            if (this.receiverPublicKey) {
+                await this.shareEncryptedAesKey();
+            }
         })
 
         this.on("on-alice-disconnect", () => {
@@ -145,11 +149,14 @@ class ChatE2EE implements IChatE2EE {
         this.channelId = channelId;
         this.userId = userId;
 
-        const aesPlain = await this.symEncryption.getRawAesKeyToExport();
-
-        await sharePublicKey({ aesKey: aesPlain, publicKey: this.publicKey, sender: this.userId, channelId: this.channelId});
+        // Share RSA public key (without AES key until we have receiver's RSA public key)
+        await sharePublicKey({ aesKey: null, publicKey: this.publicKey, sender: this.userId, channelId: this.channelId});
         this.socket.joinChat({ publicKey: this.publicKey, userID: this.userId, channelID: this.channelId})
         await this.getPublicKey(logger);
+        // If the receiver's RSA public key is now known, share AES key encrypted with it
+        if (this.receiverPublicKey) {
+            await this.shareEncryptedAesKey();
+        }
         return;
     }
 
@@ -255,11 +262,20 @@ class ChatE2EE implements IChatE2EE {
         logger.log(`setPublicKey() - ${!!receiverPublicKey?.publicKey}`);
         this.receiverPublicKey = receiverPublicKey?.publicKey;
         if(receiverPublicKey.aesKey) {
-            await this.symEncryption.setRemoteAesKey(receiverPublicKey.aesKey)
+            // AES key is RSA-encrypted ciphertext; decrypt it with our RSA private key
+            const decryptedAesKeyJwk = await _cryptoUtils.decryptMessage(receiverPublicKey.aesKey, this.privateKey);
+            await this.symEncryption.setRemoteAesKey(decryptedAesKeyJwk);
         }
         return;
     }
 
+    // Encrypt local AES key with receiver's RSA public key and share it
+    private async shareEncryptedAesKey(): Promise<void> {
+        const aesKeyJwk = await this.symEncryption.getRawAesKeyToExport();
+        const encryptedAesKey = await _cryptoUtils.encryptMessage(aesKeyJwk, this.receiverPublicKey);
+        await sharePublicKey({ aesKey: encryptedAesKey, publicKey: this.publicKey, sender: this.userId, channelId: this.channelId });
+    }
+
     private createSocketSubcription(): void {
         const subscriptionContext = () => this.subscriptions as SubscriptionType;
         this.socket = new SocketInstance(subscriptionContext, logger.createChild('Socket'));

service/src/socket/socket.ts

@@ -52,14 +52,14 @@ export class SocketInstance {
         this.socket.disconnect();
     }
 
-    private handler(listener: SocketListenerType, args) {
+    private handler(listener: SocketListenerType, args: unknown[]): void {
         const loggerWithCount = this.eventHandlerLogger.count();
         loggerWithCount.log(`handler called for ${listener}`);
         const callbacks = this.subscriptionContext().get(listener);
         callbacks?.forEach(fn => fn(...args));
     }
 
-    private markDelivered(msg) {
+    private markDelivered(msg: { channel: string; sender: string; id: string }): void {
         this.logger.log(`markDelivered()`);
         this.socket.emit('received', { channel: msg.channel, sender: msg.sender, id: msg.id })
     }