diff --git a/CPPs/cadmium-proposal-document-format.md b/CPPs/cadmium-proposal-document-format.md
index cc5d80d..56a8f24 100644
--- a/CPPs/cadmium-proposal-document-format.md
+++ b/CPPs/cadmium-proposal-document-format.md
@@ -1,14 +1,18 @@
# The Sections of a Cadmium Protocol Proposal (CPP) document
+
## Introduction
The introduction to a CPP document should contain description of the extension and example of problems which this extension can solve.
## Message type identifiers
+
In this section, specify the identifiers of the new types of protocol messages (which are introduced by the extension)
## Glossary
+
If your CE document uses terms that may not be familiar to the reader, please define them in this section.
## Use Cases
+
It is recommended that document authors structure their proposals according to the use cases that the proposal will address. We have found that use cases force authors to focus on functionality rather than "protocol for the sake of protocol". It is also helpful to sort use cases by actor. Include one subsection for each use case.
When writing use cases and the associated protocols, make sure to:
@@ -17,7 +21,8 @@ When writing use cases and the associated protocols, make sure to:
* Describe the expected behavior of Cadmium clients, servers, and components when using this protocol.
* Include lots of protocol examples.
-*Example 1. An Example from Shakespeare*
+*Example 1. An Example from Shakespeare*:
+
```json
{
"id": "abcd",
@@ -29,31 +34,41 @@ When writing use cases and the associated protocols, make sure to:
}
}
```
-## Error Codes
-If your proposal defines a number of error and status codes, it is a good idea to include a table of all the codes defined in your document.
+
+## Errors
+
+If your proposal defines a number of error and error identifiers, it is a good idea to include a table of all the identifiers defined in your document.
## Business Rules
-You may want to include a section describing various business rules (essentially, a variety of MUSTs, SHOULDs, and MAYs regarding application behavior). This is not required but can be helpful to implementers.
+
+You may want to include a section describing various business rules (essentially, a variety of MUSTs, SHOULDs, and MAYs regarding application behavior). This section is not required but can be helpful to implementers.
## Implementation Notes
+
You may want to include a section devoted to implementation notes. Again, this is not required but can be helpful to implementers.
## Internationalization Considerations
+
If there are any internationalization or localization issues related to your proposal, define them in this optional section.
## Security Considerations
+
Your proposal MUST include a section entitled "Security Considerations". Even if there are no security features or concerns related to your proposal, you MUST note that fact. For helpful guidelines, refer to RFC 3552.
## JSON Schema
+
An JSON Schema is required in order for protocols to be approved by the Cadmium Developers. The Cadmium Developers team can assist you in defining an JSON Schema for the protocol you are proposing. Also you can define your schema as TypeScript interfaces, this is also allowed.
## Acknowledgements (optional)
+
Most CE documents end with a section thanking non-authors who have made significant contributions or who have provided feedback regarding the specification.
-# Cadmium Extension Styleguide
+## Cadmium Extension Styleguide
+
CE document are written in English. It is not expected that you will be a fine prose writer, but try to write in a clear, easily-understood fashion.
-## Code Examples
+### Code Examples
+
To show the hierarchy of JSON objects, indent two spaces for every level.
If an element possesses a large number of attributes, include a line break before each attribute and indent them so that they are vertically aligned for readability.
@@ -61,6 +76,7 @@ If an element possesses a large number of attributes, include a line break befor
If the JSON data of an element is long, include line breaks and indent by two spaces.
*Example*:
+
```json
{
"id": "abcd",
@@ -76,14 +92,19 @@ If the JSON data of an element is long, include line breaks and indent by two sp
}
}
```
+
Some examples include strings that are the output of a hashing algorithm such as SHA-1 or SHA-256. An easy way to generate these is to use the OpenSSL "dgst" command to generate the hash. For example, the following command will generate the SHA-1 hash `a6cf4baabcefb63189a1a1c56158aa431990bba9`:
-```
+
+```bash
echo -n '@juliet@396277b7dcd0f1173f2007baa604de7593529cc3fbf335fb7924851cb25c1fdf' | openssl dgst -hex -sha1
```
-
+
Some examples include strings that are encoded using Base64. An easy way to generate these is to use the OpenSSL "enc" command to generate the base64-encoded equivalent. For example, the following command will generate the base64-encoded string `QGp1bGlldEAzOTYyNzdiN2RjZDBmMTE3M2YyMDA3YmFhNjA0ZGU3NTkzNTI5Y2MzZmJmMzM1ZmI3OTI0ODUxY2IyNWMxZmRm`:
-```
+
+```bash
echo -n '@juliet@396277b7dcd0f1173f2007baa604de7593529cc3fbf335fb7924851cb25c1fdf' | openssl enc -nopad -base64
-```
-## Conformance Terms
+```
+
+### Conformance Terms
+
Conformance terms (e.g,, "MUST" and "SHOULD") are specified in RFC 2119. Use them. When such terms are not in ALL CAPS, the special conformance sense does not apply (although it is preferable to use terms such as 'might' instead of 'may' and 'ought' instead of 'should').
\ No newline at end of file
diff --git a/protocol-spec/account-login-by-username.md b/protocol-spec/account-login-by-username.md
index 1fd024a..cd6f0d1 100644
--- a/protocol-spec/account-login-by-username.md
+++ b/protocol-spec/account-login-by-username.md
@@ -1,16 +1,22 @@
# Account login by username
+
## Introduction
+
This extension is intended for logging into user account on a server by username
## Message type identifiers
+
- `profile:login`
-## Error codes
-- 0: limit exceed
-- 1: user ID/password isn't valid
+## Errors
+
+- Ratelimit system: enabled
+- `invalid_creds`: user ID/password isn't valid
## Use cases
-*Request*:
+
+- Request:
+
```json
{
"id": "abcd",
@@ -23,7 +29,8 @@ This extension is intended for logging into user account on a server by username
}
```
-*Response*:
+- Response:
+
```json
{
"id": "abcd",
@@ -37,7 +44,8 @@ This extension is intended for logging into user account on a server by username
}
```
-*Error response*:
+- Error response:
+
```json
{
"id": "abcd",
@@ -45,43 +53,54 @@ This extension is intended for logging into user account on a server by username
"from": "cadmium.org",
"ok": false,
"payload": {
- "errCode": 1,
+ "errCode": "invalid_creds",
"errText": "Username/password isn't valid"
}
}
```
## Business Rules
+
None.
## JSON Schema
-**Payload**
+
+### Payload
- Request:
+
```typescript
interface LoginRequestPayload {
/**
- * The username of account which user wants to login
+ * The username of account which user wants to login (can be omit if we set thirdPID)
*/
username: string,
-
+
+ /**
+ * Third party ID which have user (can be omit if we set username)
+ */
+ thirdPID: string,
+
/**
* Password of new account
*/
password: string
}
```
+
- Response:
+
```typescript
interface LoginResponsePayload {
/**
- * Authentication token which required for various user actions (UUID)
+ * Authentication token which required for various user actions (static SHA256 hash string from 4096 random characters)
*/
authToken: string,
-
+
+
/**
* Identifier of new user device (created by this login action)
*/
deviceID: string
}
-```
\ No newline at end of file
+```
diff --git a/protocol-spec/account-registration.md b/protocol-spec/account-registration.md
index 7daf529..4992d1e 100644
--- a/protocol-spec/account-registration.md
+++ b/protocol-spec/account-registration.md
@@ -1,17 +1,27 @@
# Account registration
+
## Introduction
+
This extension is intended for creating user accounts on a server
## Message type identifiers
-- `profile:register`
-## Error codes
-- 0: limit exceed
-- 1: username/third party ID already taken
-- 2: registration isn't allowed on a server
+- `profile:register`
+
+## Errors
+
+- Ratelimit system: enabled
+- `id_exists`: username/third party ID already taken
+- `reg_disabled`: registration isn't allowed on a server
## Use cases
-- Request:
+
+### Basic registration flow
+
+`// TODO: introduce email/msisdn confirmation which prevents spam attacks`
+
+- Client:
+
```json
{
"id": "abcd",
@@ -23,12 +33,14 @@ This extension is intended for creating user accounts on a server
{"type":"email", "value":"juliet@capulett.com"},
{"type":"msisdn", "value":"+1234567890"},
],
- "password": "romeo1"
+ "password": "romeo1",
+ "loginOnSuccess": false
}
}
```
-- Response:
+- Server:
+
```json
{
"id": "abcd",
@@ -41,7 +53,8 @@ This extension is intended for creating user accounts on a server
}
```
-*Error response*:
+- Error response:
+
```json
{
"id": "abcd",
@@ -49,25 +62,28 @@ This extension is intended for creating user accounts on a server
"from": "cadmium.org",
"ok": false,
"payload": {
- "errCode": 1,
- "errText": "{Username/email/msisdn} already taken"
+ "errCode": "id_exists",
+ "errText": "Username/email/msisdn already taken"
}
}
```
## Business Rules
+
None.
## JSON Schema
-**Payload**
+
+### Payload
- Request:
+
```typescript
interface RegistrationRequestPayload {
/**
* The username that the user wants to register
*/
- username: string,
+ username?: string,
/**
* Array of user third party IDs (email and/or MSISDN)
@@ -77,7 +93,12 @@ interface RegistrationRequestPayload {
/**
* Password of new account
*/
- password: string
+ password: string,
+
+ /**
+ * Login to freshly created user account when registration will be completed
+ */
+ loginOnSuccess: boolean
}
interface ThirdPartyID {
@@ -92,12 +113,19 @@ interface ThirdPartyID {
value: string
}
```
+
- Response:
+
```typescript
interface RegistrationResponsePayload {
/**
* ID of user (Username in priority. If we haven't username, then we put to this field one of user's third party IDs)
*/
- userID: EntityID
+ userID: EntityID,
+
+ /**
+ * Property with login payload (can be omit if property loginOnSuccess wasn't indicated true in RegistrationRequestPayload)
+ */
+ loginPayload?: LoginResponsePayload
}
-```
\ No newline at end of file
+```
diff --git a/protocol-spec/basic-request-ratelimit.md b/protocol-spec/basic-request-ratelimit.md
new file mode 100644
index 0000000..840c5d6
--- /dev/null
+++ b/protocol-spec/basic-request-ratelimit.md
@@ -0,0 +1,68 @@
+# Basic request ratelimit system
+
+## Introduction
+
+This extension is intended to limit the number of requests from clients per unit of time. It is based on Protocol Errors extension.
+
+## Message type identifiers
+
+None.
+
+## Use cases
+
+- Client:
+
+```json
+{
+ "id": "abcd",
+ "type": "profile:register",
+ "to": "cadmium.org",
+ "payload": {
+ "username": "spam_spam_spam",
+ "thirdPIDs": [],
+ "password": "spam"
+ }
+}
+```
+
+- Server:
+
+```json
+{
+ "id": "abcd",
+ "type": "profile:register",
+ "from": "cadmium.org",
+ "ok": false,
+ "payload": {
+ "errCode": "ratelimit_exceed",
+ "errText": "Request ratelimit exceed! Please, try again later!",
+ "errPayload": {
+ "retryAfter": 2
+ }
+ }
+}
+```
+
+## Errors
+
+### Global errors
+
+- `ratelimit_exceed`
+
+## Business Rules
+
+- Server MUST count number of requests per unit of time and drop new requests after specified number of made requests with Protocol Error message.
+- Number of requests and used unit of time SHOULD be configurable on server
+
+## JSON Schema
+
+### Error payload
+
+```typescript
+interface RatelimitExceedErrorPayload {
+ /**
+ * How long after the client can retry the request (in seconds)
+ */
+ retryAfter: number
+}
+```
diff --git a/protocol-spec/core.md b/protocol-spec/core.md
index ea7dd8b..3cadefb 100644
--- a/protocol-spec/core.md
+++ b/protocol-spec/core.md
@@ -3,35 +3,46 @@
- [Protocol Core](#protocol-core)
- [Transport](#transport)
- [Entity ID](#entity-id)
+ - [Server-part](#server-part)
+ - [Username/Room alias/RoomID](#usernameroom-aliasroomid)
+ - [Special business rules](#special-business-rules)
- [BaseMessage](#basemessage)
## Transport
+
For starting we simply use JSON + Websockets.
## Entity ID
-* Room alias: `#@`
-* Username: `@@`
-* User ID with any 3PID: `%:@`
- * Currently supported only following types: `email` and `msisdn`.
-* Raw User ID: `@@`
-* Message ID: `&@`
-* Room ID: `!@`
-* Single server-part: ``
-**Server-part**:
+- Room alias: `#@`
+- Username: `@@`
+- User ID with any 3PID: `%:@`
+ - Currently supported only following types: `email` and `msisdn`.
+- Raw User ID: `@@`
+- Message ID: `&@`
+- Room ID: `!@`
+- Single server-part: ``
+
+### Server-part
+
- hostname: `IPv4 / [IPv6] / dns-domain:` (for end-users use)
-- server ID: static SHA256 hash string from 4096 characters (for internal protocol use)
+- server ID: static SHA256 hash string from 4096 characters (for internal protocol use)
-**Username/Room alias/RoomID** - MUST NOT be empty, and MUST contain only the characters `a-z`, `0-9`, `.`, `_`, `=`, `-`, and `/`.
+### Username/Room alias/RoomID
+
+MUST NOT be empty, and MUST contain only the characters `a-z`, `0-9`, `.`, `_`, `=`, `-`, and `/`.
+
+### Special business rules
-**Special business rules**:
- RoomID SHOULD be UUID identifier.
- Servers MUST use server ID in internal purposes instead of normal server-part with hostname. Only end-users MUST use normal server-part with hostname. This is done for easy multi-domain serving.
## BaseMessage
+
BaseMessage is a basic message model, basis of the whole protocol. It is used for a very easy protocol extension process.
BaseMessage scheme:
+
```typescript
interface BaseMessage {
/**
@@ -54,13 +65,18 @@ interface BaseMessage {
to: EntityID,
/**
- * Operation success indicator (used to determine if the error happened while processing request)
+ * Operation success indicator (used to determine if the error happened while processing request) - MUST be only in response from server
*/
ok: boolean,
+ /**
+ * Authentication token string (can be omit if the action does not require user authentication) - MUST be only in request messages from client
+ */
+ authToken?: string,
+
/**
* Message payload (used to store extra information in message, list of permissible fields in the payload depends on "type" field)
*/
payload: Map
}
-```
\ No newline at end of file
+```
diff --git a/protocol-spec/json-schema/BaseMessage.schema.json b/protocol-spec/json-schema/BaseMessage.schema.json
index 30ce414..343b1db 100644
--- a/protocol-spec/json-schema/BaseMessage.schema.json
+++ b/protocol-spec/json-schema/BaseMessage.schema.json
@@ -62,6 +62,12 @@
"type": "object",
"title": "payload",
"description": "Message payload (used to store extra information in message, list of permissible fields in the payload depends on \"type\" field)"
+ },
+ "ok": {
+ "$id": "#/properties/ok",
+ "type": "boolean",
+ "title": "ok",
+ "description": "Indicating whether request have an error"
}
}
}
diff --git a/protocol-spec/protocol-errors.md b/protocol-spec/protocol-errors.md
index a9c52c3..116a24e 100644
--- a/protocol-spec/protocol-errors.md
+++ b/protocol-spec/protocol-errors.md
@@ -1,13 +1,18 @@
# Protocol Errors
+
## Introduction
+
Mechanism of error processing included into protocol.
-Adds into any type ID `:error` postfix.
+Adds into any response message `ok` variable. If `ok` is true - we have no errors, if `ok` is false - we have an error.
## Message type identifiers
-- `*:error`
+
+None.
## Use cases
+
*Request*:
+
```json
{
"id": "abcd",
@@ -21,12 +26,14 @@ Adds into any type ID `:error` postfix.
```
*Response*:
+
```json
{
"id": "abcd",
- "type": "incorrectMessageType:error",
+ "type": "incorrectMessageType",
"from": "cadmium.im",
"to": "@juliet@cadmium.im",
+ "ok": false,
"payload": {
"errCode": 0,
"errText": "Incorrect type of message (type isn't implemented in the server)",
@@ -36,14 +43,15 @@ Adds into any type ID `:error` postfix.
```
## JSON Schema
-**Payload**
+
+### Payload
```typescript
interface ErrorPayload {
/**
- * Error code (defined in extensions, may be same per extensions)
+ * Error identifier (defined in extensions, maybe same per extensions)
*/
- errCode: number,
+ errId: string,
/**
* Explanation of error in human-readable view
@@ -55,4 +63,4 @@ interface ErrorPayload {
*/
errPayload: Map
}
-```
\ No newline at end of file
+```