IRIS Framework - JSON RPC over TLS
IRIS-RPC is a part of IRIS Framework.
Security Features:
- Uses TLS (SSL) for data transport
- HMAC based authentication against user-supplied secret
- Optional message signing against MITM attacks
- Optional second layer message encryption (aes-256-cbc by default, if enabled)
Authentication is based on user supplied secret keys, so this is as secure as your host.
Usage
npm install iris-rpc
Messaging
IRIS RPC library allows sending of JSON objects between client and server. If these JSON objects contain an opcode (op field), they will be emitted to the registered event listeners as well as on the RPC objects themselves (Client, Server and Multiplexer). If op field is missing, rpc.digest(function(msg) { ... }) must be used to capture transmission of incoming JSON objects.
Client
var irisRPC = ; var rpc = // or zrpc.Client() for connection to a single server address: "host:port" auth: "user-supplied-secret-key" // must match opposite side certificates: ... // standard node certificates containing 'key', 'cert', 'ca' data, typically core.certificates uuid: "..." // uuid of the node, typically core.uuid designation: 'user-application-id' // named identifier that is available during connection on the opposite side ping: true // optional: enable automatic server ping (see Client::setPingDataObject()) pingFreq : 3 * 1000 // optional: ping frequency (default 3 seconds) pingDataObject : ... // this object will be transmitted during ping cipher: true // optional: 'true' or name of cipher algorithm for 2nd layer encryption // (default 'aes-256-cbc' if true) signatures: true // optional: enable message signing; // receive messagesrpc // receive messages with external event emitterrpc; // register event emitter that will receive messageseventEmitter // send messages or JSON objectsrpc // receive each message as JSONrpc Server
var irisRPC = ; var rpc = port : 12345 // listening port auth : "user-supplied-secret-key" certificates: ... // standard node certificates containing 'key', 'cert', 'ca' data { console;}; // client connection event: cid is a unique remote end-point identifier (built from designation+node)rpc // client disconnection eventrpc // receive messagesrpc // send messagesrpc // receive JSON objects (without 'op' field)rpcMultiplexer
Multiplexer allows creation of a single RPC interface that can combine multiple Client and/or Server RPC instances while providing a common interface for message dispatch and reception.
When configuring multiplexer, arguments are supplied as follows:
- RPC parameters (passed on to underlying Client and Server instances)
- List of connectsions
- Verbose title of the RPC link
If list of connections contains port key, Multiplexer will create an underlying Server instance, for address key, it will create underlying Client instance.
var connectionList = client1 : address : "<ip>:<port>" auth : "<auth-string-matching-opposite-side>" client2 : address : "<ip>:<port>" auth : "<auth-string-matching-opposite-side>" server1 : address : <port> auth : "<auth-string-matching-opposite-side>" server2 : address : <port> auth : "<auth-string-matching-opposite-side>" ... selfrpc = uuid : coreuuid certificates: corecertificates designation: '<rpc-link-identification>' connectionList "RPC TITLE"; Router
Router interface is designed for large-scale systems that require a lot of simultaneous connections. Linux systems are by default configured to allow between 128 and 1024 simultaneous TCP connections. This number can be increased, but ultimately you may need to scale horizontally using additional servers.
Router acts as a message relay between Server and Client.
Example:
var router = zrpc