Because someone has to make sure everyone is playing nice.
This service is built to fill any gaps someone coming from a client-server architecture to a p2p one might not like. It maintains central control and moderation while enabling the benefits of direct communication that isn't totally reliant on a remote server.
It is recommended to configure babysitter with environment variables, but it can also be confgured with CLI flags. Assuming you have your environment set up like the .env.example, running babysitter is as simple as:
npx @peerstate/babysitter
So far it consists of:
- login, logout, and key refresh functionality
- login with username and password
- logout will revoke tokens
- key refresh will revoke and reissue tokens
- jwt tokens containing client's public key and identifying information for peers to prove identities
- identifying information is customizable
- key pair must be generated by client
- cookie based sessions stored in redis
- this gives us security to the server with a token that cannot be accessed through scripts
- endpoint to establish shared secrets between parties
- this is for forward security so that after the quantum crypto-apocalypse we only leak our secrets to the NSA and China