ts_server/interfaces.ts

/**
 * RADIUS Server Interfaces
 * Server-specific types for handling authentication and accounting
 */

import type {
  ERadiusCode,
  EServiceType,
  EFramedProtocol,
  ENasPortType,
  EAcctStatusType,
  EAcctAuthentic,
  EAcctTerminateCause,
  IRadiusPacket,
  IVendorSpecificAttribute,
} from '../ts_shared/index.js';

// Re-export all shared types for backwards compatibility
export * from '../ts_shared/index.js';

/**
 * Authentication request context
 */
export interface IAuthenticationRequest {
  username: string;
  password?: string;  // For PAP
  chapPassword?: Buffer;  // For CHAP
  chapChallenge?: Buffer;  // For CHAP
  nasIpAddress?: string;
  nasIdentifier?: string;
  nasPort?: number;
  nasPortType?: ENasPortType;
  calledStationId?: string;
  callingStationId?: string;
  serviceType?: EServiceType;
  framedProtocol?: EFramedProtocol;
  state?: Buffer;
  rawPacket: IRadiusPacket;
  clientAddress: string;
  clientPort: number;
}

/**
 * Authentication response
 */
export interface IAuthenticationResponse {
  code: ERadiusCode.AccessAccept | ERadiusCode.AccessReject | ERadiusCode.AccessChallenge;
  attributes?: Array<{ type: number | string; value: string | number | Buffer }>;
  replyMessage?: string;
  sessionTimeout?: number;
  idleTimeout?: number;
  state?: Buffer;
  class?: Buffer;
  framedIpAddress?: string;
  framedIpNetmask?: string;
  framedRoutes?: string[];
  vendorAttributes?: IVendorSpecificAttribute[];
}

/**
 * Accounting request context
 */
export interface IAccountingRequest {
  statusType: EAcctStatusType;
  sessionId: string;
  username?: string;
  nasIpAddress?: string;
  nasIdentifier?: string;
  nasPort?: number;
  nasPortType?: ENasPortType;
  delayTime?: number;
  inputOctets?: number;
  outputOctets?: number;
  sessionTime?: number;
  inputPackets?: number;
  outputPackets?: number;
  terminateCause?: EAcctTerminateCause;
  authentic?: EAcctAuthentic;
  multiSessionId?: string;
  linkCount?: number;
  calledStationId?: string;
  callingStationId?: string;
  rawPacket: IRadiusPacket;
  clientAddress: string;
  clientPort: number;
}

/**
 * Accounting response
 */
export interface IAccountingResponse {
  success: boolean;
  attributes?: Array<{ type: number | string; value: string | number | Buffer }>;
}

/**
 * Authentication handler function type
 */
export type TAuthenticationHandler = (request: IAuthenticationRequest) => Promise<IAuthenticationResponse>;

/**
 * Accounting handler function type
 */
export type TAccountingHandler = (request: IAccountingRequest) => Promise<IAccountingResponse>;

/**
 * Client secret resolver - returns secret for a given client IP
 */
export type TSecretResolver = (clientAddress: string) => string | undefined;

/**
 * RADIUS Server options
 */
export interface IRadiusServerOptions {
  authPort?: number;
  acctPort?: number;
  bindAddress?: string;
  defaultSecret?: string;
  secretResolver?: TSecretResolver;
  authenticationHandler?: TAuthenticationHandler;
  accountingHandler?: TAccountingHandler;
  duplicateDetectionWindow?: number;  // ms
  maxPacketSize?: number;
}

/**
 * RADIUS server statistics
 */
export interface IRadiusServerStats {
  authRequests: number;
  authAccepts: number;
  authRejects: number;
  authChallenges: number;
  authInvalidPackets: number;
  authUnknownClients: number;
  acctRequests: number;
  acctResponses: number;
  acctInvalidPackets: number;
  acctUnknownClients: number;
}
feat(smartradius): Implement full RADIUS server and client with RFC 2865/2866 compliance, including packet handling, authenticators, attributes, secrets manager, client APIs, and comprehensive tests and documentation 2026-02-01 17:40:36 +00:00			`/**`
			`* RADIUS Server Interfaces`
			`* Server-specific types for handling authentication and accounting`
			`*/`

			`import type {`
			`ERadiusCode,`
			`EServiceType,`
			`EFramedProtocol,`
			`ENasPortType,`
			`EAcctStatusType,`
			`EAcctAuthentic,`
			`EAcctTerminateCause,`
			`IRadiusPacket,`
			`IVendorSpecificAttribute,`
			`} from '../ts_shared/index.js';`

			`// Re-export all shared types for backwards compatibility`
			`export * from '../ts_shared/index.js';`

			`/**`
			`* Authentication request context`
			`*/`
			`export interface IAuthenticationRequest {`
			`username: string;`
			`password?: string; // For PAP`
			`chapPassword?: Buffer; // For CHAP`
			`chapChallenge?: Buffer; // For CHAP`
			`nasIpAddress?: string;`
			`nasIdentifier?: string;`
			`nasPort?: number;`
			`nasPortType?: ENasPortType;`
			`calledStationId?: string;`
			`callingStationId?: string;`
			`serviceType?: EServiceType;`
			`framedProtocol?: EFramedProtocol;`
			`state?: Buffer;`
			`rawPacket: IRadiusPacket;`
			`clientAddress: string;`
			`clientPort: number;`
			`}`

			`/**`
			`* Authentication response`
			`*/`
			`export interface IAuthenticationResponse {`
			`code: ERadiusCode.AccessAccept \| ERadiusCode.AccessReject \| ERadiusCode.AccessChallenge;`
			`attributes?: Array<{ type: number \| string; value: string \| number \| Buffer }>;`
			`replyMessage?: string;`
			`sessionTimeout?: number;`
			`idleTimeout?: number;`
			`state?: Buffer;`
			`class?: Buffer;`
			`framedIpAddress?: string;`
			`framedIpNetmask?: string;`
			`framedRoutes?: string[];`
			`vendorAttributes?: IVendorSpecificAttribute[];`
			`}`

			`/**`
			`* Accounting request context`
			`*/`
			`export interface IAccountingRequest {`
			`statusType: EAcctStatusType;`
			`sessionId: string;`
			`username?: string;`
			`nasIpAddress?: string;`
			`nasIdentifier?: string;`
			`nasPort?: number;`
			`nasPortType?: ENasPortType;`
			`delayTime?: number;`
			`inputOctets?: number;`
			`outputOctets?: number;`
			`sessionTime?: number;`
			`inputPackets?: number;`
			`outputPackets?: number;`
			`terminateCause?: EAcctTerminateCause;`
			`authentic?: EAcctAuthentic;`
			`multiSessionId?: string;`
			`linkCount?: number;`
			`calledStationId?: string;`
			`callingStationId?: string;`
			`rawPacket: IRadiusPacket;`
			`clientAddress: string;`
			`clientPort: number;`
			`}`

			`/**`
			`* Accounting response`
			`*/`
			`export interface IAccountingResponse {`
			`success: boolean;`
			`attributes?: Array<{ type: number \| string; value: string \| number \| Buffer }>;`
			`}`

			`/**`
			`* Authentication handler function type`
			`*/`
			`export type TAuthenticationHandler = (request: IAuthenticationRequest) => Promise<IAuthenticationResponse>;`

			`/**`
			`* Accounting handler function type`
			`*/`
			`export type TAccountingHandler = (request: IAccountingRequest) => Promise<IAccountingResponse>;`

			`/**`
			`* Client secret resolver - returns secret for a given client IP`
			`*/`
			`export type TSecretResolver = (clientAddress: string) => string \| undefined;`

			`/**`
			`* RADIUS Server options`
			`*/`
			`export interface IRadiusServerOptions {`
			`authPort?: number;`
			`acctPort?: number;`
			`bindAddress?: string;`
			`defaultSecret?: string;`
			`secretResolver?: TSecretResolver;`
			`authenticationHandler?: TAuthenticationHandler;`
			`accountingHandler?: TAccountingHandler;`
			`duplicateDetectionWindow?: number; // ms`
			`maxPacketSize?: number;`
			`}`

			`/**`
			`* RADIUS server statistics`
			`*/`
			`export interface IRadiusServerStats {`
			`authRequests: number;`
			`authAccepts: number;`
			`authRejects: number;`
			`authChallenges: number;`
			`authInvalidPackets: number;`
			`authUnknownClients: number;`
			`acctRequests: number;`
			`acctResponses: number;`
			`acctInvalidPackets: number;`
			`acctUnknownClients: number;`
			`}`