2026-02-01 17:40:36 +00:00
# Project Hints - smartradius
## Project Status
- **Current State**: Fully implemented RADIUS server and client
- **Purpose**: RADIUS protocol implementation for network AAA (Authentication, Authorization, Accounting)
- **Version**: 1.0.1
- **RFC Compliance**: RFC 2865 (Authentication) and RFC 2866 (Accounting)
## Architecture
### Module Structure
```
ts_server/ (order: 1) - RADIUS Server implementation
ts_client/ (order: 2) - RADIUS Client implementation
ts/ (order: 3) - Main exports (re-exports server + client)
```
### Key Classes
#### Server Module (ts_server/)
- `RadiusServer` - Main server class with UDP listeners for auth (1812) and accounting (1813)
- `RadiusPacket` - Packet encoding/decoding per RFC 2865 Section 3
- `RadiusAttributes` - Attribute dictionary with all standard RFC 2865/2866 attributes
- `RadiusAuthenticator` - Cryptographic operations (PAP, CHAP, MD5, HMAC-MD5)
- `RadiusSecrets` - Per-client shared secret management
#### Client Module (ts_client/)
- `RadiusClient` - Client with PAP/CHAP auth and accounting, timeout/retry support
## Implemented Features
### Authentication (RFC 2865)
- PAP (Password Authentication Protocol) with MD5-based encryption
- CHAP (Challenge-Handshake Authentication Protocol)
- Access-Request/Accept/Reject/Challenge packet handling
- Message-Authenticator (HMAC-MD5) for EAP support
- All standard attributes (1-63) plus EAP support (79, 80)
### Accounting (RFC 2866)
- Accounting-Request/Response packets
- Status types: Start, Stop, Interim-Update, Accounting-On/Off
- Full session tracking attributes
- Termination cause codes
### Protocol Features
- Duplicate request detection and response caching
- Response authenticator verification
- Configurable timeout and retry with exponential backoff
- Per-client shared secret management
- Vendor-Specific Attributes (VSA) support
## Dependencies
```json
{
"@push .rocks/smartdelay": "^3.0.5",
"@push .rocks/smartpromise": "^4.2.3"
}
```
2026-02-11 15:57:37 +00:00
Node.js built-ins: `node:dgram` (UDP), `node:crypto` (MD5/HMAC)
2026-02-01 17:40:36 +00:00
## Build System
- Uses `@git.zone/tsbuild` v4.x with tsfolders mode
- Build command: `pnpm build` (compiles ts_server → ts_client → ts)
- Test command: `pnpm test`
## Test Coverage
- 92 tests across 9 test files
- Server tests: packet, attributes, authenticator, PAP, CHAP, accounting
- Client tests: client functionality, timeout/retry, integration
## Usage Examples
### Server
```typescript
import { RadiusServer, ERadiusCode } from '@push .rocks/smartradius';
const server = new RadiusServer({
authPort: 1812,
acctPort: 1813,
defaultSecret: 'shared-secret',
authenticationHandler: async (request) => {
if (request.username === 'user' && request.password === 'pass') {
return { code: ERadiusCode.AccessAccept };
}
return { code: ERadiusCode.AccessReject };
},
});
await server.start();
```
### Client
```typescript
import { RadiusClient } from '@push .rocks/smartradius';
const client = new RadiusClient({
host: '127.0.0.1',
secret: 'shared-secret',
});
await client.connect();
const response = await client.authenticatePap('user', 'pass');
console.log(response.accepted);
```
## RFC Specifications
Downloaded to `./spec/` :
- `rfc2865.txt` - RADIUS Authentication
- `rfc2866.txt` - RADIUS Accounting
2026-02-11 15:57:37 +00:00
## Code Quality Notes
- All Node.js built-in imports use `node:` prefix (ESM/Deno/Bun compatible)
- Dead `smartpromise` /`smartdelay` imports removed from `ts_client/plugins.ts` (packages kept in package.json)
- Rust migration assessed as not cost-effective: crypto ops already delegate to OpenSSL C, RADIUS packets are small (max 4096 bytes), IPC overhead would negate any gains
2026-02-01 17:40:36 +00:00
## Last Updated
2026-02-11 15:57:37 +00:00
2026-02-11 - Fixed bare node: imports, removed dead imports, assessed Rust migration
