feat(smartradius): Implement full RADIUS server and client with RFC 2865/2866 compliance, including packet handling, authenticators, attributes, secrets manager, client APIs, and comprehensive tests and documentation

2026-02-01 17:40:36 +00:00
parent 5a6a3cf66e
commit be9f49fff9
45 changed files with 11694 additions and 70 deletions
--- a/ts_client/readme.md
+++ b/ts_client/readme.md
@@ -0,0 +1,151 @@
+# @push.rocks/smartradius/client
+
+> 📱 RADIUS Client Implementation - Connect to RADIUS servers with PAP, CHAP, and accounting support
+
+## Overview
+
+This module provides a RADIUS client implementation for connecting to RADIUS servers. It supports PAP and CHAP authentication methods, accounting operations, and includes automatic retry with exponential backoff.
+
+## Features
+
+- ✅ **PAP Authentication** - Password Authentication Protocol
+- ✅ **CHAP Authentication** - Challenge-Handshake Authentication Protocol
+- ✅ **Accounting** - Session start, stop, and interim updates
+- ✅ **Automatic Retries** - Configurable retry count with exponential backoff
+- ✅ **Timeout Handling** - Per-request timeouts
+- ✅ **Custom Attributes** - Support for adding custom RADIUS attributes
+- ✅ **Response Validation** - Authenticator verification for security
+
+## Exports
+
+### Classes
+
+| Class | Description |
+|-------|-------------|
+| `RadiusClient` | Main client class for RADIUS operations |
+
+### Interfaces (Client-Specific)
+
+| Interface | Description |
+|-----------|-------------|
+| `IRadiusClientOptions` | Client configuration options |
+| `IClientAuthRequest` | Authentication request parameters |
+| `IClientAuthResponse` | Authentication response from server |
+| `IClientAccountingRequest` | Accounting request parameters |
+| `IClientAccountingResponse` | Accounting response from server |
+
+## Usage
+
+### Basic Authentication
+
+```typescript
+import { RadiusClient } from '@push.rocks/smartradius';
+
+const client = new RadiusClient({
+  host: '192.168.1.1',
+  secret: 'shared-secret',
+  timeout: 5000,
+  retries: 3,
+});
+
+await client.connect();
+
+// PAP Authentication
+const papResult = await client.authenticatePap('username', 'password');
+if (papResult.accepted) {
+  console.log('Login successful!');
+  console.log('Session timeout:', papResult.sessionTimeout);
+}
+
+// CHAP Authentication
+const chapResult = await client.authenticateChap('username', 'password');
+if (chapResult.accepted) {
+  console.log('CHAP login successful!');
+}
+
+await client.disconnect();
+```
+
+### Accounting
+
+```typescript
+import { RadiusClient, EAcctStatusType } from '@push.rocks/smartradius';
+
+const client = new RadiusClient({
+  host: '192.168.1.1',
+  secret: 'shared-secret',
+});
+
+await client.connect();
+
+// Session start
+await client.accountingStart('session-123', 'username');
+
+// Interim update
+await client.accountingUpdate('session-123', {
+  username: 'username',
+  sessionTime: 300,
+  inputOctets: 1024000,
+  outputOctets: 2048000,
+});
+
+// Session stop
+await client.accountingStop('session-123', {
+  username: 'username',
+  sessionTime: 600,
+  inputOctets: 2048000,
+  outputOctets: 4096000,
+  terminateCause: 1,  // User-Request
+});
+
+await client.disconnect();
+```
+
+### Custom Attributes
+
+```typescript
+const result = await client.authenticate({
+  username: 'user',
+  password: 'pass',
+  nasPort: 1,
+  calledStationId: 'AA-BB-CC-DD-EE-FF',
+  callingStationId: '11-22-33-44-55-66',
+  customAttributes: [
+    { type: 'Service-Type', value: 2 },  // Framed
+    { type: 26, value: Buffer.from('vendor-data') },  // VSA
+  ],
+});
+```
+
+## Client Options
+
+| Option | Type | Default | Description |
+|--------|------|---------|-------------|
+| `host` | string | *required* | RADIUS server address |
+| `authPort` | number | 1812 | Authentication port |
+| `acctPort` | number | 1813 | Accounting port |
+| `secret` | string | *required* | Shared secret |
+| `timeout` | number | 5000 | Request timeout (ms) |
+| `retries` | number | 3 | Number of retries |
+| `retryDelay` | number | 1000 | Base delay between retries (ms) |
+| `nasIpAddress` | string | '0.0.0.0' | NAS-IP-Address attribute |
+| `nasIdentifier` | string | 'smartradius-client' | NAS-Identifier attribute |
+
+## Response Properties
+
+### IClientAuthResponse
+
+| Property | Type | Description |
+|----------|------|-------------|
+| `code` | ERadiusCode | Response packet code |
+| `accepted` | boolean | True if Access-Accept |
+| `rejected` | boolean | True if Access-Reject |
+| `challenged` | boolean | True if Access-Challenge |
+| `replyMessage` | string | Reply-Message attribute |
+| `sessionTimeout` | number | Session-Timeout in seconds |
+| `framedIpAddress` | string | Assigned IP address |
+| `attributes` | IParsedAttribute[] | All response attributes |
+
+## Re-exports
+
+This module re-exports all types from `ts_shared` for convenience.