feat(smartradius): Implement full RADIUS server and client with RFC 2865/2866 compliance, including packet handling, authenticators, attributes, secrets manager, client APIs, and comprehensive tests and documentation

ts_server/interfaces.ts

@@ -0,0 +1,140 @@
+/**
+ * RADIUS Server Interfaces
+ * Server-specific types for handling authentication and accounting
+ */
+
+import type {
+  ERadiusCode,
+  EServiceType,
+  EFramedProtocol,
+  ENasPortType,
+  EAcctStatusType,
+  EAcctAuthentic,
+  EAcctTerminateCause,
+  IRadiusPacket,
+  IVendorSpecificAttribute,
+} from '../ts_shared/index.js';
+
+// Re-export all shared types for backwards compatibility
+export * from '../ts_shared/index.js';
+
+/**
+ * Authentication request context
+ */
+export interface IAuthenticationRequest {
+  username: string;
+  password?: string;  // For PAP
+  chapPassword?: Buffer;  // For CHAP
+  chapChallenge?: Buffer;  // For CHAP
+  nasIpAddress?: string;
+  nasIdentifier?: string;
+  nasPort?: number;
+  nasPortType?: ENasPortType;
+  calledStationId?: string;
+  callingStationId?: string;
+  serviceType?: EServiceType;
+  framedProtocol?: EFramedProtocol;
+  state?: Buffer;
+  rawPacket: IRadiusPacket;
+  clientAddress: string;
+  clientPort: number;
+}
+
+/**
+ * Authentication response
+ */
+export interface IAuthenticationResponse {
+  code: ERadiusCode.AccessAccept | ERadiusCode.AccessReject | ERadiusCode.AccessChallenge;
+  attributes?: Array<{ type: number | string; value: string | number | Buffer }>;
+  replyMessage?: string;
+  sessionTimeout?: number;
+  idleTimeout?: number;
+  state?: Buffer;
+  class?: Buffer;
+  framedIpAddress?: string;
+  framedIpNetmask?: string;
+  framedRoutes?: string[];
+  vendorAttributes?: IVendorSpecificAttribute[];
+}
+
+/**
+ * Accounting request context
+ */
+export interface IAccountingRequest {
+  statusType: EAcctStatusType;
+  sessionId: string;
+  username?: string;
+  nasIpAddress?: string;
+  nasIdentifier?: string;
+  nasPort?: number;
+  nasPortType?: ENasPortType;
+  delayTime?: number;
+  inputOctets?: number;
+  outputOctets?: number;
+  sessionTime?: number;
+  inputPackets?: number;
+  outputPackets?: number;
+  terminateCause?: EAcctTerminateCause;
+  authentic?: EAcctAuthentic;
+  multiSessionId?: string;
+  linkCount?: number;
+  calledStationId?: string;
+  callingStationId?: string;
+  rawPacket: IRadiusPacket;
+  clientAddress: string;
+  clientPort: number;
+}
+
+/**
+ * Accounting response
+ */
+export interface IAccountingResponse {
+  success: boolean;
+  attributes?: Array<{ type: number | string; value: string | number | Buffer }>;
+}
+
+/**
+ * Authentication handler function type
+ */
+export type TAuthenticationHandler = (request: IAuthenticationRequest) => Promise<IAuthenticationResponse>;
+
+/**
+ * Accounting handler function type
+ */
+export type TAccountingHandler = (request: IAccountingRequest) => Promise<IAccountingResponse>;
+
+/**
+ * Client secret resolver - returns secret for a given client IP
+ */
+export type TSecretResolver = (clientAddress: string) => string | undefined;
+
+/**
+ * RADIUS Server options
+ */
+export interface IRadiusServerOptions {
+  authPort?: number;
+  acctPort?: number;
+  bindAddress?: string;
+  defaultSecret?: string;
+  secretResolver?: TSecretResolver;
+  authenticationHandler?: TAuthenticationHandler;
+  accountingHandler?: TAccountingHandler;
+  duplicateDetectionWindow?: number;  // ms
+  maxPacketSize?: number;
+}
+
+/**
+ * RADIUS server statistics
+ */
+export interface IRadiusServerStats {
+  authRequests: number;
+  authAccepts: number;
+  authRejects: number;
+  authChallenges: number;
+  authInvalidPackets: number;
+  authUnknownClients: number;
+  acctRequests: number;
+  acctResponses: number;
+  acctInvalidPackets: number;
+  acctUnknownClients: number;
+}