datapartyjs · sevenbitbyte · Mar 25, 2026 · May 18, 2026 · May 18, 2026 · May 18, 2026
diff --git a/package.json b/package.json
@@ -120,6 +120,7 @@
   "devDependencies": {
     "@dataparty/bouncer-model": "1.4.3",
     "@hapi/code": "^9.0.1",
+    "@hapi/joi": "^17.1.1",
     "@hapi/lab": "^25.0.1",
     "argon2": "^0.30.3",
     "argon2-browser": "^1.18.0",

diff --git a/src/comms/peer-comms.js b/src/comms/peer-comms.js
@@ -385,13 +385,13 @@ class PeerComms extends ISocketComms {
 
     if(this.party.hostRunner){
       const actor = await this.party.hostRunner.auth.lookupIdentity(offer.sender)
-      const verified = await Routines.verifyDataPQ(actor, signature, offerBSON)
+      const verified = await Routines.verifyDataPQ(offer.sender, signature, offerBSON)
 
       if(!verified){
         throw new Error('DENY(hostRunner) - auth op signature is not valid')
       }
 
-      if(this.discoverRemoteIdentity){ this.remoteIdentity = actor }
+      if(this.discoverRemoteIdentity){ this.remoteIdentity = offer.sender }
 
       const authorized = await this.party.hostRunner.auth.isSocketConnectionAllowed(actor)
       if(!authorized){
@@ -406,6 +406,7 @@ class PeerComms extends ISocketComms {
         await this.stop()
 
         debug('DENY - client not allowed - ', this.remoteIdentity)
+        throw new Error('DENY - client not allowed')
       }
     } else {
       const actor = offer.sender
@@ -420,7 +421,7 @@ class PeerComms extends ISocketComms {
       }
     }
 
-    debug('clienr auth op offer -', offer)
+    debug('client auth op offer -', offer)
     debug('ALLOW - allowing client - ', this.remoteIdentity)
 
     this.aesStream = await AESStream.recoverStream(

diff --git a/src/config/json-file.js b/src/config/json-file.js
@@ -22,6 +22,8 @@ class JsonFileConfig extends IConfig {
     this.path = this.basePath +'/config.json'
     this.defaults = defaults || {}
     this.content = Object.assign({}, this.defaults)
+    this.writing = false
+    this.started = false
   }
 
   async load(){
@@ -47,9 +49,16 @@ class JsonFileConfig extends IConfig {
   }
 
   async start () {
+
+    if(this.started){return}
+
     await this.touchDir('')
     await this.load()
+
+    fs.watchFile(this.path, this.handleFileChange.bind(this))
     logger('started')
+
+    this.started = true
   }
 
   async clear () {
@@ -79,7 +88,9 @@ class JsonFileConfig extends IConfig {
   }
 
   async save(){
+    this.writing = true
     fs.writeFileSync(this.path, JSON.stringify(this.content, null, 2))
+    this.writing = false
   }
 
   async touchDir (path) {
@@ -98,6 +109,14 @@ class JsonFileConfig extends IConfig {
       })
     })
   }
+
+  async handleFileChange(current, previous){
+    if(this.writing){ return }
+
+    logger('config changed, reloading')
+
+    await this.load()
+  }
 }
 
 module.exports = JsonFileConfig
diff --git a/src/party/peer/match-maker-client.js b/src/party/peer/match-maker-client.js
@@ -12,7 +12,7 @@ const WebsocketComms = require('../../comms/websocket-comms')
 const PeerInvite = require('./peer-invite')
 
 class MatchMakerClient extends EventEmitter {
-  constructor(identity, contacts, urlOrParty = 'https://postquantum.one/api/', wsUrlOrParty = 'wss://postquantum.one/ws'){
+  constructor(identity, contacts, urlOrParty = 'https://postquantum.one/api/', wsUrlOrParty = 'wss://postquantum.one/ws', billingIdentity=null){
 
     super()
 
@@ -22,6 +22,7 @@ class MatchMakerClient extends EventEmitter {
     this.identity = identity
     this.wsParty = null
     this.restParty = null
+    this.billingIdentity = null
 
     if(typeof urlOrParty == 'string'){
       this.restUrl = urlOrParty
@@ -82,7 +83,7 @@ class MatchMakerClient extends EventEmitter {
       await this.announcePublicKeys()
     }
 
-    if(!this.wsParty){
+    if(!this.wsParty && this.wsUrl){
       this.wsParty = new PeerParty({
         comms: new WebsocketComms({
           uri: this.wsUrl,
@@ -157,15 +158,23 @@ class MatchMakerClient extends EventEmitter {
       debug('calling onInviteMsg')
 
       await pending.onInviteMsg(msg.invite)
-
+   
     }
   }
 
+  async announceBillingKey({stripeCheckoutSession}={}){
+    this.announcePublicKeys(true, {
+      stripe: stripeCheckoutSession
+    })
+  }
 
+  async announcePublicKeys(useBillingKeyAsActor=false, billingMethodDetails=null){
 
-  async announcePublicKeys(){
+    let currentActor = useBillingKeyAsActor == true ? this.billingIdentity : this.identity
+
     const announceData = {
       annoucement: {
+        //type: 'guest',//useBillingKeyAsActor ? 'billing_identity' : 'user_identity',
         created: Date.now(),
         expiry: Date.now() + 24*60*60*1000,  //! Set session expiry to 24hr from now
         sessionKey: {
@@ -174,9 +183,9 @@ class MatchMakerClient extends EventEmitter {
           public: this.sessionKey.key.public
         },
         actorKey: {
-          type: this.identity.key.type,
-          hash: this.identity.key.hash,
-          public: this.identity.key.public
+          type: currentActor.key.type,
+          hash: currentActor.key.hash,
+          public: currentActor.key.public
         }
       },
       trust: {
@@ -186,7 +195,7 @@ class MatchMakerClient extends EventEmitter {
     }
 
 
-    const actorSigMsg = await this.identity.sign(announceData.annoucement, true)
+    const actorSigMsg = await currentActor.sign(announceData.annoucement, true)
     const sessionSigMsg = await this.sessionKey.sign(announceData.annoucement, true)
 
     debug('actorSigMsg', actorSigMsg)
@@ -197,11 +206,17 @@ class MatchMakerClient extends EventEmitter {
 
     debug('announcePublicKeys', announceData)
 
-    const announceResult = await this.restParty.comms.call('key/announce', announceData, {
+    let callPath = useBillingKeyAsActor ? 'billing/key/announce' : 'key/announce'
+
+    const announceResult = await this.restParty.comms.call(callPath, announceData, {
       expectClearTextReply: false,
       sendClearTextRequest: false,
       useSessions: false
     })
+
+    if(announceResult.done != true){
+      throw new Error('annoucement request failed - '+callPath)
+    }
   }
 
 

diff --git a/src/service/endpoint-context.js b/src/service/endpoint-context.js
@@ -15,7 +15,7 @@ class EndpointContext {
    * @param {Debug} options.debug           Debug constructor (defaults to npm:Debug)
    * @param {boolean} options.sendFullErrors  Enables sending full stack traces to client (defaults to false)
    */
-  constructor({party, endpoint, req, res, input, debug=Debug, sendFullErrors=false}){
+  constructor({party, endpoint, runner, req, res, input, debug=Debug, sendFullErrors=false}){
 
     /**
      * @member module:Service.EndpointContext.debug
@@ -27,6 +27,11 @@ class EndpointContext {
      */
     this.endpoint = endpoint
 
+    /**
+     * @member module:Service.EndpointContext.runner
+     */
+    this.runner = runner
+
     /**
      * @member module:Service.EndpointContext.MiddlewareConfig
      */

diff --git a/src/service/service-host.js b/src/service/service-host.js
@@ -307,7 +307,7 @@ class ServiceHost {
     this.apiApp.use((err, req, res, _next) => {
       console.log('Error handler', err)
       if (err instanceof IpDeniedError) {
-        //res.status(401)
+        res.status(401)
       } else {
         res.status(err.status || 500)
       }

diff --git a/src/service/service-runner-node.js b/src/service/service-runner-node.js
@@ -516,6 +516,7 @@ class ServiceRunnerNode {
         req: event.request, res: event.response,
         endpoint,
         party: this.party,
+        runner: this,
         input: event.request.body, 
         debug: Debug,
         sendFullErrors: this.sendFullErrors

diff --git a/src/venue/auth.js b/src/venue/auth.js
@@ -1,6 +1,7 @@
 const debug = require('debug')('dataparty.auth.venue-auth')
 
 const IAuth = require('../service/iauth')
+const {Identity} = require('@dataparty/crypto')
 
 
 module.exports = class IAuth {
@@ -36,20 +37,45 @@ module.exports = class IAuth {
   }
 
   async lookupIdentity(identity){
+
+    let sessionKeyDoc = (await this.context.party.find()
+      .type('session_key')
+      .where('annoucement.sessionKey.hash')
+      .equals(identity.key.hash)
+      .exec()
+    )[0]
+
+    if(sessionKeyDoc){
+      const actorIdentity = Identity.fromJSON({
+        id: 'actor',
+        key: sessionKeyDoc.data.annoucement.actorKey
+      })
+
+      return actorIdentity
+    }
+
     return identity
   }
 
   async isSocketConnectionAllowed(identity){
-    //throw new Error('not implemented')
-    return true
+    return await this.isAdmin(identity)
   }
 
   async isInternal(identity){
     return false
   }
 
   async isAdmin(identity){
-    return false
+
+    // verify key-hash is an admin
+    const admins = (await this.context.party.config.read('admins')) || []
+
+    if(admins.indexOf(identity.key.hash) == -1){
+      debug('non-admin user', identity.key.hash)
+      return false
+    }
+
+    return true
   }
 
   async canReadDb(identity){

diff --git a/src/venue/bin/add-admin.js b/src/venue/bin/add-admin.js
@@ -0,0 +1,40 @@
+#!/usr/bin/env node
+
+const Dataparty = require('../../index')
+
+
+async function main(){
+
+  const path = '/data/dataparty/venue-service'
+
+  let config = new Dataparty.Config.JsonFileConfig({
+    basePath: path+'/config'
+  })
+
+  await config.start()
+
+  console.log(process.argv)
+
+  let admins = (await config.read('admins')) || []
+
+  const newAdmin = process.argv[2]
+
+  console.log(await config.readAll())
+  console.log(admins)
+
+  if(admins.indexOf(newAdmin) != -1){ return }
+
+  admins.push(newAdmin)
+
+  await config.write('admins', admins)
+
+  console.log('admin added -', newAdmin)
+
+}
+
+
+main().catch(err=>{
+  console.error(err)
+}).finally(()=>{
+  process.exit()
+})
diff --git a/src/venue/bin/chill.js b/src/venue/bin/chill.js