@magnyte-software-private-limited/secure-transport
v1.0.2
Published
Production-grade secure binary WebSocket framework replacing REST APIs
Maintainers
Readme
Magnyte Secure Transport (MST)
Magnyte Secure Transport (MST) is an enterprise-grade, open-source secure transport client framework designed to replace REST API communication with a single, persistent, encrypted, multiplexed WebSocket connection.
With MST, you can continue writing standard HTTP-like REST endpoints on your backend and standard Axios-like calls on your frontend. The MST Client SDK automatically routes, compresses, and encrypts all traffic under the hood using Curve25519 (X25519) ECDH, HKDF, and AES-256-GCM through our secure centralized transport tunnel.
1. How It Works
Every API request is intercepted, framed, and sent through one persistent WebSocket connection. Your existing backend server remains a standard REST API and does not need a WebSocket server.
┌──────────────────┐ 1. Setup WSS / Key Exchange ┌─────────────────────┐
│ Frontend Client │ ──────────────────────────────────────────────────> │ Central MST Gateway │
└──────────────────┘ <────────────────────────────────────────────────── └─────────────────────┘
│ 2. Session Handshake Complete │
│ │
│ 3. Send Encrypted Request Frame │
▼ │
┌──────────────────┐ 5. Proxy Decrypted HTTP Call │
│ Your REST API │ <──────────────────────────────────────────────────────┤
└──────────────────┘ │
│ │
│ 6. Return Standard HTTP JSON Response │
└────────────────────────────────────────────────────────────────> │
│ 7. Gzip & Encrypt
▼
Return Encrypted ResponseProtocol Sequence:
- Secure Handshake: The client opens a single persistent WSS connection to the central Gateway and negotiates an ephemeral X25519 shared secret.
- Encrypted Framing: Every API call (e.g.
api.get('/users')) is serialized, compressed, and encrypted as a custom binary frame before transit. - Gateway Proxying: The gateway verifies integrity (CRC32), decrypts the payload, and proxies a standard HTTP request to your backend REST API.
- Response Delivery: The gateway encrypts the REST response and returns it back to the client over the persistent socket.
2. Installation
Install the package in your frontend project:
npm install @magnyte-software-private-limited/secure-transport3. Quick Start
Basic Requests
Replace your standard Axios/Fetch instance with the MST client:
import { MST } from "@magnyte-software-private-limited/secure-transport";
const api = new MST({
backend: "https://api.yourdomain.com", // Your REST API endpoint
});
// GET Requests
const users = await api.get("/api/users");
console.log(users);
// POST Requests
const result = await api.post("/api/login", {
username: "admin",
password: "password123"
});High-Performance File Transfers
MST supports chunked, parallel, encrypted file uploads and downloads out of the box:
const file = document.getElementById("file-input").files[0];
// Upload file securely in parallel 64KB chunks
const upload = await api.upload("/api/upload", file, {
chunkSize: 64 * 1024,
concurrency: 4,
onProgress: (percent) => console.log(`Upload: ${percent}%`),
});
// Download file securely in chunks
const fileBytes = await api.download("/api/files/report.pdf", {
onProgress: (percent) => console.log(`Download: ${percent}%`),
});Real-Time Pub/Sub Events
Listen to real-time events broadcasted by your endpoints:
const handleTicks = (data) => console.log("New stock data:", data);
// Subscribe to a topic
api.subscribe("stocks:nasdaq", handleTicks);
// Unsubscribe
api.unsubscribe("stocks:nasdaq", handleTicks);
// Send one-way events to the gateway
await api.emit("chat:send", { message: "Hello!" });4. UI Framework Bindings
React Hook Integration
Wrap your React root inside MSTProvider to access stateful data queries and mutations:
import React from "react";
import { MST } from "@magnyte-software-private-limited/secure-transport";
import { MSTProvider, useSecureQuery, useSecureMutation } from "@magnyte-software-private-limited/secure-transport/react";
const client = new MST({ backend: "https://api.yourdomain.com" });
function App() {
return (
<MSTProvider client={client}>
<UserDashboard />
</MSTProvider>
);
}
function UserDashboard() {
const { data: users, loading } = useSecureQuery("/api/users");
const loginMutation = useSecureMutation("/api/login");
if (loading) return <p>Loading users...</p>;
return (
<ul>
{users.map(u => <li key={u.id}>{u.name}</li>)}
</ul>
);
}Vue Composables
import { useSecureQuery } from "@magnyte-software-private-limited/secure-transport/vue";
import { MST } from "@magnyte-software-private-limited/secure-transport";
const api = new MST({ backend: "https://api.yourdomain.com" });
// inside Vue setup():
const { data: users, loading } = useSecureQuery(api, "/api/users");Svelte Stores
<script>
import { MST } from "@magnyte-software-private-limited/secure-transport";
import { createSecureQueryStore } from "@magnyte-software-private-limited/secure-transport/svelte";
const api = new MST({ backend: "https://api.yourdomain.com" });
const usersStore = createSecureQueryStore(api, "/api/users");
</script>
{#if $usersStore.loading}
<p>Loading...</p>
{:else}
<ul>
{#each $usersStore.data as user}
<li>{user.name}</li>
{/each}
</ul>
{/if}Angular Service
import { Component, OnInit } from '@angular/core';
import { MSTService } from '@magnyte-software-private-limited/secure-transport/angular';
@Component({
selector: 'app-users',
template: `
<div *ngIf="loading">Loading...</div>
<ul *ngIf="users">
<li *ngFor="let u of users">{{ u.name }}</li>
</ul>
`
})
export class UsersComponent implements OnInit {
users: any[] = [];
loading = true;
constructor(private mst: MSTService) {}
ngOnInit() {
this.mst.init({ backend: 'https://api.yourdomain.com' });
this.mst.get('/api/users').then(data => {
this.users = data;
this.loading = false;
});
}
}5. Security Specifications
- Key Agreement: Diffie-Hellman Key Exchange over Curve25519 (X25519) on initial socket handshake.
- Key Derivation: HKDF-SHA256 with dynamic session salt.
- Encryption Suite: Authenticated Encryption with Associated Data (AEAD) via AES-256-GCM.
- Integrity Validation: CRC32 packet-wide checks protecting against route tampering and header spoofing.
- Replay Protection: Cryptographic nonce tracking and sliding-window timestamp checks.
- Payload Compression: Automatic Gzip/Brotli payloads.
