feat(reflect): QUIC-native NAT reflection ("STUN for QUIC") — Phase 1

Lets a client ask its registered relay "what IP:port do you see for me?" over the existing TLS-authenticated signal channel, returning the client's server-reflexive address as a SocketAddr. Replaces the need for a classic STUN deployment and becomes the bootstrap step for future P2P hole-punching: once both peers know their own reflex addrs, they can advertise them in DirectCallOffer and attempt a direct QUIC handshake to each other. Wire protocol (wzp-proto): - SignalMessage::Reflect — unit variant, client -> relay - SignalMessage::ReflectResponse { observed_addr: String } — relay -> client - JSON-serde, appended at end of enum: zero ordinal concerns, backward compat with pre-Phase-1 relays by construction (older relays log "unexpected message" and drop; newer clients time out cleanly within 1s). Relay handler (wzp-relay/src/main.rs, signal loop): - New match arm next to Ping reuses the already-bound `addr` from connection.remote_address() and replies with observed_addr as a string. debug!-level log on success, warn!-level on send failure. Client side (desktop/src-tauri/src/lib.rs): - SignalState gains pending_reflect: Option<oneshot::Sender<SocketAddr>>. - get_reflected_address Tauri command installs the oneshot before sending Reflect and awaits it with a 1s timeout; cleans up on every exit path (send failure, timeout, parse error). - recv loop's new ReflectResponse arm fires the pending sender or emits a debug log for unsolicited responses — never crashes the loop on malformed input. - Integrated into invoke_handler! alongside the other signal commands. UI (desktop/index.html + src/main.ts): - New "Network" section in settings panel with a "Detect" button that displays the reflected address or a categorized warning ("register first" / "relay does not support reflection" / error). Tests (crates/wzp-relay/tests/reflect.rs — 3 new, all passing): - reflect_happy_path: client on loopback gets back 127.0.0.1:<its own port> - reflect_two_clients_distinct_ports: two concurrent clients see their own distinct ports, proving per-connection remote_address - reflect_old_relay_times_out: mock relay that ignores Reflect — client times out between 1000-1200ms and does not hang Also pre-existing test bit-rot unrelated to this PR — fixed so the full workspace `cargo test` goes green: - handshake_integration tests in wzp-client, wzp-relay and featherchat_compat in wzp-crypto all missed the `alias` field addition to CallOffer and the 3-arg form of perform_handshake plus 4-tuple return of accept_handshake. Updated to the current API surface. Results: cargo test --workspace --exclude wzp-android: 386 passed cargo check --workspace: clean cargo clippy: no new warnings in touched files Verification excludes wzp-android because it's dead code on this branch (Tauri mobile uses wzp-native instead) and can't link -llog on macOS host — unchanged status quo. PRD: .taskmaster/docs/prd_reflect_over_quic.txt Tasks: 39-46 all completed Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-11 12:29:07 +04:00
parent 7e7968b2f9
commit 921856eba9
10 changed files with 587 additions and 9 deletions
--- a/crates/wzp-relay/src/main.rs
+++ b/crates/wzp-relay/src/main.rs
@@ -13,7 +13,7 @@ use std::sync::Arc;
 use std::time::Duration;

 use tokio::sync::Mutex;
-use tracing::{error, info, warn};
+use tracing::{debug, error, info, warn};

 use wzp_proto::{MediaTransport, SignalMessage};
 use wzp_relay::config::RelayConfig;
@@ -892,6 +892,31 @@ async fn main() -> anyhow::Result<()> {
                                    let _ = transport.send_signal(&SignalMessage::Pong { timestamp_ms }).await;
                                }

+                                // QUIC-native NAT reflection ("STUN for QUIC").
+                                // The client asks "what source address do you
+                                // see for me?" and we reply with whatever
+                                // quinn reports as this connection's remote
+                                // address — i.e. the post-NAT public address
+                                // as observed from the server side of the TLS
+                                // session. Used by the P2P path to learn the
+                                // client's server-reflexive address without
+                                // running a separate STUN server. No auth or
+                                // rate-limit in Phase 1 — the client is
+                                // already TLS-authenticated by the time it
+                                // reaches this match arm.
+                                SignalMessage::Reflect => {
+                                    let observed_addr = addr.to_string();
+                                    if let Err(e) = transport.send_signal(
+                                        &SignalMessage::ReflectResponse {
+                                            observed_addr: observed_addr.clone(),
+                                        },
+                                    ).await {
+                                        warn!(%addr, error = %e, "reflect: failed to send response");
+                                    } else {
+                                        debug!(%addr, %observed_addr, "reflect: responded");
+                                    }
+                                }
+
                                other => {
                                    warn!(%addr, "signal: unexpected message: {:?}", std::mem::discriminant(&other));
                                }