astrosonic / sanctuary Goto Github PK
View Code? Open in Web Editor NEWA secure synchronous lightweight chatroom with zero logging and total transience
License: GNU General Public License v3.0
A secure synchronous lightweight chatroom with zero logging and total transience
License: GNU General Public License v3.0
Position of the owner message should be on the right and others should be on left
I have also initiated a pull request to fix this
Add an entry for chatroom purge in the database by listing the following things
Room creation page should have its own namespace to be uniquely identified. Refreshing a unique page would not lead to creation of a new room and hence would fix the problem.
This should be easy. Run a requirement check, and update the list with newer versions of dependencies
Hi there!
I happened across your project recently (love the idea!), and while reading through the code I think I uncovered a security hole.
Let's say you have a client A in a private channel A'. When A sends a message to the server, it sends the room (A') that the message is associated with to the server as a field on the payload:
https://github.com/astrosonic/sanctuary/blob/master/templates/actiroom.html#L84-L94
The server checks to see if the room is active, and then broadcasts that message out to all connected clients:
https://github.com/astrosonic/sanctuary/blob/master/main.py#L168-L171
So if we have a client B in a separate private channel B', they will receive the message. Currently this isn't noticeable if B is a casual observer, because only messages from the joined room get displayed:
https://github.com/astrosonic/sanctuary/blob/master/templates/actiroom.html#L108
However, all B has to do to read A's messages is to remove that filtering out; this is trivial to do in a browser's Javascript console. This means that any malicious client with network access to the chat server can listen in on all the messages being sent on the server in any room.
To fix this, I think you'd want to do two things:
Does that make sense? Happy to clarify!
The textbox should get cleared after an event of successful message sending. It does not. ๐
Add a text wrapping option while displaying the message
From the instructions:
http://< YOUR-LOCAL-IP-ADDRESS >/6969/
should rather say
http://< YOUR-LOCAL-IP-ADDRESS >:6969/
Provide options for continually checking of parameters like
Add a dedicated session termination page and then a redirect to home page from there
Add logout option for chatroom users such that they can destroy their side of all the chats and leave the chatroom safely while invalidating their current session.
The user directly exits from room also directly purge the room without confirmation dialog, after clicking on leave or purge room .
Use Summernote to get base64-encoded information
Profile picture should stick at the top of the chat card
On Raspberry Pi 3 Model B Rev 1.2, following instructions verbatim, I am not able to connect local network clients to any chatroom identity EXCEPT for "DEADCAFE" (no idea where this identify was generated from but it showed up when I hit the reload icon at the top of the client)
For messages sent to rooms with the same name but with different passwords, a bubble with an empty string appears.
Use PyInstaller. Make sure that the binary is compliant to Python 3.8.
Use PyInstaller. Make sure that the binary is compliant to Python 3.8.
you should never serve a page thats supposed to be used with the Falsk Development server.
The development server is provided by Werkzeug for convenience, but is not designed to be particularly efficient, stable, or secure.
an alternative to Flask could be Sanic, which is similar to Flask but based on asyncio, and has a builtin server that works for deployment.
In the spirit of getting more contributors to the project, the above documents would be appreciated.
The Web browser, to protect privacy of the user, keeps blocking microphone access even if permission is allowed. Accessing website using https also doesn't work.
Rename input field placeholders from Joining link to Chatroom joining ID, as the generated link is more of an unique ID rather than a hyperlink, it makes more sense.
You can learn more about env variables and their usage here
Add client-side form validation to prevent this from happening.
I have seen that this project does not allow to choose IP Address for hosting the Web Application, so i thought I can fix it.
Hence I will be getting a new pull request Up for the same.
Can lead to unforeseen bugs while handling redirects
Whisper feature can allow for sending messages to a specific recipient only
HINT - Initialize the websocket variable only after taking username
and roomiden
- then store it in the list USERS along with the those data.
All conversations are shared among chatrooms with same name. Use specific identity for chatrooms.
Audio sent. Audio received. Chatting becomes way more interactive. Cool stuff. ๐
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.