shaninalex / chatapp Goto Github PK

There are not optimal code in profile service especialy in opbtaining token handler

Also need to figure out auth token scope required for comunication. It should be able to cominicate with users, get lists of users, create group ("rooms") chat, send "buddy" request etc. But, should not be able to edit or delete existed users, create new user, issue token for another user except current etc. Bascialy all that can do admin should be disabled for regular user

New users should default connected to "lobby", show all users in this public group chat, subscribe to new notifications from lobby

Warning text:

The following actions uses node12 which is deprecated and will be forced to run on node16: actions/checkout@v2. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/

identity - for root store module
chat - for dashboard module

Currently we create user token on register. But this token live only 1 hour. Need to create solution for refreshing user token

To securely authenticate users in your Angular application with ejabberd without exposing their ejabberd credentials (username/password), you can follow a token-based authentication approach. The idea is to create a secure authentication flow where the Angular application receives an authentication token from your server after the user has been authenticated with ejabberd. This token can then be used to authenticate subsequent requests to the ejabberd server.

Here's a high-level overview of the process:

1. User Registration:
   When a user registers in your application, your backend server should also register a corresponding user in the ejabberd server. This involves creating an XMPP account for the user.

2. Token Generation:
   After a successful user registration, generate a secure authentication token on your backend server. This token will serve as the user's credential for authenticating with the ejabberd server.

3. Token Storage on the Frontend:
   Send the generated token to the Angular frontend securely. You can use HTTPS to encrypt the communication between the server and the client.

4. Token Usage for XMPP Authentication:
   When the Angular application needs to connect to the ejabberd server on behalf of the user, it includes the authentication token in the XMPP authentication request. The ejabberd server is configured to accept this token as a valid credential.

5. Secure Communication:
   Ensure that all communication between the Angular application and the ejabberd server is done over a secure WebSocket connection (wss://) or HTTPS, depending on your setup.

6. Token Expiry and Refresh (Optional):
   Implement token expiry and refresh mechanisms if needed. Tokens can have a limited lifespan, and the Angular application may need to refresh the token when it expires.

Here's a basic example of how you might structure the authentication flow in Angular:

// Angular Service for XMPP Authentication
import { Injectable } from '@angular/core';
import { HttpClient } from '@angular/common/http';

@Injectable({
  providedIn: 'root',
})
export class XmppAuthService {
  private ejabberdToken: string;

  constructor(private http: HttpClient) {}

  // Step 1: User Registration (Assuming this is done on your backend)
  registerUser(username: string, password: string) {
    // Your backend API endpoint to register the user in ejabberd
    return this.http.post('/api/register', { username, password });
  }

  // Step 2: Token Generation (Assuming this is done on your backend)
  generateToken(username: string, password: string) {
    // Your backend API endpoint to generate the authentication token
    return this.http.post('/api/generate-token', { username, password });
  }

  // Step 4: Token Usage for XMPP Authentication
  connectToXMPP(username: string, token: string) {
    // Use Strophe.js or any other XMPP library to connect to ejabberd
    // Include the token in the XMPP authentication request
  }

  // Other methods for token management (refresh, expiry check, etc.) could be added here
}

Please note that this is a simplified example, and you'll need to implement the backend logic for user registration, token generation, and securely delivering the token to the frontend. Additionally, ensure that your ejabberd server is configured to accept tokens as a valid authentication method. Always follow best practices for securing tokens, and consider using technologies like HTTPS and JWT (JSON Web Tokens) for enhanced security.

• stabilize loggedin state, some times it redirecting me in login page
• html template for dashboard is very bad.
• I'm not sure about login page itself. We can redirect on static html page with nginx?

Some times it's logout, do not catch messages...

Also config websoket for ejabberd server