wiringbits / safer.chat Goto Github PK

safer.chat is a web application that allows you to have groupal chats using end-to-end encryption, no addons, or applications needs to be installed

Home Page: https://safer.chat

License: MIT License

JavaScript 2.13% TypeScript 42.97% HTML 11.83% CSS 6.79% Shell 1.37% Scala 34.91%

cryptocat chat end-to-end-encryption security webcryptoapi angular scala public-key-cryptography play-framework hacktoberfest

safer.chat's Introduction

safer.chat

https://safer.chat is an end-to-end encrypted webchat that allows users to create rooms with up to 4 participants. The idea is to have what crypto cat used to be, without the need to install browser extensions or applications. In 2019 we have the Web Crypto API which allows us to do all operations.

We do not store any tracking information or history, and the server logs don't include any keys or encrypted messages. In fact, all of the server's data lives in-memory.

To start a conversation, you need to choose a room and a password, then, only people knowing these details can log into that room, this password isn't transferred in plain text.

We hope you enjoy it.

Technical details

There are two components, the web and the server. The web component is the frontend app that you see at https://safer.chat, it uses the server to exchange the keys and the messages between room participants.

While joining a room, the app generates an RSA 2048 key-pair and shares the public key with the server (see Public-key cryptography).
When a participant joins a room, it gets the participants and their public keys from the server.
Each time a message is sent, it is encrypted using each participant's public key and sent to the server, which knows how to reach the participants.

As you can see by reading the technical details, all messages sent to the server are encrypted, any WebSocket debugger can be used to verify that the server doesn't alter any encrypted message or keys.

Development

The project is a mono repository involving the following components:

The web project is the frontend app, what you see at https://safer.chat is what the web has, it is built using Angular, communicates to the server project using a web socket.
The server project is what connects the peers, it allows them to exchange their keys and messages, as well as handling the room reservation, it is built with Scala.
The infra project has the deployment scripts, it uses Ansible.

safer.chat's People

Contributors

Stargazers

Watchers

Forkers

goseign sliceofbytes antonlinderer liyucode killerwuhan shadowboxdev halfstackzay blandais petmat ashish168527 cat-jf scala-steward toshihidetagami emreakkoc

safer.chat's Issues

Remove the server warnings

While compiling the server project, there are some warnings which can be removed, any warning removed helps:

[warn] There may be incompatibilities among your library dependencies; run 'evicted' to see detailed eviction warnings.
[info] Compiling 14 Scala sources and 1 Java source to /home/dell/projects/mine/cryptochat/server/target/scala-2.12/classes ...
[warn]  [E1] app/controllers/ChannelsController.scala
[warn]       private val messageFormat in object ChannelsController is never used
[warn]       L38:  private implicit val messageFormat: Format[Message] = wrapperFormat[Message, Base64String](Message.apply, _.base64)
[warn]       L38:                       ^
[warn]  [E2] app/controllers/ChannelsController.scala
[warn]       private val channelNameFormat in object ChannelsController is never used
[warn]       L57:  private implicit val channelNameFormat: Format[Channel.Name] = safeWrapperFormat[Channel.Name, String](Channel.Name.from, _.string)
[warn]       L57:                       ^
[warn]  [E3] app/controllers/ChannelsController.scala
[warn]       private val channelSecretFormat in object ChannelsController is never used
[warn]       L58:  private implicit val channelSecretFormat: Format[Channel.Secret] = wrapperFormat[Channel.Secret, String](Channel.Secret.apply, _.string)
[warn]       L58:                       ^
[warn]  [E4] app/controllers/ChannelsController.scala
[warn]       private val peerFormat in object ChannelsController is never used
[warn]       L60:  private implicit val peerFormat: Format[Peer] = new Format[Peer] {
[warn]       L60:                       ^
[warn]  [E5] conf/routes
[warn]       Unused import
[warn]  [E6] conf/routes
[warn]       Unused import
[warn]  [E7] conf/routes
[warn]       Unused import
[warn] app/controllers/ChannelsController.scala: L38 [E1], L57 [E2], L58 [E3], L60 [E4]

Issues on safari / iphone

Reported by a user:

Messages won’t send after being typed in safari on iPhone. It will let you type the message, but there is no response from the “return” button, or the “done” button, as well as not producing any feedback when the chat logo beside the message is “tapped” or “clicked”..

Fix the server tests

Some server tests are failing, they seem to be related to a text change which wasn't updated on the test files:

[info] - must reject bob due to wrong secret *** FAILED ***
[info]   java.lang.AssertionError: assertion failed: expected CommandRejected(The secret or the channel is incorrect), found CommandRejected(The secret or the room is incorrect)
[info]   at scala.Predef$.assert(Predef.scala:223)
[info]   at akka.testkit.TestKitBase.expectMsg_internal(TestKit.scala:403)
[info]   at akka.testkit.TestKitBase.expectMsg(TestKit.scala:379)
[info]   at akka.testkit.TestKitBase.expectMsg$(TestKit.scala:379)
[info]   at akka.testkit.TestKit.expectMsg(TestKit.scala:896)
[info]   at com.alexitc.chat.actors.PeerActorSpec.$anonfun$new$3(PeerActorSpec.scala:52)
[info]   at org.scalatest.OutcomeOf.outcomeOf(OutcomeOf.scala:85)
[info]   at org.scalatest.OutcomeOf.outcomeOf$(OutcomeOf.scala:83)
[info]   at org.scalatest.OutcomeOf$.outcomeOf(OutcomeOf.scala:104)
[info]   at org.scalatest.Transformer.apply(Transformer.scala:22)
[info]   ...
[INFO] [10/06/2019 16:32:19.335] [PeerActorSpec-akka.actor.default-dispatcher-3] [akka://PeerActorSpec/user/channel-handler] a peer with name=bob is trying to join room=test-channel
[INFO] [10/06/2019 16:32:19.335] [PeerActorSpec-akka.actor.default-dispatcher-3] [akka://PeerActorSpec/user/channel-handler] bob has joined test-channel
[info] - must allow bob to join
[INFO] [10/06/2019 16:32:19.336] [PeerActorSpec-akka.actor.default-dispatcher-3] [akka://PeerActorSpec/user/channel-handler] ActivePeers = 2, TotalPeers = 2, ActiveChannels = 1
[INFO] [10/06/2019 16:32:19.339] [PeerActorSpec-akka.actor.default-dispatcher-4] [akka://PeerActorSpec/user/channel-handler] Rejecting peer due to channel full, failed 1 times
[info] - must reject carlos due to channel being full *** FAILED ***
[info]   java.lang.AssertionError: assertion failed: expected CommandRejected(The channel is full, if you need bigger channels, write us to [email protected]), found CommandRejected(The room is full, if you need bigger rooms, write us to [email protected])
[info]   at scala.Predef$.assert(Predef.scala:223)
[info]   at akka.testkit.TestKitBase.expectMsg_internal(TestKit.scala:403)
[info]   at akka.testkit.TestKitBase.expectMsg(TestKit.scala:379)
[info]   at akka.testkit.TestKitBase.expectMsg$(TestKit.scala:379)
[info]   at akka.testkit.TestKit.expectMsg(TestKit.scala:896)
[info]   at com.alexitc.chat.actors.PeerActorSpec.$anonfun$new$5(PeerActorSpec.scala:62)
[info]   at org.scalatest.OutcomeOf.outcomeOf(OutcomeOf.scala:85)
[info]   at org.scalatest.OutcomeOf.outcomeOf$(OutcomeOf.scala:83)
[info]   at org.scalatest.OutcomeOf$.outcomeOf(OutcomeOf.scala:104)
[info]   at org.scalatest.Transformer.apply(Transformer.scala:22)
[info]   ...

Improve the documentation

That's it, any improvement to the existing documentation works.

Increase the test coverage on the server

The server maintains mostly a big integration test, adding any reasonable test works.

Add the scalafmt config file to the server project

The CONTRIBUTING.md file mentions that we use scalafmt to format the sources but that's not true, integrate a reasonable file into the project to make it true (the suggested one is https://github.com/X9Developers/block-explorer/blob/develop/server/.scalafmt.conf)

The frontend already has everything it needs, the required change is to hash the public keys to get a fingerprint which gets displayed in the UI.