Light

zentro / slimx Goto Github PK

View Code? Open in Web Editor NEW

1.0 1.0 0.0 637 KB

Kotlin 0.04% Dart 52.95% Ruby 1.95% Swift 0.62% Objective-C 0.01% CMake 7.36% C++ 6.87% C 0.46% Rust 27.12% Shell 1.17% PowerShell 0.20% Batchfile 0.71% HTML 0.54%

slimx's Introduction

SlimX

Basically Signal but built by 3 amateur people in (mostly) 24 hours.

What is it really?

A CodeRED Hackathon project implementing the PQXDH protocol in a real-time chat app. The protocol is just fancy handshake to exchange a secret key securely (though it still lacks plenty of stuff to actually be secure in the real world, namely an SSL connection between client and server).

Some specific details about current implementation...

Messages are only locally decrypted at the client side. Server merely acts as a coordinator. Messages are encrypted with AES-256 (though without an associated data so far). The PQKEM used is the Kyber library from Argyle-Software.

What's the next big thing for it? (updated from time to time)

The Double Ratchet Algorithm!!! There is currently no forward secrecy so any compromise of the shared key immediately means that the conversation will be entirely visible, which is NOT good :(

How to run/build

For the server:

The /server folder has a .env file specifying the MySQL database so
that needs to be changed to whatever the local server needs.

Diesel can be installed through 'cargo install diesel' (which is much
easier on Linux).

Run 'diesel migration run' in the /server folder to setup the database. Anytime you want to just drop the database, just do 'diesel migration redo -n 7'

Then, 'cargo run' will start up the server.

For the client:

Install Flutter and flutter_rust_bridge (https://github.com/fzyzcjy/flutter_rust_bridge)

Run 'flutter_rust_bridge_codegen generate' just in case.

Run 'flutter run' to start the client.

You'll have to resize the client for it to switch to mobile mode. Currently, the desktop/tablet screen is used as a debug button to also wipe all stored data.

slimx's People

Contributors

Stargazers

Watchers

slimx's Issues

Better server logging and error handling

Server already has a logging file. Literally use it lol. Needs better error tolerance too.

Improve chat request

Can only chat request a person once. Requests that you've sent also show up in your requests as a pending outgoing request (no buttons, etc...).

Dockerize the server

NO MORE MANUAL MYSQL SETUP AHAHAHHAHA YESSS YESSSSS!!!

The logic for sending directly to another user is wrong

lol

Server no longer even stores chat rooms

Move all information regarding chats to be entirely local. This is ideally how it should be. Server is only supposed to coordinate. Very very long term goal.

Bind user to a machine on first login

Probably have them present proof that they are who they are (challenge signature on arbitrary message sent by the server, server can verify using their identity key)

Server no longer stores messages

Server after this change should only store chat rooms, keys, and user info. Use the Isar database to store.

Debloat main.rs in server

It's starting to get bloated so consider moving the handlers module to another file and maybe further modularizing that would make it easier to work through and add new paths.

Centralize key management

Key management is kind of all over the place rn. Needs a central provider for key operations.

Allow a user to deny a chat request

Denying also means that you are blacklisting them which means that they cannot send a request to you again, unless you unblacklist them. Will need to implement a blacklist screen for this purpose and add a new table to the server.

Add SSL to server so we don't send literal plaintext

Implement Double Ratchet Algorithm

Self explanatory

Better identifiers for keys

Probably a hash of the public opk/pqpk in a map when stored instead of just a literal array :3

On a tangent, this would make it easier to upload new one time keys.

Better error messages for client

Client literally knows nothing unless you're staring at the terminal. Even then it's not good.

Use Isar to manage keys instead of self defined json file

Isar would make it much much less error prone and probably faster. Key management is already in one place. Just need to rewrite to accommodate Isar.

Optimize the SQL queries server side

A lot of duct tape solution in there. Need to make the queries much less messy.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.