Presentation
The sample project is a web chat application in which the Seald-SDK is integrated to add end-to-end encryption.
This project is available on Github:
git clone https://github.com/seald/sdk-example-project.gitIt is split into several successive branches, each of which presents a different stage of the integration. Step-by-step guides describing how to implement it from the previous version are available:
| Step | Description | Final result | Root branch |
|---|---|---|---|
| Quick-start | Basic integration of the Seald-SDK with password protection | 1-quick-start | master |
| Password pre-derivation | Implements a pre-derivation of the authentication password | 2-pre-derivation | 1-quick-start |
| Caching the identity in localStorage | Implements identity caching in the localstorage | 3-localstorage | 2-pre-derivation |
| Protection with 2-man-rule | Replacement of password protection with a protection with 2-man-rule | 4-two-man-rule | 3-localstorage |
| Using 2-man-rule with SMS | In 2-man-rule, changing email protection to SMS protection | 5-two-man-rule-sms | 4-two-man-rule |
WARNING
This is a demonstration application intended exclusively to show the integration of the Seald-SDK. Other considerations - including security - have not been taken into account, so we recommend that you do not use it as is.
Features
The chat application allows users to:
- create an account;
- log in with a password;
- send private messages to any other user;
- create & manage a chat room;
- send messages in a chat room.
Launching
This is a web application in two parts:
- a backend in the
./backendfolder implemented in Node.js, with Express & socket.io. It is connected to an SQL database (SQLite or Postgres) with Sequelize as the ORM; - a frontend in the
./frontendfolder implemented in React.js using@material-uias UI library.
To install the dependencies, just run npm install in both the frontend and backend folders.
Configuration
Front-end
The project configuration is done in a settings.json configuration file.
It must be placed in the root of the web server (in development, in the folder /frontend/public/).
There is a settings.example.json in each branch which is a template of the settings.json you can copy & paste, you'll need to replace the values with the actual settings.
This file contains the variables:
| Settings | Description | Must be set in branches |
|---|---|---|
APPLICATION_SALT | Salt used for pre-derivation | 2-pre-derivation, 3-localstorage |
APP_ID | App ID | All |
API_URL | Seald API URL | All |
KEY_STORAGE_URL | SSKS API URL | 4-two-man-rule, 5-two-man-rule-sms |
Back-end
The project configuration is done in a settings.json configuration file.
By default, it must be placed in the root of the /backend folder. The path where the app looks for this file can be overridden by setting the path you want in the CONFIG_FILE environment variable.
There is a settings.example.json in each branch which is a template of the settings.json you can copy & paste, you'll need to replace the values with the actual settings.
This file contains the variables:
| Settings | Description | Must be set in branches |
|---|---|---|
HTTPS_ENABLED | Must be enabled if a reverse proxy implements HTTPS upstream of the server. The Secure attribute will be added to session cookies and Express will trust the X-Forwarded-* headers | All |
SESSION_SECRET | Secret used to derive session cookies | All |
JWT_SHARED_SECRET_ID | JWT shared secret ID (for signup JWT) | All |
JWT_SHARED_SECRET | JWT shared secret (for signup JWT) | All |
APP_ID | App ID (for user licence & SSKS) | All |
KEY_STORAGE_URL | API URL (for SSKS) | 4-two-man-rule, 5-two-man-rule-sms |
KEY_STORAGE_APP_KEY | App Key (for SSKS) | 4-two-man-rule, 5-two-man-rule-sms |
Local launch
The application can be launched locally by starting :
- the backend with the
npm startcommand in thebackendfolder; - the frontend with the command
npm run devin thefrontendfolder.
TIP
If the backend or frontend does not start correctly, check that you have created the corresponding configuration file, and that you have filled it correctly.
A database.sqlite file will automatically be created in the folder, and this will open two :
- on port
4000for the API; - on port
5173which serves the frontend and acts as a reverse proxy to the other server.
How the watch works
The backend is started using nodemon which restarts it whenever there is a change in the backend code.
The frontend uses the vite development server and also has a watch feature.
TIP
If you modify the Sequelize templates, you may have to delete the database file if the changes are not compatible.
Deployment
The application can also be deployed using Docker-Compose:
docker-compose up -d --buildThis will:
- build and launch an image for the backend from
backend/Dockerfilewhich is based fromnode:14and launches the server on port4000; - build and run an image for the frontend from
frontend/Dockerfilethat builds the frontend and serves it statically with nginx, which acts as a reverse proxy for the backend.
TIP
In production, you may want to set the NODE_ENV environment variable to "production", to run the express webserver in production mode.