# Presentation

The sample project is a web chat application in which the Seald-SDK is integrated to add end-to-end encryption.

This project is available on Github (opens new window):

git clone https://github.com/seald/sdk-example-project.git

It is split into several successive branches, each of which presents a different stage of the integration. Step-by-step guides describing how to implement it from the previous version are available:

Step Description Final result Root branch
Quick-start Basic integration of the Seald-SDK with password protection 1-quick-start (opens new window) master (opens new window)
Password pre-derivation Implements a pre-derivation of the authentication password 2-pre-derivation (opens new window) 1-quick-start (opens new window)
Cachine the identity in localStorage Implements identity caching in the localstorage 3-localstorage (opens new window) 2-pre-derivation (opens new window)
Server-side generation of the user license tokens Generates the user license token on the server side instead of the client side 4-user-license-token (opens new window) 3-localstorage (opens new window)
Protection with 2-man-rule Replacement of password protection with a protection with 2-man-rule 5-two-man-rule (opens new window) 4-user-license-token (opens new window)

WARNING

This is a demonstration application intended exclusively to show the integration of the Seald-SDK. Other considerations - including security - have not been taken into account, so we recommend that you do not use it as is.

# Features

The chat application allows users to:

  • create an account;
  • log in with a password;
  • send private messages to any other user;
  • create & manage a chat room;
  • send messages in a chat room.

# Launching

This is a web application in two parts:

  • a backend in the ./backend folder implemented in Node.js, with Express & socket.io. It is connected to an SQL database (SQLite or Postgres) with Sequelize as the ORM;
  • a frontend in the ./frontend folder implemented in React.js using @material-ui as UI library.

To install the dependencies, just run npm install in both the frontend and backend folders.

# Configuration

# Front-end

The project configuration is done in a settings.json configuration file.

It must be placed in the root of the web server (in development, in the folder /frontend/public/).

There is a settings.example.json in each branch which is a template of the settings.json you can copy & paste, you'll need to replace the values with the actual settings.

This file contains the variables:

Settings Description Must be set in branches
APPLICATION_SALT Salt used for pre-derivation 2-pre-derivation, 3-localstorage, 4-user-license-token
VALIDATION_KEY_ID Validation key ID (for user licence) 1-quick-start, 2-pre-derivation, 3-localstorage
VALIDATION_KEY Validation key (for user licence) 1-quick-start, 2-pre-derivation, 3-localstorage
APP_ID App ID 1-quick-start, 2-pre-derivation, 3-localstorage, 4-user-license-token, 5-two-man-rule
API_URL Seald API URL 1-quick-start, 2-pre-derivation, 3-localstorage, 4-user-license-token, 5-two-man-rule
KEY_STORAGE_URL SSKS API URL 1-quick-start, 2-pre-derivation, 3-localstorage, 4-user-license-token, 5-two-man-rule

# Back-end

The project configuration is done in a settings.json configuration file.

By default, it must be placed in the root of the /backend folder. The path where the app looks for this file can be overridden by setting the path you want in the CONFIG_FILE environment variable.

There is a settings.example.json in each branch which is a template of the settings.json you can copy & paste, you'll need to replace the values with the actual settings.

This file contains the variables:

Settings Description Must be set in branches
HTTPS_ENABLED Must be enabled if a reverse proxy implements HTTPS upstream of the server. The Secure attribute will be added to session cookies and Express will trust the X-Forwarded-* headers All
SESSION_SECRET Secret used to derive session cookies All
VALIDATION_KEY_ID Validation key ID (for user licence) 4-user-license-token, 5-two-man-rule
VALIDATION_KEY Validation key (for user licence) 4-user-license-token, 5-two-man-rule
APP_ID App ID (for user licence & SSKS) 4-user-license-token, 5-two-man-rule
KEY_STORAGE_URL API URL (for SSKS) 5-two-man-rule
KEY_STORAGE_APP_KEY App Key (for SSKS) 5-two-man-rule

# Local launch

The application can be launched locally by starting :

  • the backend with the npm start command in the backend folder;
  • the frontend with the command npm start in the frontend folder.

TIP

If the backend or frontend does not start correctly, check that you have created the corresponding configuration file, and that you have filled it correctly.

A database.sqlite file will automatically be created in the folder, and this will open two :

  • on port 4000 for the API;
  • on port 3000 which serves the frontend and acts as a reverse proxy to the other server.
How the watch works

The backend is started using nodemon (opens new window) which restarts it whenever there is a change in the backend code.

The frontend uses the react-scripts (opens new window) development server and also has a watch feature.

TIP

If you modify the Sequelize templates, you may have to delete the database file if the changes are not compatible.

# Deployment

The application can also be deployed using Docker-Compose:

docker-compose up -d --build

This will:

  • build and launch an image for the backend from backend/Dockerfile which is based from node:14 and launches the server on port 4000;
  • build and run an image for the frontend from frontend/Dockerfile that builds the frontend and serves it statically with nginx, which acts as a reverse proxy for the backend.
  • launch a postgres image.

TIP

In production, you may want to set the NODE_ENV environment variable to "production", to run the express webserver in production mode.