Skip to content

AuthentiDocs is a team collaboration platform that is backed by digital signature. Here one can have a hierarchical but flexible structure of their organization and use modifiable workflows, store files, discuss in forums or send notices etc. Finally, all those features are bolstered with formal interactions being verified using ECDSA signatures.

License

Notifications You must be signed in to change notification settings

AuthentiDocs/authentidocs

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

AuthentiDocs

AuthentiDocs - Team Collaboration Authenticated By Digital Signature

A simple website for doing collaborative work where each file and interaction is signed digitally!

Table of Contents

General Information

This project was our submission for CSE 408 Software Engineering term project in Level 4/Term 1(Senior Year) at BUET CSE Undergrad.

In this project we decided to combine the features of a document signing application with that of a organizational management application, where users can -

  • store their personal files with digital signatures
  • make multiple organizations with new users
  • hierarchically divide organization in teams and threads, with overlap if needed
  • create flexible workflows in threads with digitally signe files and notes
  • maintain chain of custody of all files, view file history
  • discuss informally in thread forums
  • send notices
  • verify any digital signature with information of the signing user

Main Technologies Used

Database:

  • Postgresql hosted in Supabase

Unified Backend and Frontend:

  • SvelteKit - version 2.4.3 hosted in Vercel.

We used SvelteKit because we preferred how Kit allowed rapid development with Svelte and we wanted to use a RESTful API in the backend, while keeping the codebase for backend and frontend similar. SvelteKit adds useful functions and file based routing while also creating a separate server for the RESTful API. The live API documentation was created with Swagger.

We chose Vercel for deployment, for we liked how it could easily integrate with Github, giving a full CI/CD pipeline. Out of many features of Vercel, an interesting one is that of logging every API call - a feature that saved us a lot of headache many times.

We used a Github Project to manage our workflow, using issues and pull requests as needed. Keeping our main branch push protected, we implemented a staged deployment with only successful preview deployments from testing being merged into main.

For managing user authentication in our project, we used AuthJS with user verification using database. For file storage, we used Supabase File Storage to host our files.

As digital signature algorithm, we chose Elliptic Curve Digital Signature Algorithm, using the browser-side SubtleCrypto API to create keys, sign and verify signatures. We recreated a users keys at each new log in to allow multiple device for each user and stored the private key in browsers IndexedDB as it can provide security for key objectes generated by SubtleCrypto APIs.

Features

After signing up, a user can:

  • Upload and view personal files that are immediately signed digitally
  • View and update their profile
  • Create new organizations and add members as needed
  • Create new teams in the organizations and add members
  • Create work threads in teams to simulate different workflows in a office, users from multiple teams are allowed in threads
  • Upload, view, digitally sign and add notes to work files in a thread
  • Maintain a chain of custody by using serial of thread members and letting only one user signing custody of thread at any time
  • Add passive members to a thread, who can only view the workflow but cannot participate
  • Forward thread custody in a flexible way to any other member of thread
  • Discuss in a dedicated forum for each thread
  • View file custody history for each file
  • Give notice to all members of organization/team/thread, adding a file if required
  • Receive detailed notifications about each event that is related to the user
  • Archive thread after a successful workflow, with comments
  • Have a unified view of users all work files, organizations, teams etc.
  • View and download all signatures of a file as a pdf certificate
  • Verify a files signature and get information about who signed it
  • Search users, organizations, teams, threads and files with a robust, fault tolerant full text search
  • Leave organization but only after the user has completed any pending workflows in any thread

Setup

Setting up database

Download and extract this SQL script to setup your database in Supabase or locally, using the \i <script path> command of Postgresql to run the SQL script.

Clone the repo

In a suitable folder, clone the repo:

git clone https://github.com/AuthentiDocs/authentidocs.git

Install dependencies

npm install

Dont forget the .env file

Create a file named .env and put the needed environment variables:

DEV_DB_ANON_LINK="<your development supabase database anon link>"
DEV_DB_ANON_KEY="<your development supabase database anon key>"
PROD_DB_ANON_LINK="<your production supabase database anon link>"
PROD_DB_ANON_KEY="<your production supabase database anon link>"

Also, create another file name .env.local for AuthJS authentication with this value:

AUTH_SECRET="<32 bit secret for Authentication>"

You can use the same database for production and development if needed.

Running locally

npm run dev creates a development server, while npm run build will build the project for production that can be viewed with npm run preview.

Deploying

After creating a project and connecting the github repo, Vercel will automatically deploy any push in any branch by default. This is customizable and you can add your own conditions for deployment. Populate Vercel project environment variables using the local .env file.

Demonstration

Here is a little demo of the running project with some screenshots below:

Login, Sign Up and User Dashboard Pages

Login Page Signup Page Dashboard Page

Homepage: Personal Files, Organizations, Notices

Personal Files Page User Organizations Page User Notices Page

Homepage: User Teams Page, User Thread and Search Result Pages

User Teams Page User Thread Page User Search Page

Organization Homepage: Details Tab, Member Tab and Notice Tab

Details Members Notices

Organization Homepage: Adding Member, Team and Notice

Add Member Add Teams Add Notices

The team page and tabs are similar to the organization page, so we can skip to thread page now:

Thread Workflow: Homepage, File List, File View

Thread Home Thread File List Thread File View

Thread File View: Notes, Custody History, File Certificate

Notes Custody History Certificate

Thread View: Flexible Forwarding, Forum

Flexible Forward Forum Forum Posts

Project Status

Project is: being worked on .

Room for Improvement

Room for improvement:

  • Use NodePG or other more flexible database library for database connection
  • Add preivew feature for more types of file in the frontend
  • Add provision for user creation/adding by using a service an organization is already using, such as Azure Active Directory
  • Possible use of Rich Text Editor in forum

Acknowledgements

We would like to specially give our heartfelt thanks to our honourable supervisor Md. Toufikuzzaman sir. It is his idea of using digital signatures in an office workspace that we had directly followed and tried to develop. Throughout the whole term, he gave us invaluable advice, encouraged us to explore new technologies and helped us overcome many problems. It has been both an honour and a learning experience working under his guidance.

We would also like to express our heartiest gratitude to our other sessional course teachers Rayhan Rashed sir and Mashiat Mustaq ma'am for the very important guidances and suggestions they gave us throughout the project.

A special shoutout to Ashraf, Lord Sadat, Shattik for helping us out anytime we needed. Check out Ashraf and company's project, Sadat and Asif's project and finally Shattik and Nafis and Wasif's project using microservices.

License

This project is licensed under GNU General Public License v3.0.

About

AuthentiDocs is a team collaboration platform that is backed by digital signature. Here one can have a hierarchical but flexible structure of their organization and use modifiable workflows, store files, discuss in forums or send notices etc. Finally, all those features are bolstered with formal interactions being verified using ECDSA signatures.

Topics

Resources

License

Stars

Watchers

Forks