Service modularisation

README.md

@@ -1,23 +1,25 @@
 ## chat-e2ee
+**Disposable chat session**: this app will allow two mutually agreed users to have a chat in _end-to-end_ encrypted environment. The app itself doesn't track you or ask any infromation from you. Data is owned by **only you** and **only while chatting**. Your private key is generated on your device and never leaves your device. This is not a replacement of your usual chat application.  
 
-**Disposable chat session**: this app will allow two mutually agreed users to have a chat in _end-to-end_ encrypted environment. The app itself doesn't track you or ask any infromation from you. Data is owned by **only you** and **only while chatting**. Your private key is generated on your device and never leaves your device. This is not a replacement of your usual chat application.
-
-Working prototype: https://chat-e2ee-2.azurewebsites.net
+The project is still in **development** phase and open for contribution.  
+Demo: https://chat-e2ee-2.azurewebsites.net  
 
 [![Open in Gitpod](https://gitpod.io/button/open-in-gitpod.svg)](https://gitpod.io/#https://github.com/muke1908/chat-e2ee)
 
-The project is in **development** phase.   
+---
+
 
 [![Code Smells](https://sonarcloud.io/api/project_badges/measure?project=muke1908_chat-e2ee&metric=code_smells)](https://sonarcloud.io/project/issues?id=muke1908_chat-e2ee&resolved=false&types=CODE_SMELL)  [![](https://img.shields.io/github/issues/muke1908/chat-e2ee?style=flat)](https://github.com/muke1908/chat-e2ee/issues)
 
 ## Features
 
 1. No login/signp - the end users **don't identify** themselves .
-2. Data is **not** stored on any remote server, encrypted data is just relayed to other users, the data can't be decrypted by any man in the middle.  
-3. ~~Secure image sharing - 
-   **IMPORTANT:** The image sharing feature is imcomplete!! Images are stored to [imagebb](https://mukesh-biswas.imgbb.com/) server. (27/08/2020)~~
+2. Data is **not** stored on any remote server, encrypted data is just relayed to other users, the data can't be decrypted by any man in the middle. 
 4. **No history** i.e. once chat is closed the data is not recoverable, however encrypted data can be found on memory trace. [Read More](https://github.com/muke1908/chat-e2ee/wiki/How-and-when-your-data-can-be-compromised%3F)  
 
+:boom: **Spin up your own frontend**: 
+ - JS SDK and use chat-e2ee backend as service - `@chate2ee/service` [Read Me](https://github.com/muke1908/chat-e2ee/tree/service-modularisation/service)
+
 ---
 
 For installation instruction, go to [developer section](https://github.com/muke1908/chat-e2ee#for-developers).  
@@ -33,13 +35,13 @@ For installation instruction, go to [developer section](https://github.com/muke1
 
 1. Alice and Bob generate a public and private key pair.
 2. Alice and Bob share their public keys with each other.
-3. Alice encrypts her message with her private key and Bob's public key and sends it to Bob.
-4. Bob receives the encrypted message and decrypts it with his private key and Alice's public key.
+3. Alice encrypts her message with Bob's public key and sends it to Bob.
+4. Bob receives the encrypted message and decrypts it with his private key.
 
-In this way, no one else can decrypt the message because your private key is never exposed to the internet.
+In this way, no one else can decrypt the message because your private key is never exposed/shared to the internet.
 More detailed explanation: https://www.youtube.com/watch?v=GSIDS_lvRv4&t=1s
 
-> We are using NaCL & [TweetNaCL.js](https://github.com/dchest/tweetnacl-js/) library for asymmetric encryption. The NaCL project is being lead by [Daniel J.Bernstein](http://cr.yp.to/djb.html), one of the most prominent Computer Scientists of our era.
+> We are using browser [window.crypto library](https://developer.mozilla.org/en-US/docs/Web/API/crypto_property)  for encryption.  
 
 ---
 
@@ -49,11 +51,17 @@ More detailed explanation: https://www.youtube.com/watch?v=GSIDS_lvRv4&t=1s
 
 ---
 
-### For developers
-[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=muke1908_chat-e2ee&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=muke1908_chat-e2ee) [![Gitter](https://badges.gitter.im/chat-e2ee/community.svg)](https://gitter.im/chat-e2ee/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
+### :computer:	 For developers
+![Open Source Love](https://img.shields.io/badge/Open%20Source-with%20love-CRIMSON.svg) ![GitHub last commit](https://img.shields.io/github/last-commit/muke1908/chat-e2ee) [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=muke1908_chat-e2ee&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=muke1908_chat-e2ee) [![Gitter](https://badges.gitter.im/chat-e2ee/community.svg)](https://gitter.im/chat-e2ee/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
 
 FE: This project includes a light weight frontend UI - bootstrapped with [create-react-app](https://reactjs.org/docs/create-a-new-react-app.html). The FE client is located in `./client` folder.  
-BE: The backend runs on express/nodejs. In production mode, express server exposes the API endpoints and serve the static frontend from `./client/build`.
+BE: The backend runs on express/nodejs. In production mode, express server exposes the API endpoints and serve the static frontend from `./client/build`.  
+`@chat-e2ee/service` - located in `./service` - A SDK that client uses to interact with backend. More info: [Readme](https://github.com/muke1908/chat-e2ee/tree/service-modularisation/service)
+
+Note: If you make a change in `./service`, in order to reflect changes in client please run `npm run build-service-sdk` in root.  
+
+**Spin up your own client**  
+Import `@chat-e2ee/service` SDK in your client project and build your own chat client. Read [Usage instruction](https://github.com/muke1908/chat-e2ee/tree/service-modularisation/service).
 
 ### Installation
 
@@ -73,10 +81,11 @@ For native build read the [instructions](https://github.com/muke1908/chat-e2ee/t
 
 ### Folder structure
 
-- The FE client is located in `./client` which is coupled with the backend
-- All the backend controllers goes to `./backend` folder
-- Express instance is on `./app.js`
-- Entry point is `./index.js`
+- The FE client is located in `./client` which is coupled with the backend.
+- All the backend controllers goes to `./backend` folder.
+- Client uses a package `@chate2ee/service` to communicate with the backend. Located in `./service`.  
+- Express instance is on `./app.js`.
+- Entry point is `./index.js`.
 
 ### APIs
 ```endpoint: /api/<path>```
@@ -98,12 +107,12 @@ Example:
 
 ---
 
-## Contributors ✨
+## ✨ Contributors
 
  <img src="https://contributors-img.web.app/image?repo=muke1908/chat-e2ee" />
 
 ---
-**Cryptographic notice**  
+## :closed_lock_with_key:	 Cryptographic notice
 This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See http://www.wassenaar.org/ for more information.
 
 The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.

backend/api/messaging/index.ts

@@ -70,7 +70,7 @@ router.post(
       return res.sendStatus(404);
     }
     // TODO: do not store if already exists
-    await db.insertInDb({ publicKey, sender, channel }, PUBLIC_KEY_COLLECTION);
+    await db.insertInDb({ publicKey, user: sender, channel }, PUBLIC_KEY_COLLECTION);
     return res.send({ status: "ok" });
   })
 );
@@ -85,8 +85,8 @@ router.get(
     if (!valid) {
       return res.sendStatus(404);
     }
-
-    const data = await db.findOneFromDB<GetPublicKeyResponse>({ channel, sender: userId }, PUBLIC_KEY_COLLECTION);
+    const receiverID = clients.getReceiverIDBySenderID(userId as string, channel as string);
+    const data = await db.findOneFromDB<GetPublicKeyResponse>({ channel, user: receiverID }, PUBLIC_KEY_COLLECTION);
     return res.send(data);
   })
 );

backend/socket.io/clients.ts

@@ -34,6 +34,14 @@ class Clients implements ClientRecordInterface{
     return this.clientRecord[channelID] || {};
   }
 
+  getReceiverIDBySenderID(sender: string, channelID: string): string {
+    const usersInChannel = this.getClientsByChannel(channelID);
+    const usersInChannelArr = Object.keys(usersInChannel);
+
+    const receiver = usersInChannelArr.find((u) => u !== sender);
+    return receiver;
+  }
+
   getSIDByIDs(userID: string, channelID: string): UserSidTypes {
     if (!(channelID && userID)) {
       throw new Error("channelID, userID - required param");

backend/socket.io/listeners.ts

@@ -15,8 +15,8 @@ const connectionListener = (socket, io) => {
     const usersInChannel = clients.getClientsByChannel(channelID) || {};
     const userCount = Object.keys(usersInChannel).length;
 
-    if (userCount === 2) {
-      const receiverSocket = io.sockets.sockets[socket.id];
+    const receiverSocket = io.sockets.sockets[socket.id];
+    if (userCount === 2 && receiverSocket) {
       socketEmit<SOCKET_TOPIC.LIMIT_REACHED>(SOCKET_TOPIC.LIMIT_REACHED, socket.id, null);
       receiverSocket.disconnect();
       return;
@@ -26,8 +26,8 @@ const connectionListener = (socket, io) => {
     socket.channelID = channelID;
     socket.userID = userID;
     // share the public key to the receiver if present
-    const receiver = clients.getSIDByIDs(userID, channelID);
-
+    const receiverId = Object.keys(usersInChannel).find(user => user !== userID);
+    const receiver = receiverId && clients.getSIDByIDs(receiverId, channelID);
     if (receiver) {
       socketEmit<SOCKET_TOPIC.ON_ALICE_JOIN>(SOCKET_TOPIC.ON_ALICE_JOIN, receiver.sid, { publicKey });
     }