A real-time privacy-first social media platform leveraging feature-rich direct messaging text channels. Built as part of the course project for COSC 310 at UBC.
Created an Ably account and two API keys: administrative and public. The public key is used in our application to facilitate all messaging across all users
Modified the MessagingInterface to perform real-time messaging with Ably
Added a privacy toggle feature where messages can be sent in real-time without storing any message history. Refreshing the screen while that toggle is on causes all message history to be wiped. If the toggle is off, all message history is kept in MongoDB and is pulled accordingly when a new session is started
Added a scrollable area for the messages box
Added comprehensive docstrings across all Messaging files (Chat.tsx, Message.tsx, MessagingInterface.tsx)
Performed extensive ad-hoc testing to ensure all features are robuts
Performed extensive software reliability tests to ensure that users cannot circumvent privacy features (like switching the privacy toggle off mid-chat to then capture message history), added robust fixes to prevent such loopholes
Added a test case to
Wrote two backend API endpoints to handle getting and setting message history
For the bolded point: I cannot stress enough how long it took me to figure that out. I thought my real-time messaging was disabled but it was because I was attempting to communicate with myself during testing. To actually test a real-time conversation you need another laptop as you need to change these variables.
Things to Know
In order to chat with another person in real-time, the following in the application shell (Accord.tsx) need to be flipped across both parties: const sender = "user1"; const receiver = "user2"; i.e. user1 will have user1 under sender on their end and user2 will have user2 under sender on their end.
Please refer to the Ably documentation posted on #118.
Known Vulnerabilities
There are several ways to break the privacy feature. Here are some ways that need to patched in future iterations:
It is possible to refresh your tab and re-enable the privacy toggle that was previously locked due to an initiated conversation.
Both users need to have the privacy toggle set to true while they are chatting. In relation to the above vulnerability, this is enforced as long as users don't refresh. If one user refreshes their screen, the toggle will be unlocked and they can switch it off, get back to the chat and capture any incoming messages.
Summary of Changes
Ablyaccount and two API keys: administrative and public. The public key is used in our application to facilitate all messaging across all usersMessagingInterfaceto perform real-time messaging with AblyMessagingfiles (Chat.tsx,Message.tsx,MessagingInterface.tsx)For the bolded point: I cannot stress enough how long it took me to figure that out. I thought my real-time messaging was disabled but it was because I was attempting to communicate with myself during testing. To actually test a real-time conversation you need another laptop as you need to change these variables.
Things to Know
Accord.tsx) need to be flipped across both parties:const sender = "user1"; const receiver = "user2";i.e. user1 will have user1 undersenderon their end and user2 will have user2 undersenderon their end.Known Vulnerabilities
There are several ways to break the privacy feature. Here are some ways that need to patched in future iterations: