search

KorryKatti / Mirage

a chat app which doesn't store messages on the server
MIT License
8 stars 19 forks source link

Password protected rooms #40

Open KorryKatti opened 8 hours ago

KorryKatti commented 8 hours ago

Issue: Enhancing Room Security in Mirage

As part of our ongoing improvements during Hacktoberfest, we’re focusing on enhancing the security of rooms in Mirage.

Currently, all rooms in Mirage are public, meaning anyone can join without restrictions. We’ve initiated encryption, which is in its early stages but is functioning well. Our goal is to improve this system for better security.

Key Objectives:

  1. Password Management:

    • When creating a room, users should have the option to set a password. If no password is provided, the room will remain accessible to everyone.
    • For password-protected rooms, a popup should appear when users attempt to join. This popup will prompt for a password, which will be sent to the server for validation.

  2. Server-side Encryption:

    • Passwords must be securely stored on the server, encrypted within the rooms.json file, alongside other room data.

Additional Opportunities:

Implementation Hints:

  1. Room Creation with Password Option:

    • Modify the Room Creation UI: Add an input field for the password in the room creation form. Ensure that this field is optional.
    • Server-side Logic: Update the server code to check for a password and encrypt it before storing it in the rooms.json file.

  2. Joining Password-Protected Rooms:

    • Implement Popup for Password Entry: Display a modal to prompt the user for a password when trying to join a password-protected room.
    • Password Verification: Send the entered password to the server for validation against the stored encrypted password.

  3. Server-side Encryption:

    • Store Passwords Securely: Use a secure hashing algorithm (e.g., bcrypt) to hash passwords before saving them.
    • Encryption Key Management: Manage different encryption keys for private and public rooms securely.

  4. User Experience:

    • Error Handling: Ensure clear error messages (e.g., incorrect password) are provided to users.

If you're interested in taking on this challenge, please comment below! I’d be delighted to assign it to you.

hrit2773 commented 7 hours ago

@KorryKatti I have experience working with flask and django can you plz assign this to me

KorryKatti commented 7 hours ago

@KorryKatti I have experience working with flask and django can you plz assign this to me

The server uses socketio not flask , so would this be ok with you ?

KorryKatti commented 7 hours ago

or you could wait for the flask server to open ( planning on making a separate server which will use flask-socketio while keeping this one intact )

nub-rin commented 6 hours ago

I can work on this, I have experience with socketio.

KorryKatti commented 6 hours ago

I can work on this, I have experience with socketio.

sounds cool , will assign you

nub-rin commented 6 hours ago

Alright will give you an update as soon as I have one!!