piqchat (piqchat.net) is a web app optimized for iOS Safari and Chrome on Android that allows you to share self-destructing images with your friends. The images are end-to-end encrypted and you have the freedom to choose which inbox server you rely on to receive images. The goal of piqchat is to be an app that is fun, social in a good way, respects its users and hides the complexity of encryption and server federation.
A piqchat user needs to sign up to an inbox server to be able to receive images. You can host an inbox server yourself with the code provided in this repository.
TLS is a requirement.
You'll need docker
and docker-compose
.
docker-compose up
A sqlite database is created.
You'll need node
.
npm install
inside the project repository.npm run migrate
.Afterwards you can start the server with npm run start
or node src/main.js
.
TL;DR After deployment use the invite link printed out in the server logs in the piqchat web app.
Usually users are created when they accept a friend invite and have not signed up anywhere else.
After the first server startup an "invite link" is printed out in the server logs that you can use in the piqchat web app to create your first user. The app will ask you to enter the domain of your inbox server. Note that this is a standard user and it doesn't have any special rights.
The invite link expires after the duration you specified in the .env file. After restarting it should print out a new invite link if the previous one expired. When deployed with docker, you can force to generate a new invite link on startup with the environment variable CREATE_SIGN_UP_INVITE=true
. Without a container you can run node bin/create-signup-contact-exchange.js
.
Inbox servers for piqchat are supposed to be lightweight. The server uses a sqlite3 database, and everything is deleted as soon as it's not needed anymore.
A piqchat user needs to sign up to an inbox server to be able to receive images. From a technical perspective, the user doesn't need to be registered on an inbox server if they only want to send images, because images are directly uploaded to the inbox server of the recipient.
User register through a simple invite system. The app doesn't ask for emails, phone numbers or passwords. Authentication is done with the tweetnacl
asymmetric encryption key pair from the user (which only proves that the user has an identity), authorization is done on per route basis.
The piqchat inbox server is responsible for a few very important aspects of the piqchat experience: