munafio / chatify

Laravel's #1 one-to-one chatting system package, helps you add a complete real-time chatting system to your new/existing Laravel application with only one command.
https://chatify.munafio.com
MIT License
2.24k stars 479 forks source link

Is encryption applied? #96

Closed sofhin closed 3 years ago

sofhin commented 3 years ago

Would like to ask whether any encryption algorithm been applied in this package.

munafio commented 3 years ago

@sofhin this package uses Pusher's private channels you can read more about it here, in the next release, will support End-to-End encryption which provides the same subscription restrictions as private channels. In addition, the data field of events published to end-to-end encrypted channels is encrypted using an implementation of the Secretbox encryption standard defined in NaCl before it leaves your server.

sahilxjain commented 3 years ago

@sofhin this package uses Pusher's private channels you can read more about it here, in the next release, will support End-to-End encryption which provides the same subscription restrictions as private channels. In addition, the data field of events published to end-to-end encrypted channels is encrypted using an implementation of the Secretbox encryption standard defined in NaCl before it leaves your server.

Thanks Munafio for the wonderful package, This feature is still missing on v1.2 released yesterday, do you have plans to release this on next major version v2, or is it coming soon in v1.x only ?

munafio commented 3 years ago

@sofhin this package uses Pusher's private channels you can read more about it here,

in the next release, will support End-to-End encryption which provides the same subscription restrictions as private channels. In addition, the data field of events published to end-to-end encrypted channels is encrypted using an implementation of the Secretbox encryption standard defined in NaCl before it leaves your server.

Thanks Munafio for the wonderful package, This feature is still missing on v1.2 released yesterday, do you have plans to release this on next major version v2, or is it coming soon in v1.x only ?

This feature is in beta version with pusher, so the client events won't work because it is not supported yet. So, maybe with Chatify v2 will be there.

harisali709 commented 2 years ago

You can use Laravel Encryption. I was able to achieve it with these two smaller changes in MessageController::send() and MessageCard View

image image

NawrasBukhari commented 2 years ago

You can use Laravel Encryption. I was able to achieve it with these two smaller changes in MessageController::send() and MessageCard View

image image

Thank you for the encryption approach, but I have a problem with the decryption as shown here

error decryption

harisali709 commented 2 years ago

Please replace your messageCard.blade.php with the given code.

{{-- -------------------- The default card (white) -------------------- --}}
@if($viewType == 'default')
@if($from_id != $to_id)
<div class="message-card" data-id="{{ $id }}">
    <?php try{ ?>
    <p>{!! ($message == null && $attachment != null && @$attachment[2] != 'file') ? $attachment[1] : nl2br(Crypt::decryptString($message)) !!}
        <sub title="{{ $fullTime }}">{{ $time }}</sub>
        {{-- If attachment is a file --}}
        @if(@$attachment[2] == 'file')
        <a href="{{ route(config('chatify.attachments.route'),['fileName'=>$attachment[0]]) }}" style="color: #595959;" class="file-download">
            <span class="fas fa-file"></span> {{$attachment[1]}}</a>
        @endif
    </p>
    <?php }catch(\Exception $e){ ?>
    ...
    <?php } ?>
</div>
{{-- If attachment is an image --}}
@if(@$attachment[2] == 'image')
<div>
    <div class="message-card">
        <div class="image-file chat-image" style="width: 250px; height: 150px;background-image: url('{{ asset('storage/'.config('chatify.attachments.folder').'/'.$attachment[0]) }}')">
        </div>
    </div>
</div>
@endif
@endif
@endif

{{-- -------------------- Sender card (owner) -------------------- --}}
@if($viewType == 'sender')
<div class="message-card mc-sender" data-id="{{ $id }}">
    <?php try{ ?>
    <p>{!! ($message == null && $attachment != null && @$attachment[2] != 'file') ? $attachment[1] : nl2br(Crypt::decryptString($message)) !!}
        <sub title="{{ $fullTime }}" class="message-time">
            <span class="fas fa-{{ $seen > 0 ? 'check-double' : 'check' }} seen"></span> {{ $time }}</sub>
        {{-- If attachment is a file --}}
        @if(@$attachment[2] == 'file')
        <a href="{{ route(config('chatify.attachments.route'),['fileName'=>$attachment[0]]) }}" class="file-download">
            <span class="fas fa-file"></span> {{$attachment[1]}}</a>
        @endif
    </p>
    <?php }catch(\Exception $e){ ?>
    ...
    <?php } ?>
</div>
{{-- If attachment is an image --}}
@if(@$attachment[2] == 'image')
<div>
    <div class="message-card mc-sender">
        <div class="image-file chat-image" style="width: 250px; height: 150px;background-image: url('{{ asset('storage/'.config('chatify.attachments.folder').'/'.$attachment[0]) }}')">
        </div>
    </div>
</div>
@endif
@endif

I have actually added a try-catch block and Crypt::decryptString($message) on the rendered message. It will also take care of your older non-encrypted messages. Good Luck!

harisali709 commented 2 years ago

Apply the same logic to the listItem.blade.php file. I have mostly overrides the code for my own purpose & I have made a different copy for you which can act differently. Please tell me if you find any further issues with the given code.

{{-- -------------------- Saved Messages -------------------- --}}

@if($get == 'saved')
<table class="messenger-list-item m-li-divider @if('user_'.Auth::user()->id == $id && $id != " 0") m-list-active @endif">
    <tr data-action="0">
        {{-- Avatar side --}}
        <td>
            <div class="avatar av-m" style="background-color: #d9efff; text-align: center;">
                <span class="far fa-bookmark" style="font-size: 22px; color: #68a5ff; margin-top: calc(50% - 10px);"></span>
            </div>
        </td>
        {{-- center side --}}
        <td>
            <p data-id="{{ 'user_'.Auth::user()->id }}">Private Notes <span>You</span></p>
            <span>Save messages secretly</span>
        </td>
    </tr>
</table>
@endif

{{-- -------------------- All users/group list -------------------- --}}
@if($get == 'users')
<table class="messenger-list-item @if($user->id == $id && $id != " 0") m-list-active @endif" data-contact="{{ $user->id }}">
    <tr data-action="0">
        {{-- Avatar side --}}
        <td style="position: relative">
            @if($user->active_status)
            <span class="activeStatus"></span>
            @endif
            <div class="avatar av-m" style="background-image: url('{{ Storage::disk('profile_images')->url($user->image) }}');">
            </div>
        </td>
        {{-- center side --}}
        <td>

            <p data-id="{{ $type.'_'.$user->id }}">
                {{ strlen($user->first_name ." " . $user->last_name) > 20 ? trim(substr($user->first_name ." " . $user->last_name,0,20)).'..' : $user->first_name ." " . $user->last_name }}
                <span>{{ $lastMessage->created_at->diffForHumans() }}</span></p>
            <span>
                {{-- Last Message user indicator --}}
                {!!
                $lastMessage->from_id == Auth::user()->id
                ? '<span class="lastMessageIndicator">You :</span>'
                : ''
                !!}
                {{-- Last message body --}}
                @if($lastMessage->attachment == null)
                <?php try{ ?>
                {{
                strlen(Crypt::decryptString($lastMessage->body)) > 30
                ? trim(substr(Crypt::decryptString($lastMessage->body), 0, 30)).'..'
                : Crypt::decryptString($lastMessage->body)
            }}
                <?php }catch(\Exception $e){ ?>
                ...
                <?php } ?>
                @else
                <span class="fas fa-file"></span> Attachment
                @endif
            </span>
            {{-- New messages counter --}}
            {!! $unseenCounter > 0 ? "<b>".$unseenCounter."</b>" : '' !!}
        </td>

    </tr>
</table>
@endif

{{-- -------------------- Search Item -------------------- --}}
@if($get == 'search_item')
<table class="messenger-list-item" data-contact="{{ $user->id }}">
    <tr data-action="0">
        {{-- Avatar side --}}
        <td>
            <div class="avatar av-m" style="background-image: url('{{ Storage::disk('profile_images')->url($user->image) }}');">
            </div>
        </td>
        {{-- center side --}}
        <td>
            <p data-id="{{ $type.'_'.$user->id }}">
                {{ strlen($user->first_name ." " . $user->last_name) > 20 ? trim(substr($user->first_name ." " . $user->last_name,0,20)).'..' : $user->first_name ." " . $user->last_name }}
        </td>

    </tr>
</table>
@endif

{{-- -------------------- Shared photos Item -------------------- --}}
@if($get == 'sharedPhoto')
<div class="shared-photo chat-image" style="background-image: url('{{ $image }}')"></div>
@endif
NawrasBukhari commented 2 years ago

Please replace your messageCard.blade.php with the given code.

{{-- -------------------- The default card (white) -------------------- --}}
@if($viewType == 'default')
@if($from_id != $to_id)
<div class="message-card" data-id="{{ $id }}">
    <?php try{ ?>
    <p>{!! ($message == null && $attachment != null && @$attachment[2] != 'file') ? $attachment[1] : nl2br(Crypt::decryptString($message)) !!}
        <sub title="{{ $fullTime }}">{{ $time }}</sub>
        {{-- If attachment is a file --}}
        @if(@$attachment[2] == 'file')
        <a href="{{ route(config('chatify.attachments.route'),['fileName'=>$attachment[0]]) }}" style="color: #595959;" class="file-download">
            <span class="fas fa-file"></span> {{$attachment[1]}}</a>
        @endif
    </p>
    <?php }catch(\Exception $e){ ?>
    ...
    <?php } ?>
</div>
{{-- If attachment is an image --}}
@if(@$attachment[2] == 'image')
<div>
    <div class="message-card">
        <div class="image-file chat-image" style="width: 250px; height: 150px;background-image: url('{{ asset('storage/'.config('chatify.attachments.folder').'/'.$attachment[0]) }}')">
        </div>
    </div>
</div>
@endif
@endif
@endif

{{-- -------------------- Sender card (owner) -------------------- --}}
@if($viewType == 'sender')
<div class="message-card mc-sender" data-id="{{ $id }}">
    <?php try{ ?>
    <p>{!! ($message == null && $attachment != null && @$attachment[2] != 'file') ? $attachment[1] : nl2br(Crypt::decryptString($message)) !!}
        <sub title="{{ $fullTime }}" class="message-time">
            <span class="fas fa-{{ $seen > 0 ? 'check-double' : 'check' }} seen"></span> {{ $time }}</sub>
        {{-- If attachment is a file --}}
        @if(@$attachment[2] == 'file')
        <a href="{{ route(config('chatify.attachments.route'),['fileName'=>$attachment[0]]) }}" class="file-download">
            <span class="fas fa-file"></span> {{$attachment[1]}}</a>
        @endif
    </p>
    <?php }catch(\Exception $e){ ?>
    ...
    <?php } ?>
</div>
{{-- If attachment is an image --}}
@if(@$attachment[2] == 'image')
<div>
    <div class="message-card mc-sender">
        <div class="image-file chat-image" style="width: 250px; height: 150px;background-image: url('{{ asset('storage/'.config('chatify.attachments.folder').'/'.$attachment[0]) }}')">
        </div>
    </div>
</div>
@endif
@endif

I have actually added a try-catch block and Crypt::decryptString($message) on the rendered message. It will also take care of your older non-encrypted messages. Good Luck!

Thank you it solved my problem!