Hugging Face's logo

Spaces:
Sebebeb
/
SecureChat
Sleeping

App Files Community
SecureChat / src /README.md
ausername-12345
reuse register endpoint for google setup
73d7d26
preview code
|
raw
history blame contribute delete
2.15 kB
# SecureChat πŸ”’
A real-time, end-to-end encrypted chat application with 1-on-1 DMs and group chats. Deployable as a Hugging Face Space via Docker.
## Features
- **End-to-End Encryption (E2EE)** β€” RSA-OAEP for DMs, AES-GCM + RSA key wrapping for group chats. Server never sees plaintext.
- **Authentication** β€” Username/password + Google OAuth
- **Direct Messages** β€” 1-on-1 encrypted conversations
- **Group Chats** β€” Encrypted group messaging with per-member AES key wrapping
- **Display Name** β€” Change your display name anytime in Settings
- **Real-time** β€” WebSocket-based, instant message delivery
- **Typing Indicators** β€” See when someone is typing
## Deployment on Hugging Face Spaces
1. Create a new Space on [huggingface.co/spaces](https://huggingface.co/spaces)
2. Choose **Docker** as the SDK
3. Push this repository to the Space
### Environment Variables (Space Secrets)
Set these in your Space settings β†’ Repository Secrets:
| Variable | Description | Required |
|----------|-------------|----------|
| `SECRET_KEY` | JWT signing key (random 32+ char string) | Yes |
| `GOOGLE_CLIENT_ID` | Google OAuth Client ID | Optional |
| `GOOGLE_CLIENT_SECRET` | Google OAuth Client Secret | Optional |
| `GOOGLE_REDIRECT_URI` | `https://YOUR-SPACE.hf.space/api/auth/google/callback` | If using Google |
### Setting up Google OAuth (Optional)
1. Go to [Google Cloud Console](https://console.cloud.google.com)
2. Create OAuth 2.0 credentials
3. Add your Space URL as an authorized redirect URI: `https://YOUR-SPACE.hf.space/api/auth/google/callback`
4. Set the credentials as Space secrets
## Local Development
```bash
pip install -r requirements.txt
mkdir -p data
uvicorn main:app --reload --port 7860
```
Open `http://localhost:7860`
## Security Notes
- **Private keys never leave the browser** β€” stored in localStorage as JWK
- RSA-2048 OAEP with SHA-256 for DM message encryption
- AES-256-GCM for group message content (per-message random IV)
- RSA-OAEP used to wrap the AES key for each group member
- Passwords hashed with bcrypt
- JWT tokens with 7-day expiry
- All transport over HTTPS (on HF Spaces)