astrosonic / sanctuary Goto Github PK

Rename input field placeholders from Joining link to Chatroom joining ID, as the generated link is more of an unique ID rather than a hyperlink, it makes more sense.

Position of the owner message should be on the right and others should be on left

Use PyInstaller. Make sure that the binary is compliant to Python 3.8.

Use Summernote to get base64-encoded information

I have seen that this project does not allow to choose IP Address for hosting the Web Application, so i thought I can fix it.
Hence I will be getting a new pull request Up for the same.

Provide options for continually checking of parameters like

• Chatroom validity - Allow people to communicate if true, redirect back to home if false.
• User activity - On joining of each user, display the username and mark them as active.

Add an entry for chatroom purge in the database by listing the following things

• A boolean value to state if the chatroom is purged or not.
• A timestamp value as to when the chatroom was purged.
• A text value as to state which user caused the chatroom purge.

Profile picture should stick at the top of the chat card

you should never serve a page thats supposed to be used with the Falsk Development server.

The development server is provided by Werkzeug for convenience, but is not designed to be particularly efficient, stable, or secure.

an alternative to Flask could be Sanic, which is similar to Flask but based on asyncio, and has a builtin server that works for deployment.

From the instructions:

http://< YOUR-LOCAL-IP-ADDRESS >/6969/
should rather say
http://< YOUR-LOCAL-IP-ADDRESS >:6969/

The user directly exits from room also directly purge the room without confirmation dialog, after clicking on leave or purge room .

Add a text wrapping option while displaying the message

In the spirit of getting more contributors to the project, the above documents would be appreciated.

Hi there!

I happened across your project recently (love the idea!), and while reading through the code I think I uncovered a security hole.

Let's say you have a client A in a private channel A'. When A sends a message to the server, it sends the room (A') that the message is associated with to the server as a field on the payload:
https://github.com/astrosonic/sanctuary/blob/master/templates/actiroom.html#L84-L94

The server checks to see if the room is active, and then broadcasts that message out to all connected clients:
https://github.com/astrosonic/sanctuary/blob/master/main.py#L168-L171

So if we have a client B in a separate private channel B', they will receive the message. Currently this isn't noticeable if B is a casual observer, because only messages from the joined room get displayed:
https://github.com/astrosonic/sanctuary/blob/master/templates/actiroom.html#L108

However, all B has to do to read A's messages is to remove that filtering out; this is trivial to do in a browser's Javascript console. This means that any malicious client with network access to the chat server can listen in on all the messages being sent on the server in any room.

To fix this, I think you'd want to do two things:

• Server-side, use SocketIO's built-in room support to send messages only to clients within that room
• Server-side, only allow clients to connect (to read or publish messages) if they've supplied the correct password for the room

Does that make sense? Happy to clarify!

Add client-side form validation to prevent this from happening.

Audio sent. Audio received. Chatting becomes way more interactive. Cool stuff. 🙂

Add a dedicated session termination page and then a redirect to home page from there

Use PyInstaller. Make sure that the binary is compliant to Python 3.8.

Room creation page should have its own namespace to be uniquely identified. Refreshing a unique page would not lead to creation of a new room and hence would fix the problem.

The textbox should get cleared after an event of successful message sending. It does not. 😞

Can lead to unforeseen bugs while handling redirects

I have also initiated a pull request to fix this

HINT - Initialize the websocket variable only after taking username and roomiden - then store it in the list USERS along with the those data.

All conversations are shared among chatrooms with same name. Use specific identity for chatrooms.

The Web browser, to protect privacy of the user, keeps blocking microphone access even if permission is allowed. Accessing website using https also doesn't work.

On Raspberry Pi 3 Model B Rev 1.2, following instructions verbatim, I am not able to connect local network clients to any chatroom identity EXCEPT for "DEADCAFE" (no idea where this identify was generated from but it showed up when I hit the reload icon at the top of the client)

You can learn more about env variables and their usage here

Add logout option for chatroom users such that they can destroy their side of all the chats and leave the chatroom safely while invalidating their current session.

• About users who have joined or left
• About users who are active and inactive

Whisper feature can allow for sending messages to a specific recipient only

This should be easy. Run a requirement check, and update the list with newer versions of dependencies

For messages sent to rooms with the same name but with different passwords, a bubble with an empty string appears.