SpeakEasy
๐Version 1.1 by
๐
SpeakEasy is a web application relying on Vue a javascript library for building the user interface. If you are not familiar with Vue, here are two resources that you can check out. Official Docs and Quick Intro.
-
First install all dependencies. Make sure you have Node.js & npm on your machine:
# with npm npm install
After done with dependencies, we can set up the database. We use MySql as the database for our project.
-
For Windows, Install PhpMyAdmin, import db.sql in repository.
-
For MacOS,
- Install MySql and run the MySql server. Remember your password for 'root'
- Install the mysql cli using
brew install mysql
- Import the database from db.sql. You can run the command whenever you want to reset the database
$ mysql -u username -p < db.sql $ mysql -u username -p mysql> SET GLOBAL sql_mode=(SELECT REPLACE(@@sql_mode,'ONLY_FULL_GROUP_BY',''));
-
Create a
.env
file and insert the following code. Replace values with yours!!
PORT=[YOUR_PORT]
MYSQL_HOST="localhost"
MYSQL_USER="root"
MYSQL_PASSWORD=[YOUR_PASSWORD]
MYSQL_DATABASE="peterbook"
SESSION_SECRET_LETTER=[ANYTHING_SECRET]
- Example
.env
file would looks like:
PORT=3000
MYSQL_HOST=localhost
MYSQL_USER=root
MYSQL_PASSWORD=pswd
MYSQL_DATABASE=peterbook
SESSION_SECRET_LETTER=secret_letter
-
Start the server
npm start
-
Now open the app in browser by entering
localhost:[PORT]
-
Enjoy!!
- ER_MIX_OF_GROUP_FUNC_AND_FIELDS:
It is related to your SQL_MODE. Run following in your mysql:
mysql> SET GLOBAL sql_mode=(SELECT REPLACE(@@sql_mode,'ONLY_FULL_GROUP_BY',''));
Database Tables
users Table
id | username | password | bio | joined | |
---|---|---|---|---|---|
Unique | Unique | Unique | Hash value of user's password | Text | The time when user joined |
follow_system Table
follow_id | follow_by | follow_by_username | follow_to | follow_to_username | follow_time | confirmed |
---|---|---|---|---|---|---|
Unique | Follower's id | Follower's name | Followed's id | Followed's name | When this follow is created | If followed user confirms the follower |
likes Table
like_id | like_by | like_by_username | post_id | like_time |
---|---|---|---|---|
Unique | Id of who does the 'like' | Username of who does the 'like' | Id of the post | When the 'like' happened |
posts Table
post_id | user | username | title | content | post_created |
---|---|---|---|---|---|
Unique | Id of who makes the post | Name of who makes the post | Title of the post | Content of the post | When the postis published |
profile_views Table
view_id | view_by | view_by_username | view_to | view_time |
---|---|---|---|---|
Unique | Id of who view the profile | Name of who view the profile | Id of the owner of the profile | When the view happened |
keys_system Table
user_id | publickey | privatekey | aeskey |
---|---|---|---|
Id of the user who owns this set of keys | Public key of the user. It is used to encrypt the user's folloings' AES key. | Private key of the user. It is encrypted by user's password by AES. | AES key to encrypt/decrypt this user's posts. It is encrypted by user's public key |
encrypted_keys_system Table
follow_by | follow_to | encryptedkey |
---|---|---|
Follower's id | Followed user's id | The AES key to decrypt Followed user's posts. It is encrypted by follower's public key |
Sign Up
User would be asked to provide username, password and email for signing up. The server will verify that there are no replicates of either username or email in the data base and then sign up the user. The server will save username, email and hashed password in the database. Each user will have a set of keys (an random-generated AES key and a pair of RSA keys) and an unique ID. The AES key will be used to encrypt/decrypt the user's posts. And the RSA keys will be used to encrypt/decrypt other users' AES keys. The AES key will be encrypted by the RSA public key and the RSA private key will be encrypted by user's password before they are saved to database. Since only user's password can decrypt the private RSA key and then decrypt the AES keys and then decrypt the posts, there is no way to get user's post even if full access permission to the database is granted because only hash value of user's password is saved in the database and there is no way to convert the hash value to the original password.
Log In
User would be asked to provide username and password. Server will verify that the hash value of password matches the record in the database. If it is valid, the server will decrypt user's private RSA key and then AES key for encrypting/decrypting the user's post.
Followers System
Users can only follow others after they get approved by others. After approval, they will get AES keys of others to see others' posts. Users also have permission to drop their followers. After drop, the followers will lose the access to the users' AES keys. For example, Amy wants to follow Bob. Before the steps are completed, Amy cannot see the any posts from Bob. Bob can accept Amy's following request. When the server receives the approval from Bob, it will encrypt Bob's AES key by Amy's public RSA key and save the encrypted key to the database. Now, if Amy wants to see posts from Bob, the server will use Amy's private RSA key to decrypt the encrypted AES key from Bob and use the AES key to decrypt Bob's posts. If Bob does not want Amy to follow him, he can send a drop request to server. Server will delete the following record along with the encrypted AES key from Bob to Amy in the database.
Posts System
When user makes a post, the title and content of the post will be encrypted by user's AES key.