stakwork / sphinx-kotlin-core Goto Github PK

Implement get balance endpoint and show it on dashboard header

Build the logic to encrypt and send a text message on a chat. It includes adding a field on the bottom of the chat UI view so user can type there an send

The kotlin android app used encrypted Android preferences to store the user PIN. Since this isn't multiplatform we could more easily create encrypted sqlite instance on the user device to store user preferences like PINs and such. This would help keep the pin management logic multiplatform.

We are currently using a wrapper around the java.security/java.cryptography package which is enough for us to use in platforms that support jvm packages.

We could create a wrapper around a native library that has the RSA functionality we are using in the sphinx project. But for now the jvm platforms are good enough.

A lot of the implementations are not internal and most should be internal as we won't be extending them outside of the class.

We currently using jvm supported cryptography libraries/apis that were used in the kotlin android app. These should suffice for the desktop app but to support more platforms to support.

Implement the new secure authentication we did on kotlin android that uses:

• New endpoint to get relay transport key and store it on app encrypted storage
• New endpoint to create/get hmac-key so it can be used to sign requests
• x-tranport-key from relay and send x-transport-token on each request instead of X-User-Token
• hmac-key with a signature of each request raw body so it can be verify in relay to prevent MITM attach

The sql database will be ideally encrypted using the encryptionKey, but the app implementation currently caches the SqlDriver (which would then provided decrypted access to the DB). Can a person break security assumptions if a logged out (requiring pin to unlock) execution of the app is accessed in a manner that exploits the cache?

Implement socket connection to receive text message in real time when logged into the app.

Implement logic to restore an existing account using the restore string:

• Allow user to enter PIN to decrypt restore string
• Decrypt and parse restore string into: encryption keys, relay url, authentication token
• Store them and PIN
• Load dashboard so all chat history and messages are loaded.

Service involved:
Android app

Goal:
Create a display for a user's tribe-specific profile information, which is returned from the tribes-server when someone clicks on their username in a tribe.

Method:

• Profile information will be returned here: tribes.sphinx.chat/person/uuid/{uuid}
• It should be displayed according to Milan's design below:
  

*for getting the badge icons using the badge IDs: https://liquid.sphinx.chat/list

We could replace OkHTTP with ktor.io as it is already multiplatform. Issue is the time required to replace all the OkHTTP code we have in the repo.

Service involved:
Android App

Goal:
Create a display of the tribe leaderboard.

Method:

• Tribe leaderboard data will be returned here: (tbd)
• Create the display based on Milan's design:
  

Dependency inject is great! Sadly a lot of the best tools for dependency injection are quite platform specific.

We currently do it manually by instantiating all the things we need in SphinxContainer.

There are multiplatform dependency libraries that exist that we could use to replace this method for more elegance. For now, manual gets the job done.