Hugging Face's logo

Spaces:
Sebebeb
/
SecureChat
Sleeping

App Files Community
SecureChat
File size: 2,147 Bytes
73d7d26
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
# SecureChat πŸ”’

A real-time, end-to-end encrypted chat application with 1-on-1 DMs and group chats. Deployable as a Hugging Face Space via Docker.

## Features

- **End-to-End Encryption (E2EE)** β€” RSA-OAEP for DMs, AES-GCM + RSA key wrapping for group chats. Server never sees plaintext.
- **Authentication** β€” Username/password + Google OAuth
- **Direct Messages** β€” 1-on-1 encrypted conversations
- **Group Chats** β€” Encrypted group messaging with per-member AES key wrapping
- **Display Name** β€” Change your display name anytime in Settings
- **Real-time** β€” WebSocket-based, instant message delivery
- **Typing Indicators** β€” See when someone is typing

## Deployment on Hugging Face Spaces

1. Create a new Space on [huggingface.co/spaces](https://huggingface.co/spaces)
2. Choose **Docker** as the SDK
3. Push this repository to the Space

### Environment Variables (Space Secrets)

Set these in your Space settings β†’ Repository Secrets:

| Variable | Description | Required |
|----------|-------------|----------|
| `SECRET_KEY` | JWT signing key (random 32+ char string) | Yes |
| `GOOGLE_CLIENT_ID` | Google OAuth Client ID | Optional |
| `GOOGLE_CLIENT_SECRET` | Google OAuth Client Secret | Optional |
| `GOOGLE_REDIRECT_URI` | `https://YOUR-SPACE.hf.space/api/auth/google/callback` | If using Google |

### Setting up Google OAuth (Optional)

1. Go to [Google Cloud Console](https://console.cloud.google.com)
2. Create OAuth 2.0 credentials
3. Add your Space URL as an authorized redirect URI: `https://YOUR-SPACE.hf.space/api/auth/google/callback`
4. Set the credentials as Space secrets

## Local Development

```bash
pip install -r requirements.txt
mkdir -p data
uvicorn main:app --reload --port 7860
```

Open `http://localhost:7860`

## Security Notes

- **Private keys never leave the browser** β€” stored in localStorage as JWK
- RSA-2048 OAEP with SHA-256 for DM message encryption
- AES-256-GCM for group message content (per-message random IV)
- RSA-OAEP used to wrap the AES key for each group member
- Passwords hashed with bcrypt
- JWT tokens with 7-day expiry
- All transport over HTTPS (on HF Spaces)