Author Topic: Chat for HFS.  (Read 1158 times)

0 Members and 1 Guest are viewing this topic.

Offline username1565

  • Occasional poster
  • *
  • Posts: 13
    • View Profile
Chat for HFS.
« on: July 08, 2018, 12:05:22 PM »
Hello. I'm from here: https://github.com/rejetto/hfs/issues/7

I'd implemented the file-chat for HFS, using Javascript and JQuery.
This connected to HTTPFileServer, using XHR-queries (you can see this in browser, in console.log).

Source code you can find in attached file, then you can test this.
To make this workable, put (by using drag and drop)
the folder "Upload_messages" inside the main folder of this chat in HFS
and make this uploadable for anyone.

Best regards.
« Last Edit: July 08, 2018, 12:56:33 PM by username1565 »

Offline username1565

  • Occasional poster
  • *
  • Posts: 13
    • View Profile
Re: Chat for HFS.
« Reply #1 on: July 08, 2018, 12:56:47 PM »
Maybe there is possible to add websockets, or another methods, like WebRTC.
Maybe there is possible to add file sharing, webcam-streaming, or voice chat.
In this case, HFS can working just as relay-server (like IRC), or as a STUN-server, without large traffic loading.
STUN server need only to make peer exchange!

For example, this chat https://github.com/ScaleDrone/webrtc-text-chat-tutorial/
can be downloaded as zip, and this working in HFS, like web-based p2p chat,
but only when Internet connection exists.
Else, this not working, and in script.js you can see this:
Quote
stun:stun.l.google.com:19302
This is just a public STUN server for making peer exchange through NAT:
https://gist.github.com/mondain/b0ec1cf5f60ae726202e

In the case of using stun server or relay servers, no need any loading of traffic on HFS,
for example if webcam or voice chat will be using by users.
This users will be a peers, will connected each by each,
and stun server inside HFS
will make the warranty of stable peer exchange in this P2P chat.

Offline username1565

  • Occasional poster
  • *
  • Posts: 13
    • View Profile
Re: Chat for HFS.
« Reply #2 on: July 08, 2018, 01:10:36 PM »
Also, as example, I can leave here this chat: https://www.pubnub.com/developers/demos/10chat/
If two tabs with this, in browser, will be opened together, you can chat with yourself.
This chat not a p2p, and this need to register room or channel on the site pubnub.
But I think traffic will go between peers, and the channel don't save the traffic.
I think this, because reloading the page not give all previous messages.
In this case pubnub channel working as relay server or stun server for peer exchange and then chat is really P2P.
This can working in LAN if stun server or relay server will be inside HFS.

Also, I want to recommend you all to test this WebRTC-examples: https://github.com/muaz-khan/WebRTC-Experiment/
There is examples for file-sharing, voice chat, and webcam-chat,
but this not a p2p, not working in LAN without Interned,
and this all working with requirements for runing server-side code,
and need socket.io, or Peer.js to be runned on node.js.
Node.js source code is to large to be included in HFS server but maybe can using
minify and compactly implementation for requirements only this all.

Offline username1565

  • Occasional poster
  • *
  • Posts: 13
    • View Profile
Re: Chat for HFS.
« Reply #3 on: July 08, 2018, 01:21:42 PM »
Also, I want to recommend you all to see this:



This is web-based interface for Tox!
Here is source code: https://github.com/codedust/WebTox and there is server-side code, writed as .go files.
This must to be compiled and this is a different server.
GO-installer have over 100 MB size. Not good for downloading.

Utox, Toxcore, or http://isotoxin.im/
this all is a P2P-programs, yes this can working in LAN,
and there is, inside the p2p tox-programs, already exists server-side soft.
But tox-programs is not web-based chat. So, webTox can make this web-based.

In this case, compiled go-files code in server-side of webtox
can be included in HFS server code, and working if tox-node will be running.
But I think this will make more sence, if WebTox will be included in server-side code for tox-programs.

So I just leave this here, and you can learn Tox working principles
and include something of this in HFS.
For example, NaCl encryption, with generate private key and public key,
or DHT to make peer exchange - all this can be inside HFS.
« Last Edit: July 08, 2018, 01:28:33 PM by username1565 »

Offline bmartino1

  • Tireless poster
  • ****
  • Posts: 797
  • I'm only trying to help i mean no offense.
    • View Profile
    • none - google translate
Re: Chat for HFS.
« Reply #4 on: July 11, 2018, 01:11:53 PM »
https://github.com/heiswayi/hfs-templates/blob/master/HFSTemplate_AllyssaFramework_v1_2.tpl

There already chat boxes in other templates on the forum such as thunder chicken of glore, etc etc...

I don't know if you asking for help on addons or just shrong something you'd like to see implemented in to hfs.

???
I'm only trying to help i mean no offense.
thank you for your time and patience,
Bmartino1

Offline username1565

  • Occasional poster
  • *
  • Posts: 13
    • View Profile
Re: Chat for HFS.
« Reply #5 on: July 14, 2018, 09:09:09 PM »
https://github.com/heiswayi/hfs-templates/blob/master/HFSTemplate_AllyssaFramework_v1_2.tpl
Thanks for the link of templates by Heiswayi Nrird. I see there very nice templates.
Also, I see there is working hfs.exe too - this is version 2.2f.

There already chat boxes in other templates on the forum such as thunder chicken of glore, etc etc...
Can you tell me the link for templates:
Quote
thunder chicken of glore, etc etc...
?

I tryed use "Allyssa Framework v1.2" from your link, and I see there, inside HTML code:
Code: [Select]
<iframe id="iframe" frameborder="0" src="http://findbetterresults.com/?dn=freeshoutbox.net&amp;pid=9PO755G95"
style="display: none !important;"></iframe>
And this is not working with Internet. I see the errors in console.log (F12 button in browser).
Also, this chat must not to working WITHOUT INTERNET,
and I want to see the chat to be workable in LAN (Local Network).

My chat is working in LAN without INTERNET, but this is not so ellegant.
If there will be 1 million messages, each user must to save this all - as different files, for each page-request.  ;D
This is only demo-example for you all, to think about it.

I don't know if you asking for help on addons or just shrong something you'd like to see implemented in to hfs.
???
I don't see any addons with chat, so I just leave this code here.
At last, in the future, maybe I want to see good server-side chat inside HFS,
without any rooms or channels on another servers/services.

Maybe there can be possible, to realize VOIP, video conference, torrent tracker, and another P2P technologies,
if relay server or stun server will be using to do connection between LAN-peers, without need the Internet.

Best regards.
« Last Edit: July 14, 2018, 09:27:36 PM by username1565 »

Offline bmartino1

  • Tireless poster
  • ****
  • Posts: 797
  • I'm only trying to help i mean no offense.
    • View Profile
    • none - google translate
Re: Chat for HFS.
« Reply #6 on: July 15, 2018, 03:18:57 PM »
I'm only trying to help i mean no offense.
thank you for your time and patience,
Bmartino1

Follow members gave a thank to your post:


Offline LeoNeeson

  • Tireless poster
  • ****
  • Posts: 514
  • Solitario...
    • View Profile
    • twitter.com/LeoNeeson
Re: Chat for HFS.
« Reply #7 on: July 16, 2018, 08:25:05 AM »
@username1565: Your idea is very interesting. I've tested it, and it works well, but I've also found some issues and ideas for enhancements.

Possible small enhancements:
- (Bug) if we insert ":" in a message, then any text/word after that is not shown.
- Automatically scroll-down messages, so we can always see the last posted message.
- Show the number of users online, or even better, have a simple online user list.
- Save/remember nickname on a cookie, and allow change nickname when clicking on it.
- Add an optional 'Send' button (as a fail-over, for old browsers not detecting when the 'Enter' key is pressed).

Possible complex enhancements:
- Privacy: If possible, save messages using the epoch Unix Time, to avoid someone automatically stealing all the messages, since it's currently searching for "message (2).txt", "message (3).txt", etc. which can be easily guessed. But since this can be very complex to implement, I have another better idea:

- Add a private chat mode: when a private chat with some user is started, a new window is opened, and a new -temporal- folder is created on HFS, with a random folder name (for example "TempChat-5560AFHG"), so, another users can't guess the folder path and steal or retrieve private chats. Folder name should be automatically exchanged in background, without user intervention. And when one of the users close your browser, the private chat ends, and the another user gets a message like 'John has closed this chat' (similar as IRC). And then, we can also automatically delete that temporal folder, when both parts close the window. We can also create a -permanent- private chat (with a folder name like "PermChat-EASY777"), adding a button to make it, so if 2 users know the 'private chat name' (aka: private chat folder name), for example "EASY777", then, they can join the chat anytime without having to post anything on the public chat (that folder stores the messages permanently). So basically, we can have a public chat, and a private chat and all without a database or anything special.

You can also check the chat made by DJ, here (which can give you some new fresh ideas).

Cheers,
Leo.-
HFS in Spanish (HFS en Español) / How to compile HFS (Tutorial)
• I'm open to help and share any file you may need (just ask me) ;)

Follow members gave a thank to your post:


Offline username1565

  • Occasional poster
  • *
  • Posts: 13
    • View Profile
Re: Chat for HFS.
« Reply #8 on: July 21, 2018, 04:05:03 PM »
Hello, @LeoNeeson! Thanks for your interest and time for test this.
Quote
- (Bug) if we insert ":" in a message, then any text/word after that is not shown.
This because ":" symbol is the delimiter, you can see this in source code and inside the file content.
As you can see in the source code, delimiter is ": " (":+white_space"), so links with https:// is working, for example.
File with message contains next data: "USERNAME,delimiter,message".
This delimiter can be any symbol, or even dynamic delimiter, as the hash from message, for example.  ;D
We can using special unicode characters, like Zero-width space or another symbol, which will be trimmed or cann't be writed.
Just rewrite this strings in chat.js:
Code: [Select]
//message received.
83: var nickname = this.responseText.split(': ')[0]; //insert nickname
84: var message = this.responseText.split(': ')[1]; //insert message
...
131: name+ ': ';
But I fixed this bug, using this code:
Code: [Select]
//message received.
var nickname = this.responseText.split(': ', 1)[0]; //insert nickname
var message = this.responseText.split(nickname+': ', 2)[1]; //insert message

Also, I see another bug - many sounds elements with id="chatAudio" in the source code in html-page in browser.
This was been fixed by code in last message.


If delimiter will be changed, I see another problem. Anyone can uploading any message with custom delimiter,
then not all messages will be available for each user.
Incrementing message nubmer is automatically for each uploading.
As you can see in the source code, each message saved by POST query, as file with one name "message.txt".

Quote
- Automatically scroll-down messages, so we can always see the last posted message.
You can scroll fasly if you press SHIFT button, and click in the end of scroll bar.
But you are right, it can be automatically.
This is client-side software, and you can do with this source code anything, what do you want.

Just using css-code "overflow: scroll" for div element, and Javascript or jquery scrolling functions.
And... I want to say next for you...
When many messages there is exists in textarea, scrolling functions can lagging...
I tested this JQuery method:
Quote
$('#chat-area').animate({ scrollTop: window_height + chat_height }, 'slow', function (){});
So better way to already see last message, will be next... Just invert message filling in textarea!
Code: [Select]
function get_file(number){...
    xhr.onload = function(){
        ...
        //replase this
        //var code = '<p>'+'<span>'+nickname+'</span>'+message+'</p>'; //add tags to message
//document.getElementById('chat-area').innerHTML += code; //display this
        //to this ->
        var code = '<p>'+'<span>'+nickname+'</span>'+message+'</p>'; //add tags to message
document.getElementById('chat-area').innerHTML = code + document.getElementById('chat-area').innerHTML; //display this in top
    }
}
Now, last message you can always see in the top of textarea, without any scrolling.
As you can see all textarea data will be copying every time when this will be filled.
So you can limit this in this step, for example to see last 100, 1000 messages only and not more than.

For example, in last message, I did set limit as 1000 messages, using split html content by '</p>' delimiter with 100 messages limit.
I did test '<p>' and '</p>' tags inside the messages, and I see all tags is closed autumatically in my browser, without any bugs.

Quote
- Show the number of users online, or even better, have a simple online user list.
There is no any signalling about the status "online".
Maybe, to do this, need to create a separate file, and rewrite this when user authorized,
and correct this, if user is not active within some time limit (not wrote any message).
But any rewrition of file will opening the backdoor to do damage this file from anyone.
I think will be better to using another server-side script, implemented to HFS.

Quote
- Save/remember nickname on a cookie, and allow change nickname when clicking on it.
Is HFS working with cookies? I see only 1 cookie file with HFS_SID in my browser settings.
If cookies can be sent, then you can rewrite the souce code and don't ask username in prompt, if cookie is exists.
I wrote this chat as simple and portable IRC-althernative, to working in TOR.
I have .onion domain and this is better than any DDNS. And as I remember, Tor Browser have strength cookies-policy.

Quote
- Add an optional 'Send' button (as a fail-over, for old browsers not detecting when the 'Enter' key is pressed).
This is HTML/JS - coding. You can add this yourself using standard form methods. And post the source code in this thread, then.
In this case javascript functions can be called by methods form onsubmit="function_name()", and onclick="function_name()"
By default, message will be sent after press "enter", according JQuery code
//textarea functions...
in the file chat.js
I don't know what browsers cann't using JQuery, but this can be excluded too.

Quote
- Privacy: If possible, save messages using the epoch Unix Time,
to avoid someone automatically stealing all the messages,
since it's currently searching for "message (2).txt", "message (3).txt", etc.
Nice idea. Seems like private rooms.
But as I said I created this as analogue of public IRC-channel in Local Network.
In IRC you can see private rooms too, but this is a channel, and this need Internet connection.
For example, you can connect here: https://webchat.freenode.net/ to #tox channel with any username,
and do chating online with Tox developers community.
In LAN IRC - not working... And this HFS-chat working in LAN.

If number in filename will be changed, then any random user cann't do loading this simply.
I saw the problem in this, earler, but now...
How I see private rooms implementation?
1. Alice and Bob, select the key and do key exchange using DH.
2. Both calculating hash(from this key).
3. Rewtire "message" prefix (not number) as "hash(from_key)" and save the messages, encrypted by this key.
(For example, can be using AES algoritm to do encryption/decryption message content, and save this as HEX.)
4.
 - No any user must not and cann't download this messages.
 - Admin cann't read this messages (he don't know key for encryption/decryption.)
 - Admin can delete this messages, as admin for files in folder.
 - Bob and Alice can download messages, by simply incremention suffix (number about which you say).

Quote
- Add a private chat mode: when a private chat with some user is started, a new window is opened, and a new -temporal- folder is created on HFS, with a random folder name (for example "TempChat-5560AFHG") so, another users can't guess the folder path and steal or retrieve private chats.
Hehheh... This folder must be uploadable, and only HFS-admin can switch this.
To using security, as I said, Alice and Bob can using encryption/decryption in public chat.
No any user cann't read message without decryption key in this case,
but so many messages can be available in public to download...
If folder not recursively hidden, then any user can see file prefix,
and then save the same files with spam random values,
and in this case, Alice and Bob cann't decrypt this, but will got spam-loading.
So the private rooms, as I said Alice and Bob can using hash of key as prefix for filename with messages.
And in this case loading to server will be lower than in the case with just encrypted messages in public room.

Quote
And when one of the users close your browser, the private chat ends, and the another user gets a message like 'John has closed this chat' (similar as IRC).
Hm... This seems like WebRTC. Peer2Peer connection with random identifier for each private chat-room.
To make p2p connections, need the stun-server, or another relay-server - must be implemented in server-side software for make peers exchange.
To see any status value, need to do signalling between users.
All signals will be go to the server in this case, and as you can see this is HFS server, then signals will be saved AS FILES.
AS MANY-MANY FILES (without deletion, of course)...  :D
So will be better to do peer exchange, and directly data exchange between the peers.
Then will be possible to do video-chat, or voice chat, like VOIP, with lowest server loading.

Quote
And then, we can also automatically delete that temporal folder, when both parts close the window.
You cann't delete the folder, because in this case, this deletion can do anyone then.
But admin can do special permissions for you, as for authorized user.
In this case you must to contact to admin, and do logining to HFS server.

Quote
We can also create a -permanent- private chat (with a folder name like "PermChat-EASY777"), adding a button to make it, so if 2 users know the 'private chat name' (aka: private chat folder name), for example "EASY777", then, they can join the chat anytime without having to post anything on the public chat (that folder stores the messages permanently).
Hm... In this case, you need to be authorized on admin's HFS-server, or download HFS yourself, create folder with your own name,
and rewrite the pathways in HFS_JQuery_chat. Folder must be uploadable.
You can hide this folder! And you can do this - recursivelly hidden! To hide files inside this folder from anyone. Yeap...
But not from sniffers, because XHR using DNS. In TOR this can be secure, because TOR use encryption.

Quote
So basically, we can have a public chat, and a private chat and all without a database or anything special.
As I wrote in the top, this is possible in 1 uploadable folder, if:
1. Messages will be encrypted. (Can be used assymetric cryptography!)
2. Prefix for files will be changed in the source code.
3. Auto-increment for files containing the encrypted messages with this prefix.
And more no need nothing. To use assymetric cryptography can be used JS library, like js-nacl,
RSA, Diffie-Hellman key exchange, etc... You can find this here + BigInteger: https://github.com/username1565

Quote
You can also check the chat made by DJ, here (which can give you some new fresh ideas).
Thanks for your link. I did test this, but private messages in last version not working.
There is "..." for receiver. Template not working for me, in HFS 2.2.

https://rawr.thatstevensguy.com/
I did download Thunderchicken of Glory v4.0.3 and test this.
I see "mini chat" with id="Shoutbox" and the folder "template\shoutbox"
I see there is each message in each file too.
There is IP of user and timestamp in filename, and HTML content inside the file.
This chat is not secure if IP leak to admin, because any admin can be not good, IMHO.

Best regards, and have a nice day.
« Last Edit: July 21, 2018, 08:04:55 PM by username1565 »

Follow members gave a thank to your post:


Offline username1565

  • Occasional poster
  • *
  • Posts: 13
    • View Profile
Re: Chat for HFS.
« Reply #9 on: July 21, 2018, 06:33:27 PM »
After this all - fix. File - chat.js:
Code: [Select]
line 83: //': ' in message bug - fixed.
//message received.
var nickname = this.responseText.split(': ', 1)[0]; //insert nickname
var message = this.responseText.split(nickname+': ', 2)[1]; //insert message

line 89: //multiply sound elements in HTML code - bug fixed.
//add sound and play this.
if ($("#chatAudio").length) {
$('#chatAudio')[0].play();
} else {
$('body').append($('<audio id="chatAudio"><source src="notify.ogg" type="audio/ogg"><source src="notify.mp3" type="audio/mpeg"><source src="notify.wav" type="audio/wav"></audio>'));
$('#chatAudio')[0].play();
}

line 98: //1000 messages limit with last message in the top - without need scrolling
//display in chat window
var code = '<p>'+'<span>'+nickname+'</span>'+message+'</p>'; //add tags to message
var old_code = document.getElementById('chat-area').innerHTML;
var messages_limit = 1000;
old_code = old_code.split("</p>", messages_limit);
old_code = old_code.join('');
console.log('old_code', old_code);
document.getElementById('chat-area').innerHTML = code+old_code; //display this

Recommend to set messages_limit 100 or 10, because for each message will be working many cycles for largest value.
But if there is many users, they can make a spam, so then need to make this value greather to read needed message.
« Last Edit: July 21, 2018, 06:54:57 PM by username1565 »

Offline LeoNeeson

  • Tireless poster
  • ****
  • Posts: 514
  • Solitario...
    • View Profile
    • twitter.com/LeoNeeson
Re: Chat for HFS.
« Reply #10 on: July 22, 2018, 09:18:49 AM »
@username1565: +1 for all the detailed and technical explanation. :)

- Add an optional 'Send' button (as a fail-over, for old browsers not detecting when the 'Enter' key is pressed).
This is HTML/JS - coding. You can add this yourself using standard form methods. And post the source code in this thread, then. In this case javascript functions can be called by methods form onsubmit="function_name()", and onclick="function_name()" By default, message will be sent after press "enter", according JQuery code //textarea functions...
Thank you, I was using a outdated Chrome version, but it's working fine if I use the latest version. Anyway, my idea was to give wider compatibility among browsers, but only as a suggestion (it's not very important).

After reading all your explanation, I do understand now that's fairly complex to save messages in have another way (not using increment suffix), so, I think it's OK the way it is. About TOR (which I've only tested a few times), I don't know how secure it is, since I've read the last node can read or save everything (but I still think is a great project, since it works like a free VPN but with extra security).

Back about your chat template, perhaps (to implement private rooms) you can take some ideas for inspiration, by looking this project: ZeroBin (where the server has zero knowledge of the stored data). They use URL Hash to exchange a decryption key (the same way Mega.nz does). But it's only an idea or a suggestion, I don't know if it is feasible to implement.



» Very off-topic: I've found on your GitHub repository, your fork of the 'PGP Suite' (based on the 'Keybase OpenPGP') and it's like a dream :) it has everything a PGP Suite should have: Key Generation, Sign, Verify, Encrypt and Decrypt (the only option missing is handling files, like for 'Signing files', but I don't know if that is possible or if it's easy to add). Sadly, nobody I know uses PGP, but I'm sure your fork should be 'the default' option to anyone who wants to use a easy-to-use PGP Suite.

My main interest on the PGP world is for the 'signing' option. Sadly the 'Keybase OpenPGP' code doesn't seem to support 'plain text' signing, like this:


Code: [Select]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This is a sample message!

-----BEGIN PGP SIGNATURE-----
Version: OpenPGP.js v1.6.2
Comment: http://openpgpjs.org

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxx==
xxxxx
-----END PGP SIGNATURE-----

...but instead gives an encrypted result like this:

Code: [Select]
-----BEGIN PGP MESSAGE-----
Version: Keybase OpenPGP v2.0.76
Comment: https://keybase.io/crypto

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxx==
xxxxx
-----END PGP MESSAGE-----

...which forces the final user to use PGP to read the message, and my main purpose of 'signing' is only to add extra layer of trust to my messages (along a way to promote PGP), so the main message should be easily be read by any user, even if they don't use PGP. You can check about the kind of 'signing' I'm talking about, here.

I'm not a PGP expert, but in your free time, and just for fun, you can see if it's possible to add in your 'PGP Suite' another PGP 'engines' (using a simple <select> menu), like: OpenPGP.js (v1.6.2 2016-06-08) (to enable support to old/outdated browsers, like for example Chrome 24, and also to enable clear text signing). And if it's easy for you to do, you can include OpenPGP.js v1.6.2, v2.6.2 and the latest v3.1.0, along with the 'Keybase OpenPGP' engine as the default option. That would give people a lot of freedom of choice and would keep backward compatibility (since not always the last version is the best version).

About my PGP usage, you may think is very 'silly' to use PGP only for 'signing', but I think the signing of clear text, it's a great way to promote a wider use of PGP (it's like saying everyone: 'Hey!, I'm using PGP, you can send me a encrypted message if you want', without having to ask every contact if they use PGP or not).


I was born on days where having a Firewall (along an Antivirus) was a must option, but it's sad on how today only a very few people care about security and privacy. So, it's nice to have you in the forum, keep the good work! :)

Cheers,
Leo.-



> EDIT: I answer your reply here (the quoted message below this), to not extend this off-topic conversation further...

Hello again, @LeoNeeson.
I understand what do you mean about signing message in PGPSuite.
You can sign/verify and encrypt/decrypt the small files, this will be base64 encoded, then.
Also you can do signing+encrypt and decrypt+verify. But yeap, I cann't see there, a readable text.

You cann't get only signed message with readable text there, because as you say, there is using another stansard (keybase.io).
For more secure, result not containing open text, and this is encoded or encrypted and added fingerprint + encoding this.

PGPSuite is based on script kbpgp.js (that means, keybase pgp).
To using openPGP, maybe need to write separate OpenPGP.js library.  ::)
But as you say this already exists, and need to integrate and include this.
Maybe this will be easy, but I don't see, in the Internet,
the working HTML-examples, with included openPGP.js:
Quote
OpenPGP.js v1.6.2, v2.6.2 and the latest v3.1.0
and maybe this project for node.js and need server-side module requirements on the node.

And also, at any time, you can yourself do your own fork of this project on github,
download this, rewrite the souce code, and upload new files to your own public branch.

Also, if you want to generate signature only, without encrypting text message (for emailing as example),
and then check signature (verify this message) with leaving readable message - you can using bitcoin signature tool,
for sign and verify readable messages. Other altcoins keys and address - there is available too!
Signing and verify, for not large files, is available there too (as base64 encoded text).

To use this:
1. Generate your own private key, and get address from this key.
For example, I used the message as passphrase to get priv and compressed vertcoin address in next example.
2. Save private key, and address.
3. Sign text or file by private key. You'll see readable message there.
4. Transfer this to someone else, and this can be verified, and will be still readable (if text).

This seems like pgp signature. My example:
Quote
-----BEGIN BITCOIN SIGNED MESSAGE-----
Blah-blah-blah - this is a readable text.
-----BEGIN SIGNATURE-----
VrrZoy5Dc6tPWib4TmchBgkc87mrAJg8Pd
HyVlWz2WoVWuMq6dh5I/MQSHtE2Up/1t1q4JYKPfqSNfZzYENvELoOZ2qBCrjN0TkmYWtITT/GMTcuqub+uEr0U=
-----END BITCOIN SIGNED MESSAGE-----

You can use the text from this message as passphrase in generator tab,
then get private key, and see the address corresponding to this,
but if you will at first, select in right-side list - Vertcoin.
Address will switch to compressed automatically, because Vertcoin have compressed addresses.

This brainwallet, can be hosted in LAN, using HFS! Code is JS+JQuery only. No any server-side software.
If your IP is static, you can tell in email your own permalink to open for your friends the way to verify signature of your messages.
You can also open the port and using static IP, or DDNS, to make this available from Internet.
And of cource you can using TOR + any tor2web services - without using any unstable DDNS services.

Quote
Back about your chat template, perhaps (to implement private rooms) you can take some ideas for inspiration, by looking this project: ZeroBin (where the server has zero knowledge of the stored data). They use URL Hash to exchange a decryption key (the same way Mega.nz does). But it's only an idea or a suggestion, I don't know if it is feasible to implement.
Zerobin seems nice, like jsfiddle.net, codepen.io
and another sites for sharing code notes.
But in the source code this have index.php.
I don't see database, like MySQL, but PHP is a server-side language.
Maybe this can be re-writed as HFS templates using scripting commands, because HFS not working as PHP-server.
I didn't saw intently this code and don't working with this...

URL Hash implies GET-query to the server, and JS can emulate this, like t-addr converter link or permalink in brainwallet,
but JS cann't responce as server and tell any files - because this is client-side language.
Maybe this is possible to using URL Hash, if keep-alive peer connection will be opened,
like this WebRTC file-sharing, for example.
This working in 2 tabs in Chrome (I don't test it in LAN without Internet)...
You can see random ID for each private rooms, p2p connection and peer exchange services (socket.io, or peer.js)
in the source code.

And still... If by using URL Hash, can be created folders on the HFS server,
then can be available opportunity to use this for create folders,
but not temporary folders, because there is no any option for deletion files and folders for anonymous users
(else backdoor for damage any files from anyone).
And maybe private rooms can be realized, using HFS scripting commands, but as separate template or module for this great portable HFS.
I see this option in chat version from DJ (but there is '...' bug).
OK, thanks for the info. I'll check this out later (and get back to you if I have any questions).



P.S.: I really do appreciate your long explanation, but to tell the truth, like I've said, I'm not expert on PGP (which I don't use in the real world, since nobody I personally know uses it), neither I'm expert on HTML programming (I barely know a few spare things here and there). You suggested me to signing PGP messages using Bitcoin, but that's an overkill for me (things are enough complicated with PGP alone, than adding the Bitcoin thing is too much). Don't get me wrong, like a geek, it's fun to test things like these, but the real user case for this is minimal, if not zero, at least for me. I currently don't see PGP being easy enough to be used by a grandma, so I think any contribution to make things easier are welcome (your PGP Suite fork is a great start), but we are still ages from that (starting from compatibility between PGP implementations, and continuing on the lack of integration on emails systems). So that's why I don't use PGP, because it's too much complicated to recommend it to non-technical people. And Bitcoin is becoming the same for me, too much expensive to become a real solution for anything (I only tested it, but it was a real fiasco for me). TOR? it has bad reputation and I don't trust it (whatever you look on internet, it's linked to bad things), so I prefer to stick myself with any VPN (and that's in the rare case of using a public untrusted WiFi network or for download torrents), altrought I recognize TOR can be usefull for some good people who lives in bad places. WebRTC? I have it disabled on my browser (along with Flash & Java) because I've read it can be bad for security issues. And the list continues... so, I always prefer to keep things simple, (KISS is my motto). Testing new technologies is fun, but fun has a limit when things get over complicated or take too much time. I'm here in this forum just for helping people solve your problems, and to collaborate whatever I can. That's why I think it's good to have expert people like you on the forum, but I try to not complicate myself with too deep technical things. Anyway, I appreciate all your explanations, and your contribution on making a simple chat template for HFS. :)
« Last Edit: July 24, 2018, 12:38:14 PM by LeoNeeson »
HFS in Spanish (HFS en Español) / How to compile HFS (Tutorial)
• I'm open to help and share any file you may need (just ask me) ;)

Offline username1565

  • Occasional poster
  • *
  • Posts: 13
    • View Profile
Re: Chat for HFS.
« Reply #11 on: July 22, 2018, 05:31:34 PM »
Hello again, @LeoNeeson.
I understand what do you mean about signing message in PGPSuite.
You can sign/verify and encrypt/decrypt the small files, this will be base64 encoded, then.
Also you can do signing+encrypt and decrypt+verify. But yeap, I cann't see there, a readable text.

You cann't get only signed message with readable text there, because as you say, there is using another stansard (keybase.io).
For more secure, result not containing open text, and this is encoded or encrypted and added fingerprint + encoding this.

PGPSuite is based on script kbpgp.js (that means, keybase pgp).
To using openPGP, maybe need to write separate OpenPGP.js library.  ::)
But as you say this already exists, and need to integrate and include this.
Maybe this will be easy, but I don't see, in the Internet,
the working HTML-examples, with included openPGP.js:
Quote
OpenPGP.js v1.6.2, v2.6.2 and the latest v3.1.0
and maybe this project for node.js and need server-side module requirements on the node.

And also, at any time, you can yourself do your own fork of this project on github,
download this, rewrite the souce code, and upload new files to your own public branch.

Also, if you want to generate signature only, without encrypting text message (for emailing as example),
and then check signature (verify this message) with leaving readable message - you can using bitcoin signature tool,
for sign and verify readable messages. Other altcoins keys and address - there is available too!
Signing and verify, for not large files, is available there too (as base64 encoded text).

To use this:
1. Generate your own private key, and get address from this key.
For example, I used the message as passphrase to get priv and compressed vertcoin address in next example.
2. Save private key, and address.
3. Sign text or file by private key. You'll see readable message there.
4. Transfer this to someone else, and this can be verified, and will be still readable (if text).

This seems like pgp signature. My example:
Quote
-----BEGIN BITCOIN SIGNED MESSAGE-----
Blah-blah-blah - this is a readable text.
-----BEGIN SIGNATURE-----
VrrZoy5Dc6tPWib4TmchBgkc87mrAJg8Pd
HyVlWz2WoVWuMq6dh5I/MQSHtE2Up/1t1q4JYKPfqSNfZzYENvELoOZ2qBCrjN0TkmYWtITT/GMTcuqub+uEr0U=
-----END BITCOIN SIGNED MESSAGE-----
You can use the text from this message as passphrase in generator tab,
then get private key, and see the address corresponding to this,
but if you will at first, select in right-side list - Vertcoin.
Address will switch to compressed automatically, because Vertcoin have compressed addresses.

This brainwallet, can be hosted in LAN, using HFS! Code is JS+JQuery only. No any server-side software.
If your IP is static, you can tell in email your own permalink to open for your friends the way to verify signature of your messages.
You can also open the port and using static IP, or DDNS, to make this available from Internet.
And of cource you can using TOR + any tor2web services - without using any unstable DDNS services.

Quote
Back about your chat template, perhaps (to implement private rooms) you can take some ideas for inspiration, by looking this project: ZeroBin (where the server has zero knowledge of the stored data). They use URL Hash to exchange a decryption key (the same way Mega.nz does). But it's only an idea or a suggestion, I don't know if it is feasible to implement.
Zerobin seems nice, like jsfiddle.net, codepen.io
and another sites for sharing code notes.
But in the source code this have index.php.
I don't see database, like MySQL, but PHP is a server-side language.
Maybe this can be re-writed as HFS templates using scripting commands, because HFS not working as PHP-server.
I didn't saw intently this code and don't working with this...

URL Hash implies GET-query to the server, and JS can emulate this, like t-addr converter link or permalink in brainwallet,
but JS cann't responce as server and tell any files - because this is client-side language.
Maybe this is possible to using URL Hash, if keep-alive peer connection will be opened,
like this WebRTC file-sharing, for example.
This working in 2 tabs in Chrome (I don't test it in LAN without Internet)...
You can see random ID for each private rooms, p2p connection and peer exchange services (socket.io, or peer.js)
in the source code.

And still... If by using URL Hash, can be created folders on the HFS server,
then can be available opportunity to use this for create folders,
but not temporary folders, because there is no any option for deletion files and folders for anonymous users
(else backdoor for damage any files from anyone).
And maybe private rooms can be realized, using HFS scripting commands, but as separate template or module for this great portable HFS.
I see this option in chat version from DJ (but there is '...' bug).


Hey, Leo!
You no need to buy or hold any Bitcoins to make digital signature with saving readable text.
As I said, you can using open source brainwallet on client-side, to do signature
for your messages and verify signed messages from anyone.
Here you can see the source code: https://github.com/Taiiwo/bitcoin-signature-tool
And as you can see, this have only JS, CSS, and HTML files. And this project was been forked from brainwallet.
And in my brainwallet (source code here)
there is available to using compressed, and uncompressed private keys and addresses, from any another altcoins.
As you can see, to do signature, need the private key (WIF-format). This is base58Check encoded hex value.
To get this, you can using any 32-byte (256 bit) HEXadecimal string,
as secret exponent in generator tab.
You can encode to hex any text or bits using converter.
Also, your private key can be the sha256 hash from any your own key-file. Bitlength sha256 hash is 32 bytes, 256 bits.

That means you can generate yourself this value, and encode this to base58Check,
then using this to sign and get address for this key,
and then you can using this address as identifier for your signed messages.
No need to buy or hold any bitcoins, or altcoins.
No need to download any software, blockchain, no need to connect the nodes, etc...
Just ECDSA used here on client-site (JS, HTML, CSS), and this seems like PGP messages with readable text.

The simple way to understand the sence for using digital signatures,
is the understanding the sence of asymemtric encryption
(public key - encrypt from anyone, private key - for decrypt for owner public key),
and asymmetric signing (sign using private key by owner the public key, and verify by his public key).


« Last Edit: July 30, 2018, 04:51:33 AM by username1565 »

Follow members gave a thank to your post:


Offline username1565

  • Occasional poster
  • *
  • Posts: 13
    • View Profile
Re: Chat for HFS.
« Reply #12 on: December 02, 2018, 08:19:33 PM »
Is there possible
to using any captcha
when some random user
do uploading the files
to UPLOAD folder??

Offline LeoNeeson

  • Tireless poster
  • ****
  • Posts: 514
  • Solitario...
    • View Profile
    • twitter.com/LeoNeeson
Re: Chat for HFS.
« Reply #13 on: December 03, 2018, 10:44:45 AM »
Is there possible to using any captcha when some random user do uploading the files to UPLOAD folder??
I guess it could be done using a macro that calls a command-line utility that generates a captcha. But it will be complex (at least for me, it's beyond my knowledge and time).
HFS in Spanish (HFS en Español) / How to compile HFS (Tutorial)
• I'm open to help and share any file you may need (just ask me) ;)

Offline bmartino1

  • Tireless poster
  • ****
  • Posts: 797
  • I'm only trying to help i mean no offense.
    • View Profile
    • none - google translate
Re: Chat for HFS.
« Reply #14 on: December 03, 2018, 04:40:49 PM »
The only way I'd know how to do this is to pull from Google capcha.

https://developers.google.com/recaptcha/docs/display

You would have to change the upload button to go to a webpage to validate then send you to the upload code webpage. So each folder would have a capcha.html and a hfs template of the upload code...

I'm only trying to help i mean no offense.
thank you for your time and patience,
Bmartino1