From 69a75acea56bbff39fa1c81d4813ebcb4a617f06 Mon Sep 17 00:00:00 2001 From: Claude Date: Sun, 23 Nov 2025 10:07:55 +0000 Subject: Refactor: modular architecture with shared packages Major code reorganization to eliminate duplication and improve maintainability: - Created pkg/crypto: shared cryptographic functions (padding, AES-GCM, ECDH, HMAC auth) - Created pkg/protocol: unified message structures and JSON serialization - Created pkg/identity: persistent identity management (load/save/generate) - Created pkg/tor: Tor SOCKS5 proxy connection utilities - Refactored server to use shared packages (cmd/server) - Refactored CLI client with shared packages (cmd/cli-client) - Refactored GUI client with shared packages (cmd/gui-client) - Refactored web client with embedded HTML template (cmd/web-client) Security improvements: - Replaced math/rand with crypto/rand for randomDelay() - Added proper error handling for crypto operations Code reduction: eliminated ~500+ lines of duplicated code --- cmd/cli-client/main.go | 529 +++++++++++++++++++++++++++++++ cmd/gui-client/main.go | 537 ++++++++++++++++++++++++++++++++ cmd/server/main.go | 722 +++++++++++++++++++++++++++++++++++++++++++ cmd/web-client/main.go | 360 +++++++++++++++++++++ cmd/web-client/template.html | 329 ++++++++++++++++++++ 5 files changed, 2477 insertions(+) create mode 100644 cmd/cli-client/main.go create mode 100644 cmd/gui-client/main.go create mode 100644 cmd/server/main.go create mode 100644 cmd/web-client/main.go create mode 100644 cmd/web-client/template.html (limited to 'cmd') diff --git a/cmd/cli-client/main.go b/cmd/cli-client/main.go new file mode 100644 index 0000000..7bc9b93 --- /dev/null +++ b/cmd/cli-client/main.go @@ -0,0 +1,529 @@ +package main + +import ( + "bufio" + "crypto/cipher" + "fmt" + "io" + "net" + "os" + "os/signal" + "strings" + "sync" + "syscall" + "time" + + "github.com/awnumar/memguard" + + "noshitalk/pkg/crypto" + "noshitalk/pkg/identity" + "noshitalk/pkg/protocol" + "noshitalk/pkg/tor" +) + +// CLIClient represents the command-line chat client. +type CLIClient struct { + conn net.Conn + gcm cipher.AEAD + sharedSecret *memguard.Enclave + connected bool + serverAddr string + quit chan struct{} + mu sync.Mutex + autoReconnect bool + lastServer string + onlineUsers []string + identity *identity.Identity +} + +var version = "2.0-refactored" + +func main() { + memguard.CatchInterrupt() + defer memguard.Purge() + + fmt.Printf("NoshiTalk CLI Client v%s\n", version) + fmt.Printf("Lightweight Command Line Interface\n") + fmt.Printf("Tor-Only Mode - No Clearnet Connections\n") + fmt.Printf("ECDH + HMAC + AES-GCM Encryption\n\n") + + client := &CLIClient{ + quit: make(chan struct{}), + autoReconnect: true, + onlineUsers: []string{}, + } + + // Initialize persistent identity + keyPath, err := identity.GetDefaultKeyPath("cli-identity.noshikey") + if err != nil { + fmt.Printf("Failed to get key path: %v\n", err) + } else { + client.identity, err = identity.LoadOrCreate(keyPath, "cli") + if err != nil { + fmt.Printf("Failed to initialize identity: %v\n", err) + fmt.Printf("Continuing with temporary identity...\n\n") + } else { + fmt.Printf("Identity: %s\n", client.identity.Username) + fmt.Printf("Fingerprint: %s\n\n", client.identity.Fingerprint) + } + } + + // Setup signal handling + sigChan := make(chan os.Signal, 1) + signal.Notify(sigChan, os.Interrupt, syscall.SIGTERM) + go func() { + <-sigChan + fmt.Printf("\nShutting down securely...\n") + client.disconnect() + memguard.Purge() + os.Exit(0) + }() + + // Start auto-reconnect goroutine + go client.autoReconnectLoop() + + client.run() +} + +func (c *CLIClient) run() { + scanner := bufio.NewScanner(os.Stdin) + + fmt.Printf("Enter Tor Hidden Service address (.onion only)\n") + fmt.Printf("Example: abcd1234...xyz9876.onion:8083\n") + fmt.Printf("Clearnet addresses blocked by design\n\n") + + for { + if !c.connected { + fmt.Print(".onion address: ") + if !scanner.Scan() { + break + } + c.serverAddr = strings.TrimSpace(scanner.Text()) + + if c.serverAddr == "" { + fmt.Printf("Address required\n\n") + continue + } + + if err := tor.ValidateOnionAddress(c.serverAddr); err != nil { + fmt.Printf("Invalid address: %v\n\n", err) + continue + } + + c.lastServer = c.serverAddr + fmt.Printf("Connecting to %s via Tor...\n", c.serverAddr) + + if err := c.connect(); err != nil { + fmt.Printf("Connection failed: %v\n", err) + fmt.Printf("Will retry automatically if auto-reconnect is enabled\n\n") + continue + } + } + + fmt.Print("> ") + if !scanner.Scan() { + break + } + + message := strings.TrimSpace(scanner.Text()) + if message == "" { + continue + } + + if c.handleCommand(message) { + continue + } + + // Send regular message + if !c.connected { + fmt.Printf("Not connected. Use /reconnect or enter server address\n") + continue + } + + if err := c.sendMessage(message); err != nil { + fmt.Printf("Send error: %v\n", err) + c.disconnect() + } + } + + c.disconnect() +} + +func (c *CLIClient) handleCommand(message string) bool { + switch message { + case "/quit", "/exit", "/q": + c.autoReconnect = false + c.disconnect() + fmt.Println("Goodbye!") + os.Exit(0) + return true + case "/disconnect", "/d": + c.disconnect() + return true + case "/help", "/h", "/?": + c.showHelp() + return true + case "/status", "/s": + c.showStatus() + return true + case "/reconnect", "/r": + if !c.connected && c.lastServer != "" { + c.serverAddr = c.lastServer + fmt.Printf("Reconnecting to %s...\n", c.serverAddr) + c.connect() + } + return true + case "/auto on": + c.autoReconnect = true + fmt.Printf("Auto-reconnect enabled\n") + return true + case "/auto off": + c.autoReconnect = false + fmt.Printf("Auto-reconnect disabled\n") + return true + case "/clear", "/cls": + fmt.Print("\033[H\033[2J") + return true + case "/users", "/u": + c.showUsers() + return true + } + + // Handle /pm command + if len(message) > 4 && message[:4] == "/pm " { + if !c.connected { + fmt.Printf("Not connected. Use /reconnect or enter server address\n") + return true + } + if err := c.sendMessage(message); err != nil { + fmt.Printf("Send error: %v\n", err) + c.disconnect() + } + return true + } + + return false +} + +func (c *CLIClient) connect() error { + c.mu.Lock() + defer c.mu.Unlock() + + if c.connected { + return nil + } + + fmt.Printf("Routing through Tor network...\n") + + // Test Tor proxy + torDialer := tor.NewDialer() + if !torDialer.IsAvailable() { + return fmt.Errorf("Tor proxy not available on port 9050") + } + fmt.Printf("Tor proxy detected and responsive\n") + + // Connect through Tor + conn, err := torDialer.DialWithCallback(c.serverAddr, func(msg string) { + fmt.Printf("%s\n", msg) + }) + if err != nil { + return err + } + + c.conn = conn + return c.setupEncryption() +} + +func (c *CLIClient) setupEncryption() error { + fmt.Printf("Establishing end-to-end encryption...\n") + + // Use persistent identity or generate temporary + var privateKey = c.identity.PrivateKey + if c.identity != nil && c.identity.PrivateKey != nil { + fmt.Printf("Using persistent identity: %s\n", c.identity.Username) + } else { + var err error + privateKey, err = crypto.GenerateX25519KeyPair() + if err != nil { + c.conn.Close() + return fmt.Errorf("key generation failed: %w", err) + } + fmt.Printf("Using temporary identity\n") + } + + // Send public key + publicKeyBytes := privateKey.PublicKey().Bytes() + c.conn.SetWriteDeadline(time.Now().Add(crypto.HandshakeTimeout)) + if _, err := c.conn.Write(publicKeyBytes); err != nil { + c.conn.Close() + return fmt.Errorf("failed to send public key: %w", err) + } + c.conn.SetWriteDeadline(time.Time{}) + + // Receive server public key + serverPubKeyBytes := make([]byte, 32) + if _, err := io.ReadFull(c.conn, serverPubKeyBytes); err != nil { + c.conn.Close() + return fmt.Errorf("failed to receive server public key: %w", err) + } + + // Calculate shared secret + sharedSecret, err := crypto.PerformECDH(privateKey, serverPubKeyBytes) + if err != nil { + c.conn.Close() + return fmt.Errorf("ECDH failed: %w", err) + } + + // Mutual authentication + fmt.Printf("Starting HMAC mutual authentication...\n") + if err := crypto.PerformClientAuth(c.conn, sharedSecret); err != nil { + c.conn.Close() + return fmt.Errorf("authentication failed: %w", err) + } + fmt.Printf("Mutual authentication successful\n") + + // Setup AES-GCM + gcm, err := crypto.SetupAESGCM(sharedSecret) + if err != nil { + c.conn.Close() + return err + } + + c.gcm = gcm + c.sharedSecret = crypto.SecureBuffer(sharedSecret) + c.connected = true + + fmt.Printf("Connected to %s\n", c.serverAddr) + fmt.Printf("End-to-end encryption active (AES-256-GCM)\n") + fmt.Printf("Type /help for commands\n\n") + + // Start receiving messages + go c.receiveMessages() + + return nil +} + +func (c *CLIClient) disconnect() { + c.mu.Lock() + defer c.mu.Unlock() + + if !c.connected { + return + } + + c.sendEncrypted("/quit") + time.Sleep(100 * time.Millisecond) + + if c.conn != nil { + c.conn.Close() + c.conn = nil + } + + if c.sharedSecret != nil { + buf, _ := c.sharedSecret.Open() + if buf != nil { + buf.Destroy() + } + c.sharedSecret = nil + } + c.gcm = nil + c.connected = false + + fmt.Printf("\nDisconnected from server\n") + fmt.Printf("Keys wiped from memory\n") + + if c.autoReconnect { + fmt.Printf("Auto-reconnect is enabled\n") + } + fmt.Printf("\n") +} + +func (c *CLIClient) sendMessage(message string) error { + return c.sendEncrypted(message) +} + +func (c *CLIClient) sendEncrypted(message string) error { + c.mu.Lock() + defer c.mu.Unlock() + + if !c.connected || c.gcm == nil || c.conn == nil { + return fmt.Errorf("not connected") + } + + data, err := crypto.EncryptMessage(c.gcm, message) + if err != nil { + return err + } + + _, err = c.conn.Write(data) + return err +} + +func (c *CLIClient) receiveMessages() { + buf := make([]byte, 8192) + + for { + c.mu.Lock() + if !c.connected { + c.mu.Unlock() + return + } + conn := c.conn + gcm := c.gcm + c.mu.Unlock() + + conn.SetReadDeadline(time.Time{}) + + n, err := conn.Read(buf) + if err != nil { + if err == io.EOF { + fmt.Printf("\nServer closed connection\n") + } else { + fmt.Printf("\nConnection lost: %v\n", err) + } + + c.mu.Lock() + c.connected = false + c.mu.Unlock() + return + } + + if n < 12 { + continue + } + + message, err := crypto.DecryptMessage(gcm, buf[:n]) + if err != nil { + fmt.Printf("\nFailed to decrypt message\n") + continue + } + + // Try to parse as UserListMessage + if userList, err := protocol.ParseAsUserList([]byte(message)); err == nil && userList.Type == protocol.TypeUserList { + c.mu.Lock() + c.onlineUsers = userList.Users + c.mu.Unlock() + fmt.Printf("\rOnline users (%d): %s\n> ", len(userList.Users), strings.Join(userList.Users, ", ")) + continue + } + + // Try to parse as Message + if msg, err := protocol.ParseAsMessage([]byte(message)); err == nil { + timestamp := msg.Time + if timestamp == "" { + timestamp = time.Now().Format("15:04:05") + } + + switch msg.Type { + case protocol.TypeSystem: + fmt.Printf("\r[%s] %s\n> ", timestamp, msg.Content) + case protocol.TypePrivate: + fmt.Printf("\r[%s] PM from %s: %s\n> ", timestamp, msg.From, msg.Content) + case protocol.TypeError: + fmt.Printf("\r[%s] Error: %s\n> ", timestamp, msg.Content) + default: + if msg.From != "" { + fmt.Printf("\r[%s] %s: %s\n> ", timestamp, msg.From, msg.Content) + } else { + fmt.Printf("\r[%s] %s\n> ", timestamp, msg.Content) + } + } + } else { + timestamp := time.Now().Format("15:04:05") + fmt.Printf("\r[%s] %s\n> ", timestamp, message) + } + } +} + +func (c *CLIClient) autoReconnectLoop() { + lastAttempt := time.Now() + + for { + time.Sleep(5 * time.Second) + + c.mu.Lock() + shouldReconnect := !c.connected && c.autoReconnect && c.lastServer != "" + c.mu.Unlock() + + if shouldReconnect { + if time.Since(lastAttempt) < 10*time.Second { + continue + } + lastAttempt = time.Now() + + fmt.Printf("\nAuto-reconnecting to %s...\n", c.lastServer) + c.serverAddr = c.lastServer + if err := c.connect(); err != nil { + fmt.Printf("Auto-reconnect failed: %v\n", err) + fmt.Printf("Will retry in 10 seconds...\n") + } + } + } +} + +func (c *CLIClient) showStatus() { + c.mu.Lock() + defer c.mu.Unlock() + + fmt.Printf("\nConnection Status:\n") + fmt.Printf(" Connected: %v\n", c.connected) + if c.connected { + fmt.Printf(" Server: %s\n", c.serverAddr) + fmt.Printf(" Mode: Tor Hidden Service (Anonymous)\n") + fmt.Printf(" Encryption: AES-256-GCM\n") + fmt.Printf(" Key Exchange: ECDH-X25519\n") + fmt.Printf(" Authentication: HMAC-SHA256\n") + } + if c.identity != nil { + fmt.Printf(" Identity: %s\n", c.identity.Username) + } + fmt.Printf(" Auto-Reconnect: %v\n", c.autoReconnect) + fmt.Printf(" Version: %s\n\n", version) +} + +func (c *CLIClient) showHelp() { + fmt.Printf(` +NoshiTalk CLI Commands v%s + +Connection: + /reconnect, /r - Reconnect to last server + /disconnect, /d - Disconnect from server + /status, /s - Show connection status + +Messaging: + /users, /u - Show online users + /pm user message - Send private message + +Settings: + /auto on - Enable auto-reconnect + /auto off - Disable auto-reconnect + +Interface: + /clear, /cls - Clear screen + /help, /h, /? - Show this help + /quit, /exit, /q - Exit application + +Tips: + - Only .onion addresses accepted (Tor-only mode) + - All messages are end-to-end encrypted + - ECDH + HMAC + AES-GCM protection + - Press Ctrl+C for emergency shutdown + +`, version) +} + +func (c *CLIClient) showUsers() { + c.mu.Lock() + users := c.onlineUsers + c.mu.Unlock() + + if len(users) == 0 { + fmt.Printf("No users online (or not yet received user list)\n") + return + } + + fmt.Printf("Online users (%d):\n", len(users)) + for _, user := range users { + fmt.Printf(" - %s\n", user) + } +} diff --git a/cmd/gui-client/main.go b/cmd/gui-client/main.go new file mode 100644 index 0000000..2319e83 --- /dev/null +++ b/cmd/gui-client/main.go @@ -0,0 +1,537 @@ +package main + +import ( + "crypto/cipher" + "fmt" + "io" + "net" + "strings" + "time" + + "github.com/awnumar/memguard" + + "fyne.io/fyne/v2" + "fyne.io/fyne/v2/app" + "fyne.io/fyne/v2/container" + "fyne.io/fyne/v2/dialog" + "fyne.io/fyne/v2/theme" + "fyne.io/fyne/v2/widget" + + "noshitalk/pkg/crypto" + "noshitalk/pkg/identity" + "noshitalk/pkg/protocol" + "noshitalk/pkg/tor" +) + +// ChatClient represents the GUI chat client. +type ChatClient struct { + conn net.Conn + gcm cipher.AEAD + sharedSecret *memguard.Enclave + app fyne.App + window fyne.Window + messages *widget.List + messageList []string + input *widget.Entry + status *widget.Label + connectBtn *widget.Button + serverEntry *widget.Entry + debugLog *widget.Entry + connected bool + autoReconnect bool + lastServer string + userList *widget.List + onlineUsers []string + identity *identity.Identity +} + +var version = "2.0-refactored" + +func main() { + memguard.CatchInterrupt() + defer memguard.Purge() + + chatApp := app.NewWithID("noshitalk-gui") + client := &ChatClient{ + app: chatApp, + messageList: []string{}, + autoReconnect: true, + onlineUsers: []string{}, + } + + // Initialize persistent identity + keyPath, err := identity.GetDefaultKeyPath("gui-identity.noshikey") + if err == nil { + client.identity, err = identity.LoadOrCreate(keyPath, "gui") + if err != nil { + fmt.Printf("Identity initialization failed: %v\n", err) + fmt.Printf("Continuing with temporary identity\n\n") + } + } + + client.createMainWindow() + client.enableAutoReconnect() + client.window.ShowAndRun() +} + +func (c *ChatClient) createMainWindow() { + c.window = c.app.NewWindow(fmt.Sprintf("NoshiTalk GUI v%s", version)) + c.window.SetIcon(theme.ComputerIcon()) + c.window.Resize(fyne.NewSize(1200, 800)) + + c.status = widget.NewLabel("Disconnected") + c.status.TextStyle.Bold = true + + c.serverEntry = widget.NewEntry() + c.serverEntry.SetPlaceHolder("abc...xyz.onion:8080") + + c.connectBtn = widget.NewButton("Connect", c.connectToServer) + c.connectBtn.Importance = widget.HighImportance + + c.messages = widget.NewList( + func() int { return len(c.messageList) }, + func() fyne.CanvasObject { return widget.NewLabel("Template") }, + func(i widget.ListItemID, o fyne.CanvasObject) { + o.(*widget.Label).SetText(c.messageList[i]) + }, + ) + + c.userList = widget.NewList( + func() int { return len(c.onlineUsers) }, + func() fyne.CanvasObject { return widget.NewButton("", nil) }, + func(i widget.ListItemID, o fyne.CanvasObject) { + if i < len(c.onlineUsers) { + btn := o.(*widget.Button) + username := c.onlineUsers[i] + btn.SetText(username) + btn.OnTapped = func() { c.onUserClick(username) } + } + }, + ) + + c.input = widget.NewEntry() + c.input.SetPlaceHolder("Message...") + c.input.Disable() + c.input.OnSubmitted = c.sendMessage + + autoReconnectCheck := widget.NewCheck("Auto-reconnect", func(checked bool) { + c.autoReconnect = checked + }) + autoReconnectCheck.SetChecked(true) + + panicBtn := widget.NewButton("PANIC", c.panic) + panicBtn.Importance = widget.DangerImportance + + identityInfo := widget.NewLabel("Identity: Loading...") + if c.identity != nil { + identityInfo.SetText(fmt.Sprintf("ID: %s", c.identity.Fingerprint[:16])) + } + + securityPanel := widget.NewCard("Security", "", + container.NewVBox( + widget.NewLabel("Tor only\nE2E encrypted\nEphemeral messages\nmemguard protected"), + autoReconnectCheck, + identityInfo, + panicBtn, + )) + + c.debugLog = widget.NewEntry() + c.debugLog.MultiLine = true + c.debugLog.Wrapping = fyne.TextWrapWord + c.debugLog.SetText("Ready\n") + + debugScroll := container.NewScroll(c.debugLog) + debugScroll.SetMinSize(fyne.NewSize(350, 300)) + + debugPanel := widget.NewCard("Debug", "", debugScroll) + + clearLogBtn := widget.NewButton("Clear", func() { + c.debugLog.SetText("Log cleared\n") + }) + + rightPanel := container.NewVBox(securityPanel, debugPanel, clearLogBtn) + + connectionPanel := container.NewVBox( + widget.NewLabel("Server:"), + c.serverEntry, + c.connectBtn, + c.status, + ) + + userListScroll := container.NewScroll(c.userList) + userListScroll.SetMinSize(fyne.NewSize(200, 0)) + + userListPanel := container.NewBorder( + widget.NewCard("Online", "", widget.NewLabel("")), + nil, nil, nil, + userListScroll, + ) + + leftSplit := container.NewHSplit(userListPanel, c.messages) + leftSplit.SetOffset(0.20) + + chatArea := container.NewHSplit(leftSplit, rightPanel) + chatArea.SetOffset(0.70) + + bottomBar := container.NewBorder( + nil, nil, + widget.NewLabel("Input: "), + widget.NewButton("Send", func() { c.sendMessage(c.input.Text) }), + c.input, + ) + + content := container.NewBorder(connectionPanel, bottomBar, nil, nil, chatArea) + c.window.SetContent(content) +} + +func (c *ChatClient) enableAutoReconnect() { + go func() { + lastAttempt := time.Now() + for { + time.Sleep(5 * time.Second) + if !c.connected && c.autoReconnect && c.lastServer != "" { + if time.Since(lastAttempt) < 10*time.Second { + continue + } + lastAttempt = time.Now() + c.addDebugLog("Auto-reconnecting to " + c.lastServer) + fyne.Do(func() { + c.serverEntry.SetText(c.lastServer) + c.connectToServer() + }) + } + } + }() +} + +func (c *ChatClient) connectToServer() { + if c.connected { + c.disconnect() + return + } + + serverAddr := c.serverEntry.Text + if serverAddr == "" { + c.showError("Error", "Enter .onion address") + return + } + + if err := tor.ValidateOnionAddress(serverAddr); err != nil { + c.showError("Invalid Address", err.Error()) + return + } + + c.lastServer = serverAddr + fyne.Do(func() { c.debugLog.SetText("Connecting\n") }) + c.addDebugLog("Target: " + serverAddr) + + fyne.Do(func() { + c.status.SetText("Connecting...") + c.connectBtn.Disable() + }) + + progress := dialog.NewCustom("Connecting", "Cancel", + widget.NewProgressBarInfinite(), c.window) + progress.Show() + + go func() { + defer fyne.Do(func() { progress.Hide() }) + + torDialer := tor.NewDialer() + conn, err := torDialer.DialWithCallback(serverAddr, func(msg string) { + c.addDebugLog(msg) + }) + if err != nil { + c.showError("Connection Error", err.Error()) + fyne.Do(func() { + c.connectBtn.Enable() + c.status.SetText("Connection failed") + }) + return + } + + c.conn = conn + fyne.Do(func() { c.status.SetText("Encrypting...") }) + c.addDebugLog("Starting ECDH") + + // Use persistent identity or generate temporary + var privateKey = c.identity.PrivateKey + if c.identity != nil && c.identity.PrivateKey != nil { + c.addDebugLog("Using persistent identity: " + c.identity.Fingerprint) + } else { + privateKey, err = crypto.GenerateX25519KeyPair() + if err != nil { + c.showError("Crypto Error", err.Error()) + c.disconnect() + return + } + c.addDebugLog("Using temporary identity") + } + + // Send public key + publicKeyBytes := privateKey.PublicKey().Bytes() + c.addDebugLog("Sending public key") + + c.conn.SetWriteDeadline(time.Now().Add(crypto.HandshakeTimeout)) + if _, err := c.conn.Write(publicKeyBytes); err != nil { + c.showError("Connection Error", err.Error()) + c.disconnect() + return + } + c.conn.SetWriteDeadline(time.Time{}) + + // Receive server public key + c.addDebugLog("Receiving server key") + serverPubKeyBytes := make([]byte, 32) + if _, err := io.ReadFull(conn, serverPubKeyBytes); err != nil { + c.showError("Connection Error", err.Error()) + c.disconnect() + return + } + + // Calculate shared secret + c.addDebugLog("Calculating shared secret") + sharedSecret, err := crypto.PerformECDH(privateKey, serverPubKeyBytes) + if err != nil { + c.showError("Crypto Error", err.Error()) + c.disconnect() + return + } + + // Mutual authentication + c.addDebugLog("Starting HMAC auth") + if err := crypto.PerformClientAuth(c.conn, sharedSecret); err != nil { + c.showError("Auth Error", err.Error()) + c.disconnect() + return + } + c.addDebugLog("Auth successful") + + // Setup AES-GCM + c.addDebugLog("Setting up AES-GCM") + gcm, err := crypto.SetupAESGCM(sharedSecret) + if err != nil { + c.showError("Crypto Error", err.Error()) + c.disconnect() + return + } + + c.sharedSecret = crypto.SecureBuffer(sharedSecret) + c.gcm = gcm + c.connected = true + + fyne.Do(func() { + c.input.Enable() + c.connectBtn.SetText("Disconnect") + c.connectBtn.OnTapped = c.disconnect + c.connectBtn.Enable() + c.status.SetText("Connected (E2E)") + }) + + c.addMessage("System", "Connected via Tor") + c.addMessage("System", "E2E encryption active") + c.addDebugLog("Session established") + + go c.receiveMessages() + }() +} + +func (c *ChatClient) disconnect() { + if !c.connected { + return + } + + c.connected = false + c.addDebugLog("Disconnecting") + + if c.conn != nil { + c.sendEncrypted("/quit") + time.Sleep(100 * time.Millisecond) + c.conn.Close() + c.conn = nil + } + + if c.sharedSecret != nil { + buf, _ := c.sharedSecret.Open() + if buf != nil { + buf.Destroy() + } + c.sharedSecret = nil + } + c.gcm = nil + + fyne.Do(func() { + c.input.Disable() + c.connectBtn.SetText("Connect") + c.connectBtn.OnTapped = c.connectToServer + c.connectBtn.Enable() + c.status.SetText("Disconnected") + }) + + c.addMessage("System", "Disconnected") + c.addDebugLog("Keys wiped") +} + +func (c *ChatClient) panic() { + c.addDebugLog("PANIC MODE") + + if c.conn != nil { + c.conn.Close() + c.conn = nil + } + + if c.sharedSecret != nil { + buf, _ := c.sharedSecret.Open() + if buf != nil { + buf.Destroy() + } + c.sharedSecret = nil + } + + c.identity = nil + c.gcm = nil + c.connected = false + + fyne.Do(func() { + c.input.Disable() + c.connectBtn.SetText("Connect") + c.connectBtn.OnTapped = c.connectToServer + c.connectBtn.Enable() + c.status.SetText("PANIC - All keys destroyed") + }) + + c.addMessage("System", "PANIC: Keys destroyed") + c.addDebugLog("Memory wiped") + + memguard.Purge() +} + +func (c *ChatClient) sendMessage(message string) { + if !c.connected || message == "" { + return + } + + c.addDebugLog("Sending: " + message) + + if err := c.sendEncrypted(message); err != nil { + c.addDebugLog("Send error: " + err.Error()) + c.showError("Send Error", err.Error()) + return + } + + c.addMessage("You", message) + fyne.Do(func() { c.input.SetText("") }) +} + +func (c *ChatClient) sendEncrypted(message string) error { + if c.gcm == nil || c.conn == nil { + return fmt.Errorf("not connected") + } + + data, err := crypto.EncryptMessage(c.gcm, message) + if err != nil { + return err + } + + _, err = c.conn.Write(data) + return err +} + +func (c *ChatClient) receiveMessages() { + buf := make([]byte, 8192) + c.addDebugLog("Starting receive loop") + + for c.connected { + c.conn.SetReadDeadline(time.Time{}) + + n, err := c.conn.Read(buf) + if err != nil { + if err == io.EOF { + c.addDebugLog("Server closed connection") + } else { + c.addDebugLog("Read error: " + err.Error()) + } + if c.connected { + c.addMessage("System", "Connection lost") + c.disconnect() + } + return + } + + if n == 0 { + continue + } + + c.addDebugLog(fmt.Sprintf("Received %d bytes", n)) + + message, err := crypto.DecryptMessage(c.gcm, buf[:n]) + if err != nil { + c.addDebugLog("Decrypt error: " + err.Error()) + continue + } + + // Try to parse as UserListMessage + if userList, err := protocol.ParseAsUserList([]byte(message)); err == nil && userList.Type == protocol.TypeUserList { + c.onlineUsers = userList.Users + fyne.Do(func() { c.userList.Refresh() }) + c.addMessage("System", fmt.Sprintf("Online: %d users", len(userList.Users))) + continue + } + + // Try to parse as Message + if msg, err := protocol.ParseAsMessage([]byte(message)); err == nil { + switch msg.Type { + case protocol.TypeSystem: + c.addMessage("System", msg.Content) + case protocol.TypePrivate: + c.addMessage("PM-"+msg.From, msg.Content) + case protocol.TypeError: + c.addMessage("System", "Error: "+msg.Content) + default: + c.addMessage(msg.From, msg.Content) + } + } else { + c.addMessage("Server", message) + } + } + + c.addDebugLog("Receive loop ended") +} + +func (c *ChatClient) onUserClick(username string) { + fyne.Do(func() { + c.input.SetText("/pm " + username + " ") + c.input.CursorColumn = len(c.input.Text) + c.window.Canvas().Focus(c.input) + }) + c.addDebugLog("Ready to PM " + username) +} + +func (c *ChatClient) addMessage(sender, message string) { + timestamp := time.Now().Format("15:04:05") + formatted := fmt.Sprintf("[%s] %s: %s", timestamp, sender, message) + + c.messageList = append(c.messageList, formatted) + fyne.Do(func() { + c.messages.Refresh() + c.messages.ScrollToBottom() + }) +} + +func (c *ChatClient) addDebugLog(message string) { + timestamp := time.Now().Format("15:04:05") + logEntry := fmt.Sprintf("[%s] %s\n", timestamp, message) + + fyne.Do(func() { + c.debugLog.SetText(c.debugLog.Text + logEntry) + c.debugLog.CursorRow = len(strings.Split(c.debugLog.Text, "\n")) - 1 + }) +} + +func (c *ChatClient) showError(title, message string) { + fyne.Do(func() { + dialog.ShowError(fmt.Errorf(message), c.window) + }) + c.addMessage("System", title+": "+message) + c.addDebugLog(title + ": " + message) +} diff --git a/cmd/server/main.go b/cmd/server/main.go new file mode 100644 index 0000000..6ee4aa5 --- /dev/null +++ b/cmd/server/main.go @@ -0,0 +1,722 @@ +package main + +import ( + "bytes" + "compress/zlib" + "crypto/cipher" + "crypto/ecdh" + "encoding/json" + "fmt" + "io" + "net" + "os" + "os/signal" + "sync" + "syscall" + "time" + + "github.com/awnumar/memguard" + + "noshitalk/pkg/crypto" + "noshitalk/pkg/protocol" +) + +// Client represents a connected chat client. +type Client struct { + conn net.Conn + identity string + gcm cipher.AEAD + sharedSecret *memguard.Enclave + quit chan struct{} + lastActivity time.Time + mu sync.Mutex + + // Visibility control + isVisible bool + + // Key rotation + currentKeyPair *ecdh.PrivateKey + nextKeyPair *ecdh.PrivateKey + sessionKeys [][]byte + keyRotationCount uint32 + lastRotation time.Time + messageCount uint32 +} + +// FileTransfer tracks an ongoing file transfer. +type FileTransfer struct { + FileID string + Sender *Client + Receiver *Client + StartTime time.Time + TotalChunks int + Received int + Completed bool +} + +var ( + clients = make(map[net.Conn]*Client) + clientsMux sync.RWMutex + fileTransfers = make(map[string]*FileTransfer) + transfersMux sync.RWMutex + version = "2.0-refactored" +) + +const ( + protocolVersion = 2 + fileChunkSize = 256 * 1024 // 256KB chunks + maxFileSize = 500 * 1024 * 1024 // 500MB max + maxConcurrentTransfers = 3 + rotateAfterMessages = 100 + rotateAfterTime = 5 * time.Minute +) + +func main() { + fmt.Printf("NoshiTalk Server v%s\n", version) + fmt.Printf("Zero logs, zero traces, auto-wipe post-session\n") + fmt.Printf("Designed for Tor Hidden Service - localhost only\n") + fmt.Printf("Traffic obfuscation: Padding + Random delays\n") + fmt.Printf("Key rotation enabled (every %d messages or %v)\n", rotateAfterMessages, rotateAfterTime) + fmt.Printf("Ghost mode enabled by default\n\n") + + memguard.CatchInterrupt() + defer secureShutdown("Session completed") + + listenAddr := "127.0.0.1:8083" + fmt.Printf("Listening on: %s (Tor Hidden Service backend)\n", listenAddr) + fmt.Printf("Server NOT exposed directly - Tor proxy required\n\n") + + listener, err := net.Listen("tcp", listenAddr) + if err != nil { + fmt.Printf("Listen error: %v\n", err) + secureShutdown(fmt.Sprintf("Listen error: %v", err)) + } + + fmt.Printf("Server started successfully\n") + fmt.Printf("Waiting for connections...\n\n") + + // Signal handling + stop := make(chan os.Signal, 1) + signal.Notify(stop, os.Interrupt, syscall.SIGTERM) + go func() { + <-stop + fmt.Printf("\nReceived shutdown signal\n") + secureShutdown("Operator requested shutdown") + }() + + // Monitor goroutine + go monitorLoop() + + // Accept connections + for { + conn, err := listener.Accept() + if err != nil { + fmt.Printf("Accept error: %v\n", err) + continue + } + + fmt.Printf("New connection from %s\n", conn.RemoteAddr()) + go handleClient(conn) + } +} + +func monitorLoop() { + ticker := time.NewTicker(60 * time.Second) + defer ticker.Stop() + + for range ticker.C { + clientsMux.RLock() + activeCount := len(clients) + visibleCount := 0 + for _, client := range clients { + if client.isVisible { + visibleCount++ + } + } + if activeCount > 0 { + fmt.Printf("Active connections: %d (visible: %d, ghost: %d)\n", + activeCount, visibleCount, activeCount-visibleCount) + } + clientsMux.RUnlock() + + cleanupOldTransfers() + } +} + +func handleClient(conn net.Conn) { + defer func() { + fmt.Printf("Connection handler ending\n") + conn.Close() + removeClient(conn) + }() + + // Generate server key pair + privateKey, err := crypto.GenerateX25519KeyPair() + if err != nil { + fmt.Printf("Key generation failed: %v\n", err) + return + } + + // Receive client public key + fmt.Printf("Waiting for client public key...\n") + clientPubKeyBytes := make([]byte, 32) + + conn.SetReadDeadline(time.Now().Add(crypto.HandshakeTimeout)) + n, err := io.ReadFull(conn, clientPubKeyBytes) + if err != nil { + fmt.Printf("Error reading client public key: %v\n", err) + return + } + conn.SetReadDeadline(time.Time{}) + + identity := crypto.DeriveIdentity(clientPubKeyBytes) + fmt.Printf("[%s] Received client public key (%d bytes)\n", identity, n) + + // Send server public key + fmt.Printf("[%s] Sending server public key...\n", identity) + if _, err := conn.Write(privateKey.PublicKey().Bytes()); err != nil { + fmt.Printf("[%s] Error sending server public key: %v\n", identity, err) + return + } + + // Calculate shared secret + fmt.Printf("[%s] Calculating shared secret...\n", identity) + sharedSecret, err := crypto.PerformECDH(privateKey, clientPubKeyBytes) + if err != nil { + fmt.Printf("[%s] ECDH failed: %v\n", identity, err) + return + } + + // Mutual authentication + fmt.Printf("[%s] Starting mutual authentication...\n", identity) + if err := crypto.PerformServerAuth(conn, sharedSecret); err != nil { + fmt.Printf("[%s] Authentication failed: %v\n", identity, err) + return + } + + // Setup AES-GCM + fmt.Printf("[%s] Setting up AES-GCM...\n", identity) + gcm, err := crypto.SetupAESGCM(sharedSecret) + if err != nil { + fmt.Printf("[%s] %v\n", identity, err) + return + } + + // Create client + client := &Client{ + conn: conn, + identity: identity, + gcm: gcm, + sharedSecret: crypto.SecureBuffer(sharedSecret), + quit: make(chan struct{}), + lastActivity: time.Now(), + isVisible: false, // Ghost mode by default + currentKeyPair: privateKey, + lastRotation: time.Now(), + messageCount: 0, + } + + addClient(conn, client) + fmt.Printf("[%s] Client initialized (ghost mode)\n", identity) + + // Send welcome message + welcomeMsg := protocol.NewSystemMessage( + fmt.Sprintf("Connected as %s (ghost mode). Use /reveal to become visible, /ghost to hide.", identity)) + client.sendMessage(welcomeMsg) + + // Send personal user list + sendPersonalUserList(client) + + fmt.Printf("[%s] Starting message handling...\n", identity) + client.receiveMessages() + + fmt.Printf("[%s] Client disconnected\n", identity) + + if client.isVisible { + broadcastSystemMessage(fmt.Sprintf("%s disconnected", identity)) + } +} + +func addClient(conn net.Conn, client *Client) { + clientsMux.Lock() + clients[conn] = client + totalClients := len(clients) + clientsMux.Unlock() + + fmt.Printf("[%s] Added to clients map. Total clients: %d\n", client.identity, totalClients) +} + +func removeClient(conn net.Conn) { + clientsMux.Lock() + client, exists := clients[conn] + if exists && client.isVisible { + delete(clients, conn) + clientsMux.Unlock() + broadcastUserListToVisible() + } else { + delete(clients, conn) + clientsMux.Unlock() + } +} + +func (c *Client) sendMessage(msg *protocol.Message) error { + data, err := msg.ToJSON() + if err != nil { + return err + } + return c.sendEncrypted(string(data)) +} + +func (c *Client) sendEncrypted(message string) error { + if c.conn == nil || c.gcm == nil { + return fmt.Errorf("not ready") + } + + data, err := crypto.EncryptMessage(c.gcm, message) + if err != nil { + return err + } + + _, err = c.conn.Write(data) + return err +} + +func (c *Client) receiveMessages() { + defer func() { + if r := recover(); r != nil { + fmt.Printf("[%s] PANIC: %v\n", c.identity, r) + } + close(c.quit) + }() + + buf := make([]byte, 512*1024) + + for { + n, err := c.conn.Read(buf) + if err != nil { + if err == io.EOF { + fmt.Printf("[%s] Connection closed\n", c.identity) + } else { + fmt.Printf("[%s] Read error: %v\n", c.identity, err) + } + return + } + + if n == 0 { + continue + } + + c.mu.Lock() + c.lastActivity = time.Now() + c.messageCount++ + c.mu.Unlock() + + message, err := crypto.DecryptMessage(c.gcm, buf[:n]) + if err != nil { + fmt.Printf("[%s] Decrypt error: %v\n", c.identity, err) + continue + } + + c.checkKeyRotation() + + if c.handleCommand(message) { + continue + } + + // Handle JSON messages + msgType, _, err := protocol.ParseMessage([]byte(message)) + if err == nil { + switch msgType { + case protocol.TypeFileOffer: + if fileOffer, err := protocol.ParseAsFileOffer([]byte(message)); err == nil { + routeFileOffer(c, fileOffer) + continue + } + case protocol.TypeFileChunk: + if fileChunk, err := protocol.ParseAsFileChunk([]byte(message)); err == nil { + routeFileChunk(c, fileChunk) + continue + } + case protocol.TypeFileAccept, protocol.TypeFileReject, protocol.TypeFileComplete: + if fileResp, err := protocol.ParseAsFileResponse([]byte(message)); err == nil { + routeFileResponse(c, fileResp) + continue + } + } + } + + // Handle private messages + if len(message) > 4 && message[:4] == "/pm " { + parts := splitPrivateMessage(message) + if len(parts) < 2 { + errorMsg := protocol.NewErrorMessage("Usage: /pm username message") + c.sendMessage(errorMsg) + continue + } + sendPrivateMessage(c, parts[0], parts[1]) + continue + } + + // Broadcast if visible + if c.isVisible { + broadcastUserMessage(c, message) + } else { + errorMsg := protocol.NewErrorMessage("You are in ghost mode. Use /reveal to send messages.") + c.sendMessage(errorMsg) + } + } +} + +func (c *Client) handleCommand(message string) bool { + switch message { + case "/quit": + return true + case "/reveal": + c.mu.Lock() + wasVisible := c.isVisible + c.isVisible = true + c.mu.Unlock() + + if !wasVisible { + fmt.Printf("[%s] Became visible\n", c.identity) + broadcastSystemMessage(fmt.Sprintf("%s joined the chat", c.identity)) + broadcastUserListToVisible() + } + return true + case "/ghost": + c.mu.Lock() + wasVisible := c.isVisible + c.isVisible = false + c.mu.Unlock() + + if wasVisible { + fmt.Printf("[%s] Went ghost\n", c.identity) + broadcastSystemMessage(fmt.Sprintf("%s went invisible", c.identity)) + broadcastUserListToVisible() + } + return true + case "/users": + sendPersonalUserList(c) + return true + } + return false +} + +func (c *Client) checkKeyRotation() { + c.mu.Lock() + defer c.mu.Unlock() + + needRotation := false + if c.messageCount >= rotateAfterMessages { + needRotation = true + fmt.Printf("[%s] Key rotation triggered (message count: %d)\n", c.identity, c.messageCount) + } + if time.Since(c.lastRotation) > rotateAfterTime { + needRotation = true + fmt.Printf("[%s] Key rotation triggered (time elapsed: %v)\n", c.identity, time.Since(c.lastRotation)) + } + + if needRotation { + c.performKeyRotation() + } +} + +func (c *Client) performKeyRotation() { + newKeyPair, err := crypto.GenerateX25519KeyPair() + if err != nil { + fmt.Printf("[%s] Key rotation failed: %v\n", c.identity, err) + return + } + + c.nextKeyPair = newKeyPair + c.keyRotationCount++ + c.messageCount = 0 + c.lastRotation = time.Now() + + rotMsg := protocol.KeyRotationMessage{ + Type: protocol.TypeKeyRotation, + PublicKey: newKeyPair.PublicKey().Bytes(), + Nonce: make([]byte, 12), + Time: time.Now().Format("15:04:05"), + } + + if data, err := rotMsg.ToJSON(); err == nil { + c.sendEncrypted(string(data)) + } + + fmt.Printf("[%s] Key rotation completed (rotation #%d)\n", c.identity, c.keyRotationCount) +} + +func sendPersonalUserList(client *Client) { + clientsMux.RLock() + visibleUsers := []string{} + for _, c := range clients { + if c.isVisible || c == client { + visibleUsers = append(visibleUsers, c.identity) + } + } + clientsMux.RUnlock() + + userListMsg := protocol.NewUserListMessage(visibleUsers) + if data, err := userListMsg.ToJSON(); err == nil { + client.sendEncrypted(string(data)) + } +} + +func broadcastUserListToVisible() { + clientsMux.RLock() + defer clientsMux.RUnlock() + + visibleUsers := []string{} + for _, c := range clients { + if c.isVisible { + visibleUsers = append(visibleUsers, c.identity) + } + } + + userListMsg := protocol.NewUserListMessage(visibleUsers) + data, err := userListMsg.ToJSON() + if err != nil { + return + } + + for _, client := range clients { + if client.isVisible { + client.sendEncrypted(string(data)) + } + } +} + +func broadcastSystemMessage(message string) { + clientsMux.RLock() + defer clientsMux.RUnlock() + + systemMsg := protocol.NewSystemMessage(message) + data, err := systemMsg.ToJSON() + if err != nil { + return + } + + for _, client := range clients { + if client.isVisible { + client.sendEncrypted(string(data)) + } + } +} + +func broadcastUserMessage(sender *Client, message string) { + clientsMux.RLock() + defer clientsMux.RUnlock() + + userMsg := protocol.NewMessage(sender.identity, "", message, protocol.TypeMessage) + data, err := userMsg.ToJSON() + if err != nil { + return + } + + for _, client := range clients { + if client != sender && client.isVisible { + client.sendEncrypted(string(data)) + } + } +} + +func sendPrivateMessage(sender *Client, targetUsername, message string) { + clientsMux.RLock() + defer clientsMux.RUnlock() + + var targetClient *Client + for _, client := range clients { + if client.identity == targetUsername { + targetClient = client + break + } + } + + if targetClient == nil { + errorMsg := protocol.NewErrorMessage(fmt.Sprintf("User '%s' not found", targetUsername)) + sender.sendMessage(errorMsg) + return + } + + privateMsg := protocol.NewMessage(sender.identity, targetUsername, message, protocol.TypePrivate) + data, err := privateMsg.ToJSON() + if err != nil { + return + } + + fmt.Printf("[%s -> %s] Private message\n", sender.identity, targetUsername) + targetClient.sendEncrypted(string(data)) + sender.sendEncrypted(string(data)) +} + +func splitPrivateMessage(msg string) []string { + content := msg[4:] + spaceIdx := -1 + for i, ch := range content { + if ch == ' ' { + spaceIdx = i + break + } + } + + if spaceIdx == -1 { + return []string{content} + } + + return []string{content[:spaceIdx], content[spaceIdx+1:]} +} + +// File transfer functions +func routeFileOffer(sender *Client, offer *protocol.FileOfferMessage) { + transfersMux.RLock() + activeTransfers := 0 + for _, transfer := range fileTransfers { + if !transfer.Completed && transfer.Sender == sender { + activeTransfers++ + } + } + transfersMux.RUnlock() + + if activeTransfers >= maxConcurrentTransfers { + errorMsg := protocol.NewErrorMessage(fmt.Sprintf("Max concurrent transfers (%d) reached", maxConcurrentTransfers)) + sender.sendMessage(errorMsg) + return + } + + clientsMux.RLock() + var targetClient *Client + for _, client := range clients { + if client.identity == offer.To { + targetClient = client + break + } + } + clientsMux.RUnlock() + + if targetClient == nil { + errorMsg := protocol.NewErrorMessage(fmt.Sprintf("User '%s' not found", offer.To)) + sender.sendMessage(errorMsg) + return + } + + transfer := &FileTransfer{ + FileID: offer.FileID, + Sender: sender, + Receiver: targetClient, + StartTime: time.Now(), + TotalChunks: offer.TotalChunks, + } + + transfersMux.Lock() + fileTransfers[offer.FileID] = transfer + transfersMux.Unlock() + + offer.From = sender.identity + offer.Time = time.Now().Format("15:04:05") + + fmt.Printf("[%s -> %s] File offer: %s (%d bytes, %d chunks)\n", + sender.identity, offer.To, offer.Filename, offer.Size, offer.TotalChunks) + + if data, err := offer.ToJSON(); err == nil { + targetClient.sendEncrypted(string(data)) + } +} + +func routeFileChunk(sender *Client, chunk *protocol.FileChunkMessage) { + transfersMux.RLock() + transfer, exists := fileTransfers[chunk.FileID] + transfersMux.RUnlock() + + if !exists || transfer.Sender != sender { + return + } + + chunk.Time = time.Now().Format("15:04:05") + + transfersMux.Lock() + transfer.Received++ + if transfer.Received >= transfer.TotalChunks { + transfer.Completed = true + fmt.Printf("[%s] File transfer completed in %v\n", sender.identity, time.Since(transfer.StartTime)) + } + transfersMux.Unlock() + + if data, err := chunk.ToJSON(); err == nil { + transfer.Receiver.sendEncrypted(string(data)) + } +} + +func routeFileResponse(sender *Client, resp *protocol.FileResponseMessage) { + transfersMux.RLock() + transfer, exists := fileTransfers[resp.FileID] + transfersMux.RUnlock() + + if !exists { + return + } + + resp.From = sender.identity + resp.Time = time.Now().Format("15:04:05") + + data, err := resp.ToJSON() + if err != nil { + return + } + + if sender == transfer.Receiver { + transfer.Sender.sendEncrypted(string(data)) + } else { + transfer.Receiver.sendEncrypted(string(data)) + } + + if resp.Status == "rejected" || resp.Status == "completed" { + transfersMux.Lock() + delete(fileTransfers, resp.FileID) + transfersMux.Unlock() + } +} + +func cleanupOldTransfers() { + transfersMux.Lock() + defer transfersMux.Unlock() + + now := time.Now() + for fileID, transfer := range fileTransfers { + if now.Sub(transfer.StartTime) > 30*time.Minute { + fmt.Printf("Cleaning up old transfer: %s\n", fileID[:8]) + delete(fileTransfers, fileID) + } + } +} + +func compressData(data []byte) ([]byte, error) { + var buf bytes.Buffer + w := zlib.NewWriter(&buf) + _, err := w.Write(data) + w.Close() + return buf.Bytes(), err +} + +func decompressData(data []byte) ([]byte, error) { + r, err := zlib.NewReader(bytes.NewReader(data)) + if err != nil { + return nil, err + } + defer r.Close() + return io.ReadAll(r) +} + +func secureShutdown(reason string) { + fmt.Printf("\nServer shutdown: %s\n", reason) + + clientsMux.Lock() + for _, client := range clients { + client.conn.Close() + } + clients = make(map[net.Conn]*Client) + clientsMux.Unlock() + + memguard.Purge() + os.Exit(0) +} diff --git a/cmd/web-client/main.go b/cmd/web-client/main.go new file mode 100644 index 0000000..d5322a3 --- /dev/null +++ b/cmd/web-client/main.go @@ -0,0 +1,360 @@ +package main + +import ( + "crypto/rand" + _ "embed" + "encoding/hex" + "encoding/json" + "log" + "net/http" + "sync" + "time" + + "github.com/gorilla/websocket" +) + +//go:embed template.html +var htmlTemplate string + +// Message types +const ( + MsgTypeHandshake = "handshake" + MsgTypePublic = "public" + MsgTypePrivate = "private" + MsgTypeSystem = "system" + MsgTypeUserJoin = "user_join" + MsgTypeUserLeave = "user_leave" + MsgTypeUsersList = "users_list" +) + +// User represents a connected user. +type User struct { + ID string + Name string + Avatar string + Fingerprint string + Conn *websocket.Conn + LastSeen time.Time + mu sync.Mutex +} + +// Message represents a chat message. +type Message struct { + Type string `json:"type"` + From string `json:"from,omitempty"` + FromName string `json:"from_name,omitempty"` + FromAvatar string `json:"from_avatar,omitempty"` + To string `json:"to,omitempty"` + Text string `json:"text,omitempty"` + Timestamp time.Time `json:"timestamp,omitempty"` +} + +// UserInfo for user list. +type UserInfo struct { + ID string `json:"id"` + Name string `json:"name"` + Avatar string `json:"avatar"` + Status string `json:"status"` +} + +// Server represents the chat server. +type Server struct { + users map[string]*User + upgrader websocket.Upgrader + mu sync.RWMutex +} + +var server *Server + +func init() { + server = &Server{ + users: make(map[string]*User), + upgrader: websocket.Upgrader{ + CheckOrigin: func(r *http.Request) bool { return true }, + ReadBufferSize: 1024, + WriteBufferSize: 1024, + }, + } +} + +// NewUser creates a new user. +func NewUser(id, name, fingerprint string, conn *websocket.Conn) *User { + avatar := "" + if len(name) > 0 { + avatar = string(name[0]) + } + + return &User{ + ID: id, + Name: name, + Avatar: avatar, + Fingerprint: fingerprint, + Conn: conn, + LastSeen: time.Now(), + } +} + +// SendMessage sends a message to the user. +func (u *User) SendMessage(msg Message) error { + u.mu.Lock() + defer u.mu.Unlock() + return u.Conn.WriteJSON(msg) +} + +// BroadcastPublic broadcasts a message to all users except the sender. +func (s *Server) BroadcastPublic(msg Message) { + s.mu.RLock() + defer s.mu.RUnlock() + + for fingerprint, user := range s.users { + if fingerprint != msg.From { + go user.SendMessage(msg) + } + } +} + +// SendPrivate sends a private message to a specific user. +func (s *Server) SendPrivate(msg Message) error { + s.mu.RLock() + defer s.mu.RUnlock() + + recipient, exists := s.users[msg.To] + if !exists { + return nil + } + + return recipient.SendMessage(msg) +} + +// AddUser adds a user to the server. +func (s *Server) AddUser(user *User) { + s.mu.Lock() + s.users[user.Fingerprint] = user + s.mu.Unlock() + + log.Printf("User added: %s (fingerprint: %s, total: %d)", user.Name, user.Fingerprint, len(s.users)) + + joinMsg := Message{ + Type: MsgTypeUserJoin, + From: user.Fingerprint, + FromName: user.Name, + FromAvatar: user.Avatar, + Text: user.Name + " joined the chat", + Timestamp: time.Now(), + } + s.BroadcastPublic(joinMsg) + + s.SendUsersList(user) + s.BroadcastUsersList() +} + +// RemoveUser removes a user from the server. +func (s *Server) RemoveUser(fingerprint string) { + s.mu.Lock() + user, exists := s.users[fingerprint] + if exists { + delete(s.users, fingerprint) + } + s.mu.Unlock() + + if exists { + log.Printf("User removed: %s (fingerprint: %s, remaining: %d)", user.Name, fingerprint, len(s.users)) + + leaveMsg := Message{ + Type: MsgTypeUserLeave, + From: fingerprint, + FromName: user.Name, + Text: user.Name + " left the chat", + Timestamp: time.Now(), + } + s.BroadcastPublic(leaveMsg) + s.BroadcastUsersList() + } +} + +// SendUsersList sends the user list to a specific user. +func (s *Server) SendUsersList(user *User) { + s.mu.RLock() + defer s.mu.RUnlock() + + users := make([]UserInfo, 0, len(s.users)) + for _, u := range s.users { + if u.Fingerprint != user.Fingerprint { + users = append(users, UserInfo{ + ID: u.Fingerprint, + Name: u.Name, + Avatar: u.Avatar, + Status: "Encrypted", + }) + } + } + + usersData, _ := json.Marshal(map[string]interface{}{ + "type": MsgTypeUsersList, + "users": users, + }) + + user.mu.Lock() + user.Conn.WriteMessage(websocket.TextMessage, usersData) + user.mu.Unlock() +} + +// BroadcastUsersList broadcasts the user list to all users. +func (s *Server) BroadcastUsersList() { + s.mu.RLock() + defer s.mu.RUnlock() + + for _, user := range s.users { + go s.SendUsersList(user) + } +} + +// HandleWebSocket handles WebSocket connections. +func HandleWebSocket(w http.ResponseWriter, r *http.Request) { + conn, err := server.upgrader.Upgrade(w, r, nil) + if err != nil { + log.Printf("WebSocket upgrade error: %v", err) + return + } + + var handshake struct { + Type string `json:"type"` + Name string `json:"name"` + ID string `json:"id"` + Fingerprint string `json:"fingerprint"` + } + + if err := conn.ReadJSON(&handshake); err != nil { + log.Printf("Handshake error: %v", err) + conn.Close() + return + } + + if handshake.Type != MsgTypeHandshake { + log.Printf("Invalid handshake type: %s", handshake.Type) + conn.Close() + return + } + + if handshake.Fingerprint == "" || len(handshake.Fingerprint) < 8 { + log.Printf("Invalid fingerprint") + conn.Close() + return + } + + server.mu.RLock() + _, exists := server.users[handshake.Fingerprint] + server.mu.RUnlock() + + if exists { + errorMsg := Message{ + Type: MsgTypeSystem, + Text: "Identity already connected. Only one session per identity allowed.", + } + conn.WriteJSON(errorMsg) + conn.Close() + return + } + + user := NewUser(handshake.ID, handshake.Name, handshake.Fingerprint, conn) + server.AddUser(user) + defer server.RemoveUser(user.Fingerprint) + + log.Printf("User connected: %s (%s)", user.Name, user.Fingerprint) + + welcomeMsg := Message{ + Type: MsgTypeSystem, + Text: "Welcome to NoshiTalk! Your identity is cryptographically protected.", + Timestamp: time.Now(), + } + user.SendMessage(welcomeMsg) + + for { + var msg Message + if err := conn.ReadJSON(&msg); err != nil { + if websocket.IsUnexpectedCloseError(err, websocket.CloseGoingAway, websocket.CloseAbnormalClosure) { + log.Printf("WebSocket error: %v", err) + } + break + } + + msg.From = user.Fingerprint + msg.FromName = user.Name + msg.FromAvatar = user.Avatar + msg.Timestamp = time.Now() + + switch msg.Type { + case MsgTypePublic: + server.BroadcastPublic(msg) + log.Printf("Public message from %s: %s", user.Name, msg.Text) + + case MsgTypePrivate: + if err := server.SendPrivate(msg); err != nil { + log.Printf("Private message error: %v", err) + } else { + log.Printf("Private message from %s to %s", user.Name, msg.To) + } + } + + user.LastSeen = time.Now() + } +} + +// HandleIndex serves the main HTML page. +func HandleIndex(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Content-Type", "text/html; charset=utf-8") + w.Header().Set("X-Frame-Options", "DENY") + w.Header().Set("X-Content-Type-Options", "nosniff") + w.Header().Set("Referrer-Policy", "no-referrer") + + w.Write([]byte(htmlTemplate)) +} + +// generateChallenge generates a random challenge. +func generateChallenge() (string, error) { + b := make([]byte, 32) + if _, err := rand.Read(b); err != nil { + return "", err + } + return hex.EncodeToString(b), nil +} + +// CleanupInactiveUsers removes inactive users periodically. +func (s *Server) CleanupInactiveUsers() { + ticker := time.NewTicker(1 * time.Minute) + defer ticker.Stop() + + for range ticker.C { + s.mu.Lock() + now := time.Now() + for fingerprint, user := range s.users { + if now.Sub(user.LastSeen) > 5*time.Minute { + log.Printf("Removing inactive user: %s", user.Name) + delete(s.users, fingerprint) + user.Conn.Close() + } + } + s.mu.Unlock() + } +} + +func main() { + go server.CleanupInactiveUsers() + + http.HandleFunc("/", HandleIndex) + http.HandleFunc("/ws", HandleWebSocket) + + port := ":8080" + log.Printf("===========================================") + log.Printf(" NoshiTalk Web Server v2.0-refactored") + log.Printf("===========================================") + log.Printf(" Port: %s", port) + log.Printf(" WebSocket: ws://localhost%s/ws", port) + log.Printf(" Security: E2E Encrypted + Ephemeral") + log.Printf(" Storage: Zero (RAM only)") + log.Printf("===========================================") + + if err := http.ListenAndServe(port, nil); err != nil { + log.Fatal("Server error: ", err) + } +} diff --git a/cmd/web-client/template.html b/cmd/web-client/template.html new file mode 100644 index 0000000..22c6039 --- /dev/null +++ b/cmd/web-client/template.html @@ -0,0 +1,329 @@ + + + + + + NoshiTalk - Anonymous Encrypted Chat + + + +
+ +
+ + + + + + -- cgit v1.2.3