A chat app for seniors who feel lonely during corona time to talk to each other, anonymously.
The chat requires only a username. The user can join a room from a list of rooms displayed on the main page. If no room is selected, the server will select the best room for them.
An XSS sanitizer is used to sanitize all input from the client. This should prevent XSS attacks on the server or on clients, but I'm by no means an expert on this.
A user can login to become an admin by opening the console and using the requestAdmin(password) function. The password is stored as hash in the server. It is hashed by bcrypt.
And admin can use the adm object in the console for admin functionality. adm.kickUser(id) will a kick a user and adm.shadowBan(id) will shadow ban a user. When shadow banned, the shadow banned user still sees all messages, but all other users no longer see the messages from the shadow banned users.
The id (socketid) of a user can be found using the chatUsers variable.
The server does not store any data, neither does it (read: should it) log any data. However, google analytics are enabled, and the username and room name are stored in the url. So through analytics, the username and room name may still be visible to the host. The conversations in the chat, however, are in no way stored.
The main chat app is hosted at Heroku. Automatic deployment is enabled from the master branch.
The development version is hosted at a different Heroku url, which has automatic deployment from the staging branch.
- Install Node
- Run
npm installandnpm start - Use the app by visiting
localhost:3000(or whatever port is used)