Share your repls and programming experiences

← Back to all posts
A super simple chatroom that is fast and secure
h
Vandesm14 (2619)

Hate the fact that you either don't have discord or don't have access to it? Well now you can enjoy the fun of human to human communication though LowChat, a high performance chat engine with a simplistic design. No need to worry about a company (or me) spying on you, just fork the repl to make it your own! LowChat features a logless chat engine, meaning all of your messages are never stored, only recieved by the other end and nothing else. If you would like to build a bot for LowChat, it's totally possible (rest api coming soon). It runs off of a single "message" event, allowing the ease of use by any bot maker!

This system is a bit wonky with a couple of extra security features which didn't work. I am in the process of polishing up the site to keep it working properly!

Cheers!
FAQ:
Admin commands? No, not yet.

Comments
hotnewtop
MMarkosPro21 (15)

hey how do I get admin? I forked this

MMarkosPro21 (15)

@MMarkosPro21 oh so um its not done yet? oof

Vandesm14 (2619)

@MMarkosPro21 Nah, it's not finished. But I've abandoned this, so there will be no updates anymore. At least not until a few months/years from now. If there is enough pressure to start it again, I might 😉

YeetsaJr (19)

@Vandesm14 DO THE FUNI AND BRING THIS BACK! (this is humor, no offense)

Vandesm14 (2619)

@YeetsaJr It still works, I've just abandoned this. I'm probably not coming back to this as it is not really a practical application to put my time and effort into. You're welcome to fork the project as long as you @ or credit me.

YeetsaJr (19)

@Vandesm14 I know, what I mean is do an update, please.

Vandesm14 (2619)

@YeetsaJr What would I update? I'm not having it store logs, that'd require quite a bit of storage. So like I said, I'm not really coming back to this as it's not practical and not really useful as there's things like Discord, Slack, WhatsApp, and all the other messaging apps.

YeetsaJr (19)

Things that you could add that shouldn't take too long. (I hope)
-Additional Commands (name/text color, background color, etc.)
-Store chat messages BUT you only store 50. (when someone says something it gets rid of the oldest one)

Idk if these will take a while or not but it's something.

YeetsaJr (19)

@MMarkosPro21 I might have found a way, in the code, it requires an env token by the name of "ADMIN" so if you can find what admin equals then you should be an admin. (The token I would guess would be a username but I can't be sure)

Vandesm14 (2619)

@YeetsaJr Well yeah. But that's like guessing a key of the same type, it's extremely difficult and takes tons of time and power. So it's theoretically impossible to guess the ADMIN password correctly.

pyelias (2149)

Your sanitize function doesn't work when given a string like <script 
>. You could fix this by just replacing all angle brackets with &lt; &gt; (I think, that might have problems too).

Vandesm14 (2619)

@pyelias Wait, do you mean it doesn't sanitize on your side? It's not supposed to. It only sanitizes for the other members.

pyelias (2149)

@Vandesm14 No, I mean you can xss everyone in the chat by including a unicode line separator (u+2028) in an html tag. I've tested this on myself (in another tab) and other people.

Vandesm14 (2619)

@pyelias Ah. I will get to that as soon as possible. Thanks for telling me!

pyelias (2149)

@Vandesm14 You also might want to stop sockets from initing multiple times, and from re-using names.

bitnetwork (1)

You can do some XXS without it triggering the sanitize regex by not properly closing a tag like so: <img src='nonexistantfile.html' onerror='alert()'

Vandesm14 (2619)

@bitnetwork That's been fixed in the new update!

LD1 (49)

Amazing. Maybe add a password feature, so you can create a room, and set a password, so only those with the password can access

Vandesm14 (2619)

@LD1 That's planned in the next update!

Vandesm14 (2619)

@LD1 Wait, do you mean it doesn't sanitize on your side? It's not supposed to. It only sanitizes for the other members.

LD1 (49)

@Vandesm14 Did you mean to send that comment to pyelias?

Vandesm14 (2619)

@LD1 Uhh...Yes. Lol. My mistake!

BryceBrower (0)

Also there’s a bug where if you mute someone you just have to reload and it will unmute.

Vandesm14 (2619)

@BryceBrower Yeah, that's the issue with the system I used: It's account-less, so banning and whatnot will not persist.

BryceBrower (0)

New update idea: code a discord bot that connects to this so everyone can chat together.

Vandesm14 (2619)

@BryceBrower I'm not planning on continuing this anytime soon but you're free to fork this and give it a go yourself! Or even create your own based on mine.

BryceBrower (0)

How do you op people

Vandesm14 (2619)

@BryceBrower If you're on my fork and you've created your own room, just do /op [username] to op someone. If you're on your own fork, you can create a .env file and put an admin password like so ADMIN=1234, which you can use to op yourself: /key 1234. From there, you can op people.

kirjorjos (0)

looking into this more, I'm getting confused as to whether or not more than 1 room is supposed to be able to exist, and if so, how I define them. I found what you said about "/" in the url, but when I make it "/test" instead of "/main", it works, but when I do "/rooms", it only lists "test", not "main" anymore.

Vandesm14 (2619)

@kirjorjos I'd love to help, but even I have no idea how this works internally.
1) It's been quite a while since I've worked on this
2) The code was hacked together and didn't really work to begin with

Sorry about that.

kirjorjos (0)

@Vandesm14 It's ok, I've managed to get the discord bot I was talking about earlier working bi-directional for a single channel with the "main" room. That at least allows for me to bypass the block on it; thank you for providing this irc as a frame at all.

Vandesm14 (2619)

@kirjorjos No problem! I'm glad you were able to get it to work!

kirjorjos (0)

Would I be able to make a discord bot that connects to a forked copy of lowchat?

Vandesm14 (2619)

@kirjorjos I couldn't tell you how to do it, but it's possible. You'd need to use SocketIO as the API platform.

kirjorjos (0)

@Vandesm14 ok, I was trying for a while to just find where it sends the message out and where it receives the message and add a discord channel send and encase it in a on message respectively. I've been looking to make an irc client to discord bot for a while, but it's been a bit hard for me as I'm not very familiar with html. I'll do a bit of googling on socket io then, thank you.

Azazeth (0)

um how do i make it so that the server will save chatlogs?

Vandesm14 (2619)

@Azazeth You'd need to use something like ReplDB, MongoDB, or nedb. Then, you'd need to send and receive the stored messages on the client.

LD1 (49)

Just so you know I still use this occasionally :)

I was wondering what you do to escape things like <script>?

Vandesm14 (2619)

@LD1 I use RegEx to find all "<" and ">" and replace them with "<" and ">" respectively. Here's the code for the function:

message.replace(/</g, '&lt;').replace(/>/g, '&gt;');

This code is run on the server, not the client (script.js)

If you have Discord, I can give you a detailed explanation of the functions and configuration of LowChat in detail: Vandesm14#3364

LD1 (49)

Love the new update. I do think that it should ask you what you want your username to be, instead of you having to set a new one each time. I noticed that your using cookies, but it doesn't save your name/nickname for the next time or when you reload. It would be nice if it checked to see if you had a name saved in cookies before giving you a new random name

Vandesm14 (2619)

@LD1 It should be caching your username and the chatlogs. If it's not, make sure you have localStorage enabled.

LD1 (49)

@Vandesm14 Oh yeah. All my cookies get removed on reload. Lol sorry

Vandesm14 (2619)

Hello all! I am letting you guys know that I've updated the servers to Lowchat V2! V2 is much more secure and has way more commands than V1. I will ask that you place any feedback for Lowchat V2 here

Desireless (0)

Amazing, I liked the simplistic design!

Vandesm14 (2619)

@Desireless Thanks! It's supposed to be a bit nostalgic from the days of IRC.

RogueHalo (404)

Great Project, looking forward to see this Develop!

Vandesm14 (2619)

@JacksonCowie Thanks. I'm working on fixing all of the issues and releasing a new update!

LD1 (49)

I noticed that if you type enough messages so it fills up the screen, instead of making the page longer, the messages just get closer together as you type.

LD1 (49)

I would appreciate it if the message bar stuck to the bottom of the page, and if you click on it, and your not at the bottom of the messages, then it sends you to the bottom.

Vandesm14 (2619)

@LD1 Fixing the chatlog is on the list. I'm not sure why it keeps breaking, but I will add auto-scroll as well!

[deleted]

Wow! This is great! I have one suggestion. Maybe on the homepage, you can provide urls to the most visited chatrooms. For example:

Most Popular Chatrooms:
1. /chatroom/
2. /coolthings/
3. /lowchatters/

Besides that, I think this has a lot of potential!

Vandesm14 (2619)

@ryaalbr Interesting idea. I'm thinking of making a link to the /root chatroom (which I use a bit). But a public listing of the active chatrooms might be a bit too much of a security problem as some people would want their rooms private. In the next update, this will most likely happen though as I am reworking the code to support admin commands and username registration.

LD1 (49)

@Vandesm14 You could show the most visited rooms, and the people who created the room can choose to have a password or not. That way, even if someone has a link to it, they still need a password if the room owner wants it that way.

Vandesm14 (2619)

@LD1 Good point. As password-protected rooms are coming soon, I will make sure to include this in the next update!

ash15khng (710)

Nice! I have a suggestion, could you add a way to join a room which is not by adding to a URL? (you can maybe add a text box?)

Vandesm14 (2619)

@ash15khng If you go to the homepage "/" there is an input box (autofocused) for you to input a room name. Should I make it more clear that there is an input box?

ash15khng (710)

@Vandesm14 Wow I didn't notice that sorry.

XavierDD (100)

Nice idea. Though it could be logged with a bot/program that is running in the server though, right?

Vandesm14 (2619)

@XavierDD Yes. You could have a bot track the messages in a room and store them to a log. But this is really difficult to detect and prevent so there isn't any current implementation of a protection against this.