Node Message v1.0 (Node.js Chatroom)
RogerCronin1 (6)

Seems like everyone on repl loves making chatrooms in Python, but I don't know much so here's one in Node.js.
Link here!

NOTE
Use a dummy password when creating your account. I have the ability to view the passwords to the accounts created using this repl.

Complete with

  • User registration
  • Custom emojis
  • Timestamps
  • List of connected users
  • Really basic commands
  • Not so great CSS
  • And much more!

I built it using an Express server with socket-io for the actual chatroom functionality. Simple HTML + CSS is the front end, and it's rendered with EJS.

If you have any suggestions or bug reports, feel free to drop them below in the comments or contact me on Discord at Roger (smh)#4570. Note that the client and some of the server is based on an old project of mine circa summer 2019, so some of the code is pretty bad. I wouldn't recommend dissecting it, but if you want to I can't really stop you, huh.

You are viewing a single comment. View All
sanjaykdragon (171)

Are you using aes-128-cbc to store usernames / passwords? if so why? use hashing instead

RogerCronin1 (6)

@sanjaykdragon I saw some numberphile video on AES and thought it was neat, and implementation in Node.js was easy

sanjaykdragon (171)

@RogerCronin1 using AES for storing passwords / usernames is useless. Hash the passwords instead, and if you want to use AES, use it to transmit the chat messages

RogerCronin1 (6)

@sanjaykdragon The password on the encryption is over 100 characters long, I'm pretty sure it would take a while to crack that. But yeah I might as well change the method when I next update it.

sanjaykdragon (171)

@RogerCronin1 Thats not the point, my point is that YOU can see our plaintext passwords, which is generally not appropriate for high quality code.

edit: and the password for your encryption is stored in your code, so if someone hacks your server, then the encryption is useless

Zavexeon (631)

@sanjaykdragon That's why when I made an account I didn't use my repl.it password, I made a generic one up.

RogerCronin1 (6)

@sanjaykdragon Ah, right. I wasn't planning on expanding this to something more than a small thing. I made it more clear that people shouldn't use an actual password that they'd normally use until I update it. Thanks!

sanjaykdragon (171)

@Zavexeon yeah i just mashed my keyboard

@RogerCronin1 Yeah, but even so its generally good practice to hash passwords