Skip to content

Noir0x63/Quasar

Repository files navigation

Quasar Secure — E2EE Chat Platform

Overview

Quasar Secure is a real-time messaging application designed under Zero Trust principles. The system provides end-to-end encryption (E2EE) ensuring data confidentiality and security throughout all communications. Audio, video, and screen sharing are managed through peer-to-peer WebRTC connections, eliminating centralized routers to minimize the attack surface.

Architecture & Technologies

The project is divided into a backend structured for high security and a lightweight frontend:

  • Backend: Developed in Node.js (version 20.x). Uses Socket.io for real-time signaling and event management, along with the native HTTP module.
  • Database: SQLite managed via the better-sqlite3 and sql.js libraries, with encryption support and optimized WAL mode.
  • Frontend: Implemented with Vanilla JS and React components, ensuring a reactive interface without excessive third-party package dependencies on the client side.
  • Communications: Native WebRTC (P2P) for audio and video. Robust JWT-based authentication and strict HTTPOnly cookie validation.
  • Integrated Security: File Integrity Monitoring (FIM), protection against timing attacks in hash comparison, and injection mitigation through rigorous Content-Security-Policy (CSP) enforcement.

Prerequisites

Before proceeding with installation, the following are required:

  • Node.js version 20.x or higher.
  • npm (Node Package Manager).
  • Generation of an RSA key pair for system administration.

Setup & Installation

  1. Clone the repository and navigate to the directory.

  2. Install project dependencies:

    npm install
  3. RSA Key Generation: The system requires an RSA key pair to verify administrative access. Run the following commands to generate the required keys and store them in the backend/ directory:

    openssl genrsa -out backend/admin_private.pem 2048
    openssl rsa -in backend/admin_private.pem -pubout -out backend/admin_public.pem

Environment Variables & Security

The configuration system is strict and will fail if the proper credentials are not provided in a production environment. Create a .env file in the project root or configure the environment variables on the system:

  • JWT_SECRET: Secure string used to sign JSON Web Tokens.
  • ADMIN_PASSWORD_HASH: Cryptographic hash of the administrator password.
  • DB_SECRET: Symmetric encryption key for the database (optional in development, mandatory in production).
  • NODE_ENV: Set to production to enable strict security policies (FIM, enforced HTTPS).
  • PORT: HTTP server listening port (default: 8080).

Execution

To start the application, use the script defined in the package:

npm start

This command starts the Node.js server, launching the chat system and WebRTC signaling synchronization.

In local development and testing environments, a tunnel can be used through the auxiliary script when applicable, although the official and recommended entry point is npm start which executes backend/index.js.

Project Structure

  • /backend: Contains server logic, security modules (auth.js, config.js), and the entry point index.js.
  • /frontend: React source components and interface resources.
  • /public: Vanilla JS, CSS, and image static files served directly by the backend to clients.
  • start-secure.js: Auxiliary script for deployments with Ngrok or Cloudflare (used depending on specific network requirements).

Developed by Eduardo "Noir0x63" Camarillo noir0x63.github.io

About

Quasar Secure is a real-time messaging application designed under the principles of Zero Trust.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors