A super simple chatroom that is fast and secure

Hate the fact that you either don't have discord or don't have access to it? Well now you can enjoy the fun of human to human communication though LowChat, a high performance chat engine with a simplistic design. No need to worry about a company (or me) spying on you, just fork the repl to make it your own! LowChat features a logless chat engine, meaning all of your messages are never stored, only recieved by the other end and nothing else. If you would like to build a bot for LowChat, it's totally possible (rest api coming soon). It runs off of a single "message" event, allowing the ease of use by any bot maker!

This system is a bit wonky with a couple of extra security features which didn't work. I am in the process of polishing up the site to keep it working properly!

Cheers!
FAQ:
Admin commands? No, not yet.

Voters

24 more...

Comments

hot new top

hey how do I get admin? I forked this

oh so um its not done yet? oof

Nah, it's not finished. But I've abandoned this, so there will be no updates anymore. At least not until a few months/years from now. If there is enough pressure to start it again, I might 😉

It still works, I've just abandoned this. I'm probably not coming back to this as it is not really a practical application to put my time and effort into. You're welcome to fork the project as long as you @ or credit me.

What would I update? I'm not having it store logs, that'd require quite a bit of storage. So like I said, I'm not really coming back to this as it's not practical and not really useful as there's things like Discord, Slack, WhatsApp, and all the other messaging apps.

Well yeah. But that's like guessing a key of the same type, it's extremely difficult and takes tons of time and power. So it's theoretically impossible to guess the ADMIN password correctly.

Your sanitize function doesn't work when given a string like <script  >. You could fix this by just replacing all angle brackets with < > (I think, that might have problems too).

Noted

Wait, do you mean it doesn't sanitize on your side? It's not supposed to. It only sanitizes for the other members.

No, I mean you can xss everyone in the chat by including a unicode line separator (u+2028) in an html tag. I've tested this on myself (in another tab) and other people.

Ah. I will get to that as soon as possible. Thanks for telling me!

You also might want to stop sockets from initing multiple times, and from re-using names.

how do i get the op stuff?

If you're on my fork and you've created your own room, just do /op [username] to op someone. If you're on your own fork, you can create a .env file and put an admin password like so ADMIN=1234, which you can use to op yourself: /key 1234. From there, you can op people.

You can do some XXS without it triggering the sanitize regex by not properly closing a tag like so: <img src='nonexistantfile.html' onerror='alert()'

That's been fixed in the new update!

Amazing. Maybe add a password feature, so you can create a room, and set a password, so only those with the password can access

That's planned in the next update!

Wait, do you mean it doesn't sanitize on your side? It's not supposed to. It only sanitizes for the other members.

Did you mean to send that comment to pyelias?

Uhh...Yes. Lol. My mistake!

How do you create rooms?

You can use /join <room name> to join or create a room!

A great development for those who begin to practice coding for messengers. But there is no future for such development because today's Internet will not exist without messengers that ""spy."" Think about the future of your product.

Text messaging platforms for business hold on to what monitors data. This is what online business is based on today. You're just fooling yourself when you create an entirely closed chat engine. Because messages are going through the Internet anyway, the data can be intercepted more radically.

Yeah, this was just a proof of concept. I'm aware that this isn't going anywhere, that wasn't the point of this project anyway...

PLEASE ADD A TAB THAT SAYS ENTER YOUR NAME PLEASE 😭😭😭😭

Also there’s a bug where if you mute someone you just have to reload and it will unmute.

Yeah, that's the issue with the system I used: It's account-less, so banning and whatnot will not persist.

New update idea: code a discord bot that connects to this so everyone can chat together.

I'm not planning on continuing this anytime soon but you're free to fork this and give it a go yourself! Or even create your own based on mine.

How do you op people

Thank you!

looking into this more, I'm getting confused as to whether or not more than 1 room is supposed to be able to exist, and if so, how I define them. I found what you said about "/" in the url, but when I make it "/test" instead of "/main", it works, but when I do "/rooms", it only lists "test", not "main" anymore.

I'd love to help, but even I have no idea how this works internally.

It's been quite a while since I've worked on this
The code was hacked together and didn't really work to begin with

Sorry about that.

It's ok, I've managed to get the discord bot I was talking about earlier working bi-directional for a single channel with the "main" room. That at least allows for me to bypass the block on it; thank you for providing this irc as a frame at all.

No problem! I'm glad you were able to get it to work!

Would I be able to make a discord bot that connects to a forked copy of lowchat?

I couldn't tell you how to do it, but it's possible. You'd need to use SocketIO as the API platform.

ok, I was trying for a while to just find where it sends the message out and where it receives the message and add a discord channel send and encase it in a on message respectively. I've been looking to make an irc client to discord bot for a while, but it's been a bit hard for me as I'm not very familiar with html. I'll do a bit of googling on socket io then, thank you.

um how do i make it so that the server will save chatlogs?

You'd need to use something like ReplDB, MongoDB, or nedb. Then, you'd need to send and receive the stored messages on the client.

Just so you know I still use this occasionally :)

I was wondering what you do to escape things like

I use RegEx to find all "<" and ">" and replace them with "<" and ">" respectively. Here's the code for the function:


message.replace(/</g, '&lt;').replace(/>/g, '&gt;');

This code is run on the server, not the client (script.js)

If you have Discord, I can give you a detailed explanation of the functions and configuration of LowChat in detail: Vandesm14#3364

Love the new update. I do think that it should ask you what you want your username to be, instead of you having to set a new one each time. I noticed that your using cookies, but it doesn't save your name/nickname for the next time or when you reload. It would be nice if it checked to see if you had a name saved in cookies before giving you a new random name

It should be caching your username and the chatlogs. If it's not, make sure you have localStorage enabled.

Oh yeah. All my cookies get removed on reload. Lol sorry

Hello all! I am letting you guys know that I've updated the servers to Lowchat V2! V2 is much more secure and has way more commands than V1. I will ask that you place any feedback for Lowchat V2 here

Amazing, I liked the simplistic design!

Thanks! It's supposed to be a bit nostalgic from the days of IRC.

Profile icon

[deleted]

Great Project, looking forward to see this Develop!

Thanks. I'm working on fixing all of the issues and releasing a new update!

I noticed that if you type enough messages so it fills up the screen, instead of making the page longer, the messages just get closer together as you type.

AF05D0C4-A9C3-4D33-A6B8-D408CAB85E6C

I would appreciate it if the message bar stuck to the bottom of the page, and if you click on it, and your not at the bottom of the messages, then it sends you to the bottom.

Fixing the chatlog is on the list. I'm not sure why it keeps breaking, but I will add auto-scroll as well!

Profile icon

[deleted]

Wow! This is great! I have one suggestion. Maybe on the homepage, you can provide urls to the most visited chatrooms. For example:


Most Popular Chatrooms:
1. /chatroom/
2. /coolthings/
3. /lowchatters/

Besides that, I think this has a lot of potential!

Interesting idea. I'm thinking of making a link to the /root chatroom (which I use a bit). But a public listing of the active chatrooms might be a bit too much of a security problem as some people would want their rooms private. In the next update, this will most likely happen though as I am reworking the code to support admin commands and username registration.

You could show the most visited rooms, and the people who created the room can choose to have a password or not. That way, even if someone has a link to it, they still need a password if the room owner wants it that way.

Good point. As password-protected rooms are coming soon, I will make sure to include this in the next update!

Nice! I have a suggestion, could you add a way to join a room which is not by adding to a URL? (you can maybe add a text box?)