A super simple chatroom that is fast and secure
Hate the fact that you either don't have discord or don't have access to it? Well now you can enjoy the fun of human to human communication though LowChat, a high performance chat engine with a simplistic design. No need to worry about a company (or me) spying on you, just fork the repl to make it your own! LowChat features a logless chat engine, meaning all of your messages are never stored, only recieved by the other end and nothing else. If you would like to build a bot for LowChat, it's totally possible (rest api coming soon). It runs off of a single "message" event, allowing the ease of use by any bot maker!
This system is a bit wonky with a couple of extra security features which didn't work. I am in the process of polishing up the site to keep it working properly!
Cheers!
FAQ:
Admin commands? No, not yet.
Your sanitize function doesn't work when given a string like <script
>. You could fix this by just replacing all angle brackets with < > (I think, that might have problems too).
@Vandesm14 No, I mean you can xss everyone in the chat by including a unicode line separator (u+2028) in an html tag. I've tested this on myself (in another tab) and other people.
@Vandesm14 You also might want to stop sockets from initing multiple times, and from re-using names.
You can do some XXS without it triggering the sanitize regex by not properly closing a tag like so: <img src='nonexistantfile.html' onerror='alert()'
@bitnetwork That's been fixed in the new update!
Amazing. Maybe add a password feature, so you can create a room, and set a password, so only those with the password can access
@Vandesm14 PLEASE ADD A TAB THAT SAYS ENTER YOUR NAME PLEASE 😭😭😭😭
how do i get the op stuff?
@PATRICKCALLAHA2 If you're on my fork and you've created your own room, just do /op [username] to op someone. If you're on your own fork, you can create a .env file and put an admin password like so ADMIN=1234, which you can use to op yourself: /key 1234. From there, you can op people.
Also there’s a bug where if you mute someone you just have to reload and it will unmute.
@BryceBrower Yeah, that's the issue with the system I used: It's account-less, so banning and whatnot will not persist.
New update idea: code a discord bot that connects to this so everyone can chat together.
@BryceBrower I'm not planning on continuing this anytime soon but you're free to fork this and give it a go yourself! Or even create your own based on mine.
How do you op people
@BryceBrower If you're on my fork and you've created your own room, just do /op [username] to op someone. If you're on your own fork, you can create a .env file and put an admin password like so ADMIN=1234, which you can use to op yourself: /key 1234. From there, you can op people.
@Vandesm14 Thank you!
looking into this more, I'm getting confused as to whether or not more than 1 room is supposed to be able to exist, and if so, how I define them. I found what you said about "/" in the url, but when I make it "/test" instead of "/main", it works, but when I do "/rooms", it only lists "test", not "main" anymore.
@kirjorjos I'd love to help, but even I have no idea how this works internally.
1) It's been quite a while since I've worked on this
2) The code was hacked together and didn't really work to begin with
Sorry about that.
@Vandesm14 It's ok, I've managed to get the discord bot I was talking about earlier working bi-directional for a single channel with the "main" room. That at least allows for me to bypass the block on it; thank you for providing this irc as a frame at all.
@kirjorjos No problem! I'm glad you were able to get it to work!
Would I be able to make a discord bot that connects to a forked copy of lowchat?
@kirjorjos I couldn't tell you how to do it, but it's possible. You'd need to use SocketIO as the API platform.
@Vandesm14 ok, I was trying for a while to just find where it sends the message out and where it receives the message and add a discord channel send and encase it in a on message respectively. I've been looking to make an irc client to discord bot for a while, but it's been a bit hard for me as I'm not very familiar with html. I'll do a bit of googling on socket io then, thank you.
Just so you know I still use this occasionally :)
I was wondering what you do to escape things like <script>?
@LD1 I use RegEx to find all "<" and ">" and replace them with "<" and ">" respectively. Here's the code for the function:
This code is run on the server, not the client (script.js)
If you have Discord, I can give you a detailed explanation of the functions and configuration of LowChat in detail: Vandesm14#3364
Love the new update. I do think that it should ask you what you want your username to be, instead of you having to set a new one each time. I noticed that your using cookies, but it doesn't save your name/nickname for the next time or when you reload. It would be nice if it checked to see if you had a name saved in cookies before giving you a new random name
@Vandesm14 Oh yeah. All my cookies get removed on reload. Lol sorry
Amazing, I liked the simplistic design!
@Desireless Thanks! It's supposed to be a bit nostalgic from the days of IRC.
Great Project, looking forward to see this Develop!
@JacksonCowie Thanks. I'm working on fixing all of the issues and releasing a new update!
I noticed that if you type enough messages so it fills up the screen, instead of making the page longer, the messages just get closer together as you type.
Wow! This is great! I have one suggestion. Maybe on the homepage, you can provide urls to the most visited chatrooms. For example:
Besides that, I think this has a lot of potential!
@ryaalbr Interesting idea. I'm thinking of making a link to the /root chatroom (which I use a bit). But a public listing of the active chatrooms might be a bit too much of a security problem as some people would want their rooms private. In the next update, this will most likely happen though as I am reworking the code to support admin commands and username registration.
@Vandesm14 You could show the most visited rooms, and the people who created the room can choose to have a password or not. That way, even if someone has a link to it, they still need a password if the room owner wants it that way.
Nice! I have a suggestion, could you add a way to join a room which is not by adding to a URL? (you can maybe add a text box?)
@ash15khng If you go to the homepage "/" there is an input box (autofocused) for you to input a room name. Should I make it more clear that there is an input box?
@Vandesm14 Wow I didn't notice that sorry.
Nice idea. Though it could be logged with a bot/program that is running in the server though, right?
hey how do I get admin? I forked this
@MMarkosPro21 oh so um its not done yet? oof
@MMarkosPro21 Nah, it's not finished. But I've abandoned this, so there will be no updates anymore. At least not until a few months/years from now. If there is enough pressure to start it again, I might 😉
@Vandesm14 DO THE FUNI AND BRING THIS BACK! (this is humor, no offense)
@YeetsaJr It still works, I've just abandoned this. I'm probably not coming back to this as it is not really a practical application to put my time and effort into. You're welcome to fork the project as long as you @ or credit me.
@Vandesm14 I know, what I mean is do an update, please.
@YeetsaJr What would I update? I'm not having it store logs, that'd require quite a bit of storage. So like I said, I'm not really coming back to this as it's not practical and not really useful as there's things like Discord, Slack, WhatsApp, and all the other messaging apps.
Things that you could add that shouldn't take too long. (I hope)
-Additional Commands (name/text color, background color, etc.)
-Store chat messages BUT you only store 50. (when someone says something it gets rid of the oldest one)
Idk if these will take a while or not but it's something.
@MMarkosPro21 I might have found a way, in the code, it requires an env token by the name of "ADMIN" so if you can find what admin equals then you should be an admin. (The token I would guess would be a username but I can't be sure)
@YeetsaJr Well yeah. But that's like guessing a key of the same type, it's extremely difficult and takes tons of time and power. So it's theoretically impossible to guess the ADMIN password correctly.