{"id":28954434,"url":"https://github.com/art2url/quasar-contact-app","last_synced_at":"2026-02-08T11:27:07.746Z","repository":{"id":300183237,"uuid":"1001446832","full_name":"art2url/quasar-contact-app","owner":"art2url","description":"🪐 Quasar Contact is an end-to-end encrypted, real-time messaging application built with Angular. It enables secure, reliable communication with privacy and ease of use at its core.","archived":false,"fork":false,"pushed_at":"2025-10-26T10:10:07.000Z","size":25502,"stargazers_count":3,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"develop","last_synced_at":"2025-10-26T10:26:12.463Z","etag":null,"topics":["angular","chat-application","docker","encrypted-chat","end-to-end-encryption","express","full-stack","jwt-authentication","mongodb","nodejs","privacy-first","progressive-web-app","real-time-chat","secure-messaging","socket-io","spa","typescript","web-crypto-api","websocket","zero-knowledge"],"latest_commit_sha":null,"homepage":"https://quasar.contact","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/art2url.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"ko_fi":"art2url"}},"created_at":"2025-06-13T11:52:24.000Z","updated_at":"2025-10-09T08:21:40.000Z","dependencies_parsed_at":"2025-07-04T11:21:36.594Z","dependency_job_id":"d9ca1dc2-804f-4355-bf16-288179b83e65","html_url":"https://github.com/art2url/quasar-contact-app","commit_stats":null,"previous_names":["art2url/quasar-contact-app"],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/art2url/quasar-contact-app","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/art2url%2Fquasar-contact-app","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/art2url%2Fquasar-contact-app/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/art2url%2Fquasar-contact-app/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/art2url%2Fquasar-contact-app/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/art2url","download_url":"https://codeload.github.com/art2url/quasar-contact-app/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/art2url%2Fquasar-contact-app/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29229289,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-08T09:43:19.170Z","status":"ssl_error","status_checked_at":"2026-02-08T09:42:55.556Z","response_time":57,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["angular","chat-application","docker","encrypted-chat","end-to-end-encryption","express","full-stack","jwt-authentication","mongodb","nodejs","privacy-first","progressive-web-app","real-time-chat","secure-messaging","socket-io","spa","typescript","web-crypto-api","websocket","zero-knowledge"],"created_at":"2025-06-23T19:10:29.538Z","updated_at":"2026-02-08T11:27:07.687Z","avatar_url":"https://github.com/art2url.png","language":"TypeScript","funding_links":["https://ko-fi.com/art2url"],"categories":[],"sub_categories":[],"readme":"# Quasar Contact - Secure End-to-End Encrypted Chat Application\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://quasar.contact/\" target=\"_blank\"\u003e\n    \u003cimg src=\"landing/public/assets/images/preview.png\" alt=\"Lead to Quasar Landing\" width=\"100%\"\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n## 🔐 Overview\n\nQuasar Contact is a privacy-focused, real-time messaging application that implements military-grade\nend-to-end encryption. Built with Angular 18, Node.js, and Socket.IO, it ensures that your\nconversations remain completely private with zero data logging and client-side encryption.\n\n**🚧 Current Status: Beta Stage**\n\n## 🚀 **Production-Ready Features**\n\n### **🔐 Enterprise-Grade Security**\n\n- **Military-Grade Encryption**: RSA-OAEP + AES-GCM hybrid encryption\n- **Advanced Bot Protection**: 98+ blocked attack vectors with intelligent filtering\n- **Multi-Layer Honeypots**: Form timing validation and suspicious pattern detection\n- **CSRF Protection**: Double-submit cookie pattern with secure tokens\n- **Auto-Blacklisting**: Dynamic IP blocking for malicious behavior\n\n### **💬 Advanced Messaging**\n\n- **Real-Time Editing**: Live message editing and deletion via WebSocket\n- **Rich Media Support**: Emoji picker and secure file attachments\n- **Smart Features**: Message grouping, read receipts, typing indicators\n- **Offline Queue**: Message delivery when users reconnect with TTL management\n\n### **📱 Mobile-First Experience**\n\n- **60fps Performance**: Optimized scrolling and keyboard handling\n- **Dynamic Viewport**: Real-time layout adjustments for virtual keyboards\n- **iOS Safari Compatible**: Visual Viewport API integration\n- **Battery Efficient**: Reduced CPU usage through event optimization\n\n### **🏗️ Modern Architecture**\n\n- **PostgreSQL + Prisma**: ACID compliant with connection pooling\n- **Facade Pattern**: 8 specialized services for chat functionality\n- **Encrypted Storage**: AES-GCM encrypted IndexedDB with Vault service\n- **Health Monitoring**: Container health checks and connection management\n\n## ✨ Key Features\n\n### 🛡️ Security \u0026 Privacy\n\n- **End-to-End Encryption**: All messages are encrypted using Web Crypto API (AES-GCM) before\n  leaving your device\n- **Zero Knowledge Architecture**: Server never has access to decryption keys or plaintext messages\n- **Client-Side Key Generation**: RSA-OAEP key pairs generated and stored locally\n- **No Data Logging**: Messages are stored encrypted and can only be decrypted by intended\n  recipients\n- **Encrypted Local Storage**: AES-GCM encrypted IndexedDB storage with Vault service\n- **Key Management**: Private key derivation, fingerprinting, and corruption detection\n- **Hybrid Encryption**: RSA-OAEP + AES-GCM with error throttling and retry logic\n\n### 🛡️ Advanced Security \u0026 Protection\n\n#### Bot Protection \u0026 Anti-Abuse\n\n- **Intelligent Bot Blocker**: 98+ blocked malicious paths with user agent filtering\n- **Multi-layer Honeypot**: Form timing validation, suspicious pattern detection, trap fields\n- **Auto-Blacklisting**: Automatic IP blocking for suspicious behavior\n- **Request Logging**: Comprehensive logging with daily rotation for security analysis\n\n#### Authentication \u0026 Session Security\n\n- **CSRF Protection**: Double-submit cookie pattern with cryptographically secure tokens\n- **Advanced Rate Limiting**: Multiple rate limiters with brute-force protection\n- **JWT Security**: Secure token generation with configurable expiry\n- **Session Management**: Secure session handling with automatic cleanup\n\n#### Server Security\n\n- **Security Headers**: Comprehensive security header middleware (Helmet.js)\n- **CORS Protection**: Strict origin validation and pre-flight handling\n- **Input Validation**: Server-side validation for all inputs with sanitization\n- **SQL Injection Protection**: Prisma ORM with parameterized queries\n\n### 💬 Messaging Features\n\n- **Real-Time Communication**: Instant message delivery via WebSocket connections\n- **Message Status Indicators**: Sent, delivered, and read receipts\n- **Typing Indicators**: See when your conversation partner is typing\n- **Message Editing \u0026 Deletion**: Edit or delete sent messages\n- **Online/Offline Status**: Real-time presence tracking\n- **Message Queue**: Offline message delivery when users reconnect\n- **Smart Message Grouping**: Automatic grouping of messages by date with headers\n- **Intelligent Scrolling**: Auto-scroll with \"new messages\" counter and scroll-to-bottom\n- **Enhanced Read Receipts**: Automatic read receipt handling with improved tracking\n- **Advanced Message Styling**: Visual hierarchy with dimmed metadata and smaller timestamps\n- **System Message Icons**: Material Design icons instead of emojis for better consistency\n- **Enhanced Message States**: Improved styling for encrypted, deleted, and unreadable messages\n- **Emoji Picker**: Rich emoji selection with theme-aware design and mobile optimization\n- **File Attachments**: Secure file sharing with encryption and size limits\n- **Message Editing**: Real-time message editing with WebSocket synchronization\n- **Message Deletion**: Soft deletion with proper cleanup and real-time updates\n\n### 🎯 User Experience\n\n- **Progressive Web App**: Installable on desktop and mobile devices\n- **Responsive Design**: Optimized for all screen sizes with mobile-first approach\n- **Dark Theme**: Modern, eye-friendly interface\n- **Auto-Reconnection**: Seamless connection recovery with exponential backoff\n- **Search Functionality**: Find users and conversations quickly\n\n### 📱 Mobile Optimizations\n\n- **Dynamic Viewport Handling**: Real-time keyboard detection and layout adjustments\n- **Performance Optimized**: 60fps scrolling and typing on mobile devices\n- **Battery Efficient**: Reduced CPU usage through optimized event handling\n- **Smart Keyboard Management**: Smooth virtual keyboard transitions without layout breaks\n- **iOS Safari Compatible**: Visual viewport API integration for modern iOS devices\n- **Safe Area Support**: Proper handling of iPhone safe areas and notches\n- **Orientation Aware**: Seamless experience across device rotations\n- **Enhanced Emoji Picker**: Improved mobile scrolling and positioning\n- **Theme Consistency**: Fixed mobile theme switching for chat backgrounds\n- **Scroll Optimization**: Prevented unwanted scrolling in mobile views\n\n## 🏗️ Architecture\n\n### Technology Stack\n\n#### Landing Pages\n\n- **Framework**: Astro 4.0 (Static Site Generator)\n- **Pages**: Home, About, FAQ, Legal, Author\n- **SEO**: Built-in sitemap generation and meta optimization\n- **Performance**: Optimized static builds with minimal JavaScript\n- **Styling**: Modern CSS with responsive design\n\n#### Frontend\n\n- **Framework**: Angular 18 (Standalone Components)\n- **UI Library**: Angular Material\n- **State Management**: RxJS BehaviorSubjects\n- **Encryption**: Web Crypto API\n- **Real-Time**: Socket.IO Client\n- **Styling**: CSS3 with custom animations and CSS variables\n- **Architecture**: Facade pattern with specialized services for chat functionality\n- **Mobile Optimization**: Visual Viewport API, CSS `dvh` units, dynamic layout calculations\n\n#### Backend\n\n- **Runtime**: Node.js 22+\n- **Framework**: Express.js\n- **WebSocket**: Socket.IO\n- **Database**: PostgreSQL with Prisma ORM\n- **Authentication**: JWT (JSON Web Tokens)\n- **Security**: Helmet, CORS, Rate Limiting\n- **Password Hashing**: bcrypt\n\n#### Infrastructure\n\n- **Containerization**: Docker (Multi-stage build)\n- **Deployment**: Railway/Cloud platforms\n- **Build Tools**: TypeScript, Webpack\n- **Package Manager**: npm\n- **Code Quality**: ESLint, Prettier, Stylelint, Husky pre-commit hooks\n- **Linting**: Comprehensive linting for Angular, Node.js, and Astro with strict unused variable\n  checking\n- **Debug-Free Production Code**: Clean production builds with all debug code removed\n\n### Project Structure\n\n```\nquasar-contact-app/\n├── landing/                # Astro static site generator\n│   ├── public/             # Static assets for landing\n│   │   └── assets/\n│   │       └── images/\n│   ├── scripts/            # Build scripts\n│   ├── src/\n│   │   ├── components/     # Astro components\n│   │   ├── layouts/        # Page layouts\n│   │   ├── pages/          # Static pages\n│   │   ├── scripts/        # Client-side scripts\n│   │   └── styles/         # Global styles\n│   ├── astro.config.mjs\n│   └── package.json\n├── frontend/               # Angular application\n│   ├── src/\n│   │   ├── app/\n│   │   │   ├── core/       # Core services and models\n│   │   │   ├── features/   # Feature modules (auth, chat)\n│   │   │   │   └── chat/\n│   │   │   │       └── chat-room/\n│   │   │   │           └── services/  # Specialized chat services\n│   │   │   ├── shared/     # Shared components\n│   │   │   └── utils/      # Utility functions\n│   │   ├── assets/         # Images, icons, fonts\n│   │   └── environments/   # Environment configs\n│   └── angular.json\n├── backend/                # Node.js server\n│   ├── src/\n│   │   ├── config/         # Server configuration\n│   │   ├── controllers/    # Route controllers\n│   │   ├── middleware/     # Express middleware\n│   │   ├── routes/         # API routes\n│   │   ├── services/       # Business logic\n│   │   ├── socket/         # Socket.IO handlers\n│   │   ├── app.ts          # Express app setup\n│   │   └── server.ts       # Server entry point\n│   ├── prisma/             # Prisma ORM configuration\n│   │   ├── schema.prisma   # Database schema\n│   │   └── migrations/     # Database migrations\n│   ├── backup/             # MongoDB backup data\n│   └── package.json\n├── public/                 # Generated static files (from Astro)\n├── dist/                   # Production build output\n├── docs/                   # Documentation\n│   ├── LINTING.md         # Code quality and linting guide\n│   └── COOKIE_STRATEGY.md # Cookie and analytics strategy\n├── .husky/                 # Git hooks\n├── eslint.config.js        # Root ESLint configuration\n├── .prettierrc.js          # Prettier configuration\n├── .stylelintrc.js         # Stylelint configuration\n├── .lintstagedrc.js        # lint-staged configuration\n├── Dockerfile              # Container configuration\n├── nixpacks.toml           # Nixpacks deployment config\n└── package.json            # Root package file\n```\n\n### Chat Architecture\n\nThe chat system uses a modern facade pattern with specialized services:\n\n#### Core Chat Services\n\n- **`ChatRoomFacadeService`**: Main orchestrator for all chat room functionality\n- **`ChatMessageService`**: Message grouping, date headers, and state management\n- **`ChatScrollService`**: Intelligent auto-scrolling and scroll position management\n- **`ChatTypingService`**: Typing indicators and textarea auto-resize functionality\n- **`ChatUiStateService`**: UI state management (editing, attachments, loading states)\n- **`ChatEventHandlerService`**: Centralized event subscriptions and handlers\n- **`ChatLifecycleService`**: Component initialization and cleanup management\n- **`MobileChatLayoutService`**: Dynamic mobile layout calculations and viewport handling\n\n#### Core Application Services\n\n**Authentication \u0026 Security Services**\n\n- **`AuthService`** (`auth.service.ts`): Complete user authentication lifecycle with HttpOnly JWT\n  cookies, smart key management, CSRF integration, Cloudflare Turnstile bot protection, and honeypot\n  validation\n- **`CryptoService`** (`crypto.service.ts`): RSA-OAEP + AES-GCM hybrid encryption with 2048-bit\n  keys, SHA-256 fingerprinting, chunk-based Base64 conversion, and error throttling\n- **`VaultService`** (`vault.service.ts`): AES-GCM encrypted IndexedDB storage with per-user\n  databases, reactive state management, and ArrayBuffer serialization support\n- **`CsrfService`** (`csrf.service.ts`): CSRF token management with LocalStorage persistence and\n  memory fallback for secure API requests\n- **`HoneypotService`** (`honeypot.service.ts`): Bot detection with invisible form fields, timing\n  validation, CSS hiding, and behavioral pattern analysis\n- **`TurnstileService`** (`turnstile.service.ts`): Cloudflare Turnstile integration with theme\n  support, flexible sizing, width preservation, and automatic widget re-rendering\n\n**Communication \u0026 Real-time Services**\n\n- **`WebSocketService`** (`websocket.service.ts`): Real-time communication with automatic\n  reconnection, health monitoring, user presence tracking, and mobile performance optimization\n- **`ChatSessionService`** (`chat-session.service.ts`): Complex chat orchestration with end-to-end\n  encryption, connection monitoring, key status management, and message persistence\n- **`MessagesService`** (`messages.service.ts`): HTTP API communication for message operations with\n  authentication validation and error handling\n- **`UserService`** (`user.service.ts`): User management and key exchange operations with repository\n  pattern and authentication checks\n\n**State Management \u0026 UI Services**\n\n- **`NotificationService`** (`notification.service.ts`): Real-time notification management with rate\n  limiting, debounced operations, and mobile change detection\n- **`ThemeService`** (`theme.service.ts`): Dark/light theme management with system preference\n  detection, persistence, and reactive state streams\n- **`LoadingService`** (`loading.service.ts`): Global loading state with timeout protection,\n  emergency stops, and authentication-specific states\n- **`ScrollService`** (`scroll.service.ts`): Cross-browser scroll management with mobile\n  compatibility and multiple fallback strategies\n\n**Authentication Guards \u0026 Interceptors**\n\n- **`AuthGuard`** (`auth.guard.ts`): Route guard ensuring users are authenticated before accessing\n  protected routes with redirect functionality\n- **`UnauthGuard`** (`unauth.guard.ts`): Route guard preventing authenticated users from accessing\n  auth pages with smart redirects\n- **`AuthInterceptor`** (`auth.interceptor.ts`): HTTP interceptor handling authentication, CSRF\n  tokens, rate limiting, and comprehensive error responses\n\n**Utility Services \u0026 Helpers**\n\n- **`ApiPathsUtil`** (`api-paths.util.ts`): Utility functions for constructing environment-specific\n  API and WebSocket paths\n- **`AvatarUtil`** (`avatar.util.ts`): Default avatar generation based on user input hash with\n  consistent styling\n\n### Core Services Architecture\n\n#### Authentication \u0026 Security Services\n\n**AuthService**\n\n- Complete user authentication lifecycle with HttpOnly JWT cookies\n- Smart key management with automatic generation for new users\n- CSRF token integration and Cloudflare Turnstile bot protection\n- Honeypot form validation with timing analysis\n\n**CryptoService**\n\n- RSA-OAEP + AES-GCM hybrid end-to-end encryption\n- 2048-bit key pair generation with SHA-256 fingerprinting\n- Chunk-based Base64 conversion to prevent stack overflow\n- Error throttling to prevent console spam\n\n**VaultService**\n\n- AES-GCM encrypted IndexedDB storage with per-user databases\n- Repository pattern with reactive readiness state\n- Proper serialization for ArrayBuffers and complex objects\n- Read-only mode support for security\n\n**HoneypotService**\n\n- Bot detection with invisible form fields and timing validation\n- CSS-based field hiding and form interaction analysis\n- Spam prevention with behavioral pattern detection\n\n#### Communication Services\n\n**WebSocketService**\n\n- Real-time communication with automatic reconnection (exponential backoff)\n- Health monitoring with ping/pong and connection quality tracking\n- User presence management and cookie-based authentication\n- NgZone optimization for mobile performance\n\n**ChatSessionService**\n\n- Complex chat orchestration with end-to-end encryption\n- Connection monitoring with fallback sync mechanisms\n- Key status management with artificial blocking states\n- Message persistence with vault storage integration\n\n**MessagesService \u0026 UserService**\n\n- HTTP API communication with authentication validation\n- Repository pattern for data management and key exchange\n- Error handling with fallback responses and proper error propagation\n\n#### State \u0026 UI Management Services\n\n**NotificationService**\n\n- Real-time notification management with rate limiting\n- Debounced refresh operations and mobile change detection\n- Immediate update streams with NgZone integration\n\n**ThemeService**\n\n- Dark/light theme management with system preference detection\n- LocalStorage persistence and mobile meta tag updates\n- Reactive theme state with BehaviorSubject streams\n\n**LoadingService**\n\n- Global loading state with timeout protection (15-second limit)\n- Emergency stop functionality and NgZone integration\n- Authentication-specific loading states\n\n#### Performance Features\n\n- **Memory Management**: Automatic cleanup of RxJS subscriptions and event listeners\n- **Change Detection Optimization**: Strategic use of NgZone for performance\n- **Event Throttling**: Debounced typing events and scroll listeners\n- **Layout Optimization**: CSS variables and `dvh` units for smooth mobile experience\n- **Lazy Loading**: Deferred calculations using `requestAnimationFrame`\n\n### Backend Services Architecture\n\n#### Database Service\n\n**Database Service** (`database.service.ts`)\n\n- PostgreSQL connection management via Prisma ORM with connection pooling\n- Health checks with retry logic and configurable timeout settings\n- Graceful connection/disconnection with environment-based configuration\n- Connection limits and timeout protection for production stability\n\n#### Backend Services\n\n**Database \u0026 Infrastructure Services**\n\n- **`DatabaseService`** (`database.service.ts`): PostgreSQL connection management via Prisma ORM\n  with connection pooling, health checks with retry logic, graceful connection handling, and timeout\n  protection\n- **`EmailService`** (`email.service.ts`): SMTP email delivery for password reset with HTML/text\n  dual format emails, mobile-responsive templates, TLS support, and connection verification\n\n**Middleware \u0026 Security Services**\n\n- **`BotBlockerMiddleware`** (`bot-blocker.middleware.js`): Advanced bot protection with 98+ blocked\n  attack vectors, user agent filtering, auto-blacklisting, and request logging with daily rotation\n- **`HoneypotMiddleware`** (`honeypot.middleware.js`): Server-side honeypot validation with form\n  timing analysis, suspicious pattern detection, and behavioral blocking\n- **`SecurityMiddleware`** (`security.middleware.js`): Comprehensive security headers with Helmet.js\n  integration, CORS protection, input validation, and SQL injection prevention\n- **`RateLimitMiddleware`** (`rate-limit.middleware.js`): Multiple rate limiters with brute-force\n  protection, authentication-specific limiting, and configurable thresholds\n\n**Backend Utility Services**\n\n- **`CookieUtils`** (`cookie.utils.ts`): Cookie management utilities for authentication and CSRF\n  tokens with secure options, HttpOnly settings, and cross-domain support\n\n**Landing Page Services**\n\n- **`LandingPageScript`** (`script.js`): Interactive UI management with beta banner, mobile menu,\n  scroll effects, carousel functionality, touch/swipe support, and intersection observer animations\n- **`CookieConsentManager`** (`cookieConsent.js`): GDPR-compliant cookie consent management with\n  analytics tracking, batched event sending, and local storage persistence\n\n#### Service Design Patterns\n\n**Architecture Patterns Used**\n\n- **Facade Pattern**: ChatRoomFacadeService orchestrates complex chat functionality\n- **Observer Pattern**: Extensive RxJS BehaviorSubjects for reactive state management\n- **Repository Pattern**: Clean data access abstraction for users and messages\n- **Singleton Pattern**: Angular's `providedIn: 'root'` for service instances\n\n**Security Integration**\n\n- **End-to-End Encryption**: Service-level RSA-OAEP + AES-GCM implementation\n- **HttpOnly Cookies**: JWT tokens handled securely at service layer\n- **CSRF Protection**: Token-based validation across all authenticated services\n- **Bot Protection**: Integrated Cloudflare Turnstile and honeypot validation services\n\n**Performance Optimization Strategies**\n\n- **NgZone Integration**: Proper change detection for mobile performance\n- **Debouncing/Throttling**: Rate limiting for expensive service operations\n- **RequestAnimationFrame**: Smooth UI updates without main thread blocking\n- **Connection Pooling**: Database efficiency through Prisma optimization\n- **Caching**: Message vault storage and intelligent key status caching\n\n### Recent Improvements\n\n#### Database Migration (July 2025)\n\n- **Complete migration from MongoDB to PostgreSQL** with Prisma ORM\n- **Data preservation**: All original MongoDB data backed up during migration\n- **Enhanced type safety**: Better TypeScript integration with Prisma\n- **Improved performance**: Connection pooling and optimized queries\n- **ACID compliance**: PostgreSQL transactions for data consistency\n\n#### Performance Enhancements\n\n- **Connection stability**: Improved database connection handling\n- **Angular lifecycle**: Replaced setTimeout with proper Angular lifecycle methods\n- **Memory optimization**: Better RxJS subscription cleanup and garbage collection\n- **Event optimization**: Debounced resize and typing events for smoother experience\n\n## 🚀 Getting Started\n\n### Prerequisites\n\n- Node.js 22+ and npm 10+\n- PostgreSQL 14+ (local or cloud instance)\n- Git\n\n### Installation\n\n1. **Clone the repository**\n\n   ```bash\n   git clone https://github.com/art2url/quasar-contact-app.git\n   cd quasar-contact-app\n   ```\n\n2. **Install dependencies**\n\n   ```bash\n   npm run install:all\n   ```\n\n3. **Set up PostgreSQL database**\n\n   Install and start PostgreSQL, then create a database:\n\n   ```bash\n   # Create database (adjust for your PostgreSQL setup)\n   createdb quasar_chat\n   ```\n\n4. **Set up environment variables**\n\n   Create `.env` file in the backend directory:\n\n   ```env\n   # Server Configuration\n   PORT=3000\n   NODE_ENV=development\n\n   # Database (PostgreSQL with connection pooling)\n   DATABASE_PUBLIC_URL=postgresql://username:password@localhost:XXXX/quasar_chat?connection_limit=XX\u0026pool_timeout=XX\u0026connect_timeout=XX\n\n   # Security\n   JWT_SECRET=your-super-secret-jwt-key\n   JWT_EXPIRES_IN=7d\n\n   # Client URLs\n   CLIENT_ORIGIN=http://localhost:4200\n\n   # Cloudflare Turnstile (bot protection)\n   NG_APP_TURNSTILE_SITE_KEY=your-turnstile-site-key\n\n   # Email Service (optional)\n   EMAIL_HOST=smtp.gmail.com\n   EMAIL_PORT=587\n   EMAIL_USER=your-email@gmail.com\n   EMAIL_PASS=your-app-password\n   EMAIL_FROM=noreply@quasar.contact\n   ```\n\n5. **Set up Cloudflare Turnstile**\n   - Go to [Cloudflare Dashboard](https://dash.cloudflare.com/)\n   - Navigate to \"Turnstile\"\n   - Create a new site and add your domains (e.g., `localhost`, `your-domain.com`)\n   - Copy the site key to your environment configuration\n\n6. **Run database migrations**\n\n   ```bash\n   cd backend\n   npx prisma migrate dev\n   npx prisma generate\n   ```\n\n7. **Configure frontend environment**\n\n   Create `environment.ts` in frontend/src/environments/:\n\n   ```typescript\n   export const environment = {\n     production: false,\n     apiUrl: 'http://localhost:3000/api',\n     wsUrl: 'http://localhost:3000',\n     turnstileSiteKey: 'your-turnstile-site-key',\n   };\n   ```\n\n### Development\n\n1. **Start PostgreSQL** (if running locally)\n\n   Ensure PostgreSQL is running on your system.\n\n2. **Run in development mode**\n\n   ```bash\n\n   npm run dev\n   ```\n\n3. **Access the application**\n   - Landing pages: http://localhost:3000 (in production mode)\n   - Landing dev: http://localhost:4321 (in dev mode)\n   - Angular app: http://localhost:4200 (dev) or http://localhost:3000/app (production)\n\n### Production Build\n\n1. **Build for production**\n\n   ```bash\n   npm run build\n   ```\n\n   This will:\n   - Build Astro landing pages\n   - Build Angular application\n   - Copy all assets to public directory\n   - Build backend TypeScript\n\n2. **Start production server**\n\n   ```bash\n   npm start\n   ```\n\n### Docker Deployment\n\n1. **Build Docker image**\n\n   ```bash\n   docker build -t quasar-contact-app .\n   ```\n\n2. **Run container**\n\n   ```bash\n   docker run -p 3000:3000 \\\n     -e DATABASE_PUBLIC_URL=your-postgresql-uri \\\n     -e JWT_SECRET=your-secret \\\n     -e NG_APP_API_URL=https://your-domain.com/api \\\n     -e NG_APP_WS_URL=https://your-domain.com \\\n     -e NG_APP_TURNSTILE_SITE_KEY=your-turnstile-site-key \\\n     quasar-contact-app\n   ```\n\n## 📝 API Functionality Overview\n\n**🔒 Security-First API Design**: This section describes the application's API capabilities without\nexposing implementation details.\n\n### Security Architecture\n\n- **Zero-Trust Model**: Every request authenticated and validated\n- **Multi-Layer Protection**: Bot detection, rate limiting, CSRF protection, input validation\n- **Encrypted Communications**: All sensitive data encrypted in transit and at rest\n- **Abuse Prevention**: Sophisticated anti-abuse and anomaly detection systems\n- **Security Monitoring**: Comprehensive request monitoring and logging\n\n### Developer Access\n\n- **Secure Documentation**: Complete API specifications available through secure developer portal\n- **Authentication Required**: Developer access requires verified authentication\n- **Rate Limited**: All API access subject to rate limiting and monitoring\n- **Security Review**: All integrations subject to security review process\n\n_For complete API documentation including endpoints, request formats, and authentication details,\nplease contact the development team or access the secure developer portal._\n\n### Authentication System\n\n**🔐 Secure Authentication Features**\n\n- **User Registration**: Secure account creation with validation and verification\n- **Multi-Factor Login**: Username/email login with optional MFA support\n- **Password Security**: Bcrypt hashing with configurable complexity\n- **Session Management**: JWT tokens with HttpOnly cookies\n- **Account Recovery**: Secure password reset with email verification\n- **Anti-Automation**: Cloudflare Turnstile and honeypot protection against bots\n\n### Key Exchange\n\n**🔒 Security-Critical Functionality**: All cryptographic key operations are protected by:\n\n- Multi-layer authentication validation\n- Rate limiting specific to cryptographic operations\n- Bot detection and honeypot validation\n- Request signing and CSRF protection\n\n#### Available Key Operations\n\n**Public Key Upload**\n\n- Secure upload of RSA public keys for new users\n- Base64 encoded key bundle format\n- Automatic key validation and storage\n\n**Public Key Retrieval**\n\n- Secure retrieval of user public keys for encryption\n- User-specific key access with authentication\n- Key fingerprint validation\n\n**Key Status Management**\n\n- Ability to mark keys as compromised or missing\n- Secure key rotation support\n- Administrative key management functions\n\n_Note: Specific API endpoints and request formats are available in the developer documentation for\nauthenticated developers only._\n\n### User Management\n\n**🛡️ User Account Operations**\n\n- **Avatar Management**: Secure avatar URL updates with validation\n- **Password Reset**: Token-based password reset with email verification\n- **Profile Updates**: User profile modification with authentication\n- **Account Security**: Multi-factor authentication support\n\n### Analytics \u0026 Monitoring\n\n**📊 Privacy-First Analytics**\n\n- **Proxy Service**: Analytics data processing without direct third-party access\n- **Event Batching**: Efficient event collection and transmission\n- **Privacy Compliance**: GDPR-compliant analytics with user consent\n- **Data Minimization**: Only essential metrics collected\n\n_Note: Specific implementation details available in secure developer documentation._\n\n### Room Management\n\n**💬 Secure Chat Room Operations**\n\n- **DM Room Creation**: Secure direct message room establishment between users\n- **Room Listing**: User-specific room access and management\n- **Participant Management**: Adding/removing participants with proper authorization\n- **Room Security**: End-to-end encrypted room metadata\n\n### Message Operations\n\n**📨 Secure Message Handling**\n\n- **Message Retrieval**: Paginated message history with encryption support\n- **Message Overview**: Unread count and conversation summaries\n- **Message Search**: Encrypted message search capabilities\n- **Message Management**: Edit, delete, and status tracking\n- **Offline Support**: Message queuing for offline users\n\n### Real-Time Communication\n\n**⚡ Secure WebSocket Operations**\n\n- **Message Sending**: Real-time encrypted message transmission\n- **Message Editing**: Live message modification with encryption\n- **Message Deletion**: Secure message removal with cleanup\n- **Typing Indicators**: Real-time typing status updates\n- **Read Receipts**: Message read status tracking\n- **Connection Management**: Health monitoring and auto-reconnection\n- **User Presence**: Online/offline status management\n\n_Note: WebSocket event names and data structures are defined in the secure API specification._\n\n### WebSocket Security Features\n\n**🔐 Encrypted Real-Time Features**\n\n- **Authenticated Connections**: Cookie-based authentication for WebSocket connections\n- **Encrypted Events**: All real-time data transmitted with encryption\n- **Rate Limiting**: WebSocket-specific rate limiting and abuse prevention\n- **Connection Monitoring**: Health checks and automatic reconnection\n- **Session Management**: Secure session handling with timeout protection\n\n_Note: WebSocket implementation details, event names, and data structures are provided through\nsecure developer channels only._\n\n## 🔒 Security Implementation\n\n### Encryption Flow\n\n1. **Key Generation** (on user registration)\n   - Generate RSA-OAEP key pair\n   - Store private key in browser's IndexedDB\n   - Upload public key to server\n\n2. **Sending Messages**\n   - Generate AES-GCM session key\n   - Encrypt message with AES-GCM\n   - Encrypt session key with recipient's RSA public key\n   - Send encrypted message + encrypted session key\n\n3. **Receiving Messages**\n   - Decrypt session key with own RSA private key\n   - Decrypt message with decrypted session key\n   - Display plaintext message\n\n### Security Features\n\n- **HTTPS Only**: All production traffic must use TLS\n- **JWT Authentication**: Stateless authentication with token expiry\n- **Rate Limiting**: Protection against brute force attacks\n- **CORS Protection**: Strict origin validation\n- **Helmet.js**: Security headers for XSS and other attacks\n- **Input Validation**: Server-side validation for all inputs\n- **Password Requirements**: Minimum 6 characters, hashed with bcrypt\n\n## 🧪 Testing\n\nCurrently, the project doesn't include automated tests. Testing implementation is planned for future\nreleases.\n\n## 🛠️ Development Tools \u0026 Configuration\n\n### Build Tools \u0026 Scripts\n\nThe project includes comprehensive build automation with the following key scripts:\n\n#### Root Level Commands\n\n```bash\nnpm run install:all    # Install dependencies for all projects\nnpm run clean          # Clean all build artifacts and node_modules\nnpm run full           # Full production build with asset copying\nnpm run copy:landing   # Copy Astro landing pages to public directory\nnpm run style:fix      # Fix styling issues across all projects\nnpm run dev            # Start all services in development mode\n```\n\n#### Frontend Development\n\n```bash\ncd frontend\nnpm run build          # Production build\nnpm run dev            # Development server\nnpm run typecheck      # TypeScript type checking\nnpm run style:css      # CSS linting\nnpm run style:css:fix  # Fix CSS linting issues\n```\n\n#### Backend Development\n\n```bash\ncd backend\nnpm run build          # TypeScript compilation\nnpm run dev            # Development with nodemon\nnpm run start          # Production server\nnpm run typecheck      # TypeScript checking\nnpm run style:fix      # ESLint and Prettier fixes\n```\n\n#### Landing Page Development\n\n```bash\ncd landing\nnpm run build          # Static site generation\nnpm run dev            # Astro development server\nnpm run build:selective # Selective build optimization\nnpm run deploy:pages   # Deploy to GitHub Pages\nnpm run style:fix      # Style and format fixes\n```\n\n### Code Quality \u0026 Linting\n\n#### ESLint Configuration\n\n- **Flat Config**: Modern ESLint 9+ flat configuration\n- **TypeScript Support**: Full TypeScript linting across all projects\n- **Angular Rules**: Angular-specific linting with template checking\n- **Unused Variables**: Strict unused variable detection and removal\n- **Import Sorting**: Automatic import organization\n\n#### Pre-commit Hooks\n\n- **Husky Integration**: Git hooks for code quality enforcement\n- **Lint-staged**: Run linters only on staged files\n- **Automatic Fixes**: Auto-fix linting issues before commit\n- **Type Checking**: Ensure TypeScript compilation success\n\n#### Style Configuration\n\n```bash\n# Prettier configuration for consistent formatting\n# Stylelint for CSS/SCSS quality and property ordering\n# Angular template linting with accessibility checks\n```\n\n### Docker \u0026 Containerization\n\n#### Multi-stage Docker Build\n\n```dockerfile\n# Optimized Docker build with:\n# - Multi-stage compilation for smaller images\n# - Health checks for container monitoring\n# - Proper layer caching for faster builds\n# - Non-root user for security\n# - Build-time environment variable injection\n```\n\n#### Health Checks\n\n```bash\n# Container health monitoring\nHEALTHCHECK --interval=30s --timeout=3s --start-period=5s \\\n  CMD curl -f http://localhost:3000/api/health || exit 1\n```\n\n### Deployment Configuration\n\n#### Nixpacks (Railway/Cloud)\n\n- **Custom Build Process**: Optimized for cloud deployment\n- **Environment Handling**: Secure environment variable management\n- **Asset Optimization**: Automatic asset compression and serving\n- **Database Migrations**: Automatic Prisma migration on deploy\n\n#### Environment Management\n\n- **Multi-environment Support**: Development, staging, production configs\n- **Build-time Variables**: Angular environment injection during build\n- **Runtime Variables**: Server configuration via environment variables\n- **Security**: Secure handling of secrets and API keys\n\n### Manual Testing Checklist\n\n#### Core Functionality\n\n- [ ] User registration and login\n- [ ] Key generation and exchange\n- [ ] Message encryption/decryption\n- [ ] Real-time message delivery\n- [ ] Offline message queuing\n- [ ] Connection recovery\n- [ ] Message editing/deletion\n- [ ] User search functionality\n- [ ] Database migrations (Prisma)\n\n#### Chat Features\n\n- [ ] Message grouping with date headers\n- [ ] Typing indicators and auto-resize\n- [ ] Intelligent auto-scrolling\n- [ ] Read receipt tracking\n- [ ] New message notifications\n- [ ] Enhanced message styling and visual hierarchy\n- [ ] System message icons and states\n- [ ] Emoji picker functionality and theme compatibility\n- [ ] File attachment upload and download\n- [ ] Real-time message editing and deletion\n\n#### Mobile Experience\n\n- [ ] Virtual keyboard handling on iOS/Android\n- [ ] Viewport adjustments during keyboard show/hide\n- [ ] Smooth scrolling performance (60fps)\n- [ ] Safe area handling on iPhone\n- [ ] Orientation change handling\n- [ ] Touch interaction responsiveness\n- [ ] Emoji picker mobile functionality\n- [ ] Theme switching consistency\n- [ ] Optimized scroll behavior\n\n#### Security \u0026 Protection\n\n- [ ] Bot blocker effectiveness\n- [ ] Honeypot trap detection\n- [ ] Cloudflare Turnstile widget functionality\n- [ ] Turnstile theme switching and width preservation\n- [ ] Rate limiting functionality\n- [ ] CSRF protection validation\n- [ ] Security headers verification\n\n#### Development \u0026 Build\n\n- [ ] All npm scripts execution\n- [ ] TypeScript compilation\n- [ ] Linting and formatting\n- [ ] Docker build and health checks\n- [ ] Environment variable injection\n\n#### API Endpoints\n\n- [ ] All authentication endpoints\n- [ ] Room management (DM creation/listing)\n- [ ] Message CRUD operations\n- [ ] Key management endpoints\n- [ ] Analytics proxy functionality\n- [ ] User avatar updates\n\n#### Landing Pages \u0026 SEO\n\n- [ ] Landing page navigation\n- [ ] SEO meta tags and sitemap\n- [ ] Google Analytics integration\n\n## 🚦 Deployment\n\n### Railway Deployment\n\n1. Connect your GitHub repository to Railway\n2. Set environment variables in Railway dashboard\n3. Deploy using the included `nixpacks.toml` configuration\n\n### Environment Variables for Production\n\n```env\n# Required\nNODE_ENV=production\nDATABASE_PUBLIC_URL=postgresql://user:password@host:XXXX/database?connection_limit=XX\nJWT_SECRET=\u003cgenerate-strong-secret\u003e\nNG_APP_API_URL=https://your-domain.com/api\nNG_APP_WS_URL=https://your-domain.com\nNG_APP_TURNSTILE_SITE_KEY=\u003cyour-turnstile-site-key\u003e\n\n# Optional\nEMAIL_HOST=smtp.provider.com\nEMAIL_PORT=587\nEMAIL_USER=your-email\nEMAIL_PASS=your-password\nGA_MEASUREMENT_ID=G-XXXXXXXXXX\n```\n\n## 🤝 Contributing\n\nContributions are welcome! Please follow these steps:\n\n1. Fork the repository\n2. Create a feature branch (`git checkout -b feature/amazing-feature`)\n3. Commit your changes (`git commit -m 'Add amazing feature'`)\n4. Push to the branch (`git push origin feature/amazing-feature`)\n5. Open a Pull Request\n\n### Code Style\n\n- Follow Angular style guide for frontend code\n- Follow Astro best practices for landing pages\n- Use ESLint and Prettier for code formatting\n- Write meaningful commit messages\n- Add comments for complex logic\n- Maintain clean code with no unused variables or debug statements\n- Remove all console.log statements except for legitimate error logging\n\n### GPL-3.0 License Implications\n\nWhen contributing to this project, please note:\n\n- Your contributions will also be licensed under GPL-3.0\n- Any derivative work must also be open-source under GPL-3.0\n- You must preserve copyright notices and license information\n- If you distribute a modified version, you must clearly mark it as changed\n\n## 📄 License\n\nThis project is licensed under the **GNU General Public License v3.0** - see the LICENSE file for\ndetails.\n\n### What this means:\n\n- ✅ **Freedom to use** - Use for any purpose, including commercial (with conditions)\n- ✅ **Freedom to study** - Access and study the source code\n- ✅ **Freedom to share** - Copy and distribute the software\n- ✅ **Freedom to improve** - Modify and distribute your modifications\n\n### Important Requirements for Commercial Use:\n\n- 📋 **Copyleft requirement** - Any distributed modifications must also be GPL-3.0\n- 📋 **Source code disclosure** - Must provide source code when distributing\n- 📋 **Copyright notices** - Must include original copyright and license notices\n- 📋 **Document changes** - Changes must be clearly documented\n- ⚠️ **No proprietary derivatives** - Cannot create closed-source commercial versions\n- ⚠️ **Network use clause** - If you modify and offer as network service, must provide source to\n  users\n\n## 💡 Acknowledgments\n\n- Astro team for the excellent static site generator\n- Angular team for the amazing framework\n- Socket.IO for real-time capabilities\n- Web Crypto API for client-side encryption\n- [Boring Avatars](https://github.com/boringdesigners/boring-avatars) by Boring Designers for avatar\n  design inspiration (MIT License)\n- The open-source community\n\n## 📞 Support\n\nFor issues and feature requests, please use the GitHub Issues page.\n\n---\n\n**Note**: This is a beta release. The core features are stable and ready for production use. The\nencryption implementation should be audited by security professionals before deploying in sensitive\nenvironments.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fart2url%2Fquasar-contact-app","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fart2url%2Fquasar-contact-app","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fart2url%2Fquasar-contact-app/lists"}