Giter VIP home page Giter VIP logo

cryptochan's Introduction

This is a Next.js project bootstrapped with create-next-app.

Cryptochan

Cryptochan is a confederated blockchain based image board that supports cryptographic signing through PGP. All threads are hashed through a standardized protocol allowing them to be recognized even when mirrored to other Cryptochan-Compatible platforms. Each platform is able to enstate their own policy regarding their operations. If you don't like my rules, then screw me! Mirror this blockchain onto your own CCC server and run it yourself!

Demo site

Environments and Policies

The config files are split between .env and policy.ts

.env.local

NEXT_PUBLIC_TITLE=  # The title that will be displayed on the html
MONGO_SRV=          # Link to your mongo database
S3_ENDPOINT=        # The domain of your S3 provider
S3_PORT=            # S3 access port
S3_ACCESS=          # S3 access key
S3_SECRET=          # S3 secret key
S3_PREFIX=          # Prefix the S3 bucket with this string
NEXT_PUBLIC_POLICY= # Insert the policy json object generated by `yarn env`

policy.ts

To generate the public policy object go to scripts/generate_policy.ts and configure the object however you wish. Then run yarn env to have it printed as an env safe string and insert it into your NEXT_PUBLIC_POLICY= envorinment variable.

import { IPolicy } from "./IPolicy";

export const Policy: IPolicy = {
  approve_posts: true, // Posts require manual approval before joining the blockchain
  publickey: {
    preapproved: true, // If there is a public key, it has to have already been approved
    require: true, // Public keys are required
  },
  embeds: ["image/webp", "video/webm"], // The mimetype of the embedded files allowed
  maxEmbeds: 3, // Maximum number of embedded files
  maxSize: 1e7, // Maximum size of the embedded files in bytes (currently 10MB)
  maxLength: 10000 // Maximum length of the body of a thread in characters
  rules: [ // Rules that will be displayed on the index page
    "Rule 1",
    "Rule 2",
    "Rule 3",
  ],
  categories: [ // Allowed categories, equivilant to 4chan's boards
    {
      name: "all",
      title: "All",
      description: "Welcomes all posts",
    },
  },
  hash_algo: "SHA-256", // Default hashing algorithm
};

Deploy

docker-compose

  1. Clone the repo
  2. Configure the environment. See .env.local
  3. Run docker-compos up --build

Manual build

  1. Clone the repo
  2. Configure the environment. See .env.local
  3. Run npm run build
  4. Run npm start

Port 5000 will open to http

API

GET /api/policy

Returns the policy config object provided by the env vars

GET /api/e/[hash]

Redirects to a presigned S3 url

GET /api/c/[cat]?page=[number]

Gets all of the top level threads of a given [cat]egory

GET /api/pk/[kid]

Gets the armored public key for a specific key id

GET /api/pk/[kid]/t?page=[number]

Gets all the threads signed with that public key

GET /api/t/[hash]?page=[number]&replies=[true|false]

Gets a thread given its hash. Set replies to get an array of threads replying to that thread.

POST /api/regkey

Register a new public key

Webform:

field expected value
newkey The armored public key up for registration
signature (OPTIONAL) If you wish to associate your new key with an existing key, include a detatched signature of the armored public key

POST /api/upload

Uploads a new thread. See signing and hashing for more info

Webform:

field expected value
thread a JSON object representing a thread. [schema]
embeds (file, multiple) include the embedded files you wish to associate with this thread, the file name should be the hash digest of the file's binary

POST /api/revoke

Announce to the cryptochan that this public key is revoked

Webform:

field expected value
public key The new public key after it's been revoked

GET /api/admin

Returns a PGP message containing {success: true} encrypted for all master public keys. Used to test if a public/secret key pair is a master.

GET /api/admin/threads&page=[number]

Returns a PGP message containing all threads encrypted for masters

GET /api/admin/pks&page=[number]

Returns a PGP message containing all public keys encrypted for masters

POST /api/admin/threads

Edits an existing thread. Body is a JSON object that must be signed by a master secret key.

Payloads:

{
  action: "approve",
  hash: string, // the hash of an existing thread
  approved: boolean // is the thread approved
}
{
  action: "replies",
  hash: string, // the hash of an existing thread
  replies: boolean // can the thread receive replies
}

POST /api/admin/pks

Edits an existing public key. Body is a JSON object that must be signed by a master secret key.

Payloads:

{
  action: "aprove",
  keyid: string, // the keyid of the public key
  approved: boolean // is the thread approved
}
{
  action: "aprove",
  keyid: string, // the keyid of the public key
  "always approve": boolean // should threads signed by this key be automatically approved
}
{
  action: "aprove",
  keyid: string, // the keyid of the public key
  master: boolean // is this key a master
}

Signing and hashing

Cryptochan follows specific guidelines for hashing, signing and verifying threads. For detail see the crypto.ts file for specific implementations.

Hashing files

Simply pass the raw binaries of the file into a hashing function as is.

Hashing a thread

  • Construct your thread object according to this schema
  • Stringify the thread using json-stable-stringify. This will ensure that the thread always gets stringified the same
  • Pass the string through a hashing function

Signing a thread

I went through some overly complicated schemes for signing threads. There's no need for complexity, simply sign the hash of the thread using your private key.

Verifying

Do all of that^ in reverse.

NEXT.JS

Getting Started

First, run the development server:

npm run dev

yarn dev

Open http://localhost:3000 with your browser to see the result.

You can start editing the page by modifying pages/index.js. The page auto-updates as you edit the file.

API routes can be accessed on http://localhost:3000/api/hello. This endpoint can be edited in pages/api/hello.js.

The pages/api directory is mapped to /api/*. Files in this directory are treated as API routes instead of React pages.

Learn More

To learn more about Next.js, take a look at the following resources:

You can check out the Next.js GitHub repository - your feedback and contributions are welcome!

Deploy on Vercel

The easiest way to deploy your Next.js app is to use the Vercel Platform from the creators of Next.js.

Check out our Next.js deployment documentation for more details.

cryptochan's People

Contributors

danhab99 avatar

cryptochan's Issues

demo broken?

can't post when trying to construct the json manually
this is what i tried:

{"author":{"name":"Jtaqu","publickey":"e0aaca02e9fdd424"},"body":{"content":"second","mimetype":"text/plain"},"category":"all","embeds":[],"hash":{"algorithm":"SHA-256","value":"e111f804ea2740211820d015f6a6a86a50508a28b38c968e72bb68839176de13"},"parenthash":"b804da0898e33399dd8cb15776a58c4626185c9b598ce56207e0577e68ce698d","published":"2021-06-28T16:45:21.480Z","signature":"-----BEGIN PGP SIGNATURE-----\n\niHUEABYIAB0WIQTsilfAn0jgQ7sIzP7gqsoC6f3UJAUCYNn8cAAKCRDgqsoC6f3U\nJASIAP0W4i7tZ6aB+fNl1HGsAnycAv1OaGsAfd1XACoVZOFoWgD7BjB2BnF8ZxOv\npsME384Dddc80xAsw4FbVy+I1OAsWAo=\n=srqP\n-----END PGP SIGNATURE-----\n"}

gave me an empty 401 json response
my first guess was that it's related to the hashing because while i can verify the signature of 4bxog in "all", i can't verify the hash
iiuc this should have resulted in "b804da0898e33399dd8cb15776a58c4626185c9b598ce56207e0577e68ce698d":

~> jq -c '.[] |del(.hash, .__v, .replies, .replyThreads, .approved)' < reply.json | json-stable-stringify | sha256sum
28719295c297db5f7a2004d861710fbba82b1d0434620ace2e8f64edc21854f9  -

i then proceeded to try to post via the form with both gnupg- and website-generated keys but neither worked, getting 401s and 404s

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.