atridad/teachat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

O_O

Browse Source
This commit is contained in:
Atridad Lahiji
2025-12-28 00:30:12 -07:00
commit d1fe671704
9 changed files with 1300 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored Normal file
View File

@@ -0,0 +1,4 @@
.ssh
teachat
teachat.db
*.db

45
go.mod Normal file
View File

@@ -0,0 +1,45 @@
module teachat
go 1.25.5
require (
github.com/charmbracelet/bubbles v0.21.0
github.com/charmbracelet/bubbletea v1.3.10
github.com/charmbracelet/lipgloss v1.1.0
github.com/charmbracelet/ssh v0.0.0-20250826160808-ebfa259c7309
github.com/charmbracelet/wish v1.4.7
github.com/mattn/go-sqlite3 v1.14.32
golang.org/x/crypto v0.46.0
)
require (
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect
github.com/atotto/clipboard v0.1.4 // indirect
github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
github.com/charmbracelet/colorprofile v0.4.1 // indirect
github.com/charmbracelet/keygen v0.5.4 // indirect
github.com/charmbracelet/log v0.4.2 // indirect
github.com/charmbracelet/x/ansi v0.11.3 // indirect
github.com/charmbracelet/x/cellbuf v0.0.14 // indirect
github.com/charmbracelet/x/conpty v0.2.0 // indirect
github.com/charmbracelet/x/term v0.2.2 // indirect
github.com/charmbracelet/x/termios v0.1.1 // indirect
github.com/clipperhouse/displaywidth v0.6.2 // indirect
github.com/clipperhouse/stringish v0.1.1 // indirect
github.com/clipperhouse/uax29/v2 v2.3.0 // indirect
github.com/creack/pty v1.1.24 // indirect
github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect
github.com/go-logfmt/logfmt v0.6.1 // indirect
github.com/lucasb-eyer/go-colorful v1.3.0 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mattn/go-localereader v0.0.1 // indirect
github.com/mattn/go-runewidth v0.0.19 // indirect
github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect
github.com/muesli/cancelreader v0.2.2 // indirect
github.com/muesli/termenv v0.16.0 // indirect
github.com/rivo/uniseg v0.4.7 // indirect
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93 // indirect
golang.org/x/sys v0.39.0 // indirect
golang.org/x/text v0.32.0 // indirect
)

86
go.sum Normal file
View File

@@ -0,0 +1,86 @@
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4=
github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI=
github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=
github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8=
github.com/charmbracelet/bubbles v0.21.0 h1:9TdC97SdRVg/1aaXNVWfFH3nnLAwOXr8Fn6u6mfQdFs=
github.com/charmbracelet/bubbles v0.21.0/go.mod h1:HF+v6QUR4HkEpz62dx7ym2xc71/KBHg+zKwJtMw+qtg=
github.com/charmbracelet/bubbletea v1.3.10 h1:otUDHWMMzQSB0Pkc87rm691KZ3SWa4KUlvF9nRvCICw=
github.com/charmbracelet/bubbletea v1.3.10/go.mod h1:ORQfo0fk8U+po9VaNvnV95UPWA1BitP1E0N6xJPlHr4=
github.com/charmbracelet/colorprofile v0.4.1 h1:a1lO03qTrSIRaK8c3JRxJDZOvhvIeSco3ej+ngLk1kk=
github.com/charmbracelet/colorprofile v0.4.1/go.mod h1:U1d9Dljmdf9DLegaJ0nGZNJvoXAhayhmidOdcBwAvKk=
github.com/charmbracelet/keygen v0.5.4 h1:XQYgf6UEaTGgQSSmiPpIQ78WfseNQp4Pz8N/c1OsrdA=
github.com/charmbracelet/keygen v0.5.4/go.mod h1:t4oBRr41bvK7FaJsAaAQhhkUuHslzFXVjOBwA55CZNM=
github.com/charmbracelet/lipgloss v1.1.0 h1:vYXsiLHVkK7fp74RkV7b2kq9+zDLoEU4MZoFqR/noCY=
github.com/charmbracelet/lipgloss v1.1.0/go.mod h1:/6Q8FR2o+kj8rz4Dq0zQc3vYf7X+B0binUUBwA0aL30=
github.com/charmbracelet/log v0.4.2 h1:hYt8Qj6a8yLnvR+h7MwsJv/XvmBJXiueUcI3cIxsyig=
github.com/charmbracelet/log v0.4.2/go.mod h1:qifHGX/tc7eluv2R6pWIpyHDDrrb/AG71Pf2ysQu5nw=
github.com/charmbracelet/ssh v0.0.0-20250826160808-ebfa259c7309 h1:dCVbCRRtg9+tsfiTXTp0WupDlHruAXyp+YoxGVofHHc=
github.com/charmbracelet/ssh v0.0.0-20250826160808-ebfa259c7309/go.mod h1:R9cISUs5kAH4Cq/rguNbSwcR+slE5Dfm8FEs//uoIGE=
github.com/charmbracelet/wish v1.4.7 h1:O+jdLac3s6GaqkOHHSwezejNK04vl6VjO1A+hl8J8Yc=
github.com/charmbracelet/wish v1.4.7/go.mod h1:OBZ8vC62JC5cvbxJLh+bIWtG7Ctmct+ewziuUWK+G14=
github.com/charmbracelet/x/ansi v0.11.3 h1:6DcVaqWI82BBVM/atTyq6yBoRLZFBsnoDoX9GCu2YOI=
github.com/charmbracelet/x/ansi v0.11.3/go.mod h1:yI7Zslym9tCJcedxz5+WBq+eUGMJT0bM06Fqy1/Y4dI=
github.com/charmbracelet/x/cellbuf v0.0.14 h1:iUEMryGyFTelKW3THW4+FfPgi4fkmKnnaLOXuc+/Kj4=
github.com/charmbracelet/x/cellbuf v0.0.14/go.mod h1:P447lJl49ywBbil/KjCk2HexGh4tEY9LH0/1QrZZ9rA=
github.com/charmbracelet/x/conpty v0.2.0 h1:eKtA2hm34qNfgJCDp/M6Dc0gLy7e07YEK4qAdNGOvVY=
github.com/charmbracelet/x/conpty v0.2.0/go.mod h1:fexgUnVrZgw8scD49f6VSi0Ggj9GWYIrpedRthAwW/8=
github.com/charmbracelet/x/term v0.2.2 h1:xVRT/S2ZcKdhhOuSP4t5cLi5o+JxklsoEObBSgfgZRk=
github.com/charmbracelet/x/term v0.2.2/go.mod h1:kF8CY5RddLWrsgVwpw4kAa6TESp6EB5y3uxGLeCqzAI=
github.com/charmbracelet/x/termios v0.1.1 h1:o3Q2bT8eqzGnGPOYheoYS8eEleT5ZVNYNy8JawjaNZY=
github.com/charmbracelet/x/termios v0.1.1/go.mod h1:rB7fnv1TgOPOyyKRJ9o+AsTU/vK5WHJ2ivHeut/Pcwo=
github.com/clipperhouse/displaywidth v0.6.2 h1:ZDpTkFfpHOKte4RG5O/BOyf3ysnvFswpyYrV7z2uAKo=
github.com/clipperhouse/displaywidth v0.6.2/go.mod h1:R+kHuzaYWFkTm7xoMmK1lFydbci4X2CicfbGstSGg0o=
github.com/clipperhouse/stringish v0.1.1 h1:+NSqMOr3GR6k1FdRhhnXrLfztGzuG+VuFDfatpWHKCs=
github.com/clipperhouse/stringish v0.1.1/go.mod h1:v/WhFtE1q0ovMta2+m+UbpZ+2/HEXNWYXQgCt4hdOzA=
github.com/clipperhouse/uax29/v2 v2.3.0 h1:SNdx9DVUqMoBuBoW3iLOj4FQv3dN5mDtuqwuhIGpJy4=
github.com/clipperhouse/uax29/v2 v2.3.0/go.mod h1:Wn1g7MK6OoeDT0vL+Q0SQLDz/KpfsVRgg6W7ihQeh4g=
github.com/creack/pty v1.1.24 h1:bJrF4RRfyJnbTJqzRLHzcGaZK1NeM5kTC9jGgovnR1s=
github.com/creack/pty v1.1.24/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f h1:Y/CXytFA4m6baUTXGLOoWe4PQhGxaX0KpnayAqC48p4=
github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f/go.mod h1:vw97MGsxSvLiUE2X8qFplwetxpGLQrlU1Q9AUEIzCaM=
github.com/go-logfmt/logfmt v0.6.1 h1:4hvbpePJKnIzH1B+8OR/JPbTx37NktoI9LE2QZBBkvE=
github.com/go-logfmt/logfmt v0.6.1/go.mod h1:EV2pOAQoZaT1ZXZbqDl5hrymndi4SY9ED9/z6CO0XAk=
github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
github.com/lucasb-eyer/go-colorful v1.3.0 h1:2/yBRLdWBZKrf7gB40FoiKfAWYQ0lqNcbuQwVHXptag=
github.com/lucasb-eyer/go-colorful v1.3.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/mattn/go-localereader v0.0.1 h1:ygSAOl7ZXTx4RdPYinUpg6W99U8jWvWi9Ye2JC/oIi4=
github.com/mattn/go-localereader v0.0.1/go.mod h1:8fBrzywKY7BI3czFoHkuzRoWE9C+EiG4R1k4Cjx5p88=
github.com/mattn/go-runewidth v0.0.19 h1:v++JhqYnZuu5jSKrk9RbgF5v4CGUjqRfBm05byFGLdw=
github.com/mattn/go-runewidth v0.0.19/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs=
github.com/mattn/go-sqlite3 v1.14.32 h1:JD12Ag3oLy1zQA+BNn74xRgaBbdhbNIDYvQUEuuErjs=
github.com/mattn/go-sqlite3 v1.14.32/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 h1:ZK8zHtRHOkbHy6Mmr5D264iyp3TiX5OmNcI5cIARiQI=
github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6/go.mod h1:CJlz5H+gyd6CUWT45Oy4q24RdLyn7Md9Vj2/ldJBSIo=
github.com/muesli/cancelreader v0.2.2 h1:3I4Kt4BQjOR54NavqnDogx/MIoWBFa0StPA8ELUXHmA=
github.com/muesli/cancelreader v0.2.2/go.mod h1:3XuTXfFS2VjM+HTLZY9Ak0l6eUKfijIfMUZ4EgX0QYo=
github.com/muesli/termenv v0.16.0 h1:S5AlUN9dENB57rsbnkPyfdGuWIlkmzJjbFf0Tf5FWUc=
github.com/muesli/termenv v0.16.0/go.mod h1:ZRfOIKPFDYQoDFF4Olj7/QJbW60Ol/kL1pU3VfY/Cnk=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no=
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93 h1:fQsdNF2N+/YewlRZiricy4P1iimyPKZ/xwniHj8Q2a0=
golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93/go.mod h1:EPRbTFwzwjXj9NpYyyrvenVh9Y+GFeEvMNh7Xuz7xgU=
golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

42
internal/broadcaster.go Normal file
View File

@@ -0,0 +1,42 @@
package internal
import "sync"
type broadcaster struct {
clients map[chan bool]bool
mu sync.RWMutex
}
func newBroadcaster() *broadcaster {
return &broadcaster{
clients: make(map[chan bool]bool),
}
}
func (b *broadcaster) subscribe() chan bool {
b.mu.Lock()
defer b.mu.Unlock()
ch := make(chan bool, 10)
b.clients[ch] = true
return ch
}
func (b *broadcaster) unsubscribe(ch chan bool) {
b.mu.Lock()
defer b.mu.Unlock()
delete(b.clients, ch)
close(ch)
}
func (b *broadcaster) broadcast() {
b.mu.RLock()
defer b.mu.RUnlock()
for ch := range b.clients {
select {
case ch <- true:
default:
}
}
}
var updates = newBroadcaster()

154
internal/crypto.go Normal file
View File

@@ -0,0 +1,154 @@
package internal
import (
"crypto/aes"
"crypto/cipher"
"crypto/ed25519"
"crypto/rand"
"crypto/sha256"
"io"
"golang.org/x/crypto/argon2"
"golang.org/x/crypto/curve25519"
)
const (
saltSize = 16
keySize = 32
nonceSize = 12
)
// IdentityKeyPair represents a user's long-term identity key
type IdentityKeyPair struct {
PublicKey [32]byte
PrivateKey [32]byte
}
// PrekeyBundle contains public keys for establishing a session
type PrekeyBundle struct {
IdentityKey [32]byte
Prekey [32]byte
PrekeySignature []byte
}
// generateIdentityKeyPair creates a new Curve25519 key pair for identity
func generateIdentityKeyPair() (*IdentityKeyPair, error) {
var privateKey [32]byte
if _, err := io.ReadFull(rand.Reader, privateKey[:]); err != nil {
return nil, err
}
var publicKey [32]byte
curve25519.ScalarBaseMult(&publicKey, &privateKey)
return &IdentityKeyPair{
PublicKey: publicKey,
PrivateKey: privateKey,
}, nil
}
// generateSignedPrekey creates a prekey signed with an Ed25519 signing key
func generateSignedPrekey() ([32]byte, []byte, error) {
var prekey [32]byte
var prekeyPriv [32]byte
if _, err := io.ReadFull(rand.Reader, prekeyPriv[:]); err != nil {
return prekey, nil, err
}
curve25519.ScalarBaseMult(&prekey, &prekeyPriv)
// Generate signing key
signingPub, signingPriv, err := ed25519.GenerateKey(rand.Reader)
if err != nil {
return prekey, nil, err
}
// Sign the prekey
signature := ed25519.Sign(signingPriv, prekey[:])
// In practice, we'd store signingPub to verify later. For now, we include it in signature
combinedSig := append(signingPub, signature...)
return prekey, combinedSig, nil
}
// performDH does an ECDH key exchange
func performDH(privateKey, publicKey [32]byte) ([32]byte, error) {
var sharedSecret [32]byte
curve25519.ScalarMult(&sharedSecret, &privateKey, &publicKey)
return sharedSecret, nil
}
// deriveSharedSecret combines multiple DH outputs to create a shared secret (simplified X3DH)
func deriveSharedSecret(dh1, dh2, dh3 [32]byte) []byte {
// KDF: hash all DH outputs together
h := sha256.New()
h.Write(dh1[:])
h.Write(dh2[:])
h.Write(dh3[:])
return h.Sum(nil)
}
// encryptUserKey encrypts a user's private key with their passphrase
func encryptUserKey(privateKey [32]byte, passphrase string) ([]byte, []byte, []byte, error) {
salt := make([]byte, saltSize)
if _, err := io.ReadFull(rand.Reader, salt); err != nil {
return nil, nil, nil, err
}
key := deriveKey(passphrase, salt)
ciphertext, nonce, err := encryptMsg(string(privateKey[:]), key)
if err != nil {
return nil, nil, nil, err
}
return ciphertext, nonce, salt, nil
}
// decryptUserKey decrypts a user's private key with their passphrase
func decryptUserKey(ciphertext, nonce, salt []byte, passphrase string) ([32]byte, error) {
var privateKey [32]byte
key := deriveKey(passphrase, salt)
plain, err := decryptMsg(ciphertext, nonce, key)
if err != nil {
return privateKey, err
}
copy(privateKey[:], plain)
return privateKey, nil
}
func deriveKey(passphrase string, salt []byte) []byte {
return argon2.IDKey([]byte(passphrase), salt, 1, 64*1024, 4, keySize)
}
func encryptMsg(plain string, key []byte) ([]byte, []byte, error) {
block, err := aes.NewCipher(key)
if err != nil {
return nil, nil, err
}
gcm, err := cipher.NewGCM(block)
if err != nil {
return nil, nil, err
}
nonce := make([]byte, gcm.NonceSize())
if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
return nil, nil, err
}
ciphertext := gcm.Seal(nil, nonce, []byte(plain), nil)
return ciphertext, nonce, nil
}
func decryptMsg(ciphertext, nonce, key []byte) (string, error) {
block, err := aes.NewCipher(key)
if err != nil {
return "", err
}
gcm, err := cipher.NewGCM(block)
if err != nil {
return "", err
}
plain, err := gcm.Open(nil, nonce, ciphertext, nil)
if err != nil {
return "", err
}
return string(plain), nil
}

268
internal/database.go Normal file
View File

@@ -0,0 +1,268 @@
package internal
import (
"crypto/rand"
"database/sql"
"encoding/base64"
"io"
"log"
"time"
_ "github.com/mattn/go-sqlite3"
)
const dbFile = "teachat.db"
var db *sql.DB
func InitDB() {
var err error
db, err = sql.Open("sqlite3", dbFile)
if err != nil {
log.Fatal(err)
}
query := `
CREATE TABLE IF NOT EXISTS config (key TEXT PRIMARY KEY, val TEXT);
CREATE TABLE IF NOT EXISTS users (
pubkey TEXT PRIMARY KEY,
username TEXT UNIQUE,
identity_key BLOB,
prekey BLOB,
prekey_signature BLOB,
created_at DATETIME
);
CREATE TABLE IF NOT EXISTS rooms (
id TEXT PRIMARY KEY,
name TEXT,
creator TEXT,
is_dm BOOLEAN,
created_at DATETIME
);
CREATE TABLE IF NOT EXISTS room_members (
room_id TEXT,
username TEXT,
shared_secret BLOB,
joined_at DATETIME,
PRIMARY KEY (room_id, username),
FOREIGN KEY (room_id) REFERENCES rooms(id),
FOREIGN KEY (username) REFERENCES users(username)
);
CREATE TABLE IF NOT EXISTS messages (
id INTEGER PRIMARY KEY,
room_id TEXT,
timestamp DATETIME,
sender TEXT,
ciphertext BLOB,
nonce BLOB,
FOREIGN KEY (room_id) REFERENCES rooms(id)
);
`
if _, err := db.Exec(query); err != nil {
log.Fatal(err)
}
// Migration for older DBs
db.Exec("ALTER TABLE rooms ADD COLUMN creator TEXT")
}
func ensureSalt() []byte {
row := db.QueryRow("SELECT val FROM config WHERE key='global_salt'")
var b64 string
if err := row.Scan(&b64); err == sql.ErrNoRows {
salt := make([]byte, saltSize)
if _, err := io.ReadFull(rand.Reader, salt); err != nil {
log.Fatal(err)
}
b64 = base64.StdEncoding.EncodeToString(salt)
db.Exec("INSERT INTO config (key, val) VALUES ('global_salt', ?)", b64)
return salt
} else if err != nil {
log.Fatal(err)
}
salt, _ := base64.StdEncoding.DecodeString(b64)
return salt
}
func authorizeUser(pubkey, username string, identityKey, prekey, prekeySignature []byte) error {
_, err := db.Exec("INSERT INTO users (pubkey, username, identity_key, prekey, prekey_signature, created_at) VALUES (?, ?, ?, ?, ?, ?)",
pubkey, username, identityKey, prekey, prekeySignature, time.Now())
return err
}
func getUsername(pubkey string) (string, error) {
var username string
err := db.QueryRow("SELECT username FROM users WHERE pubkey = ?", pubkey).Scan(&username)
return username, err
}
func getUserKeys(username string) (identityKey, prekey, prekeySignature []byte, err error) {
err = db.QueryRow("SELECT identity_key, prekey, prekey_signature FROM users WHERE username = ?", username).Scan(&identityKey, &prekey, &prekeySignature)
return
}
func listUsers() ([]string, error) {
rows, err := db.Query("SELECT username FROM users ORDER BY username ASC")
if err != nil {
return nil, err
}
defer rows.Close()
var users []string
for rows.Next() {
var username string
if err := rows.Scan(&username); err != nil {
continue
}
users = append(users, username)
}
return users, nil
}
func createRoom(roomID, name, creator string, isDM bool) error {
_, err := db.Exec("INSERT INTO rooms (id, name, creator, is_dm, created_at) VALUES (?, ?, ?, ?, ?)",
roomID, name, creator, isDM, time.Now())
return err
}
func getRoomIDByName(name string) (string, error) {
var id string
err := db.QueryRow("SELECT id FROM rooms WHERE name = ? AND is_dm = 0 LIMIT 1", name).Scan(&id)
return id, err
}
// getAnyRoomSecret gets the shared secret from ANY member of the room.
// In a real decentralized system this wouldn't be possible, but here the server acts as the key distributor.
func getAnyRoomSecret(roomID string) ([]byte, error) {
var secret []byte
err := db.QueryRow("SELECT shared_secret FROM room_members WHERE room_id = ? LIMIT 1", roomID).Scan(&secret)
return secret, err
}
func deleteRoom(roomID string) error {
tx, err := db.Begin()
if err != nil {
return err
}
if _, err := tx.Exec("DELETE FROM messages WHERE room_id = ?", roomID); err != nil {
tx.Rollback()
return err
}
if _, err := tx.Exec("DELETE FROM room_members WHERE room_id = ?", roomID); err != nil {
tx.Rollback()
return err
}
if _, err := tx.Exec("DELETE FROM rooms WHERE id = ?", roomID); err != nil {
tx.Rollback()
return err
}
return tx.Commit()
}
func leaveRoom(roomID, username string) error {
_, err := db.Exec("DELETE FROM room_members WHERE room_id = ? AND username = ?", roomID, username)
return err
}
func joinRoom(roomID, username string, sharedSecret []byte) error {
// Check if already joined
var count int
db.QueryRow("SELECT COUNT(*) FROM room_members WHERE room_id = ? AND username = ?", roomID, username).Scan(&count)
if count > 0 {
return nil
}
_, err := db.Exec("INSERT INTO room_members (room_id, username, shared_secret, joined_at) VALUES (?, ?, ?, ?)",
roomID, username, sharedSecret, time.Now())
return err
}
func getMemberJoinedAt(roomID, username string) (time.Time, error) {
var joinedAt time.Time
err := db.QueryRow("SELECT joined_at FROM room_members WHERE room_id = ? AND username = ?", roomID, username).Scan(&joinedAt)
return joinedAt, err
}
func listUserRooms(username string) ([]struct {
ID string
Name string
Creator string
IsDM bool
}, error) {
rows, err := db.Query(`
SELECT r.id, r.name, COALESCE(r.creator, ''), r.is_dm
FROM rooms r
JOIN room_members rm ON r.id = rm.room_id
WHERE rm.username = ?
ORDER BY r.created_at DESC`, username)
if err != nil {
return nil, err
}
defer rows.Close()
var rooms []struct {
ID string
Name string
Creator string
IsDM bool
}
for rows.Next() {
var room struct {
ID string
Name string
Creator string
IsDM bool
}
if err := rows.Scan(&room.ID, &room.Name, &room.Creator, &room.IsDM); err != nil {
continue
}
rooms = append(rooms, room)
}
return rooms, nil
}
func getRoomSharedSecret(roomID, username string) ([]byte, error) {
var secret []byte
err := db.QueryRow("SELECT shared_secret FROM room_members WHERE room_id = ? AND username = ?", roomID, username).Scan(&secret)
return secret, err
}
func saveMessage(roomID, sender string, ciphertext, nonce []byte) error {
_, err := db.Exec("INSERT INTO messages (room_id, timestamp, sender, ciphertext, nonce) VALUES (?, ?, ?, ?, ?)",
roomID, time.Now(), sender, ciphertext, nonce)
return err
}
func loadMessages(roomID string) ([]struct {
Timestamp time.Time
Sender string
Ciphertext []byte
Nonce []byte
}, error) {
rows, err := db.Query("SELECT timestamp, sender, ciphertext, nonce FROM messages WHERE room_id = ? ORDER BY timestamp ASC", roomID)
if err != nil {
return nil, err
}
defer rows.Close()
var messages []struct {
Timestamp time.Time
Sender string
Ciphertext []byte
Nonce []byte
}
for rows.Next() {
var msg struct {
Timestamp time.Time
Sender string
Ciphertext []byte
Nonce []byte
}
if err := rows.Scan(&msg.Timestamp, &msg.Sender, &msg.Ciphertext, &msg.Nonce); err != nil {
continue
}
messages = append(messages, msg)
}
return messages, nil
}

609
internal/model.go Normal file
View File

@@ -0,0 +1,609 @@
package internal
import (
"crypto/rand"
"database/sql"
"encoding/base64"
"fmt"
"io"
"strings"
"time"
"github.com/charmbracelet/bubbles/textinput"
"github.com/charmbracelet/bubbles/viewport"
tea "github.com/charmbracelet/bubbletea"
"github.com/charmbracelet/lipgloss"
"github.com/charmbracelet/ssh"
)
var (
msgStyle = lipgloss.NewStyle().Foreground(lipgloss.Color("252")).PaddingLeft(1)
senderStyle = lipgloss.NewStyle().Foreground(lipgloss.Color("205")).Bold(true)
errStyle = lipgloss.NewStyle().Foreground(lipgloss.Color("196")).Bold(true)
sysStyle = lipgloss.NewStyle().Foreground(lipgloss.Color("117")).Italic(true)
roomStyle = lipgloss.NewStyle().Foreground(lipgloss.Color("86")).Bold(true)
dmStyle = lipgloss.NewStyle().Foreground(lipgloss.Color("141")).Bold(true)
noteStyle = lipgloss.NewStyle().Foreground(lipgloss.Color("228")).Bold(true)
commandStyle = lipgloss.NewStyle().Foreground(lipgloss.Color("39")).Italic(true)
timeStyle = lipgloss.NewStyle().Foreground(lipgloss.Color("246"))
lockedStyle = lipgloss.NewStyle().Foreground(lipgloss.Color("240")).Italic(true)
)
type chatMsg struct {
Timestamp time.Time
Sender string
Content string
}
type model struct {
sshSession ssh.Session
pubkey string
username string
authorized bool
needsRegistration bool
state int
passphrase string
identityKey *IdentityKeyPair
encryptedPrivKey []byte
privKeySalt []byte
privKeyNonce []byte
currentRoomID string
currentRoomKey []byte
currentRoomJoinedAt time.Time
rooms []struct {
ID string
Name string
Creator string
IsDM bool
}
availableUsers []string
err error
input textinput.Model
viewport viewport.Model
messages []chatMsg
updateChan chan bool
}
func initialModel(s ssh.Session) model {
pk := s.PublicKey()
var pubkeyStr string
var auth bool
var user string
var needsRegistration bool
if pk == nil {
auth = false
user = ""
pubkeyStr = ""
} else {
pubkeyStr = fmt.Sprintf("%s %s", pk.Type(), base64.StdEncoding.EncodeToString(pk.Marshal()))
username, err := getUsername(pubkeyStr)
if err == sql.ErrNoRows {
needsRegistration = true
auth = true
user = ""
} else {
auth = true
needsRegistration = false
user = username
}
}
ti := textinput.New()
if needsRegistration {
ti.Placeholder = "Choose a username..."
} else {
ti.Placeholder = "Enter Passphrase..."
ti.EchoMode = textinput.EchoPassword
}
ti.Focus()
ti.CharLimit = 156
ti.Width = 50
vp := viewport.New(80, 20)
return model{
sshSession: s,
pubkey: pubkeyStr,
username: user,
authorized: auth,
needsRegistration: needsRegistration,
state: 0,
input: ti,
viewport: vp,
updateChan: updates.subscribe(),
}
}
func (m model) Init() tea.Cmd {
return tea.Batch(textinput.Blink, m.waitForUpdate())
}
func (m model) waitForUpdate() tea.Cmd {
return func() tea.Msg {
<-m.updateChan
return struct{}{}
}
}
func (m model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
var cmd tea.Cmd
switch msg := msg.(type) {
case tea.WindowSizeMsg:
m.viewport.Width = msg.Width
m.viewport.Height = msg.Height - 4
return m, tea.ClearScreen
case tea.KeyMsg:
switch msg.Type {
case tea.KeyCtrlC, tea.KeyEsc:
return m, tea.Quit
case tea.KeyEnter:
if !m.authorized {
return m, tea.Quit
}
if m.needsRegistration {
username := m.input.Value()
if len(username) > 0 {
identityKey, err := generateIdentityKeyPair()
if err != nil {
m.err = err
return m, nil
}
prekey, prekeySignature, err := generateSignedPrekey()
if err != nil {
m.err = err
return m, nil
}
if err := authorizeUser(m.pubkey, username, identityKey.PublicKey[:], prekey[:], prekeySignature); err != nil {
m.err = err
} else {
m.username = username
m.identityKey = identityKey
m.needsRegistration = false
m.input.Reset()
m.input.Placeholder = "Enter Passphrase..."
m.input.EchoMode = textinput.EchoPassword
m.viewport.SetContent("")
return m, tea.ClearScreen
}
}
return m, nil
}
if m.state == 0 {
pass := m.input.Value()
if len(pass) > 0 {
if m.identityKey != nil {
ciphertext, nonce, salt, err := encryptUserKey(m.identityKey.PrivateKey, pass)
if err != nil {
m.err = err
return m, nil
}
m.encryptedPrivKey = ciphertext
m.privKeyNonce = nonce
m.privKeySalt = salt
}
m.passphrase = pass
m.state = 1
m.input.Reset()
m.input.EchoMode = textinput.EchoNormal
m.input.Placeholder = "Loading rooms..."
m.viewport.SetContent("")
m.loadRooms()
return m, tea.ClearScreen
}
} else if m.state == 1 {
val := m.input.Value()
if len(val) > 0 {
m.handleRoomListInput(val)
m.input.Reset()
if m.state == 2 {
return m, tea.ClearScreen
}
}
} else if m.state == 2 {
val := m.input.Value()
if len(val) > 0 {
if val == "/back" {
m.exitChat()
return m, tea.ClearScreen
}
if val == "/leave" {
leaveRoom(m.currentRoomID, m.username)
m.exitChat()
return m, tea.ClearScreen
}
if val == "/delete" {
isCreator := false
for _, r := range m.rooms {
if r.ID == m.currentRoomID {
if r.Creator == m.username {
isCreator = true
}
break
}
}
if isCreator {
deleteRoom(m.currentRoomID)
m.exitChat()
return m, tea.ClearScreen
} else {
m.saveMessage("System", "Error: Only the creator can delete this room.")
m.input.Reset()
return m, nil
}
}
m.handleChatInput(val)
m.input.Reset()
}
}
}
case struct{}:
if m.state == 2 {
m.loadMessages()
return m, m.waitForUpdate()
}
}
m.input, cmd = m.input.Update(msg)
return m, cmd
}
func (m *model) exitChat() {
m.state = 1
m.currentRoomID = ""
m.currentRoomKey = nil
m.messages = nil
m.viewport.SetContent("")
m.loadRooms()
m.input.Reset()
}
func (m *model) loadRooms() {
rooms, err := listUserRooms(m.username)
if err != nil {
m.err = err
return
}
m.rooms = rooms
m.viewport.SetContent("")
m.input.SetValue("")
m.input.Placeholder = "Enter room # or: /join <name>, /dm <username>, /list"
}
func (m *model) handleRoomListInput(text string) {
if text == "/list" {
m.loadRooms()
return
}
if strings.HasPrefix(text, "/join ") {
roomName := strings.TrimPrefix(text, "/join ")
m.handleJoinRoom(roomName)
return
}
// Keep /new as an alias for /join
if strings.HasPrefix(text, "/new ") {
roomName := strings.TrimPrefix(text, "/new ")
m.handleJoinRoom(roomName)
return
}
if strings.HasPrefix(text, "/dm ") {
targetUser := strings.TrimPrefix(text, "/dm ")
m.handleSelectUserForDM(targetUser)
return
}
if idx := parseInt(text); idx > 0 && idx <= len(m.rooms) {
room := m.rooms[idx-1]
m.enterRoom(room.ID, room.Name)
}
}
func (m *model) handleJoinRoom(roomName string) {
// Check if room exists
existingID, err := getRoomIDByName(roomName)
// Room Exists: Join it
if err == nil && existingID != "" {
// Need key
secret, err := getAnyRoomSecret(existingID)
if err != nil {
m.err = fmt.Errorf("could not join: room key unreachable")
return
}
if err := joinRoom(existingID, m.username, secret); err != nil {
m.err = err
return
}
m.enterRoom(existingID, roomName)
return
}
// Room Does Not Exist: Create it
roomID := generateRoomID()
if err := createRoom(roomID, roomName, m.username, false); err != nil {
m.err = err
return
}
sharedSecret := make([]byte, 32)
if _, err := io.ReadFull(rand.Reader, sharedSecret); err != nil {
m.err = err
return
}
if err := joinRoom(roomID, m.username, sharedSecret); err != nil {
m.err = err
return
}
m.enterRoom(roomID, roomName)
}
func (m *model) handleSelectUserForDM(username string) {
if username == "/cancel" {
m.state = 1
m.input.Placeholder = "Enter room # or: /join <name>, /dm <username>, /list"
return
}
if username == m.username {
m.createNoteToSelf()
return
}
identityKey, prekey, prekeySignature, err := getUserKeys(username)
if err != nil {
m.err = fmt.Errorf("user not found: %w", err)
return
}
var theirIdentityKey, theirPrekey [32]byte
copy(theirIdentityKey[:], identityKey)
copy(theirPrekey[:], prekey)
ephemeralKey, err := generateIdentityKeyPair()
if err != nil {
m.err = err
return
}
dh1, _ := performDH(m.identityKey.PrivateKey, theirPrekey)
dh2, _ := performDH(ephemeralKey.PrivateKey, theirIdentityKey)
dh3, _ := performDH(ephemeralKey.PrivateKey, theirPrekey)
sharedSecret := deriveSharedSecret(dh1, dh2, dh3)
roomID := generateRoomID()
roomName := fmt.Sprintf("DM: %s <-> %s", m.username, username)
if err := createRoom(roomID, roomName, m.username, true); err != nil {
m.err = err
return
}
if err := joinRoom(roomID, m.username, sharedSecret); err != nil {
m.err = err
return
}
m.enterRoom(roomID, roomName)
_ = prekeySignature
}
func (m *model) createNoteToSelf() {
roomID := generateRoomID()
roomName := "[Note to Self]"
sharedSecret := make([]byte, 32)
if _, err := io.ReadFull(rand.Reader, sharedSecret); err != nil {
m.err = err
return
}
if err := createRoom(roomID, roomName, m.username, true); err != nil {
m.err = err
return
}
if err := joinRoom(roomID, m.username, sharedSecret); err != nil {
m.err = err
return
}
m.enterRoom(roomID, roomName)
}
func (m *model) enterRoom(roomID, roomName string) {
secret, err := getRoomSharedSecret(roomID, m.username)
if err != nil {
m.err = err
return
}
joinedAt, err := getMemberJoinedAt(roomID, m.username)
if err != nil {
joinedAt = time.Now() // Fallback
}
m.currentRoomID = roomID
m.currentRoomKey = secret
m.currentRoomJoinedAt = joinedAt
m.state = 2
m.input.Placeholder = fmt.Sprintf("[%s] /back to menu, /leave to quit room", roomName)
m.loadMessages()
}
func (m *model) handleChatInput(text string) {
m.saveMessage(m.username, text)
}
func parseInt(s string) int {
var num int
fmt.Sscanf(s, "%d", &num)
return num
}
func generateRoomID() string {
b := make([]byte, 16)
io.ReadFull(rand.Reader, b)
return base64.URLEncoding.EncodeToString(b)
}
func (m *model) saveMessage(sender, text string) {
ct, nonce, err := encryptMsg(text, m.currentRoomKey)
if err != nil {
m.err = err
return
}
err = saveMessage(m.currentRoomID, sender, ct, nonce)
if err != nil {
m.err = err
return
}
go updates.broadcast()
}
func (m *model) loadMessages() {
if m.currentRoomID == "" {
return
}
dbMessages, err := loadMessages(m.currentRoomID)
if err != nil {
m.err = err
return
}
var msgs []chatMsg
for _, dbMsg := range dbMessages {
plain, err := decryptMsg(dbMsg.Ciphertext, dbMsg.Nonce, m.currentRoomKey)
if err != nil {
plain = "[Decryption Failed]"
}
msgs = append(msgs, chatMsg{
Timestamp: dbMsg.Timestamp,
Sender: dbMsg.Sender,
Content: plain,
})
}
m.messages = msgs
m.updateViewport()
}
func (m *model) updateViewport() {
var b strings.Builder
for _, msg := range m.messages {
dateStr := msg.Timestamp.Format("Jan 2 15:04")
// Mask history before join time
// Add 1 second buffer to avoid hiding immediate first messages
if msg.Timestamp.Before(m.currentRoomJoinedAt.Add(-1 * time.Second)) {
b.WriteString(fmt.Sprintf("%s %s\n",
timeStyle.Render(dateStr),
lockedStyle.Render("[Encrypted message - History hidden]"),
))
} else {
b.WriteString(fmt.Sprintf("%s %s: %s\n",
timeStyle.Render(dateStr),
senderStyle.Render(msg.Sender),
msgStyle.Render(msg.Content),
))
}
}
m.viewport.SetContent(b.String())
m.viewport.GotoBottom()
}
func (m model) View() string {
if !m.authorized {
return fmt.Sprintf(`
%s
ACCESS DENIED
No public key authentication provided.
(Press Ctrl+C to quit)
`, errStyle.Render("SECURITY ALERT"))
}
if m.needsRegistration {
return fmt.Sprintf(`
%s
Welcome! You're a new user.
Please choose a username to register.
%s
`, sysStyle.Render("SECURE TUI CHAT - REGISTRATION"), m.input.View())
}
if m.state == 0 {
return fmt.Sprintf(`
%s
Welcome back, %s.
This environment is encrypted at rest.
Please enter your passphrase to unlock your keys.
%s
`, sysStyle.Render("SECURE TUI CHAT"), senderStyle.Render(m.username), m.input.View())
}
if m.state == 1 {
var b strings.Builder
b.WriteString(sysStyle.Render("=== YOUR ROOMS ===") + "\n\n")
if len(m.rooms) == 0 {
b.WriteString(sysStyle.Render("No rooms yet.") + "\n")
b.WriteString(commandStyle.Render(" /join <name>") + " - Join/Create room\n")
b.WriteString(commandStyle.Render(" /dm <user>") + " - Start a DM\n")
} else {
for i, room := range m.rooms {
var style lipgloss.Style
var prefix string
if strings.Contains(room.Name, "Note to Self") {
style = noteStyle
prefix = "[*]"
} else if room.IsDM {
style = dmStyle
prefix = "[DM]"
} else {
style = roomStyle
prefix = "[#]"
}
b.WriteString(fmt.Sprintf("%s %s %s\n",
senderStyle.Render(fmt.Sprintf("%d.", i+1)),
prefix,
style.Render(room.Name)))
}
b.WriteString("\n" + sysStyle.Render("Commands: ") + commandStyle.Render("/join /dm /list") + "\n")
}
b.WriteString("\n" + m.input.View())
return b.String()
}
if m.state == 2 {
return fmt.Sprintf("%s\n%s", m.viewport.View(), m.input.View())
}
return m.input.View()
}

45
internal/server.go Normal file
View File

@@ -0,0 +1,45 @@
package internal
import (
"fmt"
"log"
tea "github.com/charmbracelet/bubbletea"
"github.com/charmbracelet/ssh"
"github.com/charmbracelet/wish"
lm "github.com/charmbracelet/wish/logging"
)
func NewServer(host string, port int) (*ssh.Server, error) {
srv, err := wish.NewServer(
wish.WithAddress(fmt.Sprintf("%s:%d", host, port)),
wish.WithHostKeyPath(".ssh/term_info_ed25519"),
wish.WithPublicKeyAuth(func(ctx ssh.Context, key ssh.PublicKey) bool {
return true
}),
wish.WithMiddleware(
appMiddleware,
lm.Middleware(),
),
)
return srv, err
}
func appMiddleware(sh ssh.Handler) ssh.Handler {
return func(s ssh.Session) {
_, _, active := s.Pty()
if !active {
wish.Fatalln(s, "no active terminal, skipping")
return
}
m := initialModel(s)
p := tea.NewProgram(m, tea.WithInput(s), tea.WithOutput(s), tea.WithAltScreen())
if _, err := p.Run(); err != nil {
log.Println("Error running program:", err)
}
updates.unsubscribe(m.updateChan)
}
}

47
main.go Normal file
View File

@@ -0,0 +1,47 @@
package main
import (
"context"
"errors"
"log"
"os"
"os/signal"
"syscall"
"time"
"teachat/internal"
"github.com/charmbracelet/ssh"
)
const (
port = 23234
host = "0.0.0.0"
)
func main() {
internal.InitDB()
srv, err := internal.NewServer(host, port)
if err != nil {
log.Fatalln(err)
}
done := make(chan os.Signal, 1)
signal.Notify(done, os.Interrupt, syscall.SIGINT, syscall.SIGTERM)
log.Printf("Starting SSH server on %s:%d", host, port)
go func() {
if err = srv.ListenAndServe(); err != nil && !errors.Is(err, ssh.ErrServerClosed) {
log.Fatalln(err)
}
}()
<-done
log.Println("Stopping server...")
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
if err := srv.Shutdown(ctx); err != nil {
log.Fatalln(err)
}
}