pnpm install
docker-compose up# in another tab
cd apps/server
cp .env.example .env
npx @serenity-kit/opaque@latest create-server-setup
# copy the string value as OPAQUE_SERVER_SETUP .env
pnpm prisma migrate dev
pnpm dev# in another tab
cd apps/app
cp .env.example .env
pnpm dev- Make changes
- Run
pnpm prisma migrate dev - Run
pnpm prisma generate - Restart the TS server in your editor
cd apps/backend
pnpm prisma studiocd apps/backend
pnpm prisma migrate resetSimulator build:
eas build --profile development-simulator --platform iosInternal distribution build:
eas build --profile preview --platform iossee docs/setup-production-environment-and-ci.md
fly postgres connect -a <production-app-db-name># list dbs
\list
# connect to a db
\c <db_name>;
# list tables
\dt
# query a table
SELECT * FROM "Document";Users use OPAQUE to authenticate with the server. After Login the server creates a session and stores it as HTTP-Only Cookie. The session is used to authenticate the user for authenticated requests and also to connect to the Websocket.
Users can invite other users to a list via an invitation link.
Creating an invitation link:
const seed = generateSeed();
const (privKey, pubKey) = generateKeyPair(seed);
const listKeyLockbox = encrypt(pubKey, listKey);
const invitation = {
listKeyLockbox,
};
const encryptedInvitation = encrypt(invitation, sessionKey);InvitationLink: ${token}/#accessKey=${seed}
Accepting an invitation:
const (privKey, pubKey) = generateKeyPair(seed);
const encryptedInvitation getInvitationByToken(token);
const invitation = decrypt(encryptedInvitation, sessionKey)
const listKey = decrypt(invitation.listKeyLockbox, privKey)
acceptInvitation(listId, listKey)TODO better version where the token is also never exposed to the network so not even the ciphertext can be retrieved by a network attacker