diff --git a/src/app.py b/src/app.py
index 62a0209..ebb9674 100644
--- a/src/app.py
+++ b/src/app.py
@@ -2,8 +2,6 @@ import eventlet
eventlet.monkey_patch()
from flask import Flask, make_response, render_template, request, jsonify
from flask_socketio import SocketIO, emit, join_room, leave_room, disconnect
-from flask_limiter import Limiter
-from flask_limiter.util import get_remote_address
import collections
import threading
import time
@@ -23,7 +21,8 @@ logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(
logger = logging.getLogger(__name__)
app = Flask(__name__)
-socketio = SocketIO(app)
+app.config['SECRET_KEY'] = os.environ.get('SECRET_KEY', 'dev-secret-key-change-in-production')
+socketio = SocketIO(app, cors_allowed_origins="*", async_mode='eventlet')
# Security constants
MAX_MESSAGES = 256
@@ -33,8 +32,6 @@ MAX_ROOMS_PER_IP = 5
MAX_USERS_PER_ROOM = 50
ROOM_CLEANUP_INTERVAL = 3600 # 1 hour
USER_SESSION_TIMEOUT = 3600 # 1 hour
-RATE_LIMIT_MESSAGE = "10 per minute"
-RATE_LIMIT_ROOM_JOIN = "5 per minute"
# In-memory storage with enhanced security
chat_rooms = {}
@@ -45,7 +42,6 @@ room_creation_times = {}
ip_room_count = {} # Track rooms created per IP
failed_password_attempts = {} # Track failed password attempts
message_hashes = {} # Store message hashes for duplicate detection
-room_session_keys = {} # Store session keys for each room
class CircularMessageBuffer:
def __init__(self, max_size=MAX_MESSAGES):
@@ -154,7 +150,6 @@ def cleanup_room(room_id):
room_passwords.pop(room_id, None)
room_creation_times.pop(room_id, None)
message_hashes.pop(room_id, None)
- room_session_keys.pop(room_id, None) # Clean up session keys
def get_client_ip():
"""Get real client IP address"""
@@ -297,7 +292,6 @@ def handle_join_room(data):
room_keys[room_id] = {}
room_creation_times[room_id] = time.time()
message_hashes[room_id] = set()
- room_session_keys[room_id] = None # Initialize session key storage
# Store hashed password if provided
if password:
@@ -499,25 +493,6 @@ def handle_share_session_key(data):
except Exception as e:
logger.error(f"Error in share_session_key: {str(e)}")
-@socketio.on('key_exchange')
-@require_valid_session
-def handle_key_exchange(data):
- """Legacy key exchange handler - redirects to share_session_key"""
- try:
- # Map old format to new format
- room_id = data.get('room_id', '')
- target_user = data.get('target_user', '')
- encrypted_key = data.get('encrypted_key', '')
-
- if room_id and target_user and encrypted_key:
- handle_share_session_key({
- 'room_id': room_id,
- 'target_user_id': target_user,
- 'encrypted_key': encrypted_key
- })
- except Exception as e:
- logger.error(f"Error in legacy key_exchange: {str(e)}")
-
# Background cleanup task
def start_cleanup_task():
def cleanup_worker():
@@ -532,10 +507,6 @@ def start_cleanup_task():
cleanup_thread.start()
# Error handlers
-@app.errorhandler(429)
-def ratelimit_handler(e):
- return jsonify({'error': 'Rate limit exceeded'}), 429
-
@app.errorhandler(404)
def not_found(e):
return jsonify({'error': 'Not found'}), 404
@@ -547,7 +518,8 @@ def internal_error(e):
if __name__ == "__main__":
try:
- socketio.run(app, debug=True, allow_unsafe_werkzeug=True)
+ start_cleanup_task()
+ socketio.run(app, debug=True, host='0.0.0.0', port=5000, allow_unsafe_werkzeug=True)
except BrokenPipeError:
# Suppress noisy broken pipe errors (client disconnects)
import sys
diff --git a/src/templates/chat.html b/src/templates/chat.html
index abb7701..06cc1bf 100644
--- a/src/templates/chat.html
+++ b/src/templates/chat.html
@@ -6,7 +6,7 @@
Secure Chat Platform
-
+