A chat app designed to be lightweight, fast, and secure.
This app is partially inspired by Signal, a chat app focused on privacy and security. But this might not be as secure as Signal.
However, you might see some similarity between Signal and litechat's terms of service.
(litechat is not endorsed or affiliated by Signal!)
Logo designed by TechitWinner
Important
For users: litechat depends on some new & recent browser features. Please keep your browsers updated to make sure litechat will function properly and securely.
You are free to perform security audits and report any vulnerabilities through GitHub or through Email.
litechat makes use of the Web Crypto API and has the following process.
When creating an account: generate a RSA-OAEP key pair and store the private key locally, and public key on the server.
When starting a conversation:
- The conversation starter generates a random AES-GCM key, and encrypt it with the recipient's public key.
- The recipient decrypts the new symmetric key with their private key, and cache the key locally.
- All chat messages will then be encrypted with the symmetric key.
The symmetric key can be rotated when requested, but older chat messages will also be lost.
Note
As of current and initial plans, Only message content and attachments will be encrypted. So your profile picture, display name, chat name, chat photo are not encrypted.
- PocketBase: A lightweight database software
- Mithril.js: A lightweight JavaScript framework for Single Page Applications.
- DOMPurify: Sanitize messages.
- Marked: A markdown parser and compiler.
- Bootstrap Icons
- vite: bundling
- less: A language extension for CSS
- typescript: the typescript compiler
After cloning the Git repository, To build the project, you must have pnpm. If you do not have pnpm, use corepack to install and enable it.
corepack install
corepack enable
Next, install the project's dependencies using pnpm install
Important
When building the application, make sure to create a .env.local file,
and inside it add VITE_PB_URL=http://127.0.0.1:8090 and replace the URL
with wherever you're hosting your PocketBase.
Then, To start a development server, use pnpm dev
To build it, use the pnpm build command, and by default, the output should be in the dist folder.
When hosting your own litechat instance, You must adapt litechat's Terms of Service appropriately.
To host the application, You can seperately host the database and the frontend, or host both with the same tool.
To seperately host, just copy the contents of the dist folder to your desired web hosting software.
(Nginx, Apache HTTP server, lighttpd, etc.) and start PocketBase.
To host both the database and the frontend with the same tool, In the pocketbase folder,
Create a folder called pb_public and copy the contents of the dist folder into the new pb_public folder.
Now, You will need to download PocketBase from GitHub Releases and unzip it in the pocketbase folder.
Finally, to start PocketBase, you could:
- Start it locally by doing
./pocketbase serve - Allow connections from anywhere by doing
./pocketbase serve --http 0.0.0.0:8090, replace8090with your preferred port. - For deploying in production, please refer to PocketBase's documentation
After you've started PocketBase, please make sure to set it up properly.
On first start, it'll prompt you to create a new superuser account.
If you're running in a headless environment, you could create a superuser
account using ./pocketbase superuser create [email] [password]
Next, open up your browser and open the PocketBase dashboard. PocketBase should tell you where the dashboard is when running the serve command.
❯ ./pocketbase serve
2024/12/28 18:43:57 Server started at http://127.0.0.1:8090
├─ REST API: http://127.0.0.1:8090/api/
└─ Dashboard: http://127.0.0.1:8090/_/
Then, In the dashboard, open up the Setting menu, and "Import collections"
Pick the pb_schema.json file. (In the Git repo, should be located at /pocketbase/pb_schema.json)
and follow the on-screen prompt to import the collections.
Note
Especially in development versions, The PocketBase database schema might change often. When updating your litechat instance, check if /pocketbase/pb_schema.json is changed. If it is changed, follow the above instruction again to import the collections.
PocketBase should be ready for use with litechat now.
It is recommended that you explore the PocketBase settings and set everything to match with your environment and your needs and follow PocketBase's guide on going to production.
After commit 40a6bc0 (Jan 29, 2025), litechat started including custom PocketBase hooks.
It is recommended that you set up rate limiting for the following path(s) as they're resource
intensive:
/api/litechat/users/export/- Exports ALL user data.