A secure, real-time chat application built with Phoenix and Elixir, featuring robust security measures and modern architecture
-
🔒 Secure Authentication
- JWT-based authentication with refresh tokens
- Rate limiting on login attempts
- Password hashing with Argon2
- Session management and security headers
-
💬 Real-time Chat
- WebSocket-based communication
- Multiple chat rooms support
- Message rate limiting
- Message sanitization and validation
- Room subscription system with access control
-
🛡️ Security Features
- Comprehensive audit logging
- Input validation and sanitization
- Rate limiting on API endpoints
- XSS protection
- CSRF protection
- Secure headers configuration
-
🔍 Monitoring & Logging
- Detailed audit logs for security events
- Performance monitoring
- User activity tracking
- Security incident logging
- Backend: Elixir/Phoenix
- Database: PostgreSQL
- Cache: Cachex
- Authentication: JWT
- Real-time: Phoenix Channels
- Security: Argon2, Guardian
- Elixir 1.15 or later
- Erlang/OTP 25 or later
- PostgreSQL 14 or later
- Node.js 18 or later (for assets)
-
Clone the repository:
git clone https://github.com/yourusername/kumpel_back.git cd kumpel_back -
Install dependencies:
mix deps.get cd assets && npm install && cd ..
-
Set up the database:
mix ecto.setup
-
Start the Phoenix server:
mix phx.server
The application will be available at http://localhost:4000.
POST /api/auth/login
Content-Type: application/json
{
"mail": "user@example.com",
"password": "secure_password"
}POST /api/rooms/:room_id/subscription
Authorization: Bearer your_jwt_token
Content-Type: application/json
# Success Response (200 OK)
{
"message": "Successfully subscribed to room"
}
# Error Responses
# 401 Unauthorized - Invalid or missing token
# 404 Not Found - Room not found
# 400 Bad Request - User is already subscribed to this roomconst socket = new Socket("/socket", {
params: { token: "your_jwt_token" }
});- JWT-based authentication with refresh tokens
- Rate limiting on login attempts (5 attempts per 5 minutes)
- Secure password hashing with Argon2
- Session management with secure headers
- Message rate limiting (30 messages per minute)
- Input validation and sanitization
- XSS protection
- Room access control
- Connection limits per room
- Rate limiting on endpoints
- CSRF protection
- Secure headers configuration
- Input validation
- Audit logging
mix testThe project follows the Elixir Style Guide.
mix ecto.migrate- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
For support, please open an issue in the GitHub repository or contact the maintainers.