# BareRTC BareRTC is a simple WebRTC-based chat room application. It is especially designed to be plugged into any existing website, with or without a pre-existing base of users. **Live demo:** [BareRTC Demo Chat](https://chat.kirsle.net/) ![Screenshot of BareRTC](screenshot.png) It is very much in the style of the old-school Flash based webcam chat rooms of the early 2000's: a multi-user chat room with DMs and _some_ users may broadcast video and others may watch multiple video feeds in an asynchronous manner. I thought that this should be such an obvious free and open source app that should exist, but it did not and so I had to write it myself. * [Features](#features) * [Configuration](#configuration) * [Authentication](#authentication) * [JWT Strict Mode](#jwt-strict-mode) * [Running Without Authentication](#running-without-authentication) * [Known Bugs Running Without Authentication](#known-bugs-running-without-authentication) * [Moderator Commands](#moderator-commands) * [JSON APIs](#json-apis) * [Tour of the Codebase](#tour-of-the-codebase) * [Deploying This App](#deploying-this-app) * [License](#license) # Features * Specify multiple Public Channels that all users have access to. * Users can open direct message (one-on-one) conversations with each other. * No long-term server side state: messages are pushed out as they come in. * Users may share pictures and GIFs from their computer, which are pushed out as `data:` URLs (images scaled and metadata stripped by server) directly to connected chatters with no storage required. * Users may broadcast their webcam which shows a camera icon by their name in the Who List. Users may click on those icons to open multiple camera feeds of other users they are interested in. * Mutual webcam options: users may opt that anyone who views their cam must also be sharing their own camera first. * Users may mark their own cameras as explicit/NSFW which marks the icon in red so other users can get a warning before clicking in (if NSFW is enabled in the settings.toml) * Users may boot people off their camera, and to the booted person it appears the same as if the broadcaster had turned their camera off completely - the chat server lies about the camera status so the booted user can't easily tell they'd been booted. * Mobile friendly: works best on iPads and above but adapts to smaller screens well. * WebRTC means peer-to-peer video streaming so cheap on hosting costs! * Simple integration with your existing userbase via signed JWT tokens. * User configurable sound effects to be notified of DMs or users entering/exiting the room. Some important features still lacking: * Operator commands * [x] /kick users * [x] /nsfw to mark someone's camera * [ ] /ban users * [ ] /op users (give temporary mod control) # Configuration On first run it will create the default settings.toml file for you which you may then customize to your liking: ```toml Version = 2 Title = "BareRTC" Branding = "BareRTC" WebsiteURL = "https://www.example.com" CORSHosts = ["https://www.example.com"] PermitNSFW = true UseXForwardedFor = true WebSocketReadLimit = 41943040 MaxImageWidth = 1280 PreviewImageWidth = 360 [JWT] Enabled = false Strict = true SecretKey = "" [[PublicChannels]] ID = "lobby" Name = "Lobby" Icon = "fa fa-gavel" WelcomeMessages = ["Welcome to the chat server!", "Please follow the basic rules:\n\n1. Have fun\n2. Be kind"] [[PublicChannels]] ID = "offtopic" Name = "Off Topic" WelcomeMessages = ["Welcome to the Off Topic channel!"] ``` A description of the config directives includes: * Website settings: * **Title** goes in the title bar of the chat page. * **Branding** is the title shown in the corner of the page. HTML is permitted here! You may write an `` tag to embed an image or use custom markup to color and prettify your logo. * **WebsiteURL** is the base URL of your actual website which is used in a couple of places: * The About page will link to your website. * If using [JWT authentication](#authentication), avatar and profile URLs may be relative (beginning with a "/") and will append to your website URL to safe space on the JWT token size! * **UseXForwardedFor**: set it to true and (for logging) the user's remote IP will use the X-Real-IP header or the first address in X-Forwarded-For. Set this if you run the app behind a proxy like nginx if you want IPs not to be all localhost. * **CORSHosts**: your website's domain names that will be allowed to access [JSON APIs](#JSON APIs), like `/api/statistics`. * **PermitNSFW**: for user webcam streams, expressly permit "NSFW" content if the user opts in to mark their feed as such. Setting this will enable pop-up modals regarding NSFW video and give broadcasters an opt-in button, which will warn other users before they click in to watch. * **WebSocketReadLimit**: sets a size limit for WebSocket messages - it essentially also caps the max upload size for shared images (add a buffer as images will be base64 encoded on upload). * **MaxImageWidth**: for pictures shared in chat the server will resize them down to no larger than this width for the full size view. * **PreviewImageWidth**: to not flood the chat, the image in chat is this wide and users can click it to see the MaxImageWidth in a lightbox modal. * **JWT**: settings for JWT [Authentication](#authentication). * Enabled (bool): activate the JWT token authentication feature. * Strict (bool): if true, **only** valid signed JWT tokens may log in. If false, users with no/invalid token can enter their own username without authentication. * SecretKey (string): the JWT signing secret shared with your back-end app. * **PublicChannels**: list the public channels and their configuration. The default channel will be the first one listed. * ID (string): an arbitrary 'username' for the chat channel, like "lobby". * Name (string): the user friendly name for the channel, like "Off Topic" * Icon (string, optional): CSS class names for FontAwesome icon for the channel, like "fa fa-message" * WelcomeMessages ([]string, optional): messages that are delivered by ChatServer to the user when they connect to the server. Useful to give an introduction to each channel, list its rules, etc. # Authentication BareRTC supports custom (user-defined) authentication with your app in the form of JSON Web Tokens (JWTs). JWTs will allow your existing app to handle authentication for users by signing a token that vouches for them, and the BareRTC app will trust your signed token. The workflow is as follows: 1. Your existing app already has the user logged-in and you trust who they are. To get them into the chat room, your server signs a JWT token using a secret key that both it and BareRTC knows. 2. Your server redirects the user to your BareRTC website sending the JWT token as a `jwt` parameter, either in the query string (GET) or POST request. * e.g. you send them to `https://chat.example.com/?jwt=TOKEN` * If the JWT token is too long to fit in a query string, you may create a `