Hi everyone! I'm a beginner-level developer and I've been working on a messaging system inspired by Discord and Reddit. My project also includes private chat rooms with encrypted IDs and passwords. I've implemented JSON web tokens and hashing techniques to secure the messages and logins, but I'm looking for ways to improve my system and learn more. I've even used AI for the UI and functionality of my application. You can check it out here: [Vercel Link](https://vibe-chat-eta.vercel.app/) and the source code here: [GitHub Link](https://github.com/shaikazeem2001/Vibe-chat). Any suggestions would be greatly appreciated!
3 Answers
Great job on getting your project up and running! For your messaging system, you might want to consider implementing rate limiting on your API to protect against spam or abuse. Make sure to add input validation and sanitization on both the client and server sides, since you've got user messages going through. Also, for those encrypted rooms, don't forget about session management! Expiring tokens after a set time can really enhance security. And since you've been using AI for a lot of it, take time to fully understand the JWT verification process and the hashing methods you're using—that will really help you identify any potential security weaknesses. Oh, and check out OWASP's web app security guidelines; they're super useful! By the way, what database do you use for storing your messages?
As a front-end developer, I recommend enhancing your UI to give it a more personal touch rather than letting it resemble typical AI-generated designs. Bring your own creativity to the table, experiment with your color palettes, and really let your personality shine through it! While using AI is helpful, the design should reflect your own style. Check out other websites for inspiration and consider adding some smooth and professional animations using tools like GSAP or ThreeJS. Overall, awesome work on your site!
Totally agree! It does look a bit like AI slop. I’ll definitely work on sprucing that up!
Mad respect for actually getting your project out there instead of just watching tutorials! Just a quick note though: while JWTs and hashing are great for securing authentication, if you're looking for message privacy, consider implementing proper end-to-end encryption. You want to do client-side encryption before sending the messages, rather than just hashing them. Also, definitely pay attention to rate limiting, input sanitization, and putting protection against abuse into place. The next big step? Move away from adding features and start doing some threat modeling on your app; think like an attacker—that's when you'll really start leveling up your skills!
Thanks for the suggestion! I’m still figuring things out with the docs and AI help. I’ll definitely dive deeper and see how to implement these ideas.
Thanks a lot for the tips! I originally connected it to MongoDB, but I’ve recently switched to Supabase.