Skip to content
This repository has been archived by the owner on Dec 24, 2023. It is now read-only.

Latest commit

 

History

History
148 lines (125 loc) · 5.01 KB

README.md

File metadata and controls

148 lines (125 loc) · 5.01 KB

未来 Mirai 🌸

Mirai logo
Mirai - 未来
(Additional Info)

Nanyang Polytechnic Year 2 ISPJ

Our web application is called Mirai, it is a privacy-driven social media platform. We intend to allow the users to have a choice in what data they should give and who they should allow to see.

In our social media platform, the web application is just for the clients to interact with the API. Users would be able to execute account-related tasks like creating an account. Additionally, users will be able to execute features that are essential to a social media platform such as sharing photos, posting comments, and sending messages to people. However, unlike conventional social media platforms, users will be able to configure their privacy preferences such as enabling self-destructing messages in our social media platform based on the default configurations.

Existing applications such as Telegram and WhatsApp have introduced their own set of privacy-driven features such as secret chat, self-destructing messages, and more. Hence, adding privacy driven into a social media platform would attract users that are concerned about their privacy to use our social media instead of the already available platforms like Instagram.

It was also hosted on https://miraisocial.live and archived in the Internet Archive.

Team Members:

  • Eden (Team Leader)
  • Calvin (Database Management & Data Integrity)
  • Jason (DevOps Lead)
  • Wei Ren (Privacy & Front End Functionalities)

Mirai Architecture

Mirai Architecture

Key Objectives

  1. Enhanced Data Security Features
  2. Privacy Features
  3. Security in Depth to reduce impact of attacks

Application Features

  1. Posting of Video or Photos
  2. 1:1 Chat System
  3. Privacy Controls and Policies
  4. Focuses on Data Security Policies and Best Practices
  5. IAM Console and User Managements

Running the Application

pip install -r requirements.txt

npm run build-css

npm run build-js

python ./src/app/main.py

  • Note: You will need a MongoDB instance running on your local machine and a Google Cloud Platform Project with the necessary configurations to run the application.

Tasks

Security Implementations

  • Role Based Access Controls (IAM)
    • Roles Used in Mirai Access based Controls
    • Role Based Access Control Configuration
  • Data Masking & Detection
    • Data Masking of sensitive information sent as text
  • Sensitive Data Detection from image uploads using Optical Character Recognition
  • Sensitive Data Detection of Passport using Machine Learning & Optical Character Recognition
  • Logging & Console (Monitoring)
  • Admin Pages
    • Admin Dashboard
    • Admin Ban System
    • Admin Report dashboard
    • User Lists
  • Root Account Pages & Functionalities
    • Root Account Dashboard
    • Admin Lists
    • Admin Lock Accounts System
    • Maintenance Mode
    • Admin Create Accounts
  • Error Middleware
    • Shows Locked Account Page
    • Shows Banned Account page
  • Separate Data Base Servers (Segregation of Network & Resiliency)
  • Admin Honeypot page
  • CloudFlare Configuration
  • Cloud Infrastructure & Deployment
  • GCP asynchronous capable Python codes
  • Login and Register
  • 1:1 Chat
  • Search (for users, comments, and posts)
  • Notifications
  • File uploading logic
  • HTML Embeds
  • Image content moderation
  • Storage of Secrets
  • Encryption of Data
  • Middlewares
    • Session
    • CSRF
  • Role-based Access Controls (RBAC) Logic
  • Automated Attacks Mitigations
    • Cloudflare
    • reCAPTCHA Enterprise
  • Data Export as per the user's request
  • URL Redirect Confirmation
  • Account Security
  • XSS Mitigation
  • Cloud Functions
  • Scheduled Cloud Functions
  • Chat Security
  • End-to-end Integrity
  • Data Masking & OCR Technologies
    • Using Google Vision API, Google Natural Language API, and regex
  • Pagination
  • Image Validations & Compression
  • File Validation & E2E Integrity Check
  • Static File Analysis
  • Database Configuration
  • Data backups configurations
  • Security Headers

Website Features

  • Payment Gateway
  • General Privacy Settings
  • Mirai+ Subscription
  • Follower System

Security Implementations

  • Privacy Setup wizard
  • Block/Report System

Tech Stack 📚

Frontend

Frontend Tech Stack

Backend

Backend Tech Stack

Others

Other Tech Used

SWE Methodologies used

  • CI/CD
  • DevOps