Updated readme, and check if users are friends before sending the mes…

…sage

Android/app/src/main/java/me/jameshunt/dhiffiechat/DhiffieChatApp.kt

@@ -6,6 +6,11 @@ import androidx.compose.material.darkColors
 import androidx.compose.material.lightColors
 import androidx.compose.ui.graphics.Color
 
+// TODO: Limit media length to 60 seconds, put a max size in mb just in case, but with extra roominess
+// TODO: global error dialog for network errors
+// TODO: welcome screen
+// TODO: empty state on home screen
+
 @SuppressLint("ConflictingOnColor") // TODO: Resolve?
 class DhiffieChatApp : Application() {
     companion object {

Lambda/src/main/kotlin/me/jameshunt/dhiffiechat/SendMessage.kt

@@ -14,6 +14,15 @@ import java.util.*
 class SendMessage : RequestHandler<Map<String, Any?>, GatewayResponse> {
     override fun handleRequest(request: Map<String, Any?>, context: Context): GatewayResponse {
         return awsTransformAuthed<SendMessageRequest, SendMessageResponse>(request, context) { body, identity ->
+            val table = Singletons.dynamoDB.userTable()
+            val item = table.getItem("userId", identity.userId)
+
+            context.logger.log("checking if friends")
+            val friends = item?.getStringSet("friends") ?: emptySet()
+            if (!friends.contains(body.recipientUserId)) {
+                throw Unauthorized()
+            }
+
             // TODO: check if friends
             val messageCreatedAt = Instant.now()
 

README.md

@@ -2,6 +2,48 @@
 
 End-To-End Encrypted Private Chat
 
+I built this app because I wanted to play with encryption and experiment with building low cost automated cloud
+environments.
+
+---
+
+### Architecture, Automation, and Deploying Environments
+
+Due to the cost constraints I placed on myself, I wouldn't be able to use managed relational databases or provisioned
+server instances.
+
+The backend is built with AWS lambda, dynamoDB, s3. All of these are pay as you go, which is perfect because I don't really
+expect anybody to use this anyway `¯\_(ツ)_/¯`
+
+Creating new environments or modifying existing environments is automated through `Terraform`, and AWS costs are about
+$0.06/month during development.
+
+Terraform helps automate creation, configuration, or execution of the following resources and tasks.
+
+* AWS Gateway
+* AWS lambda functions
+* AWS DynamoDB Tables
+* AWS S3 Buckets
+* Generating Credentials
+* Configuring Access and Permissions
+* Generating Config files for the app to connect to new environments
+
+---
+
+### Android Automation
+
+![Input for CI build workflow](readme/androidWorkflowInputs.png)
+
+* The Config files to connect to the server are automatically generated when a new environment is created.
+
+
+* CI workflow to make builds for any specified branch/environment. Provides easy download access for QA. Prod builds generated
+  from the master branch also generate a GitHub release.
+
+
+* All CI builds are automatically tagged with a generated version name that makes it easy to see how the build was
+  generated, and where in the history of repository.
+
 ---
 
 ### Adding a Contact / Message Exchange Process
@@ -47,48 +89,6 @@ End-To-End Encrypted Private Chat
 
 ---
 
-### Architecture, Automation, and Deploying Environments
-
-One of the main goals of this project was to have as much of the project fully automated as possible.
-
-Another goal of this project was to leave it running as cheaply as possible, so no managed relational databases, or
-provisioned server instances.
-
-Currently, only a single CLI command is required to create a new environment, and AWS costs are about $0.06/month during
-development. I'm optimizing costs for lower numbers of users (expected), but it will scale to more users just fine.
-
-The "Server" is actually AWS lambda + dynamoDB + s3.
-
-Entire server environments can be created/updated with `terraform apply`, or removed entirely with `terraform destroy`
-
-Terraform helps automate creation, configuration, or execution of the following resources and tasks
-
-* AWS Gateway
-* AWS lambda functions
-* DynamoDB Tables
-* S3 Buckets
-* Generating Credentials
-* Configuring Access and Permissions
-* Generating Config files for the app to connect to new environments
-
-To Create a new environment, use Terraform workspaces and apply it.
-
----
-
-### Android Automation
-
-* The Config files to connect to the server are automatically generated when a new environment is created
-
-
-* CI workflow to make builds for any specified environment, with easy to access to download for QA. Prod builds also
-  generate a GitHub release.
-
-
-* All CI builds are automatically tagged with a generated version name that makes it easy to see how the build was
-  generated, and where in the history of repository.
-
----
-
 ### Coming soon
 
 * Ephemeral keys: Right now a user has one main private/public Diffie-Hellman key pair which is used for encrypting the

Terraform/infrastructure/terraform.tfstate.d/stage/terraform.tfstate

@@ -1,7 +1,7 @@
 {
   "version": 4,
   "terraform_version": "0.14.7",
-  "serial": 295,
+  "serial": 306,
   "lineage": "64a2bad5-87d9-087d-fac4-f21cf3366664",
   "outputs": {
     "base_url": {
@@ -19,16 +19,16 @@
         {
           "schema_version": 0,
           "attributes": {
-            "created_date": "2021-06-23T01:52:13Z",
+            "created_date": "2021-06-26T04:50:24Z",
             "description": "",
             "execution_arn": "arn:aws:execute-api:us-east-1:654246770704:c71bjvgvs9/stage",
-            "id": "5f1936",
+            "id": "9pfh4l",
             "invoke_url": "https://c71bjvgvs9.execute-api.us-east-1.amazonaws.com/stage",
             "rest_api_id": "c71bjvgvs9",
             "stage_description": null,
             "stage_name": "stage",
             "triggers": {
-              "redeployment": "2d019e4721214854ed73780a803e59c71ea1d293"
+              "redeployment": "40d4e71a86d537c95d89a9c6d013fef1c3549ba4"
             },
             "variables": null
           },
@@ -310,7 +310,7 @@
             "image_uri": "",
             "invoke_arn": "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:654246770704:function:stage_HandleS3Upload/invocations",
             "kms_key_arn": "",
-            "last_modified": "2021-06-23T01:52:38.918+0000",
+            "last_modified": "2021-06-26T04:50:01.553+0000",
             "layers": [],
             "memory_size": 1024,
             "package_type": "Zip",
@@ -324,8 +324,8 @@
             "s3_object_version": null,
             "signing_job_arn": "",
             "signing_profile_version_arn": "",
-            "source_code_hash": "GMX3KFIEkK3jq3RDkvPa2G7u/38Gdfjh/JzRarI8OOU=",
-            "source_code_size": 39967859,
+            "source_code_hash": "iq/O3NDmiDHZXIr+kkwIOVYFFDjD8FhJ46rUPX3Pkps=",
+            "source_code_size": 39968188,
             "tags": {},
             "timeout": 30,
             "timeouts": null,
@@ -532,15 +532,22 @@
         {
           "schema_version": 0,
           "attributes": {
-            "id": "6348290143567022548",
+            "id": "7442287596277108343",
             "triggers": {
-              "run_always": "2021-06-23T01:53:22Z"
+              "run_always": "2021-06-26T04:50:25Z"
             }
           },
           "sensitive_attributes": [],
           "private": "bnVsbA==",
           "dependencies": [
-            "aws_api_gateway_deployment.chat_deployment"
+            "aws_api_gateway_deployment.chat_deployment",
+            "aws_api_gateway_rest_api.chat_gateway",
+            "aws_iam_role.function_role",
+            "module.perform_request.aws_api_gateway_integration.gateway_integration",
+            "module.perform_request.aws_api_gateway_method.gateway_method",
+            "module.perform_request.aws_api_gateway_resource.gateway_resource",
+            "module.perform_request.aws_lambda_function.lambda_func",
+            "module.perform_request.aws_lambda_permission.gw_permission"
           ]
         }
       ]
@@ -554,16 +561,23 @@
         {
           "schema_version": 0,
           "attributes": {
-            "id": "7241375145443709044",
+            "id": "2258871988646655610",
             "triggers": {
               "deployed_dependency": "https://c71bjvgvs9.execute-api.us-east-1.amazonaws.com/stage",
-              "run_always": "2021-06-23T01:53:22Z"
+              "run_always": "2021-06-26T04:50:25Z"
             }
           },
           "sensitive_attributes": [],
           "private": "bnVsbA==",
           "dependencies": [
-            "aws_api_gateway_deployment.chat_deployment"
+            "aws_api_gateway_deployment.chat_deployment",
+            "aws_api_gateway_rest_api.chat_gateway",
+            "aws_iam_role.function_role",
+            "module.perform_request.aws_api_gateway_integration.gateway_integration",
+            "module.perform_request.aws_api_gateway_method.gateway_method",
+            "module.perform_request.aws_api_gateway_resource.gateway_resource",
+            "module.perform_request.aws_lambda_function.lambda_func",
+            "module.perform_request.aws_lambda_permission.gw_permission"
           ]
         }
       ]
@@ -695,7 +709,7 @@
             "image_uri": "",
             "invoke_arn": "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:654246770704:function:stage_PerformRequest/invocations",
             "kms_key_arn": "",
-            "last_modified": "2021-06-23T01:52:11.744+0000",
+            "last_modified": "2021-06-26T04:50:23.356+0000",
             "layers": [],
             "memory_size": 1024,
             "package_type": "Zip",
@@ -709,8 +723,8 @@
             "s3_object_version": null,
             "signing_job_arn": "",
             "signing_profile_version_arn": "",
-            "source_code_hash": "GMX3KFIEkK3jq3RDkvPa2G7u/38Gdfjh/JzRarI8OOU=",
-            "source_code_size": 39967859,
+            "source_code_hash": "iq/O3NDmiDHZXIr+kkwIOVYFFDjD8FhJ46rUPX3Pkps=",
+            "source_code_size": 39968188,
             "tags": {},
             "timeout": 30,
             "timeouts": null,

Terraform/infrastructure/terraform.tfstate.d/stage/terraform.tfstate.backup

@@ -1,7 +1,7 @@
 {
   "version": 4,
   "terraform_version": "0.14.7",
-  "serial": 288,
+  "serial": 295,
   "lineage": "64a2bad5-87d9-087d-fac4-f21cf3366664",
   "outputs": {
     "base_url": {
@@ -532,22 +532,15 @@
         {
           "schema_version": 0,
           "attributes": {
-            "id": "2914279040809621586",
+            "id": "6348290143567022548",
             "triggers": {
-              "run_always": "2021-06-23T01:52:14Z"
+              "run_always": "2021-06-23T01:53:22Z"
             }
           },
           "sensitive_attributes": [],
           "private": "bnVsbA==",
           "dependencies": [
-            "aws_api_gateway_deployment.chat_deployment",
-            "aws_api_gateway_rest_api.chat_gateway",
-            "aws_iam_role.function_role",
-            "module.perform_request.aws_api_gateway_integration.gateway_integration",
-            "module.perform_request.aws_api_gateway_method.gateway_method",
-            "module.perform_request.aws_api_gateway_resource.gateway_resource",
-            "module.perform_request.aws_lambda_function.lambda_func",
-            "module.perform_request.aws_lambda_permission.gw_permission"
+            "aws_api_gateway_deployment.chat_deployment"
           ]
         }
       ]
@@ -561,23 +554,16 @@
         {
           "schema_version": 0,
           "attributes": {
-            "id": "4090835379135105356",
+            "id": "7241375145443709044",
             "triggers": {
               "deployed_dependency": "https://c71bjvgvs9.execute-api.us-east-1.amazonaws.com/stage",
-              "run_always": "2021-06-23T01:52:14Z"
+              "run_always": "2021-06-23T01:53:22Z"
             }
           },
           "sensitive_attributes": [],
           "private": "bnVsbA==",
           "dependencies": [
-            "aws_api_gateway_deployment.chat_deployment",
-            "aws_api_gateway_rest_api.chat_gateway",
-            "aws_iam_role.function_role",
-            "module.perform_request.aws_api_gateway_integration.gateway_integration",
-            "module.perform_request.aws_api_gateway_method.gateway_method",
-            "module.perform_request.aws_api_gateway_resource.gateway_resource",
-            "module.perform_request.aws_lambda_function.lambda_func",
-            "module.perform_request.aws_lambda_permission.gw_permission"
+            "aws_api_gateway_deployment.chat_deployment"
           ]
         }
       ]