Skip to content

Marius-prog/video_chat

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

13 Commits
base
base
Β 
Β 
mychat
mychat
Β 
Β 
static
static
Β 
Β 
staticfiles
staticfiles
Β 
Β 
template
template
Β 
Β 
.env.example
.env.example
Β 
Β 
.gitignore
.gitignore
Β 
Β 
Procfile
Procfile
Β 
Β 
README.md
README.md
Β 
Β 
SECURITY.md
SECURITY.md
Β 
Β 
db.sqlite3
db.sqlite3
Β 
Β 
manage.py
manage.py
Β 
Β 
ngrok.exe
ngrok.exe
Β 
Β 
readme.md
readme.md
Β 
Β 
requirements.txt
requirements.txt
Β 
Β 
runtime.txt
runtime.txt
Β 
Β 

Repository files navigation

Video Chat Application - Military-Grade Security Edition

A secure, enterprise-ready group video calling platform built with Django and Agora WebRTC.

πŸ›‘οΈ Security Features

This application implements military-grade security with comprehensive protection against common web vulnerabilities:

  • βœ… No Hardcoded Secrets - All credentials managed via environment variables
  • βœ… CSRF Protection - Full CSRF token validation on all state-changing operations
  • βœ… Rate Limiting - Protection against abuse and DoS attacks
  • βœ… Input Validation - Comprehensive server-side and client-side validation
  • βœ… XSS Prevention - HTML escaping and Content Security Policy
  • βœ… HTTPS Enforcement - Secure transport with HSTS headers
  • βœ… Session Security - HttpOnly, Secure, SameSite cookies
  • βœ… Authorization Controls - Session-based ownership validation
  • βœ… Security Logging - Comprehensive audit trail
  • βœ… Security Headers - CSP, X-Frame-Options, X-Content-Type-Options

See SECURITY.md for complete security documentation.

πŸš€ Quick Start

Prerequisites

Installation

  1. Clone the repository

    git clone <repository-url>
cd video_chat

  2. Create virtual environment

    python -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate

  3. Install dependencies

    pip install -r requirements.txt

  4. Configure environment

    cp .env.example .env
nano .env  # Edit with your values

    Required Environment Variables:

    SECRET_KEY=your-django-secret-key
DEBUG=False
ALLOWED_HOSTS=yourdomain.com,www.yourdomain.com
AGORA_APP_ID=your-agora-app-id
AGORA_APP_CERTIFICATE=your-agora-app-certificate

  5. Run migrations

    python manage.py migrate

  6. Create superuser

    python manage.py createsuperuser

  7. Collect static files

    python manage.py collectstatic

  8. Run development server

    python manage.py runserver

    ⚠️ For Development Only: Set DEBUG=True in .env for local development

πŸ”§ Configuration

Environment Variables

Variable Description Required Default
SECRET_KEY Django secret key Yes -
DEBUG Debug mode No False
ALLOWED_HOSTS Comma-separated hosts Yes localhost,127.0.0.1
AGORA_APP_ID Agora application ID Yes -
AGORA_APP_CERTIFICATE Agora app certificate Yes -
SECURE_SSL_REDIRECT Force HTTPS No True (if not DEBUG)
SESSION_COOKIE_SECURE Secure session cookies No True (if not DEBUG)
CSRF_COOKIE_SECURE Secure CSRF cookies No True (if not DEBUG)

See .env.example for all available options.

Generating Secret Key

python -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())'

Agora Setup

  1. Sign up at Agora.io
  2. Create a new project
  3. Enable App Certificate in project settings
  4. Copy App ID and App Certificate to .env

πŸ“– Usage

  1. Navigate to the lobby page
  2. Enter a room name (1-64 characters, alphanumeric)
  3. Enter your display name (2-100 characters)
  4. Click "Join Stream"
  5. Grant camera and microphone permissions
  6. Start chatting!

Controls

  • 🎀 Microphone - Toggle audio on/off
  • πŸ“Ή Camera - Toggle video on/off
  • πŸšͺ Leave - Exit the room

πŸ—οΈ Architecture

Backend (Django)

mychat/
β”œβ”€β”€ settings.py    # Security-hardened configuration
β”œβ”€β”€ urls.py        # URL routing
└── wsgi.py        # WSGI application

base/
β”œβ”€β”€ models.py      # RoomMember model
β”œβ”€β”€ views.py       # Secure API endpoints with rate limiting
β”œβ”€β”€ urls.py        # API routes
└── templates/     # HTML templates

Frontend

static/
β”œβ”€β”€ js/
β”‚   └── streams.js     # Secure Agora client implementation
β”œβ”€β”€ styles/
β”‚   └── main.css       # Responsive styling
└── assets/
    └── AgoraRTC_N-4.8.0.js

πŸ”’ Security Implementation

Rate Limits

Endpoint Limit Purpose
/get_token/ 10/min per IP Prevent token abuse
/create_member/ 30/min per IP Prevent spam
/get_member/ 60/min per IP Prevent scraping
/delete_member/ 30/min per IP Prevent abuse

Input Validation

Channel Names:

  • Length: 1-64 characters
  • Pattern: ^[a-zA-Z0-9_-]+$
  • XSS protection: HTML escaped

Usernames:

  • Length: 2-100 characters
  • Pattern: ^[a-zA-Z0-9_\s-]+$
  • XSS protection: HTML escaped

UIDs:

  • Range: 0 to 4,294,967,295
  • Type: Integer
  • Generation: Cryptographically secure random

Authorization

  • Users can only delete their own member records
  • Session validation on all operations
  • UID and room ownership verification

πŸš€ Deployment

Production Checklist

  • Set DEBUG=False
  • Configure ALLOWED_HOSTS
  • Set strong SECRET_KEY
  • Configure Agora credentials
  • Enable HTTPS
  • Set up SSL certificate
  • Configure reverse proxy (nginx/Apache)
  • Set up database backups
  • Configure log monitoring
  • Test all security headers

Heroku Deployment

# Login to Heroku
heroku login

# Create app
heroku create your-app-name

# Set environment variables
heroku config:set SECRET_KEY=your-secret-key
heroku config:set AGORA_APP_ID=your-app-id
heroku config:set AGORA_APP_CERTIFICATE=your-certificate
heroku config:set ALLOWED_HOSTS=your-app-name.herokuapp.com

# Deploy
git push heroku main

# Run migrations
heroku run python manage.py migrate

# Create superuser
heroku run python manage.py createsuperuser

Docker Deployment

# Dockerfile example
FROM python:3.9-slim

WORKDIR /app

COPY requirements.txt .
RUN pip install -r requirements.txt

COPY . .

RUN python manage.py collectstatic --noinput

EXPOSE 8000

CMD ["gunicorn", "mychat.wsgi:application", "--bind", "0.0.0.0:8000"]

πŸ§ͺ Testing

# Run tests
python manage.py test

# Check security
python manage.py check --deploy

# Test CSRF protection
# Try POST without CSRF token - should get 403

# Test rate limiting
# Make 11 token requests in 1 minute - should get 429

πŸ“Š Monitoring

Log Files

  • Security logs: logs/security.log
  • Application logs: Console output

Log Monitoring

# Watch security logs
tail -f logs/security.log

# Search for errors
grep -i "error" logs/security.log

# Check unauthorized attempts
grep -i "unauthorized" logs/security.log

πŸ› Troubleshooting

Common Issues

"CSRF verification failed"

  • Ensure cookies are enabled
  • Check CSRF_COOKIE_SECURE setting matches HTTPS usage
  • Verify X-CSRFToken header in POST requests

"Rate limit exceeded"

  • Wait for rate limit window to expire
  • Check if legitimate traffic is being blocked
  • Adjust rate limits in views.py if needed

"Failed to generate token"

  • Verify AGORA_APP_ID and AGORA_APP_CERTIFICATE in .env
  • Check Agora project status
  • Review security.log for errors

"Camera/Microphone not working"

  • Grant browser permissions
  • Use HTTPS (required for getUserMedia)
  • Check browser compatibility

🀝 Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Commit your changes
  4. Push to the branch
  5. Create a Pull Request

Security contributions welcome!

πŸ“ License

[Your License Here]

πŸ™ Acknowledgments

  • Django framework
  • Agora WebRTC SDK
  • OWASP Security Guidelines

πŸ“ž Support

For security issues, see SECURITY.md

For general support, create an issue on GitHub.

Built with ❀️ and πŸ›‘οΈ Security

About

Real-time video chat application with WebRTC

Resources

Readme

Security policy

Security policy
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages