-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathscript.js
More file actions
323 lines (268 loc) · 9.05 KB
/
script.js
File metadata and controls
323 lines (268 loc) · 9.05 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
// Initialize Supabase client
const supabaseClient = window.supabase.createClient(SUPABASE_URL, SUPABASE_PUBLISHABLE_KEY);
// DOM Elements
const chatMessages = document.getElementById('chatMessages');
const chatForm = document.getElementById('chatForm');
const messageInput = document.getElementById('messageInput');
const sendButton = document.getElementById('sendButton');
const clearButton = document.getElementById('clearButton');
const onlineCount = document.getElementById('onlineCount');
// Funny username generator
const professions = [
"Accountant", "Lawyer", "Dentist", "Plumber", "Chef", "Librarian",
"Astronaut", "Janitor", "Professor", "Wizard", "Intern", "CEO",
"Therapist", "Barista", "Archaeologist", "Surgeon", "Poet", "Hacker"
];
const objects = [
"Doom", "Socks", "Chaos", "Spoons", "Thunder", "Muffins", "Regret",
"Glitter", "Secrets", "Beans", "Mystery", "Waffles", "Shadows",
"Pickles", "Destiny", "Noodles", "Silence", "Mayhem", "Cheese"
];
const connectors = ["Of", "With", "And"];
function generateUsername() {
const profession = professions[Math.floor(Math.random() * professions.length)];
const connector = connectors[Math.floor(Math.random() * connectors.length)];
const object = objects[Math.floor(Math.random() * objects.length)];
return profession + connector + object;
}
// Generate a random anonymous username
const myId = generateUsername();
// Security constants
const MAX_MESSAGE_LENGTH = 150;
const RATE_LIMIT_MS = 1000; // Minimum time between messages
const SLIDING_WINDOW_MS = 30000; // 30 second window
const MAX_MESSAGES_PER_WINDOW = 5; // Max messages in sliding window
const DUPLICATE_BLOCK_MS = 60000; // Block duplicate messages for 60 seconds
// Receive rate limiting (per sender)
const RECEIVE_RATE_LIMIT_MS = 500; // Min time between messages from same sender
const RECEIVE_MAX_PER_WINDOW = 10; // Max messages per sender in window
const RECEIVE_WINDOW_MS = 10000; // 10 second window
let lastMessageTime = 0;
let messageTimestamps = []; // For sliding window
let recentMessages = []; // For duplicate detection {text, timestamp}
let receivedFromSenders = {}; // Track received messages per sender { senderId: [timestamps] }
// Supabase Realtime Broadcast channel
let channel;
// Initialize the chat
function init() {
showEmptyState();
messageInput.focus();
setupRealtimeChannel();
}
// Update online count display
function updateOnlineCount(count) {
onlineCount.textContent = count;
}
// Setup Supabase Realtime Broadcast channel
function setupRealtimeChannel() {
channel = supabaseClient.channel('public-chat', {
config: {
broadcast: { self: false }, // Don't receive your own messages
presence: { key: myId }
}
});
channel
.on('broadcast', { event: 'message' }, (payload) => {
const { senderId, content } = payload.payload;
// Validate incoming message
if (typeof content !== 'string' || typeof senderId !== 'string') return;
if (content.length === 0 || content.length > MAX_MESSAGE_LENGTH) return;
if (senderId.length === 0 || senderId.length > 50) return;
// Throttle spammy senders
if (shouldThrottleReceive(senderId)) return;
addMessage(content, senderId, false);
})
.on('presence', { event: 'sync' }, () => {
const presenceState = channel.presenceState();
const count = Object.keys(presenceState).length;
updateOnlineCount(count);
})
.subscribe(async (status) => {
if (status === 'SUBSCRIBED') {
console.log('Connected to chat room');
// Track our presence
await channel.track({ user_id: myId });
}
});
}
// Show empty state when no messages
function showEmptyState() {
if (chatMessages.children.length === 0) {
chatMessages.innerHTML = `
<div class="empty-state">
<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
<path d="M21 15a2 2 0 0 1-2 2H7l-4 4V5a2 2 0 0 1 2-2h14a2 2 0 0 1 2 2z"></path>
</svg>
<p>No messages yet.<br>Start the conversation!</p>
</div>
`;
}
}
// Remove empty state
function removeEmptyState() {
const emptyState = chatMessages.querySelector('.empty-state');
if (emptyState) {
emptyState.remove();
}
}
// Format time
function formatTime(date) {
return date.toLocaleTimeString([], { hour: '2-digit', minute: '2-digit' });
}
// Create message element
function createMessageElement(text, userId, time, isSent) {
const messageDiv = document.createElement('div');
messageDiv.className = `message ${isSent ? 'sent' : 'received'}`;
const displayName = isSent ? 'You' : userId;
messageDiv.innerHTML = `
<div class="message-meta">
<span class="message-user">${escapeHtml(displayName)}</span>
<span class="message-time">${formatTime(time)}</span>
</div>
<div class="message-text">${escapeHtml(text)}</div>
`;
return messageDiv;
}
// Escape HTML to prevent XSS
function escapeHtml(text) {
const div = document.createElement('div');
div.textContent = text;
return div.innerHTML;
}
// Add message to chat
function addMessage(text, userId, isSent = false) {
removeEmptyState();
const messageElement = createMessageElement(text, userId, new Date(), isSent);
chatMessages.appendChild(messageElement);
// Scroll to bottom
scrollToBottom();
}
// Add system message to chat
function addSystemMessage(text) {
removeEmptyState();
const messageDiv = document.createElement('div');
messageDiv.className = 'message system';
messageDiv.innerHTML = `
<div class="message-text">${escapeHtml(text)}</div>
`;
chatMessages.appendChild(messageDiv);
scrollToBottom();
}
// Scroll to bottom of chat
function scrollToBottom() {
chatMessages.scrollTop = chatMessages.scrollHeight;
}
// Send message via Supabase Broadcast
function sendMessage(text) {
channel.send({
type: 'broadcast',
event: 'message',
payload: {
senderId: myId,
content: text
}
});
// Add to your own UI immediately
addMessage(text, myId, true);
}
// Check sliding window rate limit
function isRateLimited(now) {
// Clean old timestamps
messageTimestamps = messageTimestamps.filter(t => now - t < SLIDING_WINDOW_MS);
return messageTimestamps.length >= MAX_MESSAGES_PER_WINDOW;
}
// Check for duplicate message
function isDuplicate(text, now) {
// Clean old messages
recentMessages = recentMessages.filter(m => now - m.timestamp < DUPLICATE_BLOCK_MS);
return recentMessages.some(m => m.text === text);
}
// Check if incoming message from sender should be throttled
function shouldThrottleReceive(senderId) {
const now = Date.now();
if (!receivedFromSenders[senderId]) {
receivedFromSenders[senderId] = [];
}
// Clean old timestamps
receivedFromSenders[senderId] = receivedFromSenders[senderId].filter(
t => now - t < RECEIVE_WINDOW_MS
);
const timestamps = receivedFromSenders[senderId];
// Check rate limit (too fast)
if (timestamps.length > 0 && now - timestamps[timestamps.length - 1] < RECEIVE_RATE_LIMIT_MS) {
return true;
}
// Check sliding window limit
if (timestamps.length >= RECEIVE_MAX_PER_WINDOW) {
return true;
}
// Record this message
timestamps.push(now);
return false;
}
// Handle form submission
function handleSubmit(e) {
e.preventDefault();
const text = messageInput.value.trim();
if (text.length < 2) return;
// Validate message length (defense in depth - HTML maxlength can be bypassed)
if (text.length > MAX_MESSAGE_LENGTH) {
messageInput.value = text.substring(0, MAX_MESSAGE_LENGTH);
return;
}
const now = Date.now();
// Basic rate limiting (1 msg/sec)
if (now - lastMessageTime < RATE_LIMIT_MS) {
return;
}
// Sliding window rate limiting
if (isRateLimited(now)) {
addSystemMessage('Please wait before sending another message.');
return;
}
// Duplicate message check
if (isDuplicate(text, now)) {
return;
}
lastMessageTime = now;
messageTimestamps.push(now);
recentMessages.push({ text, timestamp: now });
// Send message via broadcast
sendMessage(text);
// Clear input
messageInput.value = '';
sendButton.disabled = true;
messageInput.focus();
}
// Clear chat history
function clearChat() {
chatMessages.innerHTML = '';
showEmptyState();
messageInput.focus();
}
// Event listeners
chatForm.addEventListener('submit', handleSubmit);
clearButton.addEventListener('click', clearChat);
// Enable/disable send button based on input
messageInput.addEventListener('input', () => {
sendButton.disabled = messageInput.value.trim().length < 2;
});
// Handle mobile keyboard - scroll to bottom when input is focused
messageInput.addEventListener('focus', () => {
// Small delay to let the keyboard open
setTimeout(() => {
scrollToBottom();
}, 300);
});
// Handle viewport resize (keyboard open/close on mobile)
if (window.visualViewport) {
window.visualViewport.addEventListener('resize', () => {
// Scroll to bottom when viewport changes (keyboard opens)
if (document.activeElement === messageInput) {
scrollToBottom();
}
});
}
// Initialize
init();
sendButton.disabled = true;