This repository is the home of the new Utopian.io frontend. Vue.JS & Quasar Framework based.
This is a early-stage project, meaning changes happens fast. Before putting work contributing, be sure to open a proper issue to discuss your intention and receive proper advice.
Some information about this project.
So far, the frontend is completely client-side only, meaning no server is required to run the application. Anything that can be client-side, without server dependency, should be.
- Keep components minimal.
- Security is the primary concern.
- Javascript Standard Style (enforced by ESLint)
- PUG (ex-Jade) templates.
The application, does not store credentials on server. Instead, SteemConnect implicit grant is used and the token lives on client-side only, and the client side is the solely responsible for broadcasting operations.
Any sensitive data stored on browser is strongly encrypted with AES-256-GCM
though WebCrypto API.
A secret encryption key is handled by the browser, in a non-exportable manner, meaning the local encryption keys (which are safely random) are not visible, not even for the application.
It means a browser security breach would be required to compromise the data.
Also, care is taken on the actual token handling, SteemConnect and any other broadcasting drivers are deep cloned before operations, and the cloned instances are destroyed after usage (avoid having tokens on memory at any time, every action requires decryption-usage-zeromem).
PIN codes for PBKDF2 derivations are a secondary goal.
@TODO improve encryption process documentation.
Be sure to have a .env
file on the project root folder. The same can be created using .env.example as base.
npm install
npm run dev
npm run build