LocalChat Pro: A Secure Real-Time Communication Platform

November 6, 2025

This project, LocalChat Pro: Enterprise Edition, is a fully functional, real-time communication platform designed to demonstrate proficiency across the full stack—from secure data modeling in the database to asynchronous event handling at the application layer. The core focus was engineering a robust, Node.js/WebSocket server capable of handling high-fidelity, persistent messaging while implementing critical security controls and moderation features essential for any enterprise environment.

Architectural Deep Dive

1. Tech Stack and Data Integrity

The application uses a standard, yet powerful, stack: Node.js/Express for the application server, MySQL for data persistence, and pure WebSockets for bidirectional communication. Database integrity is enforced using foreign keys with strict constraints (e.g., ON DELETE CASCADE for messages/reactions) to prevent orphaned records. Critical user credentials employ a secure hashing mechanism (PBKDF2) to protect against compromise.

  • Backend: Node.js, Express, WebSocket (`ws`)
  • Database: MySQL with `mysql2/promise`
  • Authentication: PBKDF2 Password Hashing
  • Frontend: HTML/Tailwind/Vanilla JS for low overhead

2. Dual-Layer Communication Protocol

Communication is split between two distinct layers for security and reliability:

  • HTTP (REST API): Handles non-real-time, high-integrity tasks like user registration, login, and file uploads. This allows the use of established security patterns and middleware (like Multer for file integrity checking).
  • WebSockets: Manages all real-time events (message transmission, typing indicators, presence, reactions). A successful HTTP login is required before initiating the authenticated WebSocket connection.

Security and Moderation Controls

Implementing a comprehensive set of security and moderation features was paramount to simulate a production environment compliant with enterprise standards.

1. Role-Based Access Control (RBAC)

The server assigns users roles (User, Moderator, Admin) and enforces privileges server-side. High-privilege commands (like /pin, /kick, and /ban) are validated against the user's role hierarchy in the backend before execution.

2. File Upload Security

File uploads are protected by mime-type whitelisting (restricting files to images, PDF, and plain text) and enforced size limits (5MB) to mitigate risks like malformed content injection and storage exhaustion. Files are stored with secure, randomized filenames to prevent directory traversal and overwrite attacks.

3. Content Sanitization and Persistence

  • Cross-Site Scripting (XSS) Prevention: All message content is run through the powerful DOMPurify library on the client-side upon rendering and is stored raw but filtered from input on the server, ensuring all Markdown rendering is safe.
  • Audit Logging (`audit_logs`): A robust table exists to log every critical action, including user bans and message deletions, providing an immutable record for forensic investigation and compliance.

Advanced Messaging Features

1. Threading and Message Editing TTL

The messaging table (`messages`) includes the parent_message_id column, creating a canonical thread structure maintained by foreign key references. Furthermore, users can only edit their own messages within a configurable Time-To-Live (TTL) window (24 hours), enhancing data reliability and message integrity after the fact.

2. Channel Creation and Ownership

Users can create public or private channels. Private channels generate unique invite codes and require membership for access. The recent implementation of channel deletion is restricted strictly to the channel's creator or an Admin, enforcing clear data ownership boundaries.

Feature Roadmap & Schema Utilization

The current database schema is forward-compatible and supports several key features that are pending full application logic implementation.

  • Granular Channel Permissions (`channel_permissions`): The model exists to implement fine-grained RBAC controls (e.g., who can send messages, who can pin) on a per-channel basis, moving beyond simple global roles.
  • Message Search (`FULLTEXT INDEX`): The database is indexed to enable rapid, server-side full-text search across all message content.
  • Read Receipts (`read_receipts`): This table is designed to track each user's last read message per channel, a foundational feature for durability and presence across sessions.

Conclusion

LocalChat Pro stands as a comprehensive demonstration of my ability to architect, develop, and secure a complex, real-time web service. The project successfully integrates asynchronous messaging with robust database persistence and enterprise-level moderation features, underscoring my readiness to tackle challenging development and security roles.