quic-issues/427e7578-d7bf-49c8-aee9-2dd999e25316
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: quic-issues:proposal-4de44601-accc-42df-884f-4b984296952b
Branches Tags
quic-issues:main quic-issues:group-80673505-7287-4f88-914b-3df08b3fe2ee quic-issues:group-e07276f2-902e-4497-9744-df345e21992e quic-issues:group-efa16e66-ef82-4649-af99-092989e08a88 quic-issues:group-77812d39-5e8d-4d8b-bae5-e44c83f8f766 quic-issues:proposal-4de44601-accc-42df-884f-4b984296952b quic-issues:proposal-c3a5326a-9c65-4bcf-9425-8233dfa9fe78 quic-issues:proproposal-c3a5326a-9c65-4bcf-9425-8233dfa9fe88 quic-issues:proposal-88461784-44fb-4dbb-a5b1-96d67867e002 quic-issues:proposal-4cbc1b67-c2ee-4b97-9be5-5ab20c52b801 quic-issues:proposal-55bf0639-3fc1-4660-9285-290a79816c46 quic-issues:proposal-73d5ae78-430f-48ea-9a0c-a428f9d3e6ae quic-issues:proposal-e56c46f7-9d0e-4f4c-bbf1-979eb7982dbc quic-issues:proposal-0e2cfae9-900f-4fec-8274-efc45120c2f8 quic-issues:proposal-d1b0ec22-c5bc-494c-afd5-4ca35fedbbe1 quic-issues:proposal-1732a9cb-5389-44ea-b42b-ebc4ad0b7f33 quic-issues:feat/p2p-polling-app quic-issues:proposal-8835ffc9-b533-4a52-a996-85b92392f016 quic-issues:proposal-6f8d1303-1ffd-4f51-b6be-e4fd57ec14e2 quic-issues:group-b7a2f171-c361-42c0-a0cd-8aafdd6b2f1a quic-issues:proposal-9f725995-58eb-4afb-a096-3807966418f8 quic-issues:proposal-f1894775-db09-4ecd-9765-138693803b42 quic-issues:group-1eec8012-9afc-4e88-a706-d9f73faece30 quic-issues:group-af5e5b3a-a72d-400f-9cf5-74f4815888b7
..
compare: quic-issues:group-e07276f2-902e-4497-9744-df345e21992e
Branches Tags
quic-issues:group-80673505-7287-4f88-914b-3df08b3fe2ee quic-issues:group-e07276f2-902e-4497-9744-df345e21992e quic-issues:group-efa16e66-ef82-4649-af99-092989e08a88 quic-issues:group-77812d39-5e8d-4d8b-bae5-e44c83f8f766 quic-issues:proposal-4de44601-accc-42df-884f-4b984296952b quic-issues:proposal-c3a5326a-9c65-4bcf-9425-8233dfa9fe78 quic-issues:proproposal-c3a5326a-9c65-4bcf-9425-8233dfa9fe88 quic-issues:proposal-88461784-44fb-4dbb-a5b1-96d67867e002 quic-issues:proposal-4cbc1b67-c2ee-4b97-9be5-5ab20c52b801 quic-issues:proposal-55bf0639-3fc1-4660-9285-290a79816c46 quic-issues:proposal-73d5ae78-430f-48ea-9a0c-a428f9d3e6ae quic-issues:proposal-e56c46f7-9d0e-4f4c-bbf1-979eb7982dbc quic-issues:proposal-0e2cfae9-900f-4fec-8274-efc45120c2f8 quic-issues:proposal-d1b0ec22-c5bc-494c-afd5-4ca35fedbbe1 quic-issues:proposal-1732a9cb-5389-44ea-b42b-ebc4ad0b7f33 quic-issues:feat/p2p-polling-app quic-issues:proposal-8835ffc9-b533-4a52-a996-85b92392f016 quic-issues:proposal-6f8d1303-1ffd-4f51-b6be-e4fd57ec14e2 quic-issues:group-b7a2f171-c361-42c0-a0cd-8aafdd6b2f1a quic-issues:proposal-9f725995-58eb-4afb-a096-3807966418f8 quic-issues:proposal-f1894775-db09-4ecd-9765-138693803b42 quic-issues:group-1eec8012-9afc-4e88-a706-d9f73faece30 quic-issues:group-af5e5b3a-a72d-400f-9cf5-74f4815888b7 quic-issues:main

2 Commits
proposal-4 ... group-e072

Author SHA1 Message Date
1ynx
bc5e2eead8 + create user with public/private key 
+ sign and verify votes and prevent unverified updates
 2026-04-04 22:36:17 +02:00
1ynx
b5cb0e83e3 * init p2p polling app 2026-03-31 19:09:46 +02:00
40 changed files with 9407 additions and 5286 deletions
Expand all files Collapse all files

55
.gitignore vendored
View File

@@ -1,41 +1,24 @@
# See https://help.github.com/articles/ignoring-files/ for more about ignoring files. # Nuxt dev/build outputs
.output
.data
.nuxt
.nitro
.cache
dist
# dependencies # Node dependencies
/node_modules node_modules
/.pnp
.pnp.*
.yarn/*
!.yarn/patches
!.yarn/plugins
!.yarn/releases
!.yarn/versions
# testing # Logs
/coverage logs
*.log
# next.js # Misc
/.next/
/out/
# production
/build
# misc
.DS_Store .DS_Store
*.pem .fleet
.idea
# debug # Local env files
npm-debug.log* .env
yarn-debug.log* .env.*
yarn-error.log* !.env.example
.pnpm-debug.log*
# env files (can opt-in for committing if needed)
.env*
# vercel
.vercel
# typescript
*.tsbuildinfo
next-env.d.ts

131
README.md
View File

@@ -1,2 +1,129 @@
# P2P Poll App # 🗳️ P2P Verified Polling App
Remove-Item -Recurse -Force node_modules, .next
A decentralized, real-time polling application built with **Nuxt 3**, **Yjs**, and **WebRTC**. This app allows users to create and participate in polls where every vote is cryptographically signed and verified peer-to-peer, ensuring data integrity without a central authority "owning" the results.
---
## 🌟 Key Features
* **Serverless Real-time Sync:** Uses **Yjs** (CRDTs) and **WebRTC** to sync poll data directly between browsers. No database is required for live updates.
* **Persistence with Nitro:** While the logic is P2P, the **Nuxt/Nitro** backend provides a "Snapshot" service to ensure polls persist even after all peers go offline.
* **Cryptographic Integrity:** Every vote is signed using **RSA-PSS (Web Crypto API)**. Each user has a unique private key (stored locally via `.pem` files) to ensure votes cannot be forged or tampered with.
* **Chained Verification:** Implements a "History-Signing" logic where each new vote signs the entire preceding state of the poll, creating a verifiable chain of trust.
* **Privacy First:** Users identify via UUIDs and Public/Private key pairs rather than traditional accounts.
---
## ⚙️ How It Works
### 1. Identity Creation
When a new user is created, the system generates a unique **UUID (User ID)** and an **RSA Key Pair**. The user is prompted to save their **Private Key** as a `.pem` file, named after their User ID (e.g., `550e8400-e29b.pem`). This file acts as their "Passport"—it is never uploaded to the server and must be kept secure by the user.
### 2. Authentication
Upon returning to the app, users load their local `.pem` file. The application extracts the Private Key for signing and the UUID for identification. No passwords or central servers are involved in this local-first login process.
### 3. Joining a Poll
When a user joins a poll, the app fetches the latest binary snapshot from the server to populate a local **Y.Doc**. This ensures the user sees the current state immediately, even before connecting to other peers.
### 4. The P2P Mesh
The app establishes connections to other active voters via a WebRTC signaling server. Any changes made to the poll (adding options or voting) are broadcasted instantly to all peers using Conflict-free Replicated Data Types (CRDTs) to prevent sync conflicts.
### 5. Casting a Signed Vote
To ensure security, the voting process follows a strict cryptographic chain:
* The app captures the current list of votes.
* It appends the new vote data (User ID + Timestamp).
* It signs the **entire array** (the previous history + the new vote) using the user's RSA private key.
* The signed update is merged into the shared Yjs Map and broadcasted.
### 6. Distributed Verification
Whenever a peer receives a new update, they fetch the voter's **Public Key** from the API. They then verify that the signature matches the current state of the poll history. If a signature is invalid or the history has been tampered with, the vote is rejected by the peer's local state.
---
## 🛠️ Tech Stack
* **Framework:** [Nuxt 3](https://nuxt.com/) (Vue 3 + TypeScript)
* **Conflict-Free Replicated Data Types (CRDT):** [Yjs](https://yjs.dev/)
* **P2P Transport:** `y-webrtc`
* **Security:** Web Crypto API (SubtleCrypto)
* **Backend/Storage:** Nitro (Nuxt's server engine) with filesystem storage drivers
# AI Disclaimer
This App was developed with the assistance of AI.
# Nuxt Minimal Starter
Look at the [Nuxt documentation](https://nuxt.com/docs/getting-started/introduction) to learn more.
## Setup
Make sure to install dependencies:
```bash
# npm
npm install
# pnpm
pnpm install
# yarn
yarn install
# bun
bun install
```
## Development Server
Start the development server on `http://localhost:3000`:
```bash
# npm
npm run dev
# pnpm
pnpm dev
# yarn
yarn dev
# bun
bun run dev
```
## Production
Build the application for production:
```bash
# npm
npm run build
# pnpm
pnpm build
# yarn
yarn build
# bun
bun run build
```
Locally preview production build:
```bash
# npm
npm run preview
# pnpm
pnpm preview
# yarn
yarn preview
# bun
bun run preview
```
Check out the [deployment documentation](https://nuxt.com/docs/getting-started/deployment) for more information.

175
app/app.vue Normal file
View File

@@ -0,0 +1,175 @@
<style>
/* Basic styling to make it look clean */
body {
font-family: system-ui, -apple-system, sans-serif;
background-color: #f4f4f9;
color: #333;
margin: 0;
display: flex;
justify-content: center;
padding: 2rem;
}
header {
margin-bottom: 2rem;
text-align: center;
}
h1 { margin: 0 0 0.5rem 0; }
input {
flex-grow: 1;
padding: 0.75rem;
border: 1px solid #ccc;
border-radius: 6px;
font-size: 1rem;
}
button,
.button {
background: #3b82f6;
color: white;
border: none;
padding: 0.75rem 1rem;
border-radius: 6px;
cursor: pointer;
font-weight: bold;
transition: background 0.2s;
}
button:hover,
.button:hover { background: #2563eb; }
.status {
font-size: 0.85rem;
color: #666;
}
.status .connected { color: #10b981; font-weight: bold; }
.connectionFailed { color: #FF2525; font-weight: bold; }
.poll-container {
background: white;
padding: 2rem;
border-radius: 12px;
box-shadow: 0 4px 6px rgba(0,0,0,0.1);
width: 100%;
max-width: 500px;
}
.back-btn {
margin-left: 1rem;
padding: 0.2rem 0.5rem;
font-size: 0.7rem;
background: #64748b;
}
/* Hide the actual file input */
input[type="file"] {
display: none;
}
</style>
<template>
<div class="poll-container">
<header>
<h1 @click="activePollId = null" style="cursor:pointer">P2P Polling App 🗳</h1>
<div class="status">
<button v-if="activePollId" @click="activePollId = null" class="back-btn"> Back To List</button>
<span :class="{ 'connected': isConnected }">
{{ isConnected ? 'Synced' : 'Waiting for other Peers...' }}
</span>
<span> | Peers online: {{ connectedPeers }}</span>
<h2 v-if="connectionAttempFailed" class="connectionFailed"> Connection to Signaling Server Failed!</h2>
<div v-if="user===null" style="margin-top: 10px;">
<button @click="createUser">Create New User</button>
Or
<label title="Select Key File">
<span class="button">Login</span>
<input
type="file"
accept=".pem"
@change="loadUser"
/>
</label>
</div>
</div>
</header>
<main>
<PollList v-if="!activePollId" :userid="user?.userid" @select-poll="selectPoll" />
<Poll v-else :activePollId="activePollId" :userid="user?.userid" :poll-data="pollData" :addOption="addOption" :vote="vote"/>
</main>
</div>
</template>
<script setup lang="ts">
import { v4 as uuidv4 } from 'uuid';
const activePollId = ref<string | null>(null);
const user = shallowRef<UserData | null>(null);
const { pollData, isConnected, connectionAttempFailed, connectedPeers, addOption, vote } = usePoll(activePollId,user);
const selectPoll = (id: string) => {
activePollId.value = id;
};
const createUser = async () => {
try {
const keypair : CryptoKeyPair = await generateUserKeyPair();
console.log('keypair:', keypair);
const uuid = uuidv4();
user.value = {
userid: uuid,
private_key: keypair.privateKey,
public_key: keypair.publicKey,
};
const prvKeyString = await exportPrivateKey(keypair.privateKey);
await savePrivateKeyToFile(prvKeyString,uuid+".pem")
const pubKeyString = await exportPublicKey(keypair.publicKey);
await $fetch(`/api/users/${uuid}`, {
method: 'POST',
body: { public_key: pubKeyString }
});
} catch (err) {
user.value = null
console.error("Failed to create new User!", err);
}
};
const loadUser = async (event: Event) => {
const target = event.target as HTMLInputElement;
const file = target.files?.[0];
if (file) {
try {
const content = await file.text();
console.log("File loaded: ");
if (file.name && content) {
try {
const uuid = file.name.replace(".pem", "");
// Standardize the string for the importer
const pkBase64 = content.replace(/-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----/g, "").replace(/\s+/g, "");
const key = await stringToCryptoKey(pkBase64, "private");
user.value = {
userid: uuid,
private_key: key,
public_key: undefined, // Note: You might need to import a pub key too!
};
console.log("Login successful for:", uuid);
} catch (err) {
console.error("Crypto Import Error:", err);
alert("The file content is not a valid Private Key.");
}
}
} catch (e) {
console.error("Failed to read file", e);
}
}
};
</script>

83
app/components/Poll.vue Normal file
View File

@@ -0,0 +1,83 @@
<style scoped>
.poll-list {
list-style: none;
padding: 0;
margin: 0;
}
.poll-item {
display: flex;
justify-content: space-between;
align-items: center;
padding: 1rem;
background: #f8fafc;
border: 1px solid #e2e8f0;
border-radius: 8px;
margin-bottom: 0.5rem;
}
.poll-title {
font-size: 1.1rem;
color: #3b82f6;
text-transform: uppercase;
letter-spacing: 1px;
}
.add-option-form {
display: flex;
gap: 0.5rem;
margin-bottom: 2rem;
}
.option-name { font-weight: 500; }
.vote-section { display: flex; align-items: center; gap: 1rem; }
.vote-count { font-size: 0.9rem; color: #475569; }
.vote-btn { padding: 0.4rem 0.8rem; background: #10b981; }
.vote-btn:hover { background: #059669; }
.vote-btn:disabled,
.vote-btn[disabled] { background: #888888; }
.vote-btn:disabled:hover,
.vote-btn[disabled]:hover { background: #AAAAAA; }
</style>
<template>
<div>
<h2 class="poll-title">Poll: {{ activePollId }}</h2>
<p v-if="Object.keys(pollData).length==0">Note: Add at least one Option to save the Poll.</p>
<form @submit.prevent="handleAddNewOption" class="add-option-form" v-if="userid">
<input v-model="newOption" placeholder="Enter a new poll option..." required />
<button type="submit">Add Option</button>
</form>
<ul class="poll-list">
<li v-for="(votes, optionName) in pollData" :key="optionName" class="poll-item">
<span class="option-name">{{ optionName }}</span>
<div class="vote-section">
<span class="vote-count">{{ votes.length }} {{ votes.length === 1 ? 'vote' : 'votes' }}</span>
<button @click="vote(String(optionName))" class="vote-btn" :disabled="userid==undefined || voted(votes)">+1</button>
</div>
</li>
</ul>
</div>
</template>
<script setup lang="ts">
import type { PollProps, SignedData, VoteData } from '@/utils/types'
const props = defineProps<PollProps>()
const newOption = ref('');
const handleAddNewOption = () => {
props.addOption(newOption.value);
newOption.value = '';
};
const voted = (votes: SignedData<VoteData>[]) => {
for(let vote of votes){
if(vote.data.userid == props.userid){
return true;
}
}
return false;
}
</script>

64
app/components/PollList.vue Normal file
View File

@@ -0,0 +1,64 @@
<style scoped>
.poll-list { margin-top: 1rem; }
.empty-state { text-align: center; color: #94a3b8; font-style: italic; }
.create-poll { display: flex; gap: 0.5rem; margin-bottom: 1.5rem; }
.poll-links { list-style: none; padding: 0; }
.poll-link-btn {
width: 100%;
text-align: left;
background: #f1f5f9;
color: #1e293b;
margin-bottom: 0.5rem;
display: flex;
justify-content: space-between;
}
.poll-link-btn:hover { background: #e2e8f0; }
</style>
<template>
<div class="poll-list">
<h3>Available Polls</h3>
<ul v-if="polls && polls.length > 0" class="poll-links">
<li v-for="id in polls" :key="id">
<button class="poll-link-btn" @click="$emit('select-poll', id)">
{{ id }} <span></span>
</button>
</li>
</ul>
<p v-else class="empty-state">No polls found. Create the first one!</p>
<div class="create-poll" v-if="userid !== undefined">
<input
v-model="newPollId"
placeholder="Enter new poll name..."
@keyup.enter="createPoll"
/>
<button @click="createPoll">Create & Join</button>
</div>
</div>
</template>
<script setup lang="ts">
import type { PollListProps } from '@/utils/types'
const props = defineProps<PollListProps>()
const newPollId = ref('');
const polls = ref<string[]>([]);
// Fetch existing polls on mount
const fetchPolls = async () => {
const data = await $fetch<{ polls: string[] }>('/api/polls');
polls.value = data.polls;
};
const createPoll = () => {
const id = newPollId.value.trim().toLowerCase().replace(/\s+/g, '-');
if (id) {
// In a real app, you might want to POST to create it first,
// but here we just navigate to it and let usePoll handle the save.
emit('select-poll', id);
}
};
const emit = defineEmits(['select-poll']);
onMounted(fetchPolls);
</script>

131
app/composables/usePoll.ts Normal file
View File

@@ -0,0 +1,131 @@
// composables/usePoll.ts
import { ref, watch, onUnmounted } from 'vue';
import * as Y from 'yjs';
export const usePoll = (pollId: Ref<string | null>, user: Ref<UserData | null>) => {
const pollData = ref<PollData>({});
const isConnected = ref(false);
const connectionAttempFailed = ref(false);
const connectedPeers = ref(1);
let ydoc: Y.Doc | null = null;
let provider: any = null;
let yMap: Y.Map<SignedData<VoteData>[]> | null = null;
const cleanup = () => {
if (provider) provider.disconnect();
if (ydoc) ydoc.destroy();
isConnected.value = false;
pollData.value = {};
};
const initPoll = async (id: string) => {
cleanup(); // Clear previous session
ydoc = new Y.Doc();
// 1. Fetch Snapshot from Nuxt API
try {
const response = await $fetch<{ update: number[] | null }>(`/api/polls/${id}`).catch((e) => {
console.error("Failed to get poll: " + id,e)
});
//trust the server without verification.
if (response?.update) {
Y.applyUpdate(ydoc, new Uint8Array(response.update));
}
} catch (err) {
console.error('Persistence fetch failed', err);
}
yMap = ydoc.getMap<SignedData<VoteData>[]>('shared-poll');
// 2. Local State Sync
yMap.observe(async () => {
await performUpdateAndVerify();
saveStateToServer(id);
});
await performUpdateAndVerify();
// 3. P2P Connection
const { WebrtcProvider } = await import('y-webrtc');
provider = new WebrtcProvider(`nuxt-p2p-${id}`, ydoc, {
signaling: ["ws://localhost:4444", "ws://lynxpi.ddns.net:4444"]
});
provider.on('synced', (arg: {synced: boolean}) => {
isConnected.value = arg.synced;
console.log('Connection synced:', arg.synced) // "connected" or "disconnected"
});
provider.on('status', (event: { connected: boolean }) => {
console.log('Connection status:', event.connected) // "connected" or "disconnected"
})
provider.on('peers', (data: any) => {
connectedPeers.value = data.webrtcPeers.length + 1
});
};
const saveStateToServer = async (id: string) => {
if (!ydoc) return;
const stateUpdate = Y.encodeStateAsUpdate(ydoc);
await $fetch(`/api/polls/${id}`, {
method: 'POST',
body: { update: Array.from(stateUpdate) }
}).catch((e) => {
console.error("Failed to update poll",e)
});
};
// Watch for ID changes (e.g., user clicks a link or goes back)
watch(pollId, (newId) => {
if (newId && import.meta.client) {
initPoll(newId);
} else {
cleanup();
}
}, { immediate: true });
onUnmounted(cleanup);
const addOption = (optionName: string) => {
if (yMap && !yMap.has(optionName)) yMap.set(optionName, []);
};
const performUpdateAndVerify = async () => {
const pollDataUpdate = yMap!.toJSON();
console.log("Poll Data Update: ", pollDataUpdate)
for(var option in pollDataUpdate){
console.log("verifying votes for option: " + option);
const votes = pollDataUpdate[option] || [];
const verified = await verifyAllVotesForOption(votes);
if(!verified){
console.error("Failed to verify option: "+option)
return;
}
}
console.log("All options verified! :)")
pollData.value = pollDataUpdate
}
const vote = async (optionName: string) => {
const currentUser = user.value;
if (currentUser != undefined && yMap?.has(optionName)) {
const voteData = [...(yMap.get(optionName) || [])];
if(voteData != undefined && currentUser.private_key){
var unsignedVoteData : VoteData = {
userid: currentUser.userid,
timestamp: new Date().toISOString()
}
var newVote : SignedData<VoteData> = {
data: unsignedVoteData,
signature: "",
}
voteData?.push(newVote)
const signature = await signVote(voteData,currentUser.private_key);
newVote.signature=signature
yMap?.set(optionName, voteData);
}
}
};
return { pollData, isConnected, connectionAttempFailed, connectedPeers, addOption, vote };
};

2
app/composables/user.ts Normal file
View File

@@ -0,0 +1,2 @@
export const user = (user: Ref<UserData | null>) => {
}

BIN
app/favicon.ico
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 25 KiB

26
app/globals.css
View File

@@ -1,26 +0,0 @@
@import "tailwindcss";
:root {
--background: #ffffff;
--foreground: #171717;
}
@theme inline {
--color-background: var(--background);
--color-foreground: var(--foreground);
--font-sans: var(--font-geist-sans);
--font-mono: var(--font-geist-mono);
}
@media (prefers-color-scheme: dark) {
:root {
--background: #0a0a0a;
--foreground: #ededed;
}
}
body {
background: var(--background);
color: var(--foreground);
font-family: Arial, Helvetica, sans-serif;
}

25
app/layout.tsx
View File

@@ -1,25 +0,0 @@
import type { Metadata } from "next";
import "./globals.css";
export const metadata: Metadata = {
title: "p2p polling",
description: "creating a p2p-polling app",
};
export default function RootLayout({
children,
}: Readonly<{
children: React.ReactNode;
}>) {
return (
<html
lang="en"
className={` h-full antialiased`}
>
<body className="min-h-full flex flex-col">{children}</body>
</html>
);
}

47
app/page.tsx
View File

@@ -1,47 +0,0 @@
"use client";
import { useState } from "react";
import usePeerManager from "../hooks/usePeerManager";
import usePollManager from "../hooks/usePollManager";
import PollCreation from "../components/PollCreation";
import PollActive from "../components/PollActive";
import PeersList from "../components/PeersList";
export default function Page() {
const peerManager = usePeerManager();
const pollManager = usePollManager(peerManager);
const [connectId, setConnectId] = useState("");
return (
<div className="p-6 space-y-4">
<h1 className="text-2xl font-bold">P2P Poll App</h1>
{/* Connect */}
<div className="flex gap-2">
<input
className="border p-2"
placeholder="Peer ID"
value={connectId}
onChange={(e) => setConnectId(e.target.value)}
/>
<button
className="bg-blue-500 text-white px-4"
onClick={() => peerManager.connectToPeer(connectId)}
>
Connect
</button>
</div>
<p>Your ID: {peerManager.peerId}</p>
{pollManager.poll ? (
<PollActive pollManager={pollManager} peerId={peerManager.peerId} />
) : (
<PollCreation pollManager={pollManager} />
)}
<PeersList peers={peerManager.peers} />
</div>
);
}

187
app/utils/crypto.ts Normal file
View File

@@ -0,0 +1,187 @@
// utils/crypto.ts
export const generateUserKeyPair = async () => {
return await window.crypto.subtle.generateKey(
{
name: "RSASSA-PKCS1-v1_5",
modulusLength: 2048,
publicExponent: new Uint8Array([1, 0, 1]), // 65537
hash: "SHA-256",
},
true, // extractable
["sign", "verify"]
);
};
export const signVote = async (data: any, privateKey: CryptoKey) => {
const encoder = new TextEncoder();
const encodedData = encoder.encode(JSON.stringify(data));
const signature = await window.crypto.subtle.sign(
"RSASSA-PKCS1-v1_5",
privateKey,
encodedData
);
// Convert to Base64 or Hex to store in Yjs easily
return btoa(String.fromCharCode(...new Uint8Array(signature)));
};
export const verifyVote = async (data: any, signatureStr: string, publicKey: CryptoKey) => {
const encoder = new TextEncoder();
const encodedData = encoder.encode(JSON.stringify(data));
// Convert Base64 back to Uint8Array
const signature = Uint8Array.from(atob(signatureStr), c => c.charCodeAt(0));
return await window.crypto.subtle.verify(
"RSASSA-PKCS1-v1_5",
publicKey,
signature,
encodedData
);
};
/**
* Verifies a specific vote within an array of votes by
* reconstructing the "signed state" at that point in time.
*/
export const verifyChainedVote = async (
voteData: SignedData<VoteData>[],
index: number
) => {
const voteToVerify = voteData[index];
console.log("Verifying vote: " + voteToVerify)
if(voteToVerify) {
// 1. Reconstruct the exact data state the user signed
// We need the array exactly as it was when they pushed their vote
const historicalState = voteData.slice(0, index + 1).map((v, i) => {
if (i === index) {
// For the current vote, the signature must be empty string
// because it wasn't signed yet when passed to signVote
return { ...v, signature: "" };
}
return v;
});
try {
// 2. Fetch public key
const response = await $fetch<{ public_key: string }>(`/api/users/${voteToVerify.data.userid}`);
console.log("Got key: ",response)
const pubKey = await stringToCryptoKey(response.public_key, 'public');
console.log("Using pubKey to verify Vote.")
// 3. Verify: Does this historicalState match the signature?
return await verifyVote(historicalState, voteToVerify.signature, pubKey);
} catch (err) {
console.error("Verification failed")
console.error(err);
return false;
}
}
console.error("Vote is undefined or null");
return false;
};
export const verifyAllVotesForOption = async (votes: SignedData<VoteData>[]) => {
console.log("verifying votes for option ",votes);
for (let i = votes.length-1; i >= 0 ; i--) {
const isValid = await verifyChainedVote(votes, i);
if(!isValid){
console.error("Error! Invalid Vote at: " + i,votes)
return false;
}
}
return true;
};
// Helper to convert ArrayBuffer to Base64 string
const bufferToBase64 = (buf: ArrayBuffer) =>
window.btoa(String.fromCharCode(...new Uint8Array(buf)));
export const exportPublicKey = async (key: CryptoKey) => {
// Export Public Key
const exportedPublic = await window.crypto.subtle.exportKey("spki", key);
const publicKeyString = bufferToBase64(exportedPublic);
return publicKeyString;
};
export const exportPrivateKey = async (key: CryptoKey) => {
// Export Private Key
const exportedPrivate = await window.crypto.subtle.exportKey("pkcs8", key);
const privateKeyString = bufferToBase64(exportedPrivate);
return privateKeyString;
};
/**
* Converts a Base64 string back into a usable CryptoKey object
* @param keyStr The Base64 string (without PEM headers)
* @param type 'public' or 'private'
*/
export const stringToCryptoKey = async (keyStr: string, type: 'public' | 'private'): Promise<CryptoKey> => {
// 1. Convert Base64 string to a Uint8Array (binary)
const binaryString = window.atob(keyStr);
const bytes = new Uint8Array(binaryString.length);
for (let i = 0; i < binaryString.length; i++) {
bytes[i] = binaryString.charCodeAt(i);
}
// 2. Identify the format based on the key type
// Public keys usually use 'spki', Private keys use 'pkcs8'
const format = type === 'public' ? 'spki' : 'pkcs8';
const usages: KeyUsage[] = type === 'public' ? ['verify'] : ['sign'];
// 3. Import the key
return await window.crypto.subtle.importKey(
format,
bytes.buffer,
{
name: "RSASSA-PKCS1-v1_5",
hash: "SHA-256",
},
true, // extractable (set to false if you want to lock it in memory)
usages
);
};
export const savePrivateKeyToFile = (privateKeyStr: string, filename: string) => {
// Optional: Wrap in PEM headers for standard formatting
const pemHeader = "-----BEGIN PRIVATE KEY-----\n";
const pemFooter = "\n-----END PRIVATE KEY-----";
const fileContent = pemHeader + privateKeyStr + pemFooter;
const blob = new Blob([fileContent], { type: "text/plain" });
const url = URL.createObjectURL(blob);
const link = document.createElement("a");
link.href = url;
link.download = filename;
document.body.appendChild(link);
link.click();
// Cleanup
document.body.removeChild(link);
URL.revokeObjectURL(url);
};
export const loadPrivateKeyFromFile = async (file: File): Promise<string> => {
return new Promise((resolve, reject) => {
const reader = new FileReader();
reader.onload = (e) => {
const content = e.target?.result as string;
// Clean up the string by removing PEM headers and newlines
const cleanKey = content
.replace("-----BEGIN PRIVATE KEY-----", "")
.replace("-----END PRIVATE KEY-----", "")
.replace(/\s+/g, ""); // Removes all whitespace/newlines
resolve(cleanKey);
};
reader.onerror = () => reject("Error reading file");
reader.readAsText(file);
});
};

36
app/utils/types.ts Normal file
View File

@@ -0,0 +1,36 @@
export interface PollProps {
userid: string | undefined,
activePollId: string,
pollData: PollData,
addOption: (name: string) => void,
vote: (optionName: string) => void
}
export interface PollListProps {
userid: string | undefined,
}
export interface PollData extends Record<string, SignedData<VoteData>[]> {
}
export interface SignedData<T> {
data: T,
signature: string
}
export interface VoteData {
userid: string,
timestamp: string
}
export interface OptionData {
userid: string,
timestamp: string,
optionName: string
}
export interface UserData {
userid: string,
private_key: CryptoKey | undefined,
public_key: CryptoKey | undefined
}

0
components/Modal.tsx
View File

22
components/Notification.tsx
View File

@@ -1,22 +0,0 @@
"use client";
type NotificationType = "info" | "success" | "error";
interface NotificationProps {
message: string;
type?: NotificationType;
}
export default function Notification({ message, type = "info" }: NotificationProps) {
const colors: Record<NotificationType, string> = {
info: "bg-blue-100 text-blue-700",
success: "bg-green-100 text-green-700",
error: "bg-red-100 text-red-700",
};
return (
<div className={`px-4 py-2 rounded shadow ${colors[type]}`}>
{message}
</div>
);
}

14
components/PeersList.tsx
View File

@@ -1,14 +0,0 @@
"use client";
export default function PeersList({ peers }: { peers: string[] }) {
return (
<div>
<h3>Peers</h3>
{peers.length === 0 ? (
<p>No peers</p>
) : (
peers.map((p) => <div key={p}>{p}</div>)
)}
</div>
);
}

22
components/PollActive.tsx
View File

@@ -1,22 +0,0 @@
"use client";
import PollOption from "./PollOption";
export default function PollActive({ pollManager, peerId }: any) {
const poll = pollManager.poll;
return (
<div>
<h2 className="text-xl font-bold">{poll.question}</h2>
{poll.options.map((opt: any) => (
<PollOption
key={opt.id}
option={opt}
pollManager={pollManager}
peerId={peerId}
/>
))}
</div>
);
}

40
components/PollCreation.tsx
View File

@@ -1,40 +0,0 @@
"use client";
import { useState } from "react";
export default function PollCreation({ pollManager }: any) {
const [question, setQuestion] = useState("");
const [options, setOptions] = useState<string[]>(["", ""]);
return (
<div>
<input
className="border p-2 w-full"
placeholder="Question"
value={question}
onChange={(e) => setQuestion(e.target.value)}
/>
{options.map((opt, i) => (
<input
key={i}
className="border p-2 w-full mt-2"
placeholder={`Option ${i + 1}`}
value={opt}
onChange={(e) => {
const newOpts = [...options];
newOpts[i] = e.target.value;
setOptions(newOpts);
}}
/>
))}
<button
className="bg-green-500 text-white px-4 mt-2"
onClick={() => pollManager.createPoll(question, options)}
>
Create Poll
</button>
</div>
);
}

12
components/PollOption.tsx
View File

@@ -1,12 +0,0 @@
"use client";
export default function PollOption({ option, pollManager, peerId }: any) {
return (
<div
className="border p-2 mt-2 cursor-pointer"
onClick={() => pollManager.vote(option.id, peerId)}
>
{option.text} - {option.votes} votes
</div>
);
}

18
eslint.config.mjs
View File

@@ -1,18 +0,0 @@
import { defineConfig, globalIgnores } from "eslint/config";
import nextVitals from "eslint-config-next/core-web-vitals";
import nextTs from "eslint-config-next/typescript";
const eslintConfig = defineConfig([
...nextVitals,
...nextTs,
// Override default ignores of eslint-config-next.
globalIgnores([
// Default ignores of eslint-config-next:
".next/**",
"out/**",
"build/**",
"next-env.d.ts",
]),
]);
export default eslintConfig;

58
hooks/usePeerManager.ts
View File

@@ -1,58 +0,0 @@
"use client";
import { useEffect, useRef, useState } from "react";
import Peer from "peerjs";
export default function usePeerManager() {
const [peerId, setPeerId] = useState<string | null>(null);
const [peers, setPeers] = useState<string[]>([]);
const peerRef = useRef<Peer | null>(null);
const connectionsRef = useRef<Map<string, any>>(new Map());
useEffect(() => {
const peer = new Peer();
peerRef.current = peer;
peer.on("open", (id) => {
setPeerId(id);
});
peer.on("connection", (conn) => {
conn.on("open", () => {
connectionsRef.current.set(conn.peer, conn);
setPeers(Array.from(connectionsRef.current.keys()));
});
conn.on("data", (data) => {
console.log("Received:", data);
});
conn.on("close", () => {
connectionsRef.current.delete(conn.peer);
setPeers(Array.from(connectionsRef.current.keys()));
});
});
return () => {
peer.destroy();
};
}, []);
const connectToPeer = (id: string) => {
if (!peerRef.current) return;
const conn = peerRef.current.connect(id);
conn.on("open", () => {
connectionsRef.current.set(conn.peer, conn);
setPeers(Array.from(connectionsRef.current.keys()));
});
};
const broadcast = (data: any) => {
connectionsRef.current.forEach((conn) => {
if (conn.open) conn.send(data);
});
};
return { peerId, peers, connectToPeer, broadcast };
}

68
hooks/usePollManager.ts
View File

@@ -1,68 +0,0 @@
"use client";
import { useState } from "react";
type Option = {
id: string;
text: string;
votes: number;
voters: string[];
};
type Poll = {
id: string;
question: string;
options: Option[];
};
export default function usePollManager(peerManager: any) {
const [poll, setPoll] = useState<Poll | null>(null);
const [myVote, setMyVote] = useState<string | null>(null);
const createPoll = (question: string, options: string[]) => {
const newPoll: Poll = {
id: Date.now().toString(),
question,
options: options.map((opt, i) => ({
id: `opt-${i}`,
text: opt,
votes: 0,
voters: [],
})),
};
setPoll(newPoll);
peerManager.broadcast({ type: "poll", poll: newPoll });
};
const vote = (optionId: string, peerId: string) => {
if (!poll) return;
const updated = { ...poll };
updated.options.forEach((opt) => {
const index = opt.voters.indexOf(peerId);
if (index !== -1) {
opt.voters.splice(index, 1);
opt.votes--;
}
});
const option = updated.options.find((o) => o.id === optionId);
if (!option) return;
option.votes++;
option.voters.push(peerId);
setPoll(updated);
setMyVote(optionId);
peerManager.broadcast({
type: "vote",
optionId,
voterId: peerId,
});
};
return { poll, createPoll, vote, myVote };
}

9
next.config.ts
View File

@@ -1,9 +0,0 @@
import type { NextConfig } from "next";
const nextConfig: NextConfig = {
experimental: {
turbopackFileSystemCacheForDev: true,
}
};
export default nextConfig;

23
nuxt.config.ts Normal file
View File

@@ -0,0 +1,23 @@
// https://nuxt.com/docs/api/configuration/nuxt-config
export default defineNuxtConfig({
compatibilityDate: '2025-07-15',
devtools: { enabled: true },
vite: {
optimizeDeps: {
include: ['yjs', 'y-webrtc']
}
},
// ... existing config
nitro: {
storage: {
polls: {
driver: 'fs',
base: './.data/polls'
},
users: {
driver: 'fs',
base: './.data/users'
}
}
}
})

13082
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

33
package.json
View File

@@ -1,27 +1,20 @@
{ {
"name": "p2p-polling", "name": "p2p-poll",
"version": "0.1.0", "type": "module",
"private": true, "private": true,
"scripts": { "scripts": {
"dev": "next dev", "build": "nuxt build",
"build": "next build", "dev": "PORT=4444 npx y-webrtc & nuxt dev",
"start": "next start", "generate": "nuxt generate",
"lint": "eslint" "preview": "nuxt preview",
"postinstall": "nuxt prepare"
}, },
"dependencies": { "dependencies": {
"next": "16.2.0", "nuxt": "^4.1.3",
"peerjs": "^1.5.5", "uuid": "^13.0.0",
"react": "19.2.4", "vue": "^3.5.30",
"react-dom": "19.2.4" "vue-router": "^5.0.3",
}, "y-webrtc": "^10.3.0",
"devDependencies": { "yjs": "^13.6.30"
"@tailwindcss/postcss": "^4",
"@types/node": "^20",
"@types/react": "^19",
"@types/react-dom": "^19",
"eslint": "^9",
"eslint-config-next": "16.2.0",
"tailwindcss": "^4",
"typescript": "^5"
} }
} }

7
postcss.config.mjs
View File

@@ -1,7 +0,0 @@
const config = {
plugins: {
"@tailwindcss/postcss": {},
},
};
export default config;

BIN
public/favicon.ico Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.2 KiB

1
public/file.svg
View File

@@ -1 +0,0 @@
<svg fill="none" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg"><path d="M14.5 13.5V5.41a1 1 0 0 0-.3-.7L9.8.29A1 1 0 0 0 9.08 0H1.5v13.5A2.5 2.5 0 0 0 4 16h8a2.5 2.5 0 0 0 2.5-2.5m-1.5 0v-7H8v-5H3v12a1 1 0 0 0 1 1h8a1 1 0 0 0 1-1M9.5 5V2.12L12.38 5zM5.13 5h-.62v1.25h2.12V5zm-.62 3h7.12v1.25H4.5zm.62 3h-.62v1.25h7.12V11z" clip-rule="evenodd" fill="#666" fill-rule="evenodd"/></svg>
Side by Side

Before

Width:  |  Height:  |  Size: 391 B

1
public/globe.svg
View File

@@ -1 +0,0 @@
<svg fill="none" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><g clip-path="url(#a)"><path fill-rule="evenodd" clip-rule="evenodd" d="M10.27 14.1a6.5 6.5 0 0 0 3.67-3.45q-1.24.21-2.7.34-.31 1.83-.97 3.1M8 16A8 8 0 1 0 8 0a8 8 0 0 0 0 16m.48-1.52a7 7 0 0 1-.96 0H7.5a4 4 0 0 1-.84-1.32q-.38-.89-.63-2.08a40 40 0 0 0 3.92 0q-.25 1.2-.63 2.08a4 4 0 0 1-.84 1.31zm2.94-4.76q1.66-.15 2.95-.43a7 7 0 0 0 0-2.58q-1.3-.27-2.95-.43a18 18 0 0 1 0 3.44m-1.27-3.54a17 17 0 0 1 0 3.64 39 39 0 0 1-4.3 0 17 17 0 0 1 0-3.64 39 39 0 0 1 4.3 0m1.1-1.17q1.45.13 2.69.34a6.5 6.5 0 0 0-3.67-3.44q.65 1.26.98 3.1M8.48 1.5l.01.02q.41.37.84 1.31.38.89.63 2.08a40 40 0 0 0-3.92 0q.25-1.2.63-2.08a4 4 0 0 1 .85-1.32 7 7 0 0 1 .96 0m-2.75.4a6.5 6.5 0 0 0-3.67 3.44 29 29 0 0 1 2.7-.34q.31-1.83.97-3.1M4.58 6.28q-1.66.16-2.95.43a7 7 0 0 0 0 2.58q1.3.27 2.95.43a18 18 0 0 1 0-3.44m.17 4.71q-1.45-.12-2.69-.34a6.5 6.5 0 0 0 3.67 3.44q-.65-1.27-.98-3.1" fill="#666"/></g><defs><clipPath id="a"><path fill="#fff" d="M0 0h16v16H0z"/></clipPath></defs></svg>
Side by Side

Before

Width:  |  Height:  |  Size: 1.0 KiB

1
public/next.svg
View File

@@ -1 +0,0 @@
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 394 80"><path fill="#000" d="M262 0h68.5v12.7h-27.2v66.6h-13.6V12.7H262V0ZM149 0v12.7H94v20.4h44.3v12.6H94v21h55v12.6H80.5V0h68.7zm34.3 0h-17.8l63.8 79.4h17.9l-32-39.7 32-39.6h-17.9l-23 28.6-23-28.6zm18.3 56.7-9-11-27.1 33.7h17.8l18.3-22.7z"/><path fill="#000" d="M81 79.3 17 0H0v79.3h13.6V17l50.2 62.3H81Zm252.6-.4c-1 0-1.8-.4-2.5-1s-1.1-1.6-1.1-2.6.3-1.8 1-2.5 1.6-1 2.6-1 1.8.3 2.5 1a3.4 3.4 0 0 1 .6 4.3 3.7 3.7 0 0 1-3 1.8zm23.2-33.5h6v23.3c0 2.1-.4 4-1.3 5.5a9.1 9.1 0 0 1-3.8 3.5c-1.6.8-3.5 1.3-5.7 1.3-2 0-3.7-.4-5.3-1s-2.8-1.8-3.7-3.2c-.9-1.3-1.4-3-1.4-5h6c.1.8.3 1.6.7 2.2s1 1.2 1.6 1.5c.7.4 1.5.5 2.4.5 1 0 1.8-.2 2.4-.6a4 4 0 0 0 1.6-1.8c.3-.8.5-1.8.5-3V45.5zm30.9 9.1a4.4 4.4 0 0 0-2-3.3 7.5 7.5 0 0 0-4.3-1.1c-1.3 0-2.4.2-3.3.5-.9.4-1.6 1-2 1.6a3.5 3.5 0 0 0-.3 4c.3.5.7.9 1.3 1.2l1.8 1 2 .5 3.2.8c1.3.3 2.5.7 3.7 1.2a13 13 0 0 1 3.2 1.8 8.1 8.1 0 0 1 3 6.5c0 2-.5 3.7-1.5 5.1a10 10 0 0 1-4.4 3.5c-1.8.8-4.1 1.2-6.8 1.2-2.6 0-4.9-.4-6.8-1.2-2-.8-3.4-2-4.5-3.5a10 10 0 0 1-1.7-5.6h6a5 5 0 0 0 3.5 4.6c1 .4 2.2.6 3.4.6 1.3 0 2.5-.2 3.5-.6 1-.4 1.8-1 2.4-1.7a4 4 0 0 0 .8-2.4c0-.9-.2-1.6-.7-2.2a11 11 0 0 0-2.1-1.4l-3.2-1-3.8-1c-2.8-.7-5-1.7-6.6-3.2a7.2 7.2 0 0 1-2.4-5.7 8 8 0 0 1 1.7-5 10 10 0 0 1 4.3-3.5c2-.8 4-1.2 6.4-1.2 2.3 0 4.4.4 6.2 1.2 1.8.8 3.2 2 4.3 3.4 1 1.4 1.5 3 1.5 5h-5.8z"/></svg>
Side by Side

Before

Width:  |  Height:  |  Size: 1.3 KiB

2
public/robots.txt Normal file
View File

@@ -0,0 +1,2 @@
User-Agent: *
Disallow:

1
public/vercel.svg
View File

@@ -1 +0,0 @@
<svg fill="none" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1155 1000"><path d="m577.3 0 577.4 1000H0z" fill="#fff"/></svg>
Side by Side

Before

Width:  |  Height:  |  Size: 128 B

1
public/window.svg
View File

@@ -1 +0,0 @@
<svg fill="none" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><path fill-rule="evenodd" clip-rule="evenodd" d="M1.5 2.5h13v10a1 1 0 0 1-1 1h-11a1 1 0 0 1-1-1zM0 1h16v11.5a2.5 2.5 0 0 1-2.5 2.5h-11A2.5 2.5 0 0 1 0 12.5zm3.75 4.5a.75.75 0 1 0 0-1.5.75.75 0 0 0 0 1.5M7 4.75a.75.75 0 1 1-1.5 0 .75.75 0 0 1 1.5 0m1.75.75a.75.75 0 1 0 0-1.5.75.75 0 0 0 0 1.5" fill="#666"/></svg>
Side by Side

Before

Width:  |  Height:  |  Size: 385 B

68
server/api/polls/[id].ts Normal file
View File

@@ -0,0 +1,68 @@
import * as Y from 'yjs';
// server/api/polls/[id].ts
export default defineEventHandler(async (event) => {
const method = event.node.req.method;
const pollId = getRouterParam(event, 'id');
// We use Nitro's built-in storage.
// 'polls' is the storage namespace.
const storage = useStorage('polls');
if (!pollId) {
throw createError({ statusCode: 400, statusMessage: 'Poll ID required' });
}
// GET: Fetch the saved Yjs document state
if (method === 'GET') {
const data = await storage.getItem(`poll:${pollId}`);
// Return the array of numbers (or null if it doesn't exist yet)
return { update: data || null };
}
// POST: Save a new Yjs document state
if (method === 'POST') {
const body = await readBody(event);
if (body.update && Array.isArray(body.update)) {
// create a temp Y.Doc to encode the Data
const tempDoc = new Y.Doc();
Y.applyUpdate(tempDoc, new Uint8Array(body.update));
const yMap = tempDoc.getMap('shared-poll');
const pollData = yMap.toJSON();
// verify pollData
for(var option in pollData){
const votes = pollData[option] || [];
var pubKeys: CryptoKey[] = [];
const verifyAllVotesForOption = async (votes: SignedData<VoteData>[]) => {
console.log("verifying votes for option " + option,votes);
// check last votes first. if there is something wrong, its likely in the last vote.
for (let i = votes.length-1; i >= 0 ; i--) {
const userStorage = useStorage('users');
const votePubKeyString = await userStorage.getItem(`user:${votes[i]?.data.userid}`);
//console.log("Using public key: "+votePubKeyString)
const votePubKey = await stringToCryptoKey(String(votePubKeyString),'public')
const isValid = await verifyChainedVote(votes, i,votePubKey);
if(!isValid){
console.error("Error! Invalid Vote at: " + i,votes)
return false;
}
}
return true;
};
const verified = await verifyAllVotesForOption(votes);
if(!verified){
console.error("Failed to verify option: "+option)
throw createError({ statusCode: 400, statusMessage: 'PollData contains unverifyable content!' });
}
}
// Save the binary update (sent as an array of numbers) to storage
await storage.setItem(`poll:${pollId}`, body.update);
return { success: true };
}
throw createError({ statusCode: 400, statusMessage: 'Invalid update payload' });
}
});

15
server/api/polls/index.get.ts Normal file
View File

@@ -0,0 +1,15 @@
// server/api/polls/index.get.ts
export default defineEventHandler(async () => {
const storage = useStorage('polls');
// Get all keys in the 'polls' namespace
const allKeys = await storage.getKeys();
// Filter for our specific poll prefix and strip it for the UI
// poll:my-id -> my-id
const polls = allKeys
.filter(key => key.startsWith('poll:'))
.map(key => key.replace('poll:', ''));
return { polls };
});

41
server/api/users/[id].ts Normal file
View File

@@ -0,0 +1,41 @@
// server/api/users/[id].ts
export default defineEventHandler(async (event) => {
const method = event.node.req.method;
const userId = getRouterParam(event, 'id');
// We use Nitro's built-in storage.
// 'polls' is the storage namespace.
const storage = useStorage('users');
if (!userId) {
throw createError({ statusCode: 400, statusMessage: 'User ID required' });
}
// GET: Fetch the saved Yjs document state
if (method === 'GET') {
const data = await storage.getItem(`user:${userId}`);
// Return the array of numbers (or null if it doesn't exist yet)
return { public_key: data };
}
// POST: Save a new Yjs document state
if (method === 'POST') {
const body = await readBody(event);
if (body.public_key) {
const data = await storage.getItem(`user:${userId}`);
if (data == undefined || data == null) {
// Save the binary update (sent as an array of numbers) to storage
await storage.setItem(`user:${userId}`, body.public_key);
console.log("New User created: " + userId)
console.log("Public Key: " + body.public_key);
return { success: true };
}
throw createError({ statusCode: 400, statusMessage: 'User already exists.' });
}
throw createError({ statusCode: 400, statusMessage: 'Invalid update payload' });
}
});

86
server/utils/crypto.ts Normal file
View File

@@ -0,0 +1,86 @@
import { SignedData, VoteData } from "./types";
/**
* Gets the WebCrypto API regardless of environment (Node vs Browser)
*/
const getCrypto = () => {
return (globalThis as any).crypto;
};
export const verifyVote = async (data: any, signatureStr: string, publicKey: CryptoKey) => {
const encoder = new TextEncoder();
const encodedData = encoder.encode(JSON.stringify(data));
// Convert Base64 back to Uint8Array
const signature = Uint8Array.from(atob(signatureStr), c => c.charCodeAt(0));
return await getCrypto().subtle.verify(
"RSASSA-PKCS1-v1_5",
publicKey,
signature,
encodedData
);
};
/**
* Verifies a specific vote within an array of votes by
* reconstructing the "signed state" at that point in time.
*/
export const verifyChainedVote = async (
voteData: SignedData<VoteData>[],
index: number,
pubKey: CryptoKey
) => {
const voteToVerify = voteData[index];
console.log("Verifying vote: " + voteToVerify)
if(voteToVerify) {
// 1. Reconstruct the exact data state the user signed
// We need the array exactly as it was when they pushed their vote
const historicalState = voteData.slice(0, index + 1).map((v, i) => {
if (i === index) {
// For the current vote, the signature must be empty string
// because it wasn't signed yet when passed to signVote
return { ...v, signature: "" };
}
return v;
});
try {
// 3. Verify: Does this historicalState match the signature?
return await verifyVote(historicalState, voteToVerify.signature, pubKey);
} catch (err) {
console.error("Verification failed")
console.error(err);
return false;
}
}
console.error("Vote is undefined or null");
return false;
};
/**
* Converts a Base64 string back into a usable CryptoKey object
* @param keyStr The Base64 string (without PEM headers)
* @param type 'public' or 'private'
*/
export const stringToCryptoKey = async (keyStr: string, type: 'public' | 'private'): Promise<CryptoKey> => {
// 1. Convert Base64 string to a Uint8Array (binary)
const bytes = Buffer.from(keyStr, 'base64');
// 2. Identify the format based on the key type
// Public keys usually use 'spki', Private keys use 'pkcs8'
const format = type === 'public' ? 'spki' : 'pkcs8';
const usages: KeyUsage[] = type === 'public' ? ['verify'] : ['sign'];
// 3. Import the key
return await getCrypto().subtle.importKey(
format,
bytes,
{
name: "RSASSA-PKCS1-v1_5",
hash: "SHA-256",
},
true, // extractable (set to false if you want to lock it in memory)
usages
);
};

36
server/utils/types.ts Normal file
View File

@@ -0,0 +1,36 @@
export interface PollProps {
userid: string | undefined,
activePollId: string,
pollData: PollData,
addOption: (name: string) => void,
vote: (optionName: string) => void
}
export interface PollListProps {
userid: string | undefined,
}
export interface PollData extends Record<string, SignedData<VoteData>[]> {
}
export interface SignedData<T> {
data: T,
signature: string
}
export interface VoteData {
userid: string,
timestamp: string
}
export interface OptionData {
userid: string,
timestamp: string,
optionName: string
}
export interface UserData {
userid: string,
private_key: CryptoKey | undefined,
public_key: CryptoKey | undefined
}

44
tsconfig.json
View File

@@ -1,34 +1,18 @@
{ {
"compilerOptions": { // https://nuxt.com/docs/guide/concepts/typescript
"target": "ES2017", "files": [],
"lib": ["dom", "dom.iterable", "esnext"], "references": [
"allowJs": true,
"skipLibCheck": true,
"strict": true,
"noEmit": true,
"esModuleInterop": true,
"module": "esnext",
"moduleResolution": "bundler",
"resolveJsonModule": true,
"isolatedModules": true,
"jsx": "react-jsx",
"incremental": true,
"plugins": [
{ {
"name": "next" "path": "./.nuxt/tsconfig.app.json"
}
],
"paths": {
"@/*": ["./*"]
}
}, },
"include": [ {
"next-env.d.ts", "path": "./.nuxt/tsconfig.server.json"
"**/*.ts", },
"**/*.tsx", {
".next/types/**/*.ts", "path": "./.nuxt/tsconfig.shared.json"
".next/dev/types/**/*.ts", },
"**/*.mts" {
], "path": "./.nuxt/tsconfig.node.json"
"exclude": ["node_modules"] }
]
} }