pigeon-box

command module
v0.0.0-...-780aa95 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 21, 2024 License: MIT Imports: 13 Imported by: 0

README

Pigeon Box

Pigeon box is a simple, secure, open-source chat application built on top of a Slack workspace bot.

Slack is used only for chat(thread) initialization and user authentication, hence Slack never sees the shared messages or files.

Pigeon box is not an alternate to Slack, but an extension.

flow

flow preview

Motivation

  1. Secure communication channel for my team, eliminating the need for matrix,pastebin etc.

  2. Recent Slack oopses:

    Slack AI is leaking private channel information ^1

    This vulnerability can allow attackers to steal anything a user puts in a private Slack channel by manipulating the language model used for content generation.

    Slack(Salesforce) wants to use your business data for their AI/ML model training

    To develop AI/ML models, our systems analyze Customer Data (e.g. messages, content and files) submitted to Slack.^2

    Disney's Slack data leaked

    The data allegedly includes every message and file from nearly 10,000 channels, including unreleased projects, code, images, login credentials, and links to internal websites and APIs.^3

How it works

  1. Slack user creates a thread via the bot command.
  2. Bot creates a message inviting the other slack group user(s) to the thread.
  3. Users are able to request a one time link to access the thread.
  4. After authenticating, they're able to share messages and files securely.

Messages are stored on your server and are deleted after the set expiration time. They're encrypted using thread specific keys and are never visible to Slack.

User flow visualized

flow

Encryption visualized

encryption

Features

  1. Encrypted messages and files.
    • Encrypted using thread specific keys.
  2. Expiring messages and threads.
    • Messages and threads are deleted after the set expiration time.
    • Thread expiration rules are set by the thread creator.
  3. User authentication via Slack.
    • Access to threads is restricted to the slack group members only.
    • Authentication is on per thread basis.
  4. Real-time thread updates.
    • CRUD on messages and files are synced in real-time.
    • List of currently present users.

cover

Deployment Guides

  1. Slack Bot
  2. Database
  3. Server
  4. File Storage
  5. Environment Variables

Goals

  1. Good balance between security and usability.
    • Should be accessible to non-technical users.
    • Should be secure enough to be used by security-conscious teams.
  2. Very cheap to run.
    • Should be able to run on a single shared instance.
    • Should be able to run for free or on a sub $5/month budget.
    • Should be able to run on your existing infrastructure (if you have spare resources).
  3. Crafting a beautiful, responsive and accessible UI.
    • Should be very intuitive and pleasing to the eye.
    • Should be accessible to screen readers and keyboard users.
    • Should be very light on user resources.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
templ: version: v0.2.747
 templ: version: v0.2.747

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.