quic-issues/427e7578-d7bf-49c8-aee9-2dd999e25316
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: quic-issues:group-80673505-7287-4f88-914b-3df08b3fe2ee
Branches Tags
quic-issues:main quic-issues:group-26d3b827-6587-46c2-a46e-001281299174 quic-issues:group-80673505-7287-4f88-914b-3df08b3fe2ee quic-issues:group-af5e5b3a-a72d-400f-9cf5-74f4815888b7 quic-issues:group-e07276f2-902e-4497-9744-df345e21992e quic-issues:group-efa16e66-ef82-4649-af99-092989e08a88 quic-issues:group-77812d39-5e8d-4d8b-bae5-e44c83f8f766 quic-issues:proposal-4de44601-accc-42df-884f-4b984296952b quic-issues:proposal-c3a5326a-9c65-4bcf-9425-8233dfa9fe78 quic-issues:proproposal-c3a5326a-9c65-4bcf-9425-8233dfa9fe88 quic-issues:proposal-88461784-44fb-4dbb-a5b1-96d67867e002 quic-issues:proposal-4cbc1b67-c2ee-4b97-9be5-5ab20c52b801 quic-issues:proposal-55bf0639-3fc1-4660-9285-290a79816c46 quic-issues:proposal-73d5ae78-430f-48ea-9a0c-a428f9d3e6ae quic-issues:proposal-e56c46f7-9d0e-4f4c-bbf1-979eb7982dbc quic-issues:proposal-0e2cfae9-900f-4fec-8274-efc45120c2f8 quic-issues:proposal-d1b0ec22-c5bc-494c-afd5-4ca35fedbbe1 quic-issues:proposal-1732a9cb-5389-44ea-b42b-ebc4ad0b7f33 quic-issues:feat/p2p-polling-app quic-issues:proposal-8835ffc9-b533-4a52-a996-85b92392f016 quic-issues:proposal-6f8d1303-1ffd-4f51-b6be-e4fd57ec14e2 quic-issues:group-b7a2f171-c361-42c0-a0cd-8aafdd6b2f1a quic-issues:proposal-9f725995-58eb-4afb-a096-3807966418f8 quic-issues:proposal-f1894775-db09-4ecd-9765-138693803b42 quic-issues:group-1eec8012-9afc-4e88-a706-d9f73faece30
..
compare: quic-issues:proposal-88461784-44fb-4dbb-a5b1-96d67867e002
Branches Tags
quic-issues:main quic-issues:group-26d3b827-6587-46c2-a46e-001281299174 quic-issues:group-80673505-7287-4f88-914b-3df08b3fe2ee quic-issues:group-af5e5b3a-a72d-400f-9cf5-74f4815888b7 quic-issues:group-e07276f2-902e-4497-9744-df345e21992e quic-issues:group-efa16e66-ef82-4649-af99-092989e08a88 quic-issues:group-77812d39-5e8d-4d8b-bae5-e44c83f8f766 quic-issues:proposal-4de44601-accc-42df-884f-4b984296952b quic-issues:proposal-c3a5326a-9c65-4bcf-9425-8233dfa9fe78 quic-issues:proproposal-c3a5326a-9c65-4bcf-9425-8233dfa9fe88 quic-issues:proposal-88461784-44fb-4dbb-a5b1-96d67867e002 quic-issues:proposal-4cbc1b67-c2ee-4b97-9be5-5ab20c52b801 quic-issues:proposal-55bf0639-3fc1-4660-9285-290a79816c46 quic-issues:proposal-73d5ae78-430f-48ea-9a0c-a428f9d3e6ae quic-issues:proposal-e56c46f7-9d0e-4f4c-bbf1-979eb7982dbc quic-issues:proposal-0e2cfae9-900f-4fec-8274-efc45120c2f8 quic-issues:proposal-d1b0ec22-c5bc-494c-afd5-4ca35fedbbe1 quic-issues:proposal-1732a9cb-5389-44ea-b42b-ebc4ad0b7f33 quic-issues:feat/p2p-polling-app quic-issues:proposal-8835ffc9-b533-4a52-a996-85b92392f016 quic-issues:proposal-6f8d1303-1ffd-4f51-b6be-e4fd57ec14e2 quic-issues:group-b7a2f171-c361-42c0-a0cd-8aafdd6b2f1a quic-issues:proposal-9f725995-58eb-4afb-a096-3807966418f8 quic-issues:proposal-f1894775-db09-4ecd-9765-138693803b42 quic-issues:group-1eec8012-9afc-4e88-a706-d9f73faece30

2 Commits
group-8067 ... proposal-8

Author SHA1 Message Date
xstraven
2a39d594c7 add proposal 2026-03-18 21:28:06 +01:00
xstraven
42594951f3 test push works 2026-03-18 21:08:47 +01:00
30 changed files with 1289 additions and 10148 deletions
Expand all files Collapse all files

BIN
.DS_Store vendored
View File

Binary file not shown.

3
.gitignore vendored
View File

@@ -1,2 +1,3 @@
node_modules
.nuxt
dist
.DS_Store

310
MVP_PLAN.md Normal file
View File

@@ -0,0 +1,310 @@
# Minimal MVP Plan: P2P Poll App
## Recommendation
Build the MVP with:
- Vanilla JS or TypeScript
- Vite for local dev/build
- Yjs for shared state
- `y-webrtc` for browser-to-browser sync
- `y-indexeddb` for local persistence/offline recovery
This is the best fit for a small poll app because the data model is tiny, concurrent edits are possible, and Yjs already solves merge/conflict handling while `y-webrtc` gives a direct P2P transport with only signaling infrastructure.
## Why This Stack
### Recommended: Yjs + y-webrtc
- Best balance of simplicity and correctness
- Clients connect directly over WebRTC
- No custom conflict-resolution logic needed
- Easy to add offline persistence
- Good fit for a single shared document/room
### Not recommended for the first MVP
#### PeerJS
- Very simple transport layer
- But you must design and maintain your own replication and merge rules
- Fine for demos with a host-authoritative peer, weaker for true collaborative editing
#### GUN
- Fast to prototype realtime shared state
- But official tutorials commonly use a GUN peer/relay server for shared data
- For this app, its data model is less explicit than a CRDT and gives less control over vote semantics
#### Automerge
- Very capable CRDT and local-first model
- But heavier than needed for a single small poll
- Better choice if the project is expected to evolve into a richer collaborative app
## MVP Scope
Ship exactly one shared poll per room.
Included:
- Join a poll by opening a shared URL
- Add a new option
- Vote for one option
- Change your vote
- Realtime updates across peers
- Local persistence in the browser
- Basic connection status UI
Excluded:
- User accounts
- Multiple polls per room
- Option deletion/editing
- Authentication/authorization
- Rich presence
- Advanced discovery
- Production-grade TURN/signaling deployment
## MVP UX
Keep the interface intentionally small:
- Poll title at the top
- Option list with vote counts
- One button per option to cast vote
- Small form to add an option
- Status line showing `connecting`, `connected`, or `offline`
- Small label showing which option you voted for
Join model:
- Room ID in the URL, e.g. `/?room=poll-demo`
- Users share the URL manually
Identity model:
- Generate a local `userId` once and store it in `localStorage`
- Optional local display name, also stored locally
## Shared Data Model
Use a single Yjs document per room.
Suggested structure:
- `poll` as a `Y.Map`
- `poll.title` as a string
- `poll.options` as a `Y.Map<optionId, Y.Map>`
- `poll.votes` as a `Y.Map<userId, optionId>`
Each option record:
- `id`
- `label`
- `createdBy`
- `createdAt`
Important design choice:
Do not store vote counters as mutable shared numbers for the MVP.
Instead, derive counts from `votes`.
Why:
- A user changing vote becomes a single write: `votes[userId] = optionId`
- No double-counting logic
- Concurrent writes are easier to reason about
- Rendering counts from `votes` is trivial at this scale
## Sync Model
### Networking
- Use `WebrtcProvider(roomId, ydoc)`
- Start with the default public signaling servers for local development
- If needed, swap to a self-hosted signaling server later without changing the app model
### Persistence
- Use `IndexeddbPersistence(roomId, ydoc)`
- This preserves state across reloads and helps when reconnecting after temporary disconnects
### Conflict behavior
- Concurrent option additions merge naturally
- Concurrent vote changes resolve at the per-user key level
- Tally is recalculated from the merged vote map
## Suggested Project Structure
```text
src/
main.ts
app.ts
state.ts
sync.ts
render.ts
identity.ts
styles.css
index.html
```
Responsibilities:
- `sync.ts`: create Yjs doc, WebRTC provider, IndexedDB provider
- `state.ts`: shared structures, add option, cast vote, selectors
- `identity.ts`: local `userId` and optional name
- `render.ts`: DOM updates
- `app.ts`: wire events to state and rendering
## Implementation Plan
### Phase 1: App shell
- Create Vite app with vanilla TS or JS
- Add a minimal single-page UI
- Parse `room` from the URL
- Generate and persist `userId`
Success check:
- App loads
- Room ID appears in UI
- User can type in the form
### Phase 2: Shared state
- Add Yjs document
- Create root shared maps
- Seed default poll title if missing
- Observe document updates and re-render UI
Success check:
- State exists in one browser tab
- Refresh keeps local state when IndexedDB is enabled
### Phase 3: P2P sync
- Add `y-webrtc`
- Join room based on URL room ID
- Show connection status from provider events
Success check:
- Two browsers on different tabs/devices see the same options
- New options appear in near real time
### Phase 4: Voting logic
- Implement `castVote(optionId)` as `votes.set(userId, optionId)`
- Derive tallies from `votes`
- Highlight the local users current vote
Success check:
- Votes update live across peers
- Changing vote updates counts correctly
### Phase 5: Basic hardening
- Trim/validate option labels
- Prevent empty options
- Ignore duplicate labels case-insensitively for MVP
- Show simple offline/connecting text
Success check:
- Basic misuse does not break the UI
- Reconnect restores updates
## Minimal API Surface
These functions are enough for the first build:
- `getRoomId(): string`
- `getUserId(): string`
- `initSync(roomId): AppSync`
- `ensurePollInitialized()`
- `addOption(label: string)`
- `castVote(optionId: string)`
- `getViewModel(): PollViewModel`
- `render(viewModel)`
## Risks And MVP Mitigations
### NAT / WebRTC connectivity
Risk:
- Some peer pairs may fail to connect in restrictive networks
Mitigation:
- Accept this for MVP
- Keep signaling configurable
- Add TURN only if testing shows frequent failures
### Small public signaling dependency
Risk:
- Public signaling is fine for demos, not ideal for production
Mitigation:
- Treat it as replaceable infrastructure
- Self-host later if the prototype is kept
### Duplicate or messy options
Risk:
- Users may add near-duplicate entries
Mitigation:
- Normalize labels
- Prevent exact duplicates for MVP
### No trust/auth model
Risk:
- Any participant in the room can add options and vote
Mitigation:
- Accept for MVP
- Frame rooms as small trusted groups
## Estimated MVP Size
For one developer:
- Initial prototype: 0.5 to 1 day
- Polished MVP with basic resilience: 1 to 2 days
Rough code size:
- 250 to 500 lines plus styles
## Nice Next Steps After MVP
- Copy-link button
- Participant list / presence
- Vote limit modes: single-choice or multi-choice
- Option editing/deletion
- QR code for room join
- Self-hosted signaling server
- PWA packaging for better offline behavior
## Sources
- PeerJS getting started: https://peerjs.com/client/getting-started
- Yjs collaborative editor guide: https://docs.yjs.dev/getting-started/a-collaborative-editor
- Yjs offline support: https://docs.yjs.dev/getting-started/allowing-offline-editing
- y-webrtc README: https://github.com/yjs/y-webrtc
- GUN tutorial showing shared data via a GUN peer: https://gun.eco/converse
- Automerge network sync: https://automerge.org/docs/tutorial/network-sync/

140
README.md
View File

@@ -1,135 +1,39 @@
# 🗳️ P2P Verified Polling App
# P2P Poll App
A decentralized, real-time polling application built with **Nuxt 3**, **Yjs**, and **WebRTC**. This app allows users to create and participate in polls where every vote is cryptographically signed and verified peer-to-peer, ensuring data integrity without a central authority "owning" the results.
Small peer-to-peer polling app built with `Vite`, `TypeScript`, `Yjs`, `y-webrtc`, and `y-indexeddb`.
---
## Features
## 🌟 Key Features
- single shared poll per room
- add options collaboratively
- one vote per user, changeable at any time
- peer-to-peer sync over WebRTC
- local browser persistence for refresh/reconnect recovery
- shareable room URL
* **Serverless Real-time Sync:** Uses **Yjs** (CRDTs) and **WebRTC** to sync poll data directly between browsers. No database is required for live updates.
* **Persistence with Nitro:** While the logic is P2P, the **Nuxt/Nitro** backend provides a "Snapshot" service to ensure polls persist even after all peers go offline.
* **Cryptographic Integrity:** Every vote is signed using **RSA-PSS (Web Crypto API)**. Each user has a unique private key (stored locally via `.pem` files) to ensure votes cannot be forged or tampered with.
* **Chained Verification:** Implements a "History-Signing" logic where each new vote signs the entire preceding state of the poll, creating a verifiable chain of trust.
* **Privacy First:** Users identify via UUIDs and Public/Private key pairs rather than traditional accounts.
* **Vote Uniqueness:** Enforces one vote per option per user to prevent duplicate voting.
* **Public Key Caching:** Snapshot API includes all user public keys for efficient client-side verification.
* **Relative Poll Timeframe:** Uses `createdAt + duration` model instead of absolute timestamps to avoid clock synchronization issues.
* **Secure User Creation:** User creation endpoint protected with API key authentication and rate limiting.
* **Modern UI:** Dark theme with glassmorphism effects for a contemporary user experience.
* **Error Handling:** User-friendly alerts for authentication errors and missing public keys.
---
## ⚙️ How It Works
### 1. Identity Creation
When a new user is created, the system generates a unique **UUID (User ID)** and an **RSA Key Pair**. The user is prompted to save their **Private Key** as a `.pem` file, named after their User ID (e.g., `550e8400-e29b.pem`). This file acts as their "Passport"—it is never uploaded to the server and must be kept secure by the user.
### 2. Authentication
Upon returning to the app, users load their local `.pem` file. The application extracts the Private Key for signing and the UUID for identification. No passwords or central servers are involved in this local-first login process.
### 3. Joining a Poll
When a user joins a poll, the app fetches the latest binary snapshot from the server to populate a local **Y.Doc**. This ensures the user sees the current state immediately, even before connecting to other peers.
### 4. The P2P Mesh
The app establishes connections to other active voters via a WebRTC signaling server. Any changes made to the poll (adding options or voting) are broadcasted instantly to all peers using Conflict-free Replicated Data Types (CRDTs) to prevent sync conflicts.
### 5. Casting a Signed Vote
To ensure security, the voting process follows a strict cryptographic chain:
* The app captures the current list of votes.
* It appends the new vote data (User ID + Timestamp).
* It signs the **entire array** (the previous history + the new vote) using the user's RSA private key.
* The signed update is merged into the shared Yjs Map and broadcasted.
### 6. Distributed Verification
Whenever a peer receives a new update, they fetch the voter's **Public Key** from the API. They then verify that the signature matches the current state of the poll history. If a signature is invalid or the history has been tampered with, the vote is rejected by the peer's local state.
---
## 🛠️ Tech Stack
* **Framework:** [Nuxt 3](https://nuxt.com/) (Vue 3 + TypeScript)
* **Conflict-Free Replicated Data Types (CRDT):** [Yjs](https://yjs.dev/)
* **P2P Transport:** `y-webrtc`
* **Security:** Web Crypto API (SubtleCrypto)
* **Backend/Storage:** Nitro (Nuxt's server engine) with filesystem storage drivers
# AI Disclaimer
This App was developed with the assistance of AI.
# Nuxt Minimal Starter
Look at the [Nuxt documentation](https://nuxt.com/docs/getting-started/introduction) to learn more.
## Setup
Make sure to install dependencies:
## Run locally
```bash
# npm
npm install
# pnpm
pnpm install
# yarn
yarn install
# bun
bun install
```
## Development Server
Start the development server on `http://localhost:3000`:
```bash
# npm
npm run dev
# pnpm
pnpm dev
# yarn
yarn dev
# bun
bun run dev
```
## Production
Open the local URL in two tabs or browsers and use the same `?room=` query string to join the same poll.
Build the application for production:
Example:
```text
http://localhost:5173/?room=poll-demo
```
## Build
```bash
# npm
npm run build
# pnpm
pnpm build
# yarn
yarn build
# bun
bun run build
```
Locally preview production build:
## Notes
```bash
# npm
npm run preview
# pnpm
pnpm preview
# yarn
yarn preview
# bun
bun run preview
```
Check out the [deployment documentation](https://nuxt.com/docs/getting-started/deployment) for more information.
- The app uses public signaling through `y-webrtc` for MVP simplicity.
- Poll state is not stored on an application server.
- WebRTC connectivity can still depend on the network environment of the participating peers.

308
app/app.vue
View File

@@ -1,308 +0,0 @@
<style>
/* Modern dark theme with glassmorphism */
body {
font-family: system-ui, -apple-system, sans-serif;
background: linear-gradient(135deg, #1a1a2e 0%, #16213e 50%, #0f3460 100%);
color: #fff;
margin: 0;
min-height: 100vh;
display: flex;
justify-content: center;
padding: 2rem;
}
header {
margin-bottom: 2rem;
text-align: left;
}
h1 {
margin: 0 0 0.5rem 0;
font-size: 2.5rem;
font-weight: bold;
color: #fff;
}
h2 {
margin: 0.5rem 0;
color: #fff;
}
input {
flex-grow: 1;
padding: 0.75rem;
border: 1px solid rgba(255, 255, 255, 0.2);
border-radius: 8px;
font-size: 1rem;
background: rgba(255, 255, 255, 0.1);
color: #fff;
backdrop-filter: blur(10px);
}
input::placeholder {
color: rgba(255, 255, 255, 0.5);
}
button,
.button {
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
color: white;
border: none;
padding: 0.75rem 1.5rem;
border-radius: 8px;
cursor: pointer;
font-weight: 600;
transition: all 0.3s ease;
box-shadow: 0 4px 15px rgba(102, 126, 234, 0.4);
}
button:hover,
.button:hover {
background: linear-gradient(135deg, #764ba2 0%, #667eea 100%);
transform: translateY(-2px);
box-shadow: 0 6px 20px rgba(102, 126, 234, 0.6);
}
.status {
font-size: 0.9rem;
color: rgba(255, 255, 255, 0.7);
}
.status .connected {
color: #10b981;
font-weight: bold;
text-shadow: 0 0 10px rgba(16, 185, 129, 0.5);
}
.connectionFailed {
color: #ff6b6b;
font-weight: bold;
text-shadow: 0 0 10px rgba(255, 107, 107, 0.5);
}
.poll-container {
background: rgba(255, 255, 255, 0.1);
backdrop-filter: blur(20px);
-webkit-backdrop-filter: blur(20px);
padding: 2.5rem;
border-radius: 20px;
box-shadow: 0 8px 32px rgba(0, 0, 0, 0.3);
border: 1px solid rgba(255, 255, 255, 0.2);
width: 100%;
max-width: 600px;
}
.back-btn {
margin-left: 1rem;
padding: 0.5rem 1rem;
font-size: 0.85rem;
background: rgba(100, 116, 139, 0.8);
backdrop-filter: blur(10px);
}
.back-btn:hover {
background: rgba(100, 116, 139, 1);
}
/* Hide the actual file input */
input[type="file"] {
display: none;
}
/* Add subtle animations */
@keyframes fadeIn {
from { opacity: 0; transform: translateY(10px); }
to { opacity: 1; transform: translateY(0); }
}
.poll-container {
animation: fadeIn 0.5s ease-out;
}
/* Responsive design */
@media (max-width: 640px) {
body {
padding: 1rem;
}
.poll-container {
padding: 1.5rem;
}
h1 {
font-size: 2rem;
}
}
</style>
<template>
<div class="poll-container">
<header>
<h1 @click="activePollId = null" style="cursor:pointer">P2P Polling App 🗳</h1>
<div class="status">
<button v-if="activePollId" @click="activePollId = null" class="back-btn"> Back To List</button>
<span :class="{ 'connected': isConnected }">
{{ isConnected ? 'Synced' : 'Waiting for other Peers...' }}
</span>
<span> | Peers online: {{ connectedPeers }}</span>
<h2 v-if="connectionAttempFailed" class="connectionFailed"> Connection to Signaling Server Failed!</h2>
<div v-if="user===null" style="margin-top: 10px;">
<button @click="createUser">Create New User</button>
Or
<label title="Select Key File">
<span class="button">Login</span>
<input
type="file"
accept=".pem"
@change="loadUser"
/>
</label>
<div style="margin-top: 10px;">
<label title="Register Public Key">
<span class="button" style="font-size: 0.8rem; padding: 0.5rem 1rem;">Register Public Key</span>
<input
type="file"
accept=".pem"
@change="registerPublicKey"
/>
</label>
</div>
</div>
</div>
</header>
<main>
<PollList v-if="!activePollId" :userid="user?.userid" @select-poll="selectPoll" />
<Poll v-else :activePollId="activePollId" :userid="user?.userid" :poll-data="pollData" :addOption="addOption" :vote="vote"/>
</main>
</div>
</template>
<script setup lang="ts">
import { v4 as uuidv4 } from 'uuid';
import { generateUserKeyPair, exportPrivateKey, savePrivateKeyToFile, exportPublicKey, stringToCryptoKey } from '~/utils/crypto';
const activePollId = ref<string | null>(null);
const user = shallowRef<UserData | null>(null);
const { pollData, isConnected, connectionAttempFailed, connectedPeers, addOption, vote } = usePoll(activePollId,user);
const selectPoll = (id: string) => {
activePollId.value = id;
};
const createUser = async () => {
try {
const keypair : CryptoKeyPair = await generateUserKeyPair();
console.log('keypair:', keypair);
const uuid = uuidv4();
user.value = {
userid: uuid,
private_key: keypair.privateKey,
public_key: keypair.publicKey,
};
const prvKeyString = await exportPrivateKey(keypair.privateKey);
await savePrivateKeyToFile(prvKeyString,uuid+".pem")
const pubKeyString = await exportPublicKey(keypair.publicKey);
// Save public key to server
await $fetch(`/api/users/${uuid}`, {
method: 'POST',
headers: {
'Authorization': `Bearer ${process.env.ADMIN_API_KEY || 'default-admin-key-change-in-production'}`
},
body: { public_key: pubKeyString }
});
// Also save public key to a file for backup
const pubPemHeader = "-----BEGIN PUBLIC KEY-----\n";
const pubPemFooter = "\n-----END PUBLIC KEY-----";
const pubFileContent = pubPemHeader + pubKeyString + pubPemFooter;
const blob = new Blob([pubFileContent], { type: "text/plain" });
const url = URL.createObjectURL(blob);
const link = document.createElement("a");
link.href = url;
link.download = uuid + "_public.pem";
document.body.appendChild(link);
link.click();
document.body.removeChild(link);
URL.revokeObjectURL(url);
console.log("User created successfully. Please save both key files.");
} catch (err) {
user.value = null
console.error("Failed to create new User!", err);
}
};
const loadUser = async (event: Event) => {
const target = event.target as HTMLInputElement;
const file = target.files?.[0];
if (file) {
try {
const content = await file.text();
console.log("File loaded: ");
if (file.name && content) {
try {
const uuid = file.name.replace(".pem", "").replace("_public", "");
// Standardize the string for the importer
const pkBase64 = content.replace(/-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----/g, "").replace(/\s+/g, "");
const key = await stringToCryptoKey(pkBase64, "private");
user.value = {
userid: uuid,
private_key: key,
public_key: undefined,
};
console.log("Login successful for:", uuid);
} catch (err) {
console.error("Crypto Import Error:", err);
alert("The file content is not a valid Private Key.");
}
}
} catch (e) {
console.error("Failed to read file", e);
}
}
};
const registerPublicKey = async (event: Event) => {
const target = event.target as HTMLInputElement;
const file = target.files?.[0];
if (file) {
try {
const content = await file.text();
if (file.name && content) {
try {
const uuid = file.name.replace(".pem", "").replace("_public", "");
console.log("Attempting to register public key for user:", uuid);
// Standardize the string for the importer
const pubKeyBase64 = content.replace(/-----BEGIN PUBLIC KEY-----|-----END PUBLIC KEY-----/g, "").replace(/\s+/g, "");
console.log("Public key length:", pubKeyBase64.length);
// Save public key to server
await $fetch(`/api/users/${uuid}`, {
method: 'POST',
headers: {
'Authorization': `Bearer ${process.env.ADMIN_API_KEY || 'default-admin-key-change-in-production'}`
},
body: { public_key: pubKeyBase64 }
});
alert(`Public key registered successfully for user: ${uuid}`);
} catch (err: any) {
console.error("Registration Error:", err);
const errorMsg = err.data?.message || err.statusMessage || err.message || "Unknown error";
alert(`Failed to register public key: ${errorMsg}`);
}
}
} catch (e) {
console.error("Failed to read file", e);
alert("Failed to read file.");
}
}
};
</script>

119
app/components/Poll.vue
View File

@@ -1,119 +0,0 @@
<style scoped>
.poll-list {
list-style: none;
padding: 0;
margin: 0;
}
.poll-item {
display: flex;
justify-content: space-between;
align-items: center;
padding: 1rem;
background: rgba(255, 255, 255, 0.1);
backdrop-filter: blur(10px);
border: 1px solid rgba(255, 255, 255, 0.2);
border-radius: 12px;
margin-bottom: 0.5rem;
transition: all 0.3s ease;
}
.poll-item:hover {
background: rgba(255, 255, 255, 0.15);
transform: translateX(5px);
}
.poll-title {
font-size: 1.5rem;
color: #667eea;
text-transform: uppercase;
letter-spacing: 1px;
font-weight: bold;
margin-bottom: 1rem;
}
.add-option-form {
display: flex;
gap: 0.5rem;
margin-bottom: 2rem;
}
.option-name {
font-weight: 500;
color: #fff;
}
.vote-section { display: flex; align-items: center; gap: 1rem; }
.vote-count { font-size: 0.9rem; color: rgba(255, 255, 255, 0.8); }
.vote-btn {
padding: 0.5rem 1rem;
background: linear-gradient(135deg, #10b981 0%, #059669 100%);
border: none;
border-radius: 8px;
color: white;
font-weight: 600;
transition: all 0.3s ease;
box-shadow: 0 4px 15px rgba(16, 185, 129, 0.4);
}
.vote-btn:hover {
background: linear-gradient(135deg, #059669 0%, #10b981 100%);
transform: translateY(-2px);
box-shadow: 0 6px 20px rgba(16, 185, 129, 0.6);
}
.vote-btn:disabled,
.vote-btn[disabled] {
background: rgba(136, 136, 136, 0.5);
cursor: not-allowed;
}
.vote-btn:disabled:hover,
.vote-btn[disabled]:hover {
background: rgba(136, 136, 136, 0.7);
transform: none;
}
p {
color: rgba(255, 255, 255, 0.6);
}
</style>
<template>
<div>
<h2 class="poll-title">Poll: {{ activePollId }}</h2>
<p v-if="Object.keys(pollData).length==0">Note: Add at least one Option to save the Poll.</p>
<form @submit.prevent="handleAddNewOption" class="add-option-form" v-if="userid">
<input v-model="newOption" placeholder="Enter a new poll option..." required />
<button type="submit">Add Option</button>
</form>
<ul class="poll-list">
<li v-for="(votes, optionName) in pollData" :key="optionName" class="poll-item">
<span class="option-name">{{ optionName }}</span>
<div class="vote-section">
<span class="vote-count">{{ votes.length }} {{ votes.length === 1 ? 'vote' : 'votes' }}</span>
<button @click="vote(String(optionName))" class="vote-btn" :disabled="userid==undefined || voted(votes)">+1</button>
</div>
</li>
</ul>
</div>
</template>
<script setup lang="ts">
import type { PollProps, SignedData, VoteData } from '@/utils/types'
const props = defineProps<PollProps>()
const newOption = ref('');
const handleAddNewOption = () => {
props.addOption(newOption.value);
newOption.value = '';
};
const voted = (votes: SignedData<VoteData>[]) => {
for(let vote of votes){
if(vote.data.userid == props.userid){
return true;
}
}
return false;
}
</script>

75
app/components/PollList.vue
View File

@@ -1,75 +0,0 @@
<style scoped>
.poll-list { margin-top: 1rem; }
.empty-state { text-align: center; color: rgba(255, 255, 255, 0.6); font-style: italic; }
.create-poll { display: flex; gap: 0.5rem; margin-bottom: 1.5rem; }
.poll-links { list-style: none; padding: 0; }
.poll-link-btn {
width: 100%;
text-align: left;
background: rgba(255, 255, 255, 0.1);
color: #fff;
margin-bottom: 0.5rem;
display: flex;
justify-content: space-between;
backdrop-filter: blur(10px);
border: 1px solid rgba(255, 255, 255, 0.2);
transition: all 0.3s ease;
}
.poll-link-btn:hover {
background: rgba(255, 255, 255, 0.2);
transform: translateX(5px);
}
h3 {
color: #fff;
margin-bottom: 1rem;
font-size: 1.5rem;
}
</style>
<template>
<div class="poll-list">
<h3>Available Polls</h3>
<ul v-if="polls && polls.length > 0" class="poll-links">
<li v-for="id in polls" :key="id">
<button class="poll-link-btn" @click="$emit('select-poll', id)">
{{ id }} <span></span>
</button>
</li>
</ul>
<p v-else class="empty-state">No polls found. Create the first one!</p>
<div class="create-poll" v-if="userid !== undefined">
<input
v-model="newPollId"
placeholder="Enter new poll name..."
@keyup.enter="createPoll"
/>
<button @click="createPoll">Create & Join</button>
</div>
</div>
</template>
<script setup lang="ts">
import type { PollListProps } from '@/utils/types'
const props = defineProps<PollListProps>()
const newPollId = ref('');
const polls = ref<string[]>([]);
// Fetch existing polls on mount
const fetchPolls = async () => {
const data = await $fetch<{ polls: string[] }>('/api/polls');
polls.value = data.polls;
};
const createPoll = () => {
const id = newPollId.value.trim().toLowerCase().replace(/\s+/g, '-');
if (id) {
// In a real app, you might want to POST to create it first,
// but here we just navigate to it and let usePoll handle the save.
emit('select-poll', id);
}
};
const emit = defineEmits(['select-poll']);
onMounted(fetchPolls);
</script>

178
app/composables/usePoll.ts
View File

@@ -1,178 +0,0 @@
// composables/usePoll.ts
import { ref, watch, onUnmounted } from 'vue';
import * as Y from 'yjs';
import { stringToCryptoKey, verifyAllVotesForOption } from '~/utils/crypto';
import type { SignedData, PollMetadata } from '~/utils/types';
export const usePoll = (pollId: Ref<string | null>, user: Ref<UserData | null>) => {
const pollData = ref<PollData>({});
const isConnected = ref(false);
const connectionAttempFailed = ref(false);
const connectedPeers = ref(1);
let ydoc: Y.Doc | null = null;
let provider: any = null;
let yMap: Y.Map<SignedData<VoteData>[]> | null = null;
let publicKeysCache: Record<string, CryptoKey> = {};
const cleanup = () => {
if (provider) provider.disconnect();
if (ydoc) ydoc.destroy();
isConnected.value = false;
pollData.value = {};
publicKeysCache = {};
};
const initPoll = async (id: string) => {
cleanup(); // Clear previous session
ydoc = new Y.Doc();
// 1. Fetch Snapshot from Nuxt API
try {
const response = await $fetch<{ update: number[] | null, publicKeys: Record<string, string> }>(`/api/polls/${id}`).catch((e) => {
console.error("Failed to get poll: " + id,e)
});
// Cache public keys from snapshot
if (response?.publicKeys) {
for (const [userId, publicKeyStr] of Object.entries(response.publicKeys)) {
try {
publicKeysCache[userId] = await stringToCryptoKey(publicKeyStr, 'public');
} catch (e) {
console.error(`Failed to cache public key for user ${userId}:`, e);
}
}
console.log(`Cached ${Object.keys(publicKeysCache).length} public keys`);
}
//trust the server without verification.
if (response?.update) {
Y.applyUpdate(ydoc, new Uint8Array(response.update));
}
} catch (err) {
console.error('Persistence fetch failed', err);
}
yMap = ydoc.getMap<SignedData<VoteData>[]>('shared-poll');
// 2. Local State Sync
yMap.observe(async () => {
await performUpdateAndVerify();
saveStateToServer(id);
});
await performUpdateAndVerify();
// 3. P2P Connection
const { WebrtcProvider } = await import('y-webrtc');
provider = new WebrtcProvider(`nuxt-p2p-${id}`, ydoc, {
signaling: ["ws://localhost:4444", "ws://lynxpi.ddns.net:4444"]
});
provider.on('synced', (arg: {synced: boolean}) => {
isConnected.value = arg.synced;
console.log('Connection synced:', arg.synced) // "connected" or "disconnected"
});
provider.on('status', (event: { connected: boolean }) => {
console.log('Connection status:', event.connected) // "connected" or "disconnected"
})
provider.on('peers', (data: any) => {
connectedPeers.value = data.webrtcPeers.length + 1
});
};
const saveStateToServer = async (id: string) => {
if (!ydoc) return;
const stateUpdate = Y.encodeStateAsUpdate(ydoc);
try {
await $fetch(`/api/polls/${id}`, {
method: 'POST',
body: { update: Array.from(stateUpdate) }
});
} catch (e: any) {
console.error("Failed to update poll", e);
if (e.data?.message) {
alert(`Error: ${e.data.message}`);
} else if (e.statusMessage) {
alert(`Error: ${e.statusMessage}`);
} else {
alert('Failed to save poll. Please try again.');
}
}
};
// Watch for ID changes (e.g., user clicks a link or goes back)
watch(pollId, (newId) => {
if (newId && import.meta.client) {
initPoll(newId);
} else {
cleanup();
}
}, { immediate: true });
onUnmounted(cleanup);
const addOption = (optionName: string) => {
if (yMap && !yMap.has(optionName)) yMap.set(optionName, []);
};
const performUpdateAndVerify = async () => {
const pollDataUpdate = yMap!.toJSON();
console.log("Poll Data Update: ", pollDataUpdate)
// Extract poll metadata if it exists
const metadataSigned = pollDataUpdate['_metadata'] as SignedData<PollMetadata> | undefined;
const pollMetadata = metadataSigned?.data;
for(var option in pollDataUpdate){
// Skip metadata key when iterating over options
if (option === '_metadata') continue;
console.log("verifying votes for option: " + option);
const votes = pollDataUpdate[option] || [];
const verified = await verifyAllVotesForOption(votes, publicKeysCache, pollMetadata);
if(!verified){
console.error("Failed to verify option: "+option)
return;
}
}
console.log("All options verified! :)")
pollData.value = pollDataUpdate
}
const vote = async (optionName: string) => {
const currentUser = user.value;
if (currentUser == undefined) {
alert('You must be logged in to vote. Please create a user or login with your key file.');
return;
}
if (yMap?.has(optionName)) {
const voteData = [...(yMap.get(optionName) || [])];
// Check if user has already voted for this option
const hasAlreadyVoted = voteData.some(v => v.data.userid === currentUser.userid);
if (hasAlreadyVoted) {
console.error(`User ${currentUser.userid} has already voted for option ${optionName}`);
alert('You have already voted for this option.');
return;
}
if(voteData != undefined && currentUser.private_key){
var unsignedVoteData : VoteData = {
userid: currentUser.userid,
timestamp: new Date().toISOString()
}
var newVote : SignedData<VoteData> = {
data: unsignedVoteData,
signature: "",
}
voteData?.push(newVote)
const signature = await signVote(voteData,currentUser.private_key);
newVote.signature=signature
yMap?.set(optionName, voteData);
}
}
};
return { pollData, isConnected, connectionAttempFailed, connectedPeers, addOption, vote };
};

2
app/composables/user.ts
View File

@@ -1,2 +0,0 @@
export const user = (user: Ref<UserData | null>) => {
}

211
app/utils/crypto.ts
View File

@@ -1,211 +0,0 @@
// utils/crypto.ts
import type { SignedData, VoteData, PollMetadata } from "./types";
export const generateUserKeyPair = async () => {
return await window.crypto.subtle.generateKey(
{
name: "RSASSA-PKCS1-v1_5",
modulusLength: 2048,
publicExponent: new Uint8Array([1, 0, 1]), // 65537
hash: "SHA-256",
},
true, // extractable
["sign", "verify"]
);
};
export const signVote = async (data: any, privateKey: CryptoKey) => {
const encoder = new TextEncoder();
const encodedData = encoder.encode(JSON.stringify(data));
const signature = await window.crypto.subtle.sign(
"RSASSA-PKCS1-v1_5",
privateKey,
encodedData
);
// Convert to Base64 or Hex to store in Yjs easily
return btoa(String.fromCharCode(...new Uint8Array(signature)));
};
export const verifyVote = async (data: any, signatureStr: string, publicKey: CryptoKey) => {
const encoder = new TextEncoder();
const encodedData = encoder.encode(JSON.stringify(data));
// Convert Base64 back to Uint8Array
const signature = Uint8Array.from(atob(signatureStr), c => c.charCodeAt(0));
return await window.crypto.subtle.verify(
"RSASSA-PKCS1-v1_5",
publicKey,
signature,
encodedData
);
};
/**
* Verifies a specific vote within an array of votes by
* reconstructing the "signed state" at that point in time.
*/
export const verifyChainedVote = async (
voteData: SignedData<VoteData>[],
index: number,
publicKeysCache?: Record<string, CryptoKey>,
pollMetadata?: PollMetadata
) => {
const voteToVerify = voteData[index];
console.log("Verifying vote: " + voteToVerify)
if(voteToVerify) {
// 1. Check vote timestamp against poll duration if metadata is available
if (pollMetadata) {
const voteTime = new Date(voteToVerify.data.timestamp).getTime();
const timeSinceCreation = voteTime - pollMetadata.createdAt;
if (timeSinceCreation > pollMetadata.duration) {
console.error(`Vote timestamp exceeds poll duration: ${timeSinceCreation}ms > ${pollMetadata.duration}ms`);
return false;
}
}
// 2. Reconstruct the exact data state the user signed
// We need the array exactly as it was when they pushed their vote
const historicalState = voteData.slice(0, index + 1).map((v, i) => {
if (i === index) {
// For the current vote, the signature must be empty string
// because it wasn't signed yet when passed to signVote
return { ...v, signature: "" };
}
return v;
});
try {
// 3. Get public key from cache or fetch from API
let pubKey: CryptoKey;
if (publicKeysCache && publicKeysCache[voteToVerify.data.userid]) {
pubKey = publicKeysCache[voteToVerify.data.userid];
console.log("Using cached public key for user:", voteToVerify.data.userid);
} else {
const response = await $fetch<{ public_key: string }>(`/api/users/${voteToVerify.data.userid}`);
console.log("Got key from API: ",response)
pubKey = await stringToCryptoKey(response.public_key, 'public');
}
console.log("Using pubKey to verify Vote.")
// 4. Verify: Does this historicalState match the signature?
return await verifyVote(historicalState, voteToVerify.signature, pubKey);
} catch (err) {
console.error("Verification failed")
console.error(err);
return false;
}
}
console.error("Vote is undefined or null");
return false;
};
export const verifyAllVotesForOption = async (
votes: SignedData<VoteData>[],
publicKeysCache?: Record<string, CryptoKey>,
pollMetadata?: PollMetadata
) => {
console.log("verifying votes for option ",votes);
for (let i = votes.length-1; i >= 0 ; i--) {
const isValid = await verifyChainedVote(votes, i, publicKeysCache, pollMetadata);
if(!isValid){
console.error("Error! Invalid Vote at: " + i,votes)
return false;
}
}
return true;
};
// Helper to convert ArrayBuffer to Base64 string
const bufferToBase64 = (buf: ArrayBuffer) =>
window.btoa(String.fromCharCode(...new Uint8Array(buf)));
export const exportPublicKey = async (key: CryptoKey) => {
// Export Public Key
const exportedPublic = await window.crypto.subtle.exportKey("spki", key);
const publicKeyString = bufferToBase64(exportedPublic);
return publicKeyString;
};
export const exportPrivateKey = async (key: CryptoKey) => {
// Export Private Key
const exportedPrivate = await window.crypto.subtle.exportKey("pkcs8", key);
const privateKeyString = bufferToBase64(exportedPrivate);
return privateKeyString;
};
/**
* Converts a Base64 string back into a usable CryptoKey object
* @param keyStr The Base64 string (without PEM headers)
* @param type 'public' or 'private'
*/
export const stringToCryptoKey = async (keyStr: string, type: 'public' | 'private'): Promise<CryptoKey> => {
// 1. Convert Base64 string to a Uint8Array (binary)
const binaryString = window.atob(keyStr);
const bytes = new Uint8Array(binaryString.length);
for (let i = 0; i < binaryString.length; i++) {
bytes[i] = binaryString.charCodeAt(i);
}
// 2. Identify the format based on the key type
// Public keys usually use 'spki', Private keys use 'pkcs8'
const format = type === 'public' ? 'spki' : 'pkcs8';
const usages: KeyUsage[] = type === 'public' ? ['verify'] : ['sign'];
// 3. Import the key
return await window.crypto.subtle.importKey(
format,
bytes.buffer,
{
name: "RSASSA-PKCS1-v1_5",
hash: "SHA-256",
},
true, // extractable (set to false if you want to lock it in memory)
usages
);
};
export const savePrivateKeyToFile = (privateKeyStr: string, filename: string) => {
// Optional: Wrap in PEM headers for standard formatting
const pemHeader = "-----BEGIN PRIVATE KEY-----\n";
const pemFooter = "\n-----END PRIVATE KEY-----";
const fileContent = pemHeader + privateKeyStr + pemFooter;
const blob = new Blob([fileContent], { type: "text/plain" });
const url = URL.createObjectURL(blob);
const link = document.createElement("a");
link.href = url;
link.download = filename;
document.body.appendChild(link);
link.click();
// Cleanup
document.body.removeChild(link);
URL.revokeObjectURL(url);
};
export const loadPrivateKeyFromFile = async (file: File): Promise<string> => {
return new Promise((resolve, reject) => {
const reader = new FileReader();
reader.onload = (e) => {
const content = e.target?.result as string;
// Clean up the string by removing PEM headers and newlines
const cleanKey = content
.replace("-----BEGIN PRIVATE KEY-----", "")
.replace("-----END PRIVATE KEY-----", "")
.replace(/\s+/g, ""); // Removes all whitespace/newlines
resolve(cleanKey);
};
reader.onerror = () => reject("Error reading file");
reader.readAsText(file);
});
};

43
app/utils/types.ts
View File

@@ -1,43 +0,0 @@
export interface PollProps {
userid: string | undefined,
activePollId: string,
pollData: PollData,
addOption: (name: string) => void,
vote: (optionName: string) => void
}
export interface PollListProps {
userid: string | undefined,
}
export interface PollMetadata {
createdAt: number; // Unix timestamp in milliseconds
duration: number; // Duration in milliseconds
createdBy: string;
}
export interface PollData {
[key: string]: SignedData<VoteData>[] | SignedData<PollMetadata> | undefined;
}
export interface SignedData<T> {
data: T,
signature: string
}
export interface VoteData {
userid: string,
timestamp: string
}
export interface OptionData {
userid: string,
timestamp: string,
optionName: string
}
export interface UserData {
userid: string,
private_key: CryptoKey | undefined,
public_key: CryptoKey | undefined
}

12
index.html Normal file
View File

@@ -0,0 +1,12 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>P2P Poll</title>
</head>
<body>
<div id="app"></div>
<script type="module" src="/src/main.ts"></script>
</body>
</html>

23
nuxt.config.ts
View File

@@ -1,23 +0,0 @@
// https://nuxt.com/docs/api/configuration/nuxt-config
export default defineNuxtConfig({
compatibilityDate: '2025-07-15',
devtools: { enabled: true },
vite: {
optimizeDeps: {
include: ['yjs', 'y-webrtc']
}
},
// ... existing config
nitro: {
storage: {
polls: {
driver: 'fs',
base: './.data/polls'
},
users: {
driver: 'fs',
base: './.data/users'
}
}
}
})

8929
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

24
package.json
View File

@@ -1,20 +1,20 @@
{
"name": "p2p-poll",
"type": "module",
"name": "p2p-poll-app",
"version": "0.1.0",
"private": true,
"type": "module",
"scripts": {
"build": "nuxt build",
"dev": "PORT=4444 npx y-webrtc & nuxt dev",
"generate": "nuxt generate",
"preview": "nuxt preview",
"postinstall": "nuxt prepare"
"dev": "vite",
"build": "tsc --noEmit && vite build",
"preview": "vite preview"
},
"dependencies": {
"nuxt": "^4.1.3",
"uuid": "^13.0.0",
"vue": "^3.5.30",
"vue-router": "^5.0.3",
"y-indexeddb": "^9.0.12",
"y-webrtc": "^10.3.0",
"yjs": "^13.6.30"
"yjs": "^13.6.27"
},
"devDependencies": {
"typescript": "^5.9.2",
"vite": "^7.1.5"
}
}

BIN
public/favicon.ico
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.2 KiB

2
public/robots.txt
View File

@@ -1,2 +0,0 @@
User-Agent: *
Disallow:

94
server/api/polls/[id].ts
View File

@@ -1,94 +0,0 @@
import * as Y from 'yjs';
// server/api/polls/[id].ts
export default defineEventHandler(async (event) => {
const method = event.node.req.method;
const pollId = getRouterParam(event, 'id');
// We use Nitro's built-in storage.
// 'polls' is the storage namespace.
const storage = useStorage('polls');
if (!pollId) {
throw createError({ statusCode: 400, statusMessage: 'Poll ID required' });
}
// GET: Fetch the saved Yjs document state
if (method === 'GET') {
const data = await storage.getItem(`poll:${pollId}`);
// Fetch all user public keys to include in response
const userStorage = useStorage('users');
const publicKeys: Record<string, string> = {};
// Get all user keys from storage
const keys = await userStorage.getKeys();
for (const key of keys) {
if (key.startsWith('user:')) {
const userId = key.replace('user:', '');
const publicKey = await userStorage.getItem(key);
if (publicKey) {
publicKeys[userId] = String(publicKey);
}
}
}
// Return the array of numbers (or null if it doesn't exist yet) along with public keys
return { update: data || null, publicKeys };
}
// POST: Save a new Yjs document state
if (method === 'POST') {
const body = await readBody(event);
if (body.update && Array.isArray(body.update)) {
// create a temp Y.Doc to encode the Data
const tempDoc = new Y.Doc();
Y.applyUpdate(tempDoc, new Uint8Array(body.update));
const yMap = tempDoc.getMap('shared-poll');
const pollData = yMap.toJSON();
// verify pollData
for(var option in pollData){
const votes = pollData[option] || [];
var pubKeys: CryptoKey[] = [];
const verifyAllVotesForOption = async (votes: SignedData<VoteData>[]) => {
console.log("verifying votes for option " + option,votes);
// check last votes first. if there is something wrong, its likely in the last vote.
for (let i = votes.length-1; i >= 0 ; i--) {
const userStorage = useStorage('users');
const votePubKeyString = await userStorage.getItem(`user:${votes[i]?.data.userid}`);
// Check if public key exists for this user
if (!votePubKeyString) {
console.error(`Error! No public key found for user: ${votes[i]?.data.userid}`);
throw createError({
statusCode: 400,
statusMessage: `Vote from unknown user: ${votes[i]?.data.userid}. User must be registered to vote.`
});
}
const votePubKey = await stringToCryptoKey(String(votePubKeyString),'public')
const isValid = await verifyChainedVote(votes, i,votePubKey);
if(!isValid){
console.error("Error! Invalid Vote at: " + i,votes)
return false;
}
}
return true;
};
const verified = await verifyAllVotesForOption(votes);
if(!verified){
console.error("Failed to verify option: "+option)
throw createError({ statusCode: 400, statusMessage: 'PollData contains unverifyable content!' });
}
}
// Save the binary update (sent as an array of numbers) to storage
await storage.setItem(`poll:${pollId}`, body.update);
return { success: true };
}
throw createError({ statusCode: 400, statusMessage: 'Invalid update payload' });
}
});

15
server/api/polls/index.get.ts
View File

@@ -1,15 +0,0 @@
// server/api/polls/index.get.ts
export default defineEventHandler(async () => {
const storage = useStorage('polls');
// Get all keys in the 'polls' namespace
const allKeys = await storage.getKeys();
// Filter for our specific poll prefix and strip it for the UI
// poll:my-id -> my-id
const polls = allKeys
.filter(key => key.startsWith('poll:'))
.map(key => key.replace('poll:', ''));
return { polls };
});

82
server/api/users/[id].ts
View File

@@ -1,82 +0,0 @@
// server/api/users/[id].ts
// Simple in-memory rate limiter
const rateLimitMap = new Map<string, { count: number; resetTime: number }>();
const RATE_LIMIT_WINDOW = 60000; // 1 minute
const RATE_LIMIT_MAX = 10; // 10 requests per minute per admin
function checkRateLimit(adminToken: string): boolean {
const now = Date.now();
const limit = rateLimitMap.get(adminToken);
if (!limit || now > limit.resetTime) {
rateLimitMap.set(adminToken, { count: 1, resetTime: now + RATE_LIMIT_WINDOW });
return true;
}
if (limit.count >= RATE_LIMIT_MAX) {
return false;
}
limit.count++;
return true;
}
export default defineEventHandler(async (event) => {
const method = event.node.req.method;
const userId = getRouterParam(event, 'id');
// We use Nitro's built-in storage.
// 'polls' is the storage namespace.
const storage = useStorage('users');
if (!userId) {
throw createError({ statusCode: 400, statusMessage: 'User ID required' });
}
// GET: Fetch the saved Yjs document state
if (method === 'GET') {
const data = await storage.getItem(`user:${userId}`);
// Return the array of numbers (or null if it doesn't exist yet)
return { public_key: data };
}
// POST: Save a new Yjs document state
if (method === 'POST') {
// Check for authentication
const authHeader = getHeader(event, 'authorization');
const adminApiKey = process.env.ADMIN_API_KEY || 'default-admin-key-change-in-production';
if (!authHeader || !authHeader.startsWith('Bearer ')) {
throw createError({ statusCode: 401, statusMessage: 'Authorization header required' });
}
const token = authHeader.replace('Bearer ', '');
if (token !== adminApiKey) {
throw createError({ statusCode: 403, statusMessage: 'Invalid or expired token' });
}
// Check rate limiting
if (!checkRateLimit(token)) {
throw createError({ statusCode: 429, statusMessage: 'Rate limit exceeded. Try again later.' });
}
const body = await readBody(event);
if (body.public_key) {
const data = await storage.getItem(`user:${userId}`);
if (data == undefined || data == null) {
// Save the binary update (sent as an array of numbers) to storage
await storage.setItem(`user:${userId}`, body.public_key);
console.log("New User created: " + userId)
console.log("Public Key: " + body.public_key);
return { success: true };
}
throw createError({ statusCode: 400, statusMessage: 'User already exists.' });
}
throw createError({ statusCode: 400, statusMessage: 'Invalid update payload' });
}
});

89
server/utils/crypto.ts
View File

@@ -1,89 +0,0 @@
import { SignedData, VoteData } from "./types";
/**
* Gets the WebCrypto API regardless of environment (Node vs Browser)
*/
const getCrypto = () => {
return (globalThis as any).crypto;
};
export const verifyVote = async (data: any, signatureStr: string, publicKey: CryptoKey) => {
const encoder = new TextEncoder();
const encodedData = encoder.encode(JSON.stringify(data));
// Convert Base64 back to Uint8Array
const signature = Uint8Array.from(atob(signatureStr), c => c.charCodeAt(0));
return await getCrypto().subtle.verify(
"RSASSA-PKCS1-v1_5",
publicKey,
signature,
encodedData
);
};
/**
* Verifies a specific vote within an array of votes by
* reconstructing the "signed state" at that point in time.
*/
export const verifyChainedVote = async (
voteData: SignedData<VoteData>[],
index: number,
pubKey: CryptoKey
) => {
const voteToVerify = voteData[index];
console.log("Verifying vote: " + voteToVerify)
if(voteToVerify) {
const historicalState = voteData.slice(0, index + 1).map((v, i) => {
if (i === index) {
// For the current vote, the signature must be empty string
// because it wasn't signed yet when passed to signVote
return { ...v, signature: "" };
}
return v;
});
try {
// 3. Verify: Does this historicalState match the signature?
return await verifyVote(historicalState, voteToVerify.signature, pubKey);
} catch (err) {
console.error("Verification failed")
console.error(err);
return false;
}
}
console.error("Vote is undefined or null");
return false;
};
/**
* Converts a Base64 string back into a usable CryptoKey object
* @param keyStr The Base64 string (without PEM headers)
* @param type 'public' or 'private'
*/
export const stringToCryptoKey = async (keyStr: string, type: 'public' | 'private'): Promise<CryptoKey> => {
// 1. Convert Base64 string to a Uint8Array (binary)
const binaryString = Buffer.from(keyStr, 'base64').toString('binary');
const bytes = new Uint8Array(binaryString.length);
for (let i = 0; i < binaryString.length; i++) {
bytes[i] = binaryString.charCodeAt(i);
}
// 2. Identify the format based on the key type
// Public keys usually use 'spki', Private keys use 'pkcs8'
const format = type === 'public' ? 'spki' : 'pkcs8';
const usages: KeyUsage[] = type === 'public' ? ['verify'] : ['sign'];
// 3. Import the key
return await getCrypto().subtle.importKey(
format,
bytes.buffer,
{
name: "RSASSA-PKCS1-v1_5",
hash: "SHA-256",
},
true, // extractable (set to false if you want to lock it in memory)
usages
);
};

36
server/utils/types.ts
View File

@@ -1,36 +0,0 @@
export interface PollProps {
userid: string | undefined,
activePollId: string,
pollData: PollData,
addOption: (name: string) => void,
vote: (optionName: string) => void
}
export interface PollListProps {
userid: string | undefined,
}
export interface PollData extends Record<string, SignedData<VoteData>[]> {
}
export interface SignedData<T> {
data: T,
signature: string
}
export interface VoteData {
userid: string,
timestamp: string
}
export interface OptionData {
userid: string,
timestamp: string,
optionName: string
}
export interface UserData {
userid: string,
private_key: CryptoKey | undefined,
public_key: CryptoKey | undefined
}

107
src/app.ts Normal file
View File

@@ -0,0 +1,107 @@
import { getUserId } from "./identity";
import { renderApp } from "./render";
import { addOption, castVote, createViewModel } from "./state";
import { initSync } from "./sync";
const ROOM_PARAM = "room";
function createRoomId() {
const seed = typeof crypto.randomUUID === "function"
? crypto.randomUUID().slice(0, 8)
: Math.random().toString(36).slice(2, 10);
return `poll-${seed}`;
}
function ensureRoomId() {
const url = new URL(window.location.href);
let roomId = url.searchParams.get(ROOM_PARAM)?.trim();
if (!roomId) {
roomId = createRoomId();
url.searchParams.set(ROOM_PARAM, roomId);
window.history.replaceState({}, "", url);
}
return roomId;
}
export function initApp(container: HTMLElement) {
const roomId = ensureRoomId();
const userId = getUserId();
const sync = initSync(roomId);
let feedbackMessage = "Ready to collaborate.";
let feedbackTimer: number | undefined;
const setFeedbackMessage = (message: string) => {
feedbackMessage = message;
render();
if (feedbackTimer) {
window.clearTimeout(feedbackTimer);
}
feedbackTimer = window.setTimeout(() => {
feedbackMessage = "Ready to collaborate.";
render();
}, 2400);
};
const render = () => {
const viewModel = createViewModel({
meta: sync.meta,
options: sync.options,
votes: sync.votes,
roomId,
shareUrl: window.location.href,
connectionStatus: sync.getConnectionStatus(),
userId,
});
renderApp(container, viewModel, feedbackMessage, {
onSubmitOption: (label) => {
const result = addOption(sync.options, label, userId);
if (!result.ok) {
setFeedbackMessage(result.error);
return;
}
setFeedbackMessage("Option added and syncing.");
},
onVote: (optionId) => {
castVote(sync.votes, userId, optionId);
setFeedbackMessage("Vote updated.");
},
onCopyLink: async () => {
try {
await navigator.clipboard.writeText(window.location.href);
setFeedbackMessage("Room link copied.");
} catch {
setFeedbackMessage("Could not copy the link in this browser.");
}
},
});
};
const rerender = () => render();
const observe = () => rerender();
sync.doc.on("update", observe);
sync.persistence.once("synced", rerender);
sync.provider.on("status", rerender);
window.addEventListener("online", rerender);
window.addEventListener("offline", rerender);
render();
return () => {
if (feedbackTimer) {
window.clearTimeout(feedbackTimer);
}
sync.doc.off("update", observe);
sync.provider.off("status", rerender);
window.removeEventListener("online", rerender);
window.removeEventListener("offline", rerender);
sync.destroy();
};
}

20
src/identity.ts Normal file
View File

@@ -0,0 +1,20 @@
const USER_ID_KEY = "p2p-poll:user-id";
function createUserId() {
if (typeof crypto.randomUUID === "function") {
return crypto.randomUUID();
}
return `user-${Math.random().toString(36).slice(2, 10)}`;
}
export function getUserId() {
const existing = localStorage.getItem(USER_ID_KEY);
if (existing) {
return existing;
}
const next = createUserId();
localStorage.setItem(USER_ID_KEY, next);
return next;
}

11
src/main.ts Normal file
View File

@@ -0,0 +1,11 @@
import "./styles.css";
import { initApp } from "./app";
const container = document.querySelector<HTMLElement>("#app");
if (!container) {
throw new Error("App container not found.");
}
initApp(container);

131
src/render.ts Normal file
View File

@@ -0,0 +1,131 @@
import type { PollViewModel } from "./state";
interface RenderActions {
onSubmitOption: (label: string) => void;
onVote: (optionId: string) => void;
onCopyLink: () => void;
}
function escapeHtml(value: string) {
return value
.replaceAll("&", "&amp;")
.replaceAll("<", "&lt;")
.replaceAll(">", "&gt;")
.replaceAll('"', "&quot;")
.replaceAll("'", "&#39;");
}
export function renderApp(
container: HTMLElement,
viewModel: PollViewModel,
feedbackMessage: string,
actions: RenderActions,
) {
const optionMarkup = viewModel.options.length
? viewModel.options
.map((option) => {
const buttonLabel = option.isSelectedByMe ? "Selected" : "Vote";
const selectedClass = option.isSelectedByMe ? "option-card selected" : "option-card";
return `
<li class="${selectedClass}">
<div class="option-main">
<div>
<p class="option-label">${escapeHtml(option.label)}</p>
<p class="option-meta">${option.voteCount} vote${option.voteCount === 1 ? "" : "s"}</p>
</div>
<button class="vote-button" data-option-id="${option.id}">
${buttonLabel}
</button>
</div>
</li>
`;
})
.join("")
: `
<li class="empty-state">
No options yet. Add the first one and it will sync to everyone in this room.
</li>
`;
const statusClass = `status-pill ${viewModel.connectionStatus}`;
const myVoteLabel = viewModel.myVoteOptionId
? "Your vote is currently synced."
: "You have not voted yet.";
container.innerHTML = `
<main class="shell">
<section class="hero">
<div class="hero-copy">
<p class="eyebrow">Peer-to-peer room</p>
<h1>${escapeHtml(viewModel.title)}</h1>
<p class="hero-text">
Share the room link, add options, and vote live without a central app server storing poll state.
</p>
</div>
<div class="hero-meta">
<span class="${statusClass}">${viewModel.connectionStatus}</span>
<p class="room-label">Room: <code>${escapeHtml(viewModel.roomId)}</code></p>
</div>
</section>
<section class="panel share-panel">
<label class="field-label" for="share-url">Share this room</label>
<div class="share-row">
<input id="share-url" class="share-input" type="text" readonly value="${escapeHtml(viewModel.shareUrl)}" />
<button id="copy-link-button" class="secondary-button" type="button">Copy link</button>
</div>
</section>
<section class="panel">
<div class="section-header">
<div>
<h2>Options</h2>
<p>${myVoteLabel}</p>
</div>
</div>
<ul class="options-list">${optionMarkup}</ul>
</section>
<section class="panel">
<h2>Add an option</h2>
<form id="add-option-form" class="option-form">
<input
id="option-input"
name="option"
type="text"
maxlength="80"
placeholder="Add an option"
autocomplete="off"
required
/>
<button class="primary-button" type="submit">Add option</button>
</form>
<p class="feedback" aria-live="polite">${escapeHtml(feedbackMessage)}</p>
</section>
</main>
`;
const addOptionForm = container.querySelector<HTMLFormElement>("#add-option-form");
const optionInput = container.querySelector<HTMLInputElement>("#option-input");
const copyLinkButton = container.querySelector<HTMLButtonElement>("#copy-link-button");
addOptionForm?.addEventListener("submit", (event) => {
event.preventDefault();
const label = optionInput?.value ?? "";
actions.onSubmitOption(label);
});
copyLinkButton?.addEventListener("click", () => {
actions.onCopyLink();
});
container.querySelectorAll<HTMLButtonElement>("[data-option-id]").forEach((button) => {
button.addEventListener("click", () => {
const optionId = button.dataset.optionId;
if (optionId) {
actions.onVote(optionId);
}
});
});
}

124
src/state.ts Normal file
View File

@@ -0,0 +1,124 @@
import * as Y from "yjs";
export const DEFAULT_POLL_TITLE = "Shared Poll";
export type ConnectionStatus = "connecting" | "connected" | "offline";
export interface OptionRecord {
id: string;
label: string;
createdAt: number;
createdBy: string;
}
export interface PollOptionViewModel extends OptionRecord {
voteCount: number;
isSelectedByMe: boolean;
}
export interface PollViewModel {
title: string;
roomId: string;
shareUrl: string;
connectionStatus: ConnectionStatus;
options: PollOptionViewModel[];
myVoteOptionId: string | null;
}
const META_KEY_TITLE = "title";
function createOptionId() {
if (typeof crypto.randomUUID === "function") {
return crypto.randomUUID();
}
return `option-${Math.random().toString(36).slice(2, 10)}`;
}
function normalizeLabel(label: string) {
return label.trim().replace(/\s+/g, " ");
}
function getPollTitle(meta: Y.Map<string>) {
return meta.get(META_KEY_TITLE) ?? DEFAULT_POLL_TITLE;
}
export function ensurePollInitialized(meta: Y.Map<string>) {
if (!meta.has(META_KEY_TITLE)) {
meta.set(META_KEY_TITLE, DEFAULT_POLL_TITLE);
}
}
export function addOption(
options: Y.Map<OptionRecord>,
rawLabel: string,
userId: string,
) {
const label = normalizeLabel(rawLabel);
if (!label) {
return { ok: false as const, error: "Option label cannot be empty." };
}
const normalizedTarget = label.toLocaleLowerCase();
const duplicate = Array.from(options.values()).some(
(option) => option.label.trim().toLocaleLowerCase() === normalizedTarget,
);
if (duplicate) {
return { ok: false as const, error: "That option already exists." };
}
const option: OptionRecord = {
id: createOptionId(),
label,
createdAt: Date.now(),
createdBy: userId,
};
options.set(option.id, option);
return { ok: true as const, optionId: option.id };
}
export function castVote(votes: Y.Map<string>, userId: string, optionId: string) {
votes.set(userId, optionId);
}
export function createViewModel(params: {
meta: Y.Map<string>;
options: Y.Map<OptionRecord>;
votes: Y.Map<string>;
roomId: string;
shareUrl: string;
connectionStatus: ConnectionStatus;
userId: string;
}): PollViewModel {
const { meta, options, votes, roomId, shareUrl, connectionStatus, userId } =
params;
const tally = new Map<string, number>();
for (const optionId of votes.values()) {
tally.set(optionId, (tally.get(optionId) ?? 0) + 1);
}
const myVoteOptionId = votes.get(userId) ?? null;
const sortedOptions = Array.from(options.values()).sort((left, right) => {
if (left.createdAt !== right.createdAt) {
return left.createdAt - right.createdAt;
}
return left.label.localeCompare(right.label);
});
return {
title: getPollTitle(meta),
roomId,
shareUrl,
connectionStatus,
myVoteOptionId,
options: sortedOptions.map((option) => ({
...option,
voteCount: tally.get(option.id) ?? 0,
isSelectedByMe: myVoteOptionId === option.id,
})),
};
}

256
src/styles.css Normal file
View File

@@ -0,0 +1,256 @@
:root {
font-family: "IBM Plex Sans", "Segoe UI", sans-serif;
color: #132238;
background:
radial-gradient(circle at top left, rgba(255, 190, 120, 0.55), transparent 28%),
radial-gradient(circle at top right, rgba(86, 201, 166, 0.3), transparent 24%),
linear-gradient(180deg, #f9f4e8 0%, #f4efe6 48%, #ece5d8 100%);
line-height: 1.5;
font-weight: 400;
color-scheme: light;
}
* {
box-sizing: border-box;
}
body {
margin: 0;
min-height: 100vh;
}
button,
input {
font: inherit;
}
button {
cursor: pointer;
}
#app {
min-height: 100vh;
}
.shell {
width: min(920px, calc(100% - 2rem));
margin: 0 auto;
padding: 2rem 0 3rem;
}
.hero {
display: flex;
justify-content: space-between;
gap: 1.5rem;
align-items: flex-start;
margin-bottom: 1.5rem;
}
.hero-copy h1 {
margin: 0.15rem 0 0.5rem;
font-size: clamp(2.4rem, 6vw, 4rem);
line-height: 0.95;
letter-spacing: -0.05em;
}
.hero-text,
.section-header p,
.feedback,
.option-meta,
.room-label {
color: #4a5a6a;
}
.eyebrow {
margin: 0;
text-transform: uppercase;
letter-spacing: 0.16em;
font-size: 0.8rem;
color: #915f00;
}
.hero-meta {
min-width: 15rem;
padding: 1rem 1.1rem;
border-radius: 1.2rem;
background: rgba(255, 255, 255, 0.68);
border: 1px solid rgba(19, 34, 56, 0.08);
backdrop-filter: blur(10px);
}
.status-pill {
display: inline-flex;
align-items: center;
padding: 0.35rem 0.75rem;
border-radius: 999px;
font-weight: 700;
text-transform: capitalize;
font-size: 0.9rem;
}
.status-pill.connected {
background: rgba(86, 201, 166, 0.18);
color: #135d43;
}
.status-pill.connecting {
background: rgba(255, 190, 120, 0.22);
color: #8c5300;
}
.status-pill.offline {
background: rgba(219, 82, 82, 0.16);
color: #8f1f1f;
}
.panel {
margin-bottom: 1.25rem;
padding: 1.25rem;
border-radius: 1.3rem;
background: rgba(255, 255, 255, 0.78);
border: 1px solid rgba(19, 34, 56, 0.08);
box-shadow: 0 14px 40px rgba(19, 34, 56, 0.08);
backdrop-filter: blur(10px);
}
.panel h2 {
margin: 0 0 0.45rem;
font-size: 1.1rem;
}
.share-row,
.option-form,
.option-main {
display: flex;
gap: 0.75rem;
}
.field-label {
display: block;
margin-bottom: 0.6rem;
font-weight: 700;
}
.share-input,
.option-form input {
width: 100%;
min-width: 0;
border-radius: 0.95rem;
border: 1px solid rgba(19, 34, 56, 0.14);
background: rgba(255, 255, 255, 0.94);
padding: 0.85rem 1rem;
color: #132238;
}
.share-input:focus,
.option-form input:focus {
outline: 2px solid rgba(255, 190, 120, 0.65);
outline-offset: 1px;
}
.primary-button,
.secondary-button,
.vote-button {
border: none;
border-radius: 0.95rem;
padding: 0.85rem 1rem;
font-weight: 700;
transition: transform 150ms ease, box-shadow 150ms ease, background-color 150ms ease;
}
.primary-button,
.vote-button {
background: #132238;
color: #f9f4e8;
box-shadow: 0 10px 20px rgba(19, 34, 56, 0.14);
}
.secondary-button {
background: rgba(19, 34, 56, 0.08);
color: #132238;
}
.primary-button:hover,
.secondary-button:hover,
.vote-button:hover {
transform: translateY(-1px);
}
.options-list {
list-style: none;
margin: 1rem 0 0;
padding: 0;
display: grid;
gap: 0.75rem;
}
.option-card,
.empty-state {
border-radius: 1.1rem;
padding: 1rem;
background: rgba(247, 244, 236, 0.95);
border: 1px solid rgba(19, 34, 56, 0.08);
}
.option-card.selected {
border-color: rgba(86, 201, 166, 0.85);
background: rgba(232, 249, 242, 0.95);
}
.option-main {
align-items: center;
justify-content: space-between;
}
.option-label {
margin: 0;
font-size: 1.05rem;
font-weight: 700;
}
.option-meta,
.feedback,
.room-label {
margin: 0.35rem 0 0;
}
.section-header {
display: flex;
justify-content: space-between;
align-items: baseline;
gap: 1rem;
}
.feedback {
min-height: 1.5rem;
}
code {
font-family: "IBM Plex Mono", "SFMono-Regular", monospace;
}
@media (max-width: 720px) {
.shell {
width: min(100% - 1rem, 920px);
padding-top: 1rem;
}
.hero,
.share-row,
.option-form,
.option-main,
.section-header {
flex-direction: column;
}
.hero-meta {
width: 100%;
min-width: 0;
}
.primary-button,
.secondary-button,
.vote-button {
width: 100%;
}
}

64
src/sync.ts Normal file
View File

@@ -0,0 +1,64 @@
import { IndexeddbPersistence } from "y-indexeddb";
import { WebrtcProvider } from "y-webrtc";
import * as Y from "yjs";
import { type ConnectionStatus, ensurePollInitialized, type OptionRecord } from "./state";
export interface AppSync {
doc: Y.Doc;
meta: Y.Map<string>;
options: Y.Map<OptionRecord>;
votes: Y.Map<string>;
provider: WebrtcProvider;
persistence: IndexeddbPersistence;
getConnectionStatus: () => ConnectionStatus;
destroy: () => void;
}
export function initSync(roomId: string): AppSync {
const doc = new Y.Doc();
const meta = doc.getMap<string>("poll-meta");
const options = doc.getMap<OptionRecord>("poll-options");
const votes = doc.getMap<string>("poll-votes");
ensurePollInitialized(meta);
let connectionStatus: ConnectionStatus = navigator.onLine ? "connecting" : "offline";
const provider = new WebrtcProvider(roomId, doc);
const persistence = new IndexeddbPersistence(roomId, doc);
const syncConnectionStatus = (status: ConnectionStatus) => {
connectionStatus = navigator.onLine ? status : "offline";
};
const handleOnline = () => {
syncConnectionStatus(provider.connected ? "connected" : "connecting");
};
const handleOffline = () => {
connectionStatus = "offline";
};
provider.on("status", (event: { connected: boolean }) => {
syncConnectionStatus(event.connected ? "connected" : "connecting");
});
window.addEventListener("online", handleOnline);
window.addEventListener("offline", handleOffline);
return {
doc,
meta,
options,
votes,
provider,
persistence,
getConnectionStatus: () => connectionStatus,
destroy: () => {
window.removeEventListener("online", handleOnline);
window.removeEventListener("offline", handleOffline);
persistence.destroy();
provider.destroy();
doc.destroy();
},
};
}

29
tsconfig.json
View File

@@ -1,18 +1,15 @@
{
// https://nuxt.com/docs/guide/concepts/typescript
"files": [],
"references": [
{
"path": "./.nuxt/tsconfig.app.json"
},
{
"path": "./.nuxt/tsconfig.server.json"
},
{
"path": "./.nuxt/tsconfig.shared.json"
},
{
"path": "./.nuxt/tsconfig.node.json"
}
]
"compilerOptions": {
"target": "ES2022",
"module": "ESNext",
"moduleResolution": "Bundler",
"lib": ["DOM", "DOM.Iterable", "ES2022"],
"strict": true,
"noEmit": true,
"esModuleInterop": true,
"skipLibCheck": true,
"allowSyntheticDefaultImports": true,
"useDefineForClassFields": true
},
"include": ["src"]
}