|
1 | 1 |
|
2 | 2 | ## Application Features |
3 | | -1. Startup Landing Page (and the website in general) |
| 3 | +1. In general: |
4 | 4 | - Engaging and non-distracting web design. |
5 | 5 | - Pleasant, not overwhelming, to the eyes. |
6 | 6 | - Simple but informative, guiding users through the features without creating any confusions. |
| 7 | + - Google-level security |
| 8 | + - Set up Content Security Policy to mitigate and detect XSS attacks. |
| 9 | + - Rejects requests without valid Firebase application ids to prevent unauthorized server endpoint access. |
| 10 | + - Expires tokens after each request to prevent replay attacks. |
| 11 | + - Rate limits each ip (and VPNs). Considered the possibility where the application uses a proxy by checking the `x-forwarded-for` header as a backup option for ip. |
| 12 | + - Data are stored in Google's Firebase. |
| 13 | + - Anti-DDoS. |
7 | 14 | 2. Login: |
8 | 15 | - **SignUpForm:** Allows users to sign up using their email and password, and validates the input fields using regular expressions and conditions. |
9 | 16 | - **LoginForm:** Allows users to log in using their email and password, and securely validates the input fields using Firebase. |
|
14 | 21 | - **ChatHeader**: Allows users to hover over an info icon to see a walkthrough of the chat interface. |
15 | 22 | - **Export**: Export & save the current chat session in a txt, json, or pdf format. |
16 | 23 | - **Chatbot**: Allow users to chat with a LLM that can view and describe image contents without exposing API keys by securely requesting Firebase Functions server endpoints for HuggingFace API requests. |
17 | | - - Rejects requests without valid Firebase application ids to prevent unauthorized server endpoint access. |
18 | | - - Expires & generates tokens after each request to prevent replay attacks. |
19 | | - - Rate limits each ip (and VPNs). Considered the possibility where the application uses a proxy by checking the `x-forwarded-for` header as a backup option. |
20 | 24 | - **ChatContent**: Starts and saves chat history to Firebase Firestore in an intuitive structure: |
21 | 25 | ``` |
22 | 26 | <user_id>: { |
|
64 | 68 |
|
65 | 69 | - [ ] Release Draw page |
66 | 70 | - [ ] Release Dashboard page |
| 71 | + - [ ] Dynamic AES encryption |
67 | 72 |
|
68 | 73 | ## Development Practices |
69 | 74 | 1. Refactored code by creating reusable and customizable components to build a foundation for fast feature development & changes. |
@@ -112,10 +117,9 @@ Follow the setup guide at https://firebase.google.com/docs/web/setup#add_firebas |
112 | 117 | - Under API keys, click on "Browser key (auto created by Firebase)" |
113 | 118 | - Under "Set an application restriction", click on Website and add the URL of your app to prevent unauthorized access (read more at [Is it Safe to Expose Firebase APIKey to the Public](https://stackoverflow.com/questions/37482366/is-it-safe-to-expose-firebase-apikey-to-the-public)) |
114 | 119 |
|
115 | | -3. This application sends requests to the HuggingFace API on the Firebase Functions server so that any API keys are not exposed to the client side. So, please set any environmental variables on the server using `firebase functions:config:set huggingface.api_key="your_api_key"`. |
116 | | - |
| 120 | +3. Set up Firebase Functions in your project root directory using `firebase init functions`. This application sends requests to the HuggingFace API on the Firebase Functions server so that any API keys are not exposed to the client side. So, please set any environmental variables on the server using `firebase functions:config:set huggingface.api_key="your_api_key"`. |
117 | 121 |
|
118 | | -4. Lastly, run the development server: |
| 122 | +4. Lastly, deploy the application to Firebase: |
119 | 123 |
|
120 | 124 | ```bash |
121 | 125 | firebase deploy --only "functions,hosting" |
|
0 commit comments