syncpad

jpann

Jan 4, 2019 • 3 min read

I setup an instance of the NodeJs service I wrote called syncpad . This is an experiment for creating a sort of collaborative online "notepad". It has been a long time since I've made any real changes to it, but feel free to check it out by going to this url and generating a random notepad: https://syncpad.impostr-labs.com

The project is hosted on GitHub: https://github.com/jpann/syncpad-server

I posted about this awhile back on my other blog, that will eventually go away, but here is the the content of that older post that goes into a bit more detail about syncpad:

Around four months ago I started a project to solve a problem I had. I needed an easy way to transfer random blocks of text between two machines that weren’t on the same LAN but the text would need to be encrypted between the two or more machines and I would need to be able to easily connect to the session. magic-wormhole was basically what I was looking for, but it was command line, transferring large blocks of text that may be formatted would require sending files instead of actual text, so I looked for another option. 1Clipboard looked promising, since it syncs your clipboard through your cloud storage, so I gave it a go. 1Clipboard’s syncing was slow. There were times when I would copy something and it wouldn’t sync over to the other machine or the sync would take several minutes. I thought about just writing something myself using SignalR, since I already know C# but I decided to check out Node.js after talking with a friend.

In the end, I ended up hacking up a server and client that let you basically have a text pad that is sync’d between multiple machines in real time. At first, I didn’t use any encryption other than running the server over a TLS connection, and it required you to have an account to setup a new text pad, etc. That worked for awhile but it got old having to login with an account each time, then having to setup a text editor room with its own password, it seemed redundant. Why do I need a login to use the actual service? Am I wanting to restrict this to only certain people? Maintaining the users would quickly become a burden.

Eventually I just settled on having the service create a random text pad “room” whenever you accessed the service’s main site, either either a human readable ID (e.g. strange-starfish-26) that you can easily tell someone or a random short GUID that isn’t too readable (to let you create more random text pad ‘room’ IDs). You could tell someone the text pad ID or email the text pad room url to someone, and then verbally tell them the passcode to enter the room.

When you go to the service url a new text pad room is generated with a random ID, and you set a passcode for the room. In the back end, a random AES encryption key is generated and is used to encrypt all messages sent in that room. Eventually I’d like to change this so the key changes frequently, but for now, this is fine. When a user joins a room and enters the correct passcode, an Elliptic Curve Diffie-Hellman key exchange is performed between the server and the new user in order to securely provide the connecting user with that room’s encryption key. All further messages in that room are encrypted using this key. This may not be the best solution, but it seems good enough for now and if I decide to go back and revisit this project, I’ll look into revising this.

I’ve been using this project for a month or two now to solve my problem of securely transferring random text blocks between two machines and it has worked great for me. It isn’t really a “collaborative” text editor since it has issues when two people are entering text at the exact same time but it works great if you need to quickly transfer text blocks between two machines that can’t exactly talk to each other. I decided to mirror the project to GitHub, even though I think the code is absolutely horrible. This was my first project in Node.js/JavaScript, so there are probably a lot of mistakes, bad practices or incorrect uses of various things that are in Node.js.

I wrote a Windows client for this using Electron, but I haven’t posted that to GitHub yet, since I kind of stopped using it and instead I use the web based text pad.