Project
TLS — Secure Messaging
Private two-person chat · Node.js / TypeScript · SQLCipher · PWA
TLS is a self-hosted, end-to-end authenticated two-person chat application built for private use. Every message, image, and video passes through your own server, with the database encrypted at rest using SQLCipher — no third-party servers, no data leaving your infrastructure.
The goal was a messaging app that genuinely prioritises privacy without sacrificing usability. View-once media, in-app video recording with FFmpeg WASM compression, emoji reactions, swipe-to-reply threading, and five colour schemes make it feel polished for daily use. It ships as a PWA so it installs to the home screen and runs full-screen on Android and iOS.
Main chat interface — read receipts (✓ / ✓✓), emoji reactions, reply threading, and view-once media
Key features
- SQLCipher-encrypted SQLite database (AES-256)
- Session-cookie authentication (7-day TTL, HttpOnly, SameSite=Strict)
- Optional two-factor authentication via OTP email
- Forced password change on first login
- View-once images and videos
- In-app video recorder with optional FFmpeg WASM compression
- Swipe-to-reply and threaded message context
- Emoji reactions: 👍 ❤️ 😂 😮 😢 👏 🔥 😡
- Typing indicator and dual-tick read receipts
- Five colour schemes: Default, Ocean, Purple, Warm, Forest
- Image blur toggle for sensitive or NSFW media
- PWA — installs full-screen on Android (Chrome) and iOS (Safari)
- Admin panel: user management, message reports, app settings, post import
- Cloudflare Turnstile captcha support (optional)
- Report function — flag messages to admin with one tap
- Emergency exit button (configurable)
- Soft-delete: content retained for admin audit, access immediately revoked
Login with optional Turnstile captcha and OTP 2FA (left) · Settings panel with five colour schemes (right)
Admin panel — user management with roles, 2FA status, last-seen, and enable/disable controls