Mossy

Improved CTA

I’ve made extension stable enough to put in into release, also production works like a charm
I’ll ship it right now!

I’ve completed key-sync, now I used AI to generate skeleton of the extension, whole project. should be shipped by tomorrow. I hope y’all will like it!

Key transfer works like a charm!
I’m gonna add few nice things to UI, and Im gonna start working on functional extension to make password management easier!

Hi there!
I’ve managed to refactor some logic on frontend in terms of key-sync, and I’ve completed CD pipeline so demo is up right now!

Key sync is half way there!
I improved key management, right now X25519 key is not static (it’s changed per sync to provide best security)
Also codebase now uses zustand instead of context API (I hate it!),
I hope everything will be done by tomorow, when it’s done I’ll do some redesign and ship this project.
Wish me luck!

Made major improvements in terms of stability, registering device works 100% of the time, and I think I’m good to go with WS integration.

Refactor of key-sync is still WIP, but I’ve already made some working integrations on frontend such as

• working QR generation (with real API)
• device flow (ID/DH keys) logic
• ID/DH keys storing
• frontend already successfully authenticate with auth frame
• probably something more, but I forgot it ://
  See ya!

Hi there!
I was about to implement device flow logic on frontend, but I saw it’s really messy, so I need to make another refactor (eehh…).
First thing that I changed is authentication flow, right now, backend is waiting for client to send message with creedentials (this is still WIP), before I used some hack with websocket protocol (as you cannot use normal headers with WS)
Also, I made this placeholder on frontend as proof of concept, hope y’all ’ll like that!

Just finished refactoring backend logic, API is still the same from client perspective, but communication with vault works via chain of responsibility, and when response is provided, message is send to statistics microservice via kafka, also I’ve made whole flow async (CompletableFuture), to thread blocking, and make whole code cleaner. There are some minor flaws on frontend that I will address before merging those changes into my repo.

Currently Im making enormous refactoring of passwords microservice <––> vault communication, code that I made already is absolute peek of OOP & generic types, I’m proud of it, but it’s still WIP.
See ya!

Hi everyone!
Currently I’m working on migrating statistics microservice to use kafka for communication, and refactoring its logic, majority of things are done, however some thing (such as Online/Offline statuses) are still in migration, as they require me to think what will be better for architecture (to send majority of data to stats microservice, or serve some of ’em in coresponding microservices).
See ya soon!

Finished E2EE logic, I’ve made password modal resume last action after entering pin (so you dont have to click same button twice), Currently I’m working on refactoring mossy-statistics microservice so It’ll use kafka instead of REST/RabbitMQ mix. Stay tuned!

I’ve implemented E2EE, all you need for decryption is pin, (there are some wrapping keys, IVs etc, so it’s secure), currently Im working to make good UX feeling, and then I’ll implement key-syncing
Mossy is almost ready to go. cross your fingers!

CRUD of passwords works nice, I also made variants for RippleButton component to reduce amount of redundant code
I guess now I’ll add Vault tab to frontend
See ya!

CRUD on passwords is ready to go!
Now I will implement a way to manage passwords on frontend.
Stay tuned!

Currently I’m implementing some communication with vault.
It’s half-way there, however there are some flaws.
Stay tuned!

Finished majority of frontend - currently it’s mostly placeholder (auth works however)
Right now I’m working at implementing mossy-vault <––> mossy-passwords communication, and implementing statistics microservice. Hopefully I will finish everything before flavortown ends
Cross your fingers!

Finally, there is auth logic on frontend (login/register), now I’ll focus on adding dashboard view to complete MVP version of frontend, and I’ll focus on implementing vault/password management related logic.
See ya!

Just implemented sign up tab, so rest of auth flow will be implemented pretty soon.
Btw reacts makes working with fronend super fun, it’s so so cool.
See ya!

Hi there!
Currently I’m writting mossy’s frontend, it’s looking pretty good for now, but it is not functional (no backend integrations for now).
Also I’ve improve unit test coverage in some microservices.
Frontend will be there in few days.
See ya

Hi there!
Just finished logic for synchronizing keys for vaults, using websockets,
It works like that:

1. During device registration, device provides DH_p and ID_p keys (X25519 and Ed25519).
2. If there are already other devices registered, then sync room is created.
3. Both peers join room
4. Sender sends encrypted master key (MK)
   Also I’ve made protection against anti-replay attack (used sends a signature from random nonce and dh public key (DH_p) so request cannot be replayed)
   That’s it for now!
   See ya

Hi there!
Finally, after looong time I’ve finished authentication logic (over 4k lines of code!), I’ve added option to logout from account, and many many tests for super-fast testing. Now I can focus on domain logic, and making some frontend.
Bye!

Hello.
After 5h I’ve figured out some things about starters in Spring Boot. Turns out, that you can’t declare @ControllerAdvice and SecurityFilterChain inside of an starter. Best part? Framework throws some random runtime exception, that leaves you confused. Anyway, authentication flow is ready, currently I will write some tests, and I’m looking forward to merging it.
See ya

Hi there!
From last devlog I’ve improved majority of auth logic: right now architecture is perfectly scallable, so replicing microservices is not a issue no more. JWKS flow was redesigned: there is now a dedicated microservice for just receiving and displating well-know JWKS. Also logging in via credentials works flawless. I’ve also improved many other things (such as JWKS fallback to http if RabbitMQ fails).
See ya soon,
hopefully I’ll return with working auth logic, cross your fingers!

Hi there!
For the last 7 hours I have been working on the authentication system (JWKS, OAuth, etc.). I have also learned React, so I can write Mossy’s web extension all by myself. The prototype of the web extension is halfway there. However, to develop it further, I need to finish the auth system.

See you soon!

Hi there!
I’ve successfully managed to design, and code majority of domain logic microservices, vault now, communicates with backend with STOMP + SockJS, it’s stable, and real-time. I am looking forward to writing authentication related microservices.
See ya!

Hi!
Mossy is kinda complicated project, so for most of the time I was figuring out a way to make everything secure. Mossy vaults (place where Mossy will store passwords at your self-hosted environment) will communicate with core (global backend microservice) via WebSockets. I’ve also figured many many other things. In terms of actual coding I’ve created “vault” and “core” microservices with basic logic. I’m really excited to work on this project overall!
See ya soon