A simple website for doing collaborative work where each file and interaction is signed digitally!
- General Info
- Technologies Used
- Features
- Demonstration
- Setup
- Project Status
- Room for Improvement
- Acknowledgements
- License
This project was our submission for CSE 408 Software Engineering term project in Level 4/Term 1(Senior Year) at BUET CSE Undergrad.
In this project we decided to combine the features of a document signing application with that of a organizational management application, where users can -
- store their personal files with digital signatures
- make multiple organizations with new users
- hierarchically divide organization in teams and threads, with overlap if needed
- create flexible workflows in threads with digitally signe files and notes
- maintain chain of custody of all files, view file history
- discuss informally in thread forums
- send notices
- verify any digital signature with information of the signing user
Database:
- Postgresql hosted in Supabase
Unified Backend and Frontend:
- SvelteKit - version 2.4.3 hosted in Vercel.
We used SvelteKit because we preferred how Kit allowed rapid development with Svelte and we wanted to use a RESTful API in the backend, while keeping the codebase for backend and frontend similar. SvelteKit adds useful functions and file based routing while also creating a separate server for the RESTful API. The live API documentation was created with Swagger.
We chose Vercel for deployment, for we liked how it could easily integrate with Github, giving a full CI/CD pipeline. Out of many features of Vercel, an interesting one is that of logging every API call - a feature that saved us a lot of headache many times.
We used a Github Project to manage our workflow, using issues and pull requests as needed. Keeping our main branch push protected, we implemented a staged deployment with only successful preview deployments from testing being merged into main.
For managing user authentication in our project, we used AuthJS with user verification using database. For file storage, we used Supabase File Storage to host our files.
As digital signature algorithm, we chose Elliptic Curve Digital Signature Algorithm, using the browser-side SubtleCrypto API to create keys, sign and verify signatures. We recreated a users keys at each new log in to allow multiple device for each user and stored the private key in browsers IndexedDB as it can provide security for key objectes generated by SubtleCrypto APIs.
After signing up, a user can:
- Upload and view personal files that are immediately signed digitally
- View and update their profile
- Create new organizations and add members as needed
- Create new teams in the organizations and add members
- Create work threads in teams to simulate different workflows in a office, users from multiple teams are allowed in threads
- Upload, view, digitally sign and add notes to work files in a thread
- Maintain a chain of custody by using serial of thread members and letting only one user signing custody of thread at any time
- Add passive members to a thread, who can only view the workflow but cannot participate
- Forward thread custody in a flexible way to any other member of thread
- Discuss in a dedicated forum for each thread
- View file custody history for each file
- Give notice to all members of organization/team/thread, adding a file if required
- Receive detailed notifications about each event that is related to the user
- Archive thread after a successful workflow, with comments
- Have a unified view of users all work files, organizations, teams etc.
- View and download all signatures of a file as a pdf certificate
- Verify a files signature and get information about who signed it
- Search users, organizations, teams, threads and files with a robust, fault tolerant full text search
- Leave organization but only after the user has completed any pending workflows in any thread
Download and extract this SQL script to setup your database in Supabase or locally, using the \i <script path> command of Postgresql to run the SQL script.
In a suitable folder, clone the repo:
git clone https://github.com/AuthentiDocs/authentidocs.git
npm install
Create a file named .env and put the needed environment variables:
DEV_DB_ANON_LINK="<your development supabase database anon link>"
DEV_DB_ANON_KEY="<your development supabase database anon key>"
PROD_DB_ANON_LINK="<your production supabase database anon link>"
PROD_DB_ANON_KEY="<your production supabase database anon link>"
Also, create another file name .env.local for AuthJS authentication with this value:
AUTH_SECRET="<32 bit secret for Authentication>"
You can use the same database for production and development if needed.
npm run dev creates a development server, while npm run build will build the project for production that can be viewed with npm run preview.
After creating a project and connecting the github repo, Vercel will automatically deploy any push in any branch by default. This is customizable and you can add your own conditions for deployment. Populate Vercel project environment variables using the local .env file.
Here is a little demo of the running project with some screenshots below:
The team page and tabs are similar to the organization page, so we can skip to thread page now:
Project is: being worked on .
Room for improvement:
- Use NodePG or other more flexible database library for database connection
- Add preivew feature for more types of file in the frontend
- Add provision for user creation/adding by using a service an organization is already using, such as Azure Active Directory
- Possible use of Rich Text Editor in forum
We would like to specially give our heartfelt thanks to our honourable supervisor Md. Toufikuzzaman sir. It is his idea of using digital signatures in an office workspace that we had directly followed and tried to develop. Throughout the whole term, he gave us invaluable advice, encouraged us to explore new technologies and helped us overcome many problems. It has been both an honour and a learning experience working under his guidance.
We would also like to express our heartiest gratitude to our other sessional course teachers Rayhan Rashed sir and Mashiat Mustaq ma'am for the very important guidances and suggestions they gave us throughout the project.
A special shoutout to Ashraf, Lord Sadat, Shattik for helping us out anytime we needed. Check out Ashraf and company's project, Sadat and Asif's project and finally Shattik and Nafis and Wasif's project using microservices.
This project is licensed under GNU General Public License v3.0.