[🧑‍💻] Secret Messenger 개발 일지 #3: Roadmap Update: Phase 1-6

✨ GPT의 요약 　

Secret Messenger 프로젝트의 실행 계획을 Phase 1~6까지 정교하게 확장하며, 개발 스택을 Flutter Web + Django 조합으로 고도화하고, 위장 인터페이스 및 서버 배포 흐름을 체계화한 하루.

🚀 Roadmap

Execution plan for a secure, disguised Flutter Web + Django messenger targeting heavily monitored, high-risk individuals in mainland China —specifically undocumented North Korean escapees— where concealment and data protection are paramount.
The application is camouflaged as a basic online calculator while providing real-time chat, file sharing, and one-way information broadcasts under the hood.

---

✅ Phase 1 — Planning & Architecture

• 🧠 Define project goal and threat model
  • Audience: undocumented North Korean escapees in China
  • Mission: browser-based, install-free, secure and disguised messaging tool
  • UX disguise: calculator-style interface
• 🤖 Select AI-driven dev workflow
  • Use GPT-4o + o1 for design, codegen, and iteration
  • Follow “Vibe Coding” → fast, natural-language dev via AI
• ⚙️ Finalize tech stack
  • Frontend: Flutter Web (Material 3, go_router, Riverpod, http)
  • Backend: Django + Django REST Framework (Django 5.x)
  • Deployment: Single VPS container (static + API), with optional Cloudflare proxy
• 🌐 Acquire domain
  • Domain: ㅇㅇㅇ.net
  • Cost: ₩18,000/year via Korean registrar
  • Purpose: visual camouflage as an online calculator

---

✅ Phase 2 — VPS Setup & Base Deployment

• 💳 Create a Vultr account and pay $10.

• 🛒 Create a VPS instance
  • Region: Singapore (best GFW performance on Vultr)
  • OS: Ubuntu 22.04 x64
  • Plan: 1vCPU / 1GB RAM ($5/month)
  • SSH key or password access setup

• 🔐 Access and initialize

  ssh root@<IP>
  apt update && apt upgrade -y
  apt install python3-pip python3-venv nginx git ufw -y
  ufw allow OpenSSH && ufw allow 'Nginx Full' && ufw enable
  

• 📁 Prepare project directory and virtualenv

  mkdir /srv/ㅇㅇㅇ && cd /srv/ㅇㅇㅇ
  python3 -m venv venv && source venv/bin/activate
  pip install django djangorestframework whitenoise gunicorn
  

Note: A Cloudflare proxy is recommended to hide the VPS IP and absorb DDoS.

---

✅ Phase 3 — Project Initialization (Django + Flutter)

🔧 Django Setup

• django-admin startproject stealthcore .
  • Creates stealthcore/ folder and manage.py inside /srv/ㅇㅇㅇ.
• python manage.py startapp api
  • Creates the api/ folder for your custom logic (message handling, file uploads, broadcast notices, etc.).
• Add 'api', 'rest_framework' to INSTALLED_APPS

  • In stealthcore/stealthcore/settings.py, e.g.:

    INSTALLED_APPS = [
        'django.contrib.admin',
        'django.contrib.auth',
        'django.contrib.contenttypes',
        'django.contrib.sessions',
        'django.contrib.messages',
        'django.contrib.staticfiles',
        'rest_framework',  ## Add
        'api',            ## Add
    ]
    

• python manage.py migrate
  • Creates initial database tables (SQLite by default).
• python manage.py createsuperuser
  • Lets you access Django’s admin panel (optional but recommended).

Future expansions:

• /api/messages/ for group chat with TTL
• /api/upload/ for file sharing (auto-deletion)
• /api/notice/ for admin broadcast messages

🛠️ Flutter Web Setup

• flutter create ㅇㅇㅇ_web
  • Produces a basic Flutter Web project.
• Replace UI with calculator-style layout

  • Minimal example in main.dart:

    TextField(
      onChanged: (val) {
        // store user input
      },
    );
    ElevatedButton(
      onPressed: () {
        // call /api/check-trigger/
      },
      child: Text("Send"),
    );
    

  • Realistically, implement numeric keypad, basic arithmetic, etc.

• Connect POST request to /api/check-trigger/

  • Using http:

    final response = await http.post(
      Uri.parse('/api/check-trigger/'),
      body: {'input': userInput},
    );
    

  • If valid, backend issues a token → Flutter loads hidden messenger UI.

• flutter build web
  • Compiles your Flutter app to build/web/.

• Copy files:

  mkdir frontend_static/
  cp -r build/web/* frontend_static/
  

  • This can be served by Nginx or Django’s WhiteNoise.

---

✅ Phase 4 — Trigger API & Flutter Integration

• In Django api/views.py:

  from rest_framework.decorators import api_view
  from rest_framework.response import Response
  import os
  
  @api_view(['POST'])
  def check_trigger(request):
      ## Production: store real trigger in os.environ or DB
      valid_trigger = os.environ.get('ㅇㅇㅇ_TRIGGER', '1004')
      if request.data.get('input') == valid_trigger:
          return Response({'status': 'success', 'token': 'XYZ'})
      return Response({'status': 'denied'})
  

• Create /api/urls.py and register route

  from django.urls import path
  from .views import check_trigger
  
  urlpatterns = [
      path('check-trigger/', check_trigger, name='check-trigger'),
  ]
  

• Connect from Flutter with http.post(...)
  • If "success", store token in memory (Riverpod) → show hidden UI
  • If "denied", remain a simple calculator
• Ensure no sensitive logic in the frontend
  • All secret values (like the trigger code) live on the server.

---

✅ Phase 5 — Nginx & HTTPS Hosting

• Create Nginx config:

  server {
      listen 80;
      server_name ㅇㅇㅇ.net;
  
      location /static/ {
          alias /srv/ㅇㅇㅇ/frontend_static/;
      }
  
      location / {
          proxy_pass http://127.0.0.1:8000;
          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
      }
  }
  

• Enable config and restart:

  ln -s /etc/nginx/sites-available/ㅇㅇㅇ/etc/nginx/sites-enabled/
  nginx -t && systemctl restart nginx
  

• Enable HTTPS:

  apt install certbot python3-certbot-nginx -y
  certbot --nginx -d ㅇㅇㅇ.net
  

  • Installs Let’s Encrypt cert for ㅇㅇㅇ.net.
  • Afterward, https://ㅇㅇㅇ.net should serve your disguised calculator.

Gunicorn & systemd

• For production, run Django with Gunicorn behind Nginx:

  gunicorn stealthcore.wsgi:application --bind 127.0.0.1:8000
  

• Create a /etc/systemd/system/gunicorn.service to auto-restart on reboot.

---

✅ Phase 6 — Final Testing & Disguise Hardening

• 🧪 Test UI & trigger
  • Visit https://ㅇㅇㅇ.net
  • Input 1004 (or real trigger) → verify {"status":"success"} + token
  • Invalid input → {"status":"denied"}
• 🔒 Clean frontend
  • Remove all references to “chat” or “trigger”
  • No hardcoded secrets or tokens
  • Minimal localStorage usage for ephemeral sessions
• 🧊 Final disguise polish
  • Fake calculator branding (title, icon, etc.)
  • Real arithmetic (optional) so it’s fully plausible as a calculator
  • UI alignment, theming, and final styling
• 🧠 Create deploy.md (internal doc)
  • How to deploy, update, rollback, and verify
  • Summarize environment variables (ㅇㅇㅇ_TRIGGER, SECRET_KEY)
  • Include any security & logging best practices

---

🔮 Future Features

• 📥 Info Board (Read-Only Announcements)
• 💬 Group Chat with TTL-based message deletion
• 📁 File Sharing (auto-expire for security)
• 🔥 Auto-Deletion via cron/management command for expired data
• 🌐 Cloudflare Proxy to mask VPS IP and mitigate DDoS

Use this roadmap to guide end-to-end development of ㅇㅇㅇ—from initial VPS setup to final production.

---

💭 일기

개발을 멈추면 안 된다. 습관이 망가진다. 벌써 열흘이 지났다.

하루 10분이라도 반드시 개발하고, 아무리 작은 변화가 있었더라도 개발 일지를 작성하자.

---

👀 Git Log

Date	Type	Message
25.04.13 Sun	docs(roadmap)	refine and finalize Phase 1–6 plan for secure disguised messenger (HEAD → main, origin/main)
25.04.03 Thu	docs(roadmap)	edit full Phase 0–3 checklist for Flutter Web + Django deployment
25.04.03 Thu	docs	add dev-principles and roadmap with links from README
25.04.03 Thu	docs(README)	add more details to roadmap
25.04.03 Thu	docs(README)	change backend from Node to Django, and change from Kor to Eng
25.04.02 Wed	docs(README)	add minor details for user
25.04.01 Tue	docs(README)	add description, tech stack, features, roadmap, …
25.04.01 Tue	-	Initial commit