๋ฏผ ํ˜

Routine System Designer Peaceful รœbermensch with Jesus

๋ฐฉ๋ฌธ ํ†ต๊ณ„

์˜ค๋Š˜
-
์›”
-
์ด
-
Sun Mon Tue Wed Thu Fri Sat 1 (2) 2 3 (2) 4 5 6 7 (2) 8 9 10 11 12 13 (2) 14 15 16 17 (3) 18 19 20 21 22 23 24 25 26 27 28 29 30

2025.04.1 posts

2025.04.3 posts

2025.04.7 posts

2025.04.13 posts

2025.04.14 posts

2025.04.15 posts

2025.04.16 posts

2025.04.17 posts

2025.04.18 posts

2025.04.22 posts

2025.04.23 posts

2025.04.24 posts

2025.04.28 posts

2025.04.29 posts

2025.04.30 posts

2025.04.01 (ํ™”)
2025.04.02 (์ˆ˜) ์ˆ˜์ •

โœจ GPT Summary ใ€€

A day spent completing the technical architecture and security design for a security-focused messenger for North Korean defectors in China, then writing an MVP development plan based on Flutter Web + Node.

๐Ÿงฎ Secret Messenger

This is a messenger for North Korean defector users living in China without official identification.

  • ๐Ÿ“ฑ Accessible in a browser with no installation required
  • ๐Ÿ’ฌ Able to receive information, hold private conversations, and share files
  • ๐Ÿ›ก๏ธ A security-focused communication tool based on Flutter Web

This project is a technical experiment for human rights protection and survival support, not for political purposes. It is not intended for public distribution or commercial use. (๐Ÿ”’ Managed only in a GitHub private repository.)

๐Ÿ“Œ Project Overview

Item Details
Users North Korean defectors in China with very low digital literacy, whose phones may be monitored by public security authorities
Goal Information sharing, secret chat, and safe file sharing
Form Browser-based Flutter Web SPA with no installation required
Domain https://???.net (disguised as a calculator UI)
UI disguise strategy First screen looks like a calculator โ†’ a specific operation sends an entry request to the server
Entry method Flutter Web POSTs the entry key to the server, and the server decides whether to issue an access token
Code security strategy Sensitive conditions and logic are not included in the client; all decisions are made server-side
Feature priority โ‘  Information receiving โ†’ โ‘ก Chat โ†’ โ‘ข File sharing

๐Ÿงช Vibe Coding Experiment Project

At the same time, this project is an MVP experiment to test the real-world applicability and limits of a development style called Vibe Coding.

  • Design and implementation are carried out in natural language, with most code generation assisted by AI.
  • The user plays the role of designer/coordinator rather than directly writing most of the code.
  • The goal is to evaluate the efficiency and risks of AI-driven development in reality.

Through this experiment, I want to explore the future of AI-based development workflows and verify whether they can reach a level that can be applied to a real human rights project.

โš™๏ธ Tech Stack

๐Ÿ”ท Frontend (Flutter Web)

  • Flutter 3.x (Web build)
  • Material 3 (well suited for a calculator UI disguise)
  • go_router (page transitions and hidden entry flow)
  • Riverpod (state management: UUID, sessions, etc.)
  • http (REST API communication)

๐Ÿ” UI Strategy

  • Initial screen: calculator-style TextField + button grid
  • Specific operation input โ†’ sent to server โ†’ if valid, internal entry is allowed
  • No entry trigger or logic is included in the client

๐Ÿ”ท Backend (Node.js + Express)

  • Node.js 18+
  • Express.js (REST API server)
  • SQLite (file-based local DB)
  • Multer (file uploads)
  • node-cron (TTL-based deletion scheduler)
  • Security middleware such as CORS, helmet, and rate-limit

๐Ÿ“ Main APIs

  • POST /check-trigger
    • Server checks the submitted string
    • If it matches a pre-registered trigger condition, a session token is issued
  • GET /session/:id or /inbox/:key
    • Only users with a server-issued session key can access internal features
  • POST /message, GET /messages
    • Store/retrieve TTL-based messages
  • POST /upload, GET /file/:id
    • Support file upload and automatic deletion

๐Ÿ”ท Infrastructure / Deployment

  • Docker (consistent and portable server environment)
  • Ubuntu 22.04 LTS (Vultr VPS)
  • Vultr VPS (Hong Kong region) โ€” for stable access from China
  • Cloudflare (DNS proxy + SSL + IP masking)
  • Domain: ???.net โ€” calculator-disguise domain

๐Ÿ” Security Strategy

Item Description
Code separation Sensitive code such as entry logic and triggers is server-only
Limited Flutter Web role Only renders UI and sends input
HTTPS enforcement Cloudflare + Letโ€™s Encrypt
Cloudflare proxy Masks server IP and helps defend against DDoS
CORS restriction Blocks requests from domains outside the allowlist
no-cache policy Applies no-store headers to all responses
Message TTL Automatic deletion based on creation time
File TTL Files deleted within a set time after upload, handled by node-cron
Local storage restriction Minimize or avoid localStorage/cookies

๐Ÿ—‚๏ธ Feature List

Feature Status Description
๐ŸงŠ Disguise UI ๐ŸŸข In progress Disguised as a calculator UI, with entry condition handled through the server
๐Ÿ“ฅ Information receiving ๐ŸŸข Preparing Admin notices (read-only)
๐Ÿ’ฌ Chat room ๐ŸŸก Planned Anonymous group chat (TTL-based)
๐Ÿ“ File sharing ๐ŸŸก Planned File sharing with automatic deletion
๐Ÿ”ฅ Deletion system ๐ŸŸก Planned Automated TTL deletion for messages/files

๐Ÿš€ Development Roadmap

  • โš™๏ธ Design system architecture and security model
  • ๐Ÿ“Œ Finalize tech stack + disguise strategy
  • ๐ŸŒ Purchase domain (???.net)
  • ๐Ÿ”จ Flutter Web calculator scaffold
  • ๐Ÿ”จ Express + SQLite API scaffold
  • ๐Ÿ” Build server-side entry key handling structure
  • ๐Ÿ“ฆ Docker + deployment automation
  • ๐ŸŒ VPS deployment + Cloudflare integration
  • ๐Ÿงช MVP testing
  • ๐ŸŽฏ Stabilization and internal distribution

๐Ÿ“„ Notes

  • Never commit sensitive code or information to GitHub.
  • Flutter code for deployment goes into the build/ directory, and server code runs only inside the Docker container.
  • All API communication is encrypted through HTTPS, and user data is automatically discarded after its TTL setting.
  • Sensitive information such as calculator entry keys and user UUIDs is never included in the frontend; it is handled only through private verification keys inside the server.
  • Entry condition checks and user identification are built as one-way verification logic performed only on the server side, so even if the Flutter Web code is exposed, security information is not revealed externally.

๐Ÿ‘ค Developer Memo

This project is not just a simple app. I am beginning it with the thought that, for some people, it may become a survival tool connected to life itself.

May technology become not a tool of surveillance, but a tool for freedom.

๐Ÿ’ญ Diary

What do I live for? Wealth and honor? No. Things like that were never fit to be goals in the first place. They are only means.

What kind of life do I truly want? โ€ฆ I cannot define it clearly. In any case, it is clear that it belongs within the larger category of loving God / loving my neighbor.

Anyway, seeing how this project makes my heart beat and gives me a sense of thrill, I think this kind of thing is what I most wanted to do right now.

So, for now, let me start with this.

Leave a comment

You may also enjoy