Quasar Contact is a privacy-focused real-time messaging platform built with a zero-knowledge architecture. The application implements hybrid RSA-OAEP + AES-GCM encryption where all cryptographic operations occur client-side, ensuring the server never has access to plaintext messages or private keys. The platform features real-time messaging with WebSocket-based communication, typing indicators, read receipts, message editing/deletion, and an offline message queue. The mobile-first design. delivers 60fps performance with dynamic viewport handling for virtual keyboards and safe area support for modern devices. Security is paramount with multi-layer bot protection (98+ blocked attack vectors), CSRF protection, brute-force prevention, and Cloudflare Turnstile integration. The application uses JWT authentication with HttpOnly cookies and implements atomic refresh token management to prevent race conditions.
Duration
Tech Stack
Challenge
Build a messaging platform where user privacy is guaranteed by architecture, not policy. The server must never have the ability to read messages, even if compromised. The solution needed to handle real-time communication at scale while maintaining mobile-first performance, implement enterprise-grade security against automated attacks, and provide a seamless user experience across all devices without sacrificing encryption.
Solution
Implemented a hybrid encryption system (RSA-OAEP for key exchange + AES-GCM for message encryption) with all cryptographic operations performed client-side using the Web Crypto API. Private keys are stored in AES-GCM encrypted IndexedDB, isolated per user. Architected the frontend using a facade pattern with 8 specialized services for chat functionality, enabling testable, focused components and 60fps mobile performance with dynamic viewport handling. Built a multi-layer security system including bot blocking (98+ attack vectors), honeypot traps, rate limiting, CSRF protection, and Cloudflare Turnstile integration. Designed real-time infrastructure with Socket.IO featuring automatic reconnection, offline message queuing with 30-second TTL, and event replay for reconnecting users.
Here's how it looks
