This dApp demonstrates secure integration with the HeyElsa chat widget, implementing comprehensive security features to prevent message injection and authentication attacks.
npm installnpm startnpm run start:debug- ✅ HMAC-SHA256 Message Authentication
- ✅ Request-Response Correlation
- ✅ Replay Attack Prevention
- ✅ Strict Message Validation
- ✅ Visual Security Status Indicators
The app always runs in secure mode with full authentication:
- 🔒 Secure Mode: HMAC-SHA256 authentication always enabled
import { createWalletAdapter } from './adapter';
// Create secure adapter (always secure)
const secureAdapter = createWalletAdapter({
onSharedSecretReceived: (secret) => {
console.log('🔒 Secure communication established');
}
});
// Use with widget
<HeyElsaChatWidget
messagePort={secureAdapter.port2}
keyId="your-app"
/>npm start- Start the dApp (always secure)npm run start:debug- Enable debug loggingnpm run build- Production buildnpm test- Run tests
Current security implementation prevents:
- ❌ Message injection attacks
- ❌ Response forgery
- ❌ Replay attacks
- ❌ Man-in-the-middle attacks
- ❌ Unauthorized wallet operations
src/
├── adapter.ts # Complete secure wallet adapter (single file!)
├── App.tsx # Main app with security status
└── components/ # UI components
Everything you need is in adapter.ts - no external dependencies!
- Monitor Console: Watch for authentication events
- Test Attack Prevention: Try injecting fake messages (they'll be blocked)
- Verify Authentication: Check for "✅ Authenticated" status in header
INTEGRATION_GUIDE.md- Quick start guide for dApp developersWIDGET_SECURITY.md- Detailed security implementation guideFLOW_EXPLANATION.md- How the secure communication works- Browser console - Real-time security event logging
Status: 🔒 SECURE
Widget Version: 2.0.0+
Security Level: Production Ready
This project was bootstrapped with Create React App.
You can learn more in the Create React App documentation.
To learn React, check out the React documentation.