HIGH SECURITY ELECTRON.JS APPLICATION WITH REACT.JS AND GOLANG FOR THE MYANMAR ELECTION
Myanmar voted in monumental elections last month. What you might not know is that there was a lot of work that went in to making these elections possible, including the work Wiredcraft just completed on the Myanmar Election Project. We built the entire voter registration system for IFES (International Foundation for Electoral Systems and the Myanmar UEC (Union Election Commission); one of the most important parts of the project was the Windows Application, called the Township Voter Registration (TVR), that allowed UEC members on the ground to help collect voter registrant information and make corrections. We spent a lot of time working to make the TVR user friendly and secure and we were able to use some really cool technology to do it.
For the TVR some important points we considered during the build were:
- High security, data is very sensitive
- Running on Windows, built on MacOSX
- Totally offline
This project required high amounts of data security due to the sensitive nature of the voter registrants data. We needed to keep hackers out of the door, so choosing the technology stack we used was a very important step. We had two choices.
- Use C#/C++ to build a Windows Native application
- Use cross-platform technology to build a cross-platform application that can run on Windows
- We don’t need to learn something new and difficult.
- We can use our rich website development experiences.
- We can have some cool UI/UX and much easier to change them, these all are CSS’s work.
- We haven’t build a production application yet, we only had play it around.
Native languages C++/C#
- Microsoft made it , so at some points native languages may good to development Windows Application.
- We can build the whole application with a single language.
- Even the C++/C# are the official languages for building Windows Applications, but we still don’t know if it’s easy to work with.
- We need spend lots of time to learning and gaining expertise on a new language, and we may not use it later on.
- C++/C# is also a good choice but C# is still easy decompiled by some tools like RemoteSoft’s Salamander,Lutz Roeder’s Reflector ,so we may still need to build the encrypt/decrypt part with C++. -Learning C++ is more difficult than some other languages (everyone knows that.), we may face lots of issues and it may not be easy to solve.
Electron.js and NW.js both are good open source projects, they make it easy to build a cross-platform application, but electron provides more features like multi-context, which allows us to do more in the generation of the PDF process. You can read more about how we built a high performance PDF generator in Electron.js for the Myanmar election and here on GitHub
Snapshot vs Golang
- I found v8 snapshot later on, it provides some great benefits — it’s good way to protect the source code, it will compile your source code to v8 engine snapshot file, then you can use it directly in your code.
- Snapshot does have some limitations — you will get in to trouble when you snapshot a large piece of code, the snapshot file will increase when you use it over time, and it’s not good to use for data storage within the code. It will keep the state after you use it next time, sometimes this is a good thing, but you don’t want keep the state forever, it will make things go crazy.
- We considered using some Node.js native modules, but we faced the same situation again; Node.js native module is written by C++ and this would require our team to spend excess time fine tuning C++ skills.
- Golang is a compile language , all things will compile to the executable binary file, it will keep your source code safe.
- The cross-platform property allow us to build on Mac OSX and release it for a Windows machine, it will make the development process very easy.
- It’s a modern language, we think learning Golang is much easy than learning C++ (Actually it is.).
- We may use it later on, maybe we will use it to build some of our future web project.
Data Entry Security
We separate the whole application in to different layers. On the top is the UI layer built by React.js and SASS, in the middle is the data layer built by Golang, and at the bottom is the database layer handled by Encrypted SQLite database which is aSQLCipher
At the Golang layer, we provided several APIs for the front-end, we move all the complicated logic to the Golang layer so the front-end doesn’t need to care for the data process. The front-end only needs to call the API through the Node.jschild_process and then they have accessibility. For example, we have an API that exports some data entries to our central server (the Windows application is totally offline), the frond-end just needs to call the API and send a path where use want to store the package on his Windows machine, the Golang middleware will find all the data and do a PGP encryption, then write to the path. The only issue for us is Golang doesn’t support the SQLCipher database officially, and there is no third-party library that can do that, so I built one to fit our specific needs and solve our problems:https://github.com/xeodou/go-sqlcipher.
Electron.js and Golang helped us build the high level security used in the TVR, even though we didn’t have too much experience building Windows Applications. We didn’t have to worry about how the application worked with Windows, because Electron.js will do it for us. React.js helped us move fast on the building of the UI part of the TVR: we were able to implement lots of cool User Interfaces and it was easy to implement; it was like we were just building a website. We learned a lot about implementing high security features with cross-platforms with Golang, React.js, Electron.js and SQLCipher.
- Facebook React
- SQL Cipher
- Protect JS Source Code with v8 snapshot
- Atom Shell Vs. Node.js Webkit
- PDF Generation on the Web
Original published at Wiredcraft: