How to Build a Secure Chatbot — Part One
Hello World!
To make it easy for anyone to build custom connections into Forsta, we’ve built an open-sourced NodeJS library for our Forsta Secure Messaging Platform called, librelay-node that contains all of the functions required to send and receive encrypted messages over the Forsta Secure Messaging Platform. This is the first in a series of blog posts that will illustrate how to use this library and discuss the issues involved in using it.
Because it will help illustrate the issues in keeping your custom connection just as secure as the Forsta Platform you’re connecting to — this blog series will focus on building a secure chatbot.
Chatbots are simply programs that you can interact with via a messaging platform. These bots often utilize a form of Artificial Intelligence (AI). There has been an explosion of chatbot engines recently, as messaging has become the main use of mobile devices. Time spent on social media/messaging apps account for 5 hours a day for the average American!
To lay the groundwork for understanding how to connect the Forsta Secure Messaging Platform with the various bot engines — we will start with simply hosting a Forsta user-device in the cloud. We’ll go through the code and each step to set up a simple ‘hello world’ example.
The Forsta Secure Messaging Platform is end-to-end encrypted — this means there is no central database or single encryption key. This means that each device that a user ‘registers’ with their account: a mobile app, a browser tab, or cloud-hosted ForstaBot — its own set of public encryption keys AND its own database of the messages sent and received.
The benefit of this approach is that there is no central database that can be compromised, and when you start a conversation with a colleague, client, or customer — your devices exchange unique encryption keys to become the only devices that can decrypt the messages they exchange.
In Forsta, each user is denoted by its username and organization separated by a colon, ‘username:organization’.
Each user can of course have multiple devices to communicate from, i.e. a smartphone, a browser window, and in the case of a bot — the user/device is a standalone app, installed on an always-available cloud server.
So, let’s create a new Forsta user account, in the free ‘forsta’ organization, and then provision a device for that user on an app installed in the cloud.
A ForstaBot can be configured to run on any hosting platform. For this example, we’ll be using Heroku to host the app and Github to distribute and deploy the code. So you’ll need to be familiar with and have accounts with both of those services. You will also need a terminal-based development environment with Node 8+, Git, and the Heroku toolbelt installed, a text-editor designed for editing code, and a separate account set up for the bot with Forsta.
Note: to maintain the ‘always-on’ worker dyno that a chatbot requires, the Heroku platform charges 7.00/month, but we will be testing everything in our local environment first, and then only deploying to the web as a proof of concept and can easily switch it on and off, not getting charged while it isn’t turned on.
Let’s Get Started
Go to https://github.com/ForstaLabs/ForstaBot-HowTo, and let’s take a look at the code.
This app very simply packages our librelay-node library into a format that can be hosted on Heroku. Take a look at the `index.js` file in the `src` folder.
The first line `require(‘librelay’);` installs the Forsta npm library.
The next two lines give us the functions we need to use the server’s bash environment in order to manually provision a user. The following `input` `login` and `main` functions provide the tooling to do that.
About halfway down the file, the msgHandler function uses the key exchange and encrypting and decrypting between users and the messages they send and receive with your bot.
Notice the line: reply = “hello world!”;
This ‘hello world’ chatbot application does just that — every message it receives will be replied to with the string ‘hello world!’
Simple? Of course that’s the point! We’ll edit this once we get it up and running, and so to do that — complete the following steps to push the code to your cloud instance and provision your ForstaBot user.
Fork the repo and open a terminal to clone it down to your development environment. We’re going to push the fork/clone of your chatbot up to a cloud server so that it can always respond. We’re going to use heroku so make sure you have an account there and have the heroku tool-belt installed.
Then, while inside that project folder, enter the following commands:$ heroku create$ git push heroku master$ heroku addons:create heroku-redis:hobby-dev
Then back in the browser, log into heroku.com and…
1. Upgrade the worker dyno to the hobby level
(after we’re done here, we’ll turn them back off until we add some real functionality to the bot)
2. Make sure that the default web dyno is turned off, and the worker dyno is turned on
Now, back at your terminal…$ heroku run bash$ node src
You should then receive a prompt asking for a Forsta account. Use the credentials from the account you set up for this bot including the SMS code you’ll receive after entering a valid user.
Try entering $ node src again if you don’t.
Let’s test it!
1. Log into a different Forsta account in a web browser or mobile app 2. Start a new conversation with the bot 3. Send it a message and…
4. “Hello World!”
Allright!
OK, now let’s add a little more functionality to that “reply” variable.
Open a terminal and start a new git branch$ git checkout -b branch-name open the code in your editor of choice
$ atom .
Now in your text editor: change reply = “hello world!”; to something like:reply = “I’m sorry, did you just say” + text + “?”;
Then, back in the terminal, add the changes to your branch$ git add src/index.js
First, commit your changes$ git commit -m ‘echo the reply’
then push them to both your repo and your heroku.$ git push origin [branch-name] && git push heroku master:[branch-name]
Finally, re-provision your bot$ heroku run bash$ node src
Also, if you want to test out any changes before pushing up to the server, you can always run your code locally with the commands:
Wrapping up
1. Turn off your heroku worker dyno if you don’t want to get charged,
2. Complete a pull request at github in order to merge your changes into master
3. And pull your origin master branch down to merge with your local master branch
Part Two — Intro to Artificial Intelligence
Let’s get this bot chatting.
Originally published at www.forsta.io.
