Ala Obeidat adds E2EE handshake and TURN rotation to Alfajer
This GitHub repository details "Alfajer," a private 1-to-1 video/audio calling Progressive Web App (PWA) built using WebRTC for media transmission and a custom Bun+ElysiaJS WebSocket signaling server. The architecture emphasizes privacy with no persistent storage, logs, or accounts, and features end-to-end encryption notes via RTCRtpScriptTransform, though it's currently disabled pending a cross-browser capability handshake. Recent commits detail a "5-tier UX overhaul" and automation for TURN secret rotation.
Key Takeaways
- Alfajer is built as a 1-to-1 video/audio calling PWA on WebRTC, with Bun + ElysiaJS handling WebSocket signaling.
- The app keeps rooms in memory only: no database, no Redis, no log files, and no account system.
- Recent commits describe a 5-tier UX overhaul, including quality pills, speaking indicators, toasts, install prompts, chat, and screen share.
- A new TURN secret rotation script is designed for a 90-day cadence and updates both /etc/turnserver.conf and apps/signaling/.env.
- End-to-end encryption uses RTCRtpScriptTransform and is gated by an e2eeSupported capability handshake between peers.
Why It Matters
The immediate signal is that Alfajer is moving from a basic private calling demo into a more complete calling stack, with explicit UX polish, chat, screen share, and automated TURN credential rotation. That matters in the streaming delivery and real-time comms ecosystem because the repository pairs privacy claims with concrete operational details: in-memory rooms, no logs, and negotiated E2EE on top of WebRTC’s DTLS-SRTP. The clearest next marker is whether the RTCRtpScriptTransform path stays disabled only for compatibility, or appears enabled across the latest Chrome and Safari browsers described in the README.
Read full article at github.com