Skip to content

Latest commit

 

History

History
123 lines (80 loc) · 12.3 KB

README.md

File metadata and controls

123 lines (80 loc) · 12.3 KB

AO.space

English | 简体中文

AO.space is a solution that focuses on protecting personal data security and privacy. Utilizing end-to-end encryption and device-based authentication, users have complete control over their personal accounts and data. AO.space also employs various technologies, including transparent platform forwarding, peer-to-peer acceleration, and LAN direct connection, to enable fast access to personal data from anywhere at any time. Leveraging Progressive Web App and cloud-native technology, AO.space has developed an integrated application ecosystem that could include both front-end and back-end components.

AO.space is composed of three parts: server-side, client-side, and platform-side. The server-side and client-side run on personal devices and establish encrypted communication channels with public key authentication. The server-side supports x86_64 and aarch64 architectures and can run on personal servers, computers, or other similar devices. The client-side supports Android, iOS, and Web platforms, providing users with the convenience of using AO.space anywhere and anytime. For platform side, user can either use the default platform provided by AO.space or deploy by own. In both cases, the platform provides network communication services without the capability to decipher user data.

Architecture

An architectural design overview is as below, along with detailed information about the core components, encompassing server-side, client-side, and platform-side. The server-side serves as the core of the personal space and is deployed on long-running, connected devices such as personal servers and personal computers. The client-side is used for everyday personal electronic devices, including smartphones, tablets, and personal computers. AO.space currently offers clients for Web, iOS, and Android. The platform-side provides network communication services without the capability to decipher user data.

AO.space-architecture

Server-side

The core of the AO.space, also known as the AO.space Server, consists of sofeware, hardware, operating system (such as EulixOS/openEuler and other Linux distributions). On top of the basic operating system, various space-related services and essential components are deployed primarily using containerization. It comprises the following modules:

  • Web Server(nginx): The entry service for traffic into the AO.space.
  • Agent: It acts as a bridge between the client, platform, and server, adapting to the operating system.
  • Gateway: Responsible for API routing, forwarding, end-to-end encryption and decryption, authentication, and authorization of overal the AO.space application-layer requests.
  • AOFS: It offers storage and management functionalities for space files. It is a virtual file system that combines object storage and file storage methods.
  • Preview: It's in charge of generating preview images for space files.
  • ContainerMgr: It is used to communicate with underlying container services.
  • Databases:
    • SQL Instance (Postgresql): It provides data storage and management for relational databases within the space.
    • NoSQL Instance (Redis): It offers data storage and management for non-relational databases within the space, as well as messaging capabilities.
  • Network client: It's part of implementation for transiting network from internet to NAT office or home netrok. It also helps to establish P2P connections with the AO.space client.
  • Applications: They are divided into three types: front-end only, back-end only, and hybrid applications which contain front-end and back-end. They are mainly used to expand the functionality of the AO.space services and are the key elements of the AO.space ecosystem. These official or third-party applications can be accessed through the AO.space Space user domain from internet, such as Card/CalDAV services.

Client-side

The client functions as the system's frontend, granting us with access to all functionalities of the AO.space. It encompasses Web, iOS, Android platforms, providing the following key modules:

  • End-to-End Encryption Channel
  • Files
  • Devices
  • Family
  • Space Application
  • Developer Options
  • Security

Platform-side

The platform offers essential network resources and associated management capabilities. It comprises the subsequent components:

  • Endpoint: It handles and dispatches the overall traffic within the AO.space ecosystem.
  • BaseService: It offers the AO.space device registration service, along with coordinating and managing platform network resources (domains, forwarding proxies, etc.).
  • Transit server: It gives us the ability to send network traffic from internet to the AO.space device typically connected within a NAT office or home network. Additionally, it also supplies STUN services to enable to transit traffic through p2p channel using the WebRTC-based protocol.

For more information, please visit the #Documentation.

Source code repository introduction

The overall project includes :

Server repository introduction

The server is the main data carrier of AO.space and is also the core of data protection. It consists of the following repositories:

  • space-agent:It provides services such as device binding, system service module startup bootstrapping, and management.
  • space-aofs:It provides file access services, including interfaces for file querying, chunked uploading, downloading, and more.
  • space-gateway:The end-to-end request security processing module receives requests, decrypts them, and forwards them to the relevant modules. It encrypts the responses and sends them back to the requesting client.
  • space-filepreview:It supports the generation of thumbnails and preview images for media files. This functionality allows users to generate smaller versions or preview images of their media files, which can be useful for displaying file previews or creating thumbnails for faster loading.
  • space-media-vod:Provide streaming media data access services
  • space-web:Providing an Nginx reverse proxy service for serving web-based service resources and requests
  • space-upgrade:On-demand startup, mainly responsible for server-side upgrades

Clients repository introduction

The client supports Android, iOS, and Web versions, and consists of the following repositories:

  • client-android:Provide a client on Android platform for AO.space.
  • client-ios:Provide a client on iOS platform for AO.space.
  • space-web:Deployed on the server, providing a web-based client for AO.space.

Platform repository introduction

The responsibility of AO.space Platform is to establish a transparent communication channel for personal equipment. It consists of the following repositories:

  • platform-proxy:provide high-availability forwarding and horizontal expansion support for the requests from clients.
  • platform-base:provide the registration service of AO.space, and coordinate and manage the platform network resources.
  • gt:provides network support services that penetrate NAT access AO.space through relay forwarding.

Build and deploy

To deploy and run the project from a release version, or to build and run it from the source code, please refer to build-and-deploy.

Documentation

Contribution Guidelines

Contributions to this project are very welcome. Here are some guidelines and suggestions to help you get involved in the project.

Contribution Guidelines

Contact us

License

AO.space is open-sourced under Apache License 2.0, see LICENSE. The following sub-projects use other open-source licenses:

Acknowledgments

AO.space heavily relies on the open-source achievements of other projects. We would like to express our special thanks to them(in alphabetical order): AFNetworking, Android-Office, AndroidPdfViewer, BouncyCastle, CocoaLumberjack, commons-codec, eventbus, ExoPlayer, fastjson, FileMD5Hash, findbugs, FLAnimatedImage, GCDWebServer, Gin, Gitlab, GKPhotoBrowser, glide, Go, graalvm, gson, guava, ip2region, IQKeyboardManager, ISO8601, jakarta.mail, java-totp, JSONModel, kaltura/nginx-vod-module, lombok, LookinServer, lottie-ios, lottie, Masonry, MJExtension, nginx, okhttp, OpenResty, OpenSSL-Universal, pinyin4j, postgres, preview-generator, quarkus, Reachability, Redis, rest-assured, Retrofit, RxAndroid, Rxjava, SAMKeychain, SDCycleScrollView, SDWebImage, SmartRefreshLayout, SocketRocket, SSZipArchive, SVProgressHUD, WCDB, WebSocket, YCBase, YCEasyTool, YYCache, YYModel, ZXing and so on。

Finally, thank you for your contribution to this project. We welcome contributions in all forms, including but not limited to code contributions, issue reports, feature requests, documentation writing, etc. We believe that with your help, this project will become more perfect and stronger.