📸 Instax - Privacy-First Social Network#

A privacy-focused social media platform built with the Nixi framework. Instax is an Instagram alternative that puts user privacy and security first.

A basic Nixi app example#

• Framework: Nixi
• not for scale
• test app

✨ Features#

🔐 Privacy & Security#

• End-to-End Encryption: All messages and specified content are encrypted
• Client-side Encryption: Encryption happens on your device, not on servers
• No Tracking: Zero analytics, no data harvesting
• EXIF Stripping: Automatic removal of location/metadata from uploaded images
• Two-Factor Authentication: Account recovery codes and 2FA support
• Device Management: View and revoke active sessions

📱 Core Social Features#

• Profile Management: Editable bio, avatar, privacy toggles
• Posts: Text, images, videos with privacy controls and expiration timers
• Feed: Personalized feed with followed users and recommendations
• Explore: Privacy-preserving discovery (no search logging)
• Direct Messages: Encrypted conversations
• Notifications: Local aggregated notifications
• Media Gallery: Albums, uploads, local-only toggle

🛡️ Moderation Tools#

• Report System: Confidential and encrypted reports
• Block/Mute: Control who can interact with you
• Content Filters: Hidden words and custom filters
• Privacy Controls: Granular audience selection

🎨 Design#

• Theme: Catppuccin Mocha (lavender primary color)
• Framework: Nixi - Lightweight Lua web framework
• Responsive: Mobile-first design
• Fast: Minimal dependencies, optimized performance

🚀 Installation#

Prerequisites#

• Lua 5.1+ or LuaJIT (for Lua backend)
• Python 3.x (alternative server, more widely available)
• LuaSocket (optional, for Lua server)
• LuaFileSystem (optional, for file operations)
• ImageMagick (optional, for image processing)

Setup#

# Navigate to the project directory
cd /home/jadu/codespace/Insatx

# Option 1: Python server (recommended - no dependencies needed)
python3 server.py

# Option 2: Python server on custom port
python3 server.py 8080

# Option 3: Lua server (requires LuaSocket)
lua server.lua

# Option 4: Use nixi CLI (from nixi directory)
cd ~/codespace/nixi
./bin/nixi.lua dev

The app will be available at http://127.0.0.1:3000

📁 Project Structure#

Insatx/
├── app.lua                 # Main application entry point
├── server.lua              # Development server
├── src/
│   ├── nixi/              # Nixi framework (symlinked)
│   ├── ui/
│   │   └── components.lua  # Reusable UI components
│   ├── crypto/
│   │   └── crypto.lua     # E2EE encryption module
│   ├── db/
│   │   ├── schema.sql     # SQLite database schema
│   │   └── database.lua   # Database operations
│   ├── media/
│   │   └── media.lua      # Image processing (resize, strip EXIF)
│   └── sync/
│       └── sync.lua       # Offline-first sync engine
├── routes/
│   └── moderation.lua     # Moderation routes
├── layouts/               # Layout templates
├── public/
│   ├── css/
│   │   └── instax.css    # Catppuccin Mocha theme
│   └── js/
│       └── instax.js     # Client-side interactions
├── data/                  # Database and sync queue storage
├── scripts/               # Build and migration scripts
└── tests/                 # Test files

🔧 Configuration#

Theme Colors (Catppuccin Mocha)#

• Primary: #b4befe (Lavender)
• Background: #1e1e2e (Base)
• Surface: #313244 (Surface0)
• Text: #cdd6f4 (Text)
• Success: #a6e3a1 (Green)

Privacy Levels#

1. Public (🌍): Anyone can see
2. Followers (👥): Only followers
3. Encrypted (🔐): End-to-end encrypted
4. Private (🔒): Only visible to you

🛠️ Development#

Running the Server#

# Development mode with auto-reload
lua server.lua -w

# Production mode
lua prod-server.lua

Building Components#

Use the Nixi CLI to generate components:

cd ~/codespace/nixi
./bin/nixi.lua generate component PostCard
./bin/nixi.lua generate route /api/posts

Database Migrations#

The database schema is in src/db/schema.sql. To apply migrations:

sqlite3 data/instax.db < src/db/schema.sql

🔐 Privacy Features Explained#

End-to-End Encryption#

• Messages are encrypted on the sender's device
• Only the recipient can decrypt them
• Server never sees unencrypted content

Key Management#

• Users have RSA keypairs for asymmetric encryption
• AES keys generated for each message
• Private keys encrypted with user's password

EXIF Stripping#

• Automatic removal of GPS coordinates
• Strips camera model, timestamps, and other metadata
• Applied before upload to server

Offline-First Sync#

• Operations queued when offline
• Sync when connection restored
• Conflict resolution strategies

📝 API Routes#

Main Pages#

• / - Home feed
• /explore - Discover content
• /create - Create new post
• /messages - Direct messages
• /notifications - Notifications
• /profile - User profile
• /settings - Settings & security
• /moderation - Moderation tools

API Endpoints#

• POST /api/posts - Create post
• POST /api/messages - Send message
• POST /api/reports - Submit report
• GET /api/explore/search - Privacy-preserving search

🎯 TODO#

• User authentication system
• Real-time WebSocket messaging
• File upload API
• Federation support (ActivityPub)
• Mobile app (GTK or native)
• Desktop app
• Push notifications
• Self-hosting documentation

🤝 Contributing#

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Submit a pull request

📄 License#

MIT License - See LICENSE file for details

🙏 Credits#

• Built with Nixi Framework
• Theme: Catppuccin
• Icons: Native emoji and custom SVG

Instax - Your data, your rules. 🔐