Table of Contents

NExTZ Documentation

Complete guide for users and developers. Learn how to use the platform or build your own.

🚀 Getting Started

For Users
  1. Register: Click "Get Started" and create your account
  2. Verify Email: Go to Settings > Account to verify your email
  3. Setup Profile: Add a profile picture and bio
  4. Start Posting: Share your first post!
For Developers
  1. Prerequisites: .NET 9 SDK, SQLite/PostgreSQL
  2. Clone: git clone [repository-url]
  3. Setup: Configure appsettings.json
  4. Run: dotnet run

📱 User Guide

Creating Posts

Text Posts
  1. Navigate to Home or Posting page
  2. Type your message in the composer
  3. Use #hashtags and @mentions
  4. Click "Post" to share
Media Posts
  1. Click the image icon in the composer, or drag & drop files
  2. Select images or videos (up to 10 files for carousel)
  3. Use the GIF picker to add animated GIFs
  4. Add a caption (optional)
  5. Click "Post" to share
Tips: Posts support images (JPG, PNG, GIF) and videos (MP4, WebM). Max file size: 50MB. You can also drag & drop files or paste images from clipboard!
Managing Posts
  • Edit: Click ⋯ > Edit on your post
  • Delete: Click ⋯ > Delete on your post
  • Like: Click the heart icon
  • Comment: Click the comment icon
  • Bookmark: Click the bookmark icon to save
  • Copy Link: Click ⋯ > Copy link to share
  • Report: Click ⋯ > Report to flag inappropriate content

Shareable Post Links

Individual Post Pages

Every post has its own unique URL that you can share with anyone:

  • Direct Link: /post/{id} - Opens the post in a dedicated page
  • Copy Link: Click ⋯ menu > "Copy link" to copy URL to clipboard
  • Full Features: Like, comment, and bookmark directly on individual post pages
Visibility Controls
  • Public Posts: Visible to everyone, including non-logged-in visitors
  • Followers Only: Only your followers can view the post
  • Private Posts: Only you can see them
Tip: Non-logged-in viewers will see a "Log in" prompt when trying to interact with posts.

Reporting Content

How to Report a Post
  1. Click the ⋯ menu on any post
  2. Select "Report"
  3. Choose a reason from the dropdown
  4. Add optional details
  5. Click "Submit Report"
Report Reasons
  • Spam: Unwanted advertising or repetitive content
  • Harassment: Targeted abuse or bullying
  • Hate Speech: Content promoting discrimination
  • Violence: Graphic or violent content
  • Misinformation: False or misleading information
  • Other: Any other policy violation
What happens next? Our moderation team reviews all reports and takes appropriate action, which may include removing content or suspending accounts.

Using Chat

Starting a Conversation
  1. Go to Chat page
  2. Select a contact from the list
  3. Type your message and press Enter
Features
  • Real-time: Messages appear instantly via WebSockets
  • Media Sharing: Send images, videos, and GIFs
  • Drag & Drop: Drop files directly into the chat
  • Typing Indicators: See when someone is typing
  • Online Status: Green dot shows who's online
  • Message History: Scroll to view past messages
  • Delete Messages: Right-click to delete for yourself or everyone (within 30 min)
  • Forward Messages: Right-click to forward messages to other contacts
  • Reply to Messages: Reply to specific messages in a thread
  • Video/Audio Calls: WebRTC-powered video calls with screen sharing
Note: Chat requires an active internet connection for real-time updates.

End-to-End Encryption

What is E2E Encryption?

End-to-end encryption ensures only you and your chat partner can read messages. Even the server cannot decrypt them.

Setting Up Encryption
  1. Open a chat with any user
  2. Click "Enable Encryption" or accept the encryption request
  3. Wait for key exchange (green lock icon)
  4. Start chatting securely!
Encryption States
  • Not Encrypted - Plain text messages
  • Pending - Key exchange in progress
  • Encrypted - Secure messaging active
  • Key Mismatch - Keys don't match (re-establish)
Security: Uses ECDH (Elliptic Curve Diffie-Hellman) for key exchange and AES-256-GCM for encryption.
Managing Encryption
  • End Encryption: Click the badge to stop encrypted session
  • Clear Messages: Encrypted messages are cleared when ending session
  • Re-establish: You can enable encryption again anytime

Profiles

Editing Your Profile
  1. Click your profile picture > "Profile"
  2. Click "Edit Profile" button
  3. Update your information:
    • Profile Picture
    • Banner Image
    • Display Name
    • Bio (500 characters)
    • Birthday
    • Pronouns
    • Location
  4. Click "Save Changes"
Following Users
  • Visit any user's profile
  • Click "Follow"
  • Their posts will appear in your "Followed" feed
  • Click "Unfollow" to stop following

Settings

Account Settings
  • Username: Change your username
  • Email: Update email address
  • Email Verification: Verify your email for security
  • Phone Number: Add phone for account recovery
Security
  • Password: Change your password regularly
  • 2FA: Enable two-factor authentication (TOTP)
  • Active Sessions: View and manage devices
Privacy
  • Profile Visibility: Public, Friends Only, or Private
  • Message Permissions: Who can message you
  • Online Status: Show/hide when you're online
  • Search Visibility: Appear in search results
Appearance
  • Theme: Light, Dark, System, or Christmas
  • Font Size: Small, Medium, Large, or X-Large
  • Font Family: System, Inter, Roboto, Open Sans, Lato
  • Timezone: Set your timezone for accurate timestamps

Passkey Login (Passwordless)

What are Passkeys?

Passkeys are a modern, secure alternative to passwords. They use your device's built-in security (fingerprint, face ID, or hardware key) to authenticate you.

Benefits
  • More Secure: Resistant to phishing attacks
  • Faster Login: One-tap authentication
  • No Password: No password to remember or reset
  • Cross-Device: Works with password managers like Bitwarden
Setting Up Passkeys
  1. Go to Settings > Security > Passkeys
  2. Click "Register New Passkey"
  3. Follow your device's authentication prompt
  4. Give your passkey a name (e.g., "MacBook", "iPhone")
Login with Passkey
  1. On the login page, click "Login with Passkey"
  2. Enter your username or email
  3. Authenticate with your device
  4. You're in!
Note: Passkeys require HTTPS. You can still use your password as a fallback.

💻 Developer Guide

🏗️ Architecture Overview

Design Pattern

NExTZ follows the MVC (Model-View-Controller) pattern using ASP.NET Core.

Project Structure
NExTZ_code/
├── Controllers/         # MVC Controllers (routing & logic)
│   ├── LandingController.cs
│   ├── UserController.cs
│   ├── ContentController.cs
│   ├── ChatController.cs
│   └── AdminController.cs
├── Models/             # Data models
│   ├── User.cs
│   ├── Post.cs
│   ├── Message.cs
│   └── ...
├── Services/           # Business logic
│   ├── UserService.cs
│   ├── EmailService.cs
│   └── ...
├── Data/               # Database context
│   └── ApplicationDbContext.cs
├── Hubs/               # SignalR hubs
│   ├── ChatHub.cs
│   └── NotificationHub.cs
├── Views/              # Razor views
│   ├── Landing/
│   ├── User/
│   └── Shared/
└── wwwroot/            # Static files
    ├── css/
    ├── js/
    └── images/
Key Components
  • Authentication: Cookie-based with optional Passkey/WebAuthn
  • Real-time: SignalR WebSockets
  • Database: Entity Framework Core with SQLite/PostgreSQL
  • Email: SMTP service (Gmail)
  • Security: Argon2 hashing, CSRF protection, 2FA, Cloudflare Turnstile
  • Passkeys: FIDO2/WebAuthn for passwordless login

🛠️ Technology Stack

Backend
  • .NET 9.0: Latest framework
  • ASP.NET Core MVC: Web framework
  • Entity Framework Core: ORM
  • SignalR: Real-time communication
  • Argon2: Password hashing
Frontend
  • Razor Pages: Server-side rendering
  • Bootstrap 5: CSS framework
  • jQuery: DOM manipulation
  • Vanilla JavaScript: Custom functionality
Database
  • SQLite: Development (lightweight)
  • PostgreSQL: Production (recommended)
Third-party Services
  • Gmail SMTP: Email delivery
  • Cloudflare Turnstile: Bot protection (CAPTCHA)
  • Railway/Render: Hosting (optional)

🗄️ Database Schema

Core Tables

Users

Id, Username, Email, PasswordHash, EmailVerified, EmailVerifiedAt,
TwoFactorSecret, TwoFactorEnabled, ProfilePictureUrl, BannerImageUrl,
Bio, DisplayName, Birthday, Pronouns, Location, CreatedAt, ...

Posts

Id, UserId, Content, ImageUrl, VideoUrl, MediaType, Hashtags,
Visibility, LikeCount, CommentCount, CreatedAt, UpdatedAt

Messages

Id, SenderId, ReceiverId, Content, ImageUrl, VideoUrl,
IsEncrypted, IsRead, CreatedAt

EncryptionSessions

Id, User1Id, User2Id, User1PublicKey, User2PublicKey,
Status, InitiatedAt, EstablishedAt
Migrations

Run migrations to create/update database schema:

dotnet ef migrations add MigrationName
dotnet ef database update

🔌 API Endpoints

Authentication
  • POST /Landing/RegisterAjax - Register new user
  • POST /Landing/LoginAjax - Login user
  • POST /Landing/Logout - Logout
Posts
  • POST /Content/CreatePost - Create post
  • GET /Content/GetFeed - Get posts feed
  • POST /Content/ToggleLike - Like/unlike post
  • POST /Content/AddComment - Add comment
  • POST /Content/DeletePost - Delete post
User
  • GET /User/Profile/{username} - Get profile
  • POST /User/Follow - Follow user
  • POST /User/Unfollow - Unfollow user
  • POST /User/Settings/Account - Update account
Chat (SignalR)
  • Hub SendMessage - Send chat message
  • Hub EstablishEncryption - Start E2E encryption
  • Hub TypingIndicator - Show typing status
CSRF Protection: All POST requests require CSRF token. Use secureFetch() wrapper.

🚀 Deployment Guide

Prerequisites
  • PostgreSQL database (Railway/Render/AWS RDS)
  • SMTP service (Gmail, SendGrid, Mailgun)
  • Hosting platform (Railway, Render, Azure, DigitalOcean)
Environment Variables
DATABASE_URL=postgresql://...
EMAIL_SMTP_SERVER=smtp.gmail.com
EMAIL_SMTP_PORT=587
EMAIL_USERNAME=your@email.com
EMAIL_PASSWORD=your-app-password
SECURITY_PEPPER=your-random-pepper-string
Deployment Steps (Railway)
  1. Create Railway account and project
  2. Add PostgreSQL service
  3. Connect GitHub repository
  4. Set environment variables
  5. Deploy automatically on push
Database Migration

Migrate from SQLite to PostgreSQL:

  1. Install Npgsql: dotnet add package Npgsql.EntityFrameworkCore.PostgreSQL
  2. Update connection string in Program.cs
  3. Export data from SQLite
  4. Import to PostgreSQL
  5. Run migrations
Security: Never commit appsettings.json with real credentials. Use environment variables.

🎨 Customization Tips

Branding
  • Replace logo in /wwwroot/images/
  • Update colors in /wwwroot/css/site.css
  • Modify landing page in /Views/Landing/Index.cshtml
Adding Features
  • New Model: Create in /Models/, add to DbContext
  • New Controller: Create in /Controllers/
  • New View: Create in /Views/
  • API Endpoint: Add action in controller
Email Templates

Customize email templates in EmailService.cs:

  • GetWelcomeEmailTemplate()
  • GetPasswordResetTemplate()
  • GetEmailVerificationTemplate()
  • GetWeeklySummaryTemplate()

❓ Frequently Asked Questions

Click "Forgot Password?" on login page, enter your email, and follow the instructions sent to your email.

Yes! We use Argon2 password hashing, CSRF protection, optional 2FA, and end-to-end encryption for chat.

Yes, go to Settings > Account > Danger Zone and click "Delete Account". This action is permanent.

Click the ⋯ menu on any post and select "Report". Our moderation team will review it.

Images: JPG, PNG, GIF, WebP | Videos: MP4, WebM | Max size: 50MB per file

Yes! Install Npgsql package, update connection string, and run migrations. PostgreSQL is recommended for production.

Need More Help?

Can't find what you're looking for? Our support team is here to help.

Contact Support GitHub
```