hemmeligorg / hemmelig.app Goto Github PK
View Code? Open in Web Editor NEWKeep your sensitive information out of chat logs, emails, and more with encrypted secrets.
Home Page: https://hemmelig.app
License: MIT License
Keep your sensitive information out of chat logs, emails, and more with encrypted secrets.
Home Page: https://hemmelig.app
License: MIT License
Easier for everyone
Just as mentioned in my original reddit comment
Ideally the way I think it should be implemented is with an "Expert mode" option. This way non-technical users won't struggle with it.
Alice creates a link and this generates a key pair
Alice sends the link (which contains the public key) to bob
Bob opens the link, and a key pair is created for bob
Bob is prompted to send the public key he has to alice using that same unencrypted channel. Meanwhile the shared key is created and put into a cookie using bobs private key and Alices public key
Alice puts bobs key in the link they generated. This creates the shared key on Alices end.
Alice then puts the secret data they want to send to bob. The Shared key encrypts the data being sent.
Bob then see's the information is available, and decrypts the note because their browser has the shared secret in a cookie.
they should also be allowed to delete them, and set new passwords to them
It makes it hard though while using bcrypt. Which means the hash is always different. However, might be able to inject the password as a sha, which again is encrypted by tweetnacl. Look into this.
Add script to prompt the user if they want to add the app to their home screen.
TBD
Create an adapter which makes it possible to upload directly to the server where hemmelig is running. By doing this it is possible to eliminate using DO or s3
And handle cases such at this really bad hack: https://github.com/HemmeligOrg/Hemmelig.app/blob/main/src/client/helpers/state-emitter.js
State manager ftw. Might have a look at a different state manager for React as well. KISS.
Currently, a new logo is in the making.
Feel free to audit this application. Would be highly appreciated.
So, currently the only support for this repository is the "do-connecting-ip" header for digital ocean to fetch the user IP. However, if people self host, they most likely do not have this header.
To do:
Rewrite this part of the code to accept a string from a ENV var injected to the docker container to decide what header to look for. https://github.com/HemmeligOrg/Hemmelig.app/blob/main/src/server/decorators/allowed-ip.js#L15
Set the default header to "do-connecting-ip".
Note, update this code as well: https://github.com/HemmeligOrg/Hemmelig.app/blob/main/src/server/decorators/rate-limit.js#L21
Site: http://hemmelig.app
Site: https://hemmelig.app
New Alerts
View the following link to download the report.
RunnerID:2269780501
As the title says. Add a flag for this.
to prettify the app
This code requires a bit of refactoring. Pushed the feature for testing, and will come back to this. Will also enable multi upload for more filetypes. Not just images. Use Signal input field as inspiration
Documentation: https://www.npmjs.com/package/bcrypt#user-content-a-note-on-rounds
I would say 10 or 12 should be fine
This means combining the server and the frontend.
If the secret has the flag checked where the secret should be burned after the time expires. It should be possible to download the image until then.
This might be by default, then light mode has to be turned on.
Create account to be able to use the API
To be used to create the secrets from the CLI. Blocked by #7
Important: Do not track personal data at all.
None of these should be tracked by 3d party applications.
To be used for i.e. Kubernetes.
Currently it uses two calls to Redis, however, transactions might solve this: https://redis.io/topics/transactions
As the title says. Currently, it was made as a MVP, and is not very clean.
Really, nothing yet. Just providing basic auth name / secret for later usage.
id exist endpoint: Check whether the id exists or not and if it has a password tied to it.
id view endpoint: Should burn the secret by default
remove the burn endpoint
There are a couple of spelling errors in README.md -- I've forked the repo and will submit a pull request with the corrections
Allow certain IP range. I.e. if is on a VPN. Per share? Account sets restriction?
Hi, I'm the guy who asked about translation support in Reddit. Would you consider a PR with some support? Frontend maybe.. I think I can add some basic implementation of react-i18n...
View the following link to download the report.
RunnerID:2269780501
Update the API section with information for devs. First, implement create account page. Have to assign the user key:token.
Make it possible to brand the self-hosted version.
About Hemmelig. Why? How? What next?
Considering to create a queue mechanism here to trigger an event when the time is up for deletion
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.