hemmeligorg / hemmelig.app Goto Github PK
View Code? Open in Web Editor NEWKeep your sensitive information out of chat logs, emails, and more with encrypted secrets.
Home Page: https://hemmelig.app
License: MIT License
Keep your sensitive information out of chat logs, emails, and more with encrypted secrets.
Home Page: https://hemmelig.app
License: MIT License
If the secret has the flag checked where the secret should be burned after the time expires. It should be possible to download the image until then.
Currently it uses two calls to Redis, however, transactions might solve this: https://redis.io/topics/transactions
Update the API section with information for devs. First, implement create account page. Have to assign the user key:token.
About Hemmelig. Why? How? What next?
So, currently the only support for this repository is the "do-connecting-ip" header for digital ocean to fetch the user IP. However, if people self host, they most likely do not have this header.
To do:
Rewrite this part of the code to accept a string from a ENV var injected to the docker container to decide what header to look for. https://github.com/HemmeligOrg/Hemmelig.app/blob/main/src/server/decorators/allowed-ip.js#L15
Set the default header to "do-connecting-ip".
Note, update this code as well: https://github.com/HemmeligOrg/Hemmelig.app/blob/main/src/server/decorators/rate-limit.js#L21
Create account to be able to use the API
Hi, I'm the guy who asked about translation support in Reddit. Would you consider a PR with some support? Frontend maybe.. I think I can add some basic implementation of react-i18n...
To be used to create the secrets from the CLI. Blocked by #7
Allow certain IP range. I.e. if is on a VPN. Per share? Account sets restriction?
Really, nothing yet. Just providing basic auth name / secret for later usage.
This means combining the server and the frontend.
View the following link to download the report.
RunnerID:2269780501
to prettify the app
As the title says. Currently, it was made as a MVP, and is not very clean.
TBD
To be used for i.e. Kubernetes.
And handle cases such at this really bad hack: https://github.com/HemmeligOrg/Hemmelig.app/blob/main/src/client/helpers/state-emitter.js
State manager ftw. Might have a look at a different state manager for React as well. KISS.
Documentation: https://www.npmjs.com/package/bcrypt#user-content-a-note-on-rounds
I would say 10 or 12 should be fine
Just as mentioned in my original reddit comment
Ideally the way I think it should be implemented is with an "Expert mode" option. This way non-technical users won't struggle with it.
Alice creates a link and this generates a key pair
Alice sends the link (which contains the public key) to bob
Bob opens the link, and a key pair is created for bob
Bob is prompted to send the public key he has to alice using that same unencrypted channel. Meanwhile the shared key is created and put into a cookie using bobs private key and Alices public key
Alice puts bobs key in the link they generated. This creates the shared key on Alices end.
Alice then puts the secret data they want to send to bob. The Shared key encrypts the data being sent.
Bob then see's the information is available, and decrypts the note because their browser has the shared secret in a cookie.
Make it possible to brand the self-hosted version.
It makes it hard though while using bcrypt. Which means the hash is always different. However, might be able to inject the password as a sha, which again is encrypted by tweetnacl. Look into this.
id exist endpoint: Check whether the id exists or not and if it has a password tied to it.
id view endpoint: Should burn the secret by default
remove the burn endpoint
This code requires a bit of refactoring. Pushed the feature for testing, and will come back to this. Will also enable multi upload for more filetypes. Not just images. Use Signal input field as inspiration
Create an adapter which makes it possible to upload directly to the server where hemmelig is running. By doing this it is possible to eliminate using DO or s3
Currently, a new logo is in the making.
As the title says. Add a flag for this.
Feel free to audit this application. Would be highly appreciated.
they should also be allowed to delete them, and set new passwords to them
Site: http://hemmelig.app
Site: https://hemmelig.app
New Alerts
View the following link to download the report.
RunnerID:2269780501
There are a couple of spelling errors in README.md -- I've forked the repo and will submit a pull request with the corrections
This might be by default, then light mode has to be turned on.
Considering to create a queue mechanism here to trigger an event when the time is up for deletion
Add script to prompt the user if they want to add the app to their home screen.
Easier for everyone
Important: Do not track personal data at all.
None of these should be tracked by 3d party applications.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.