Giter VIP home page Giter VIP logo

fort's Introduction

fort 🏰

A minimalistic alternative to nextcloud.

Screenshots

This one's the lighthouse score through a slow vpn connection in a different country connecting to an instance on a residential ip!

Installation

To install, all you need is docker and docker-compose and common sense (please don't use the default credentials).

You should edit docker-compose.yml and change the storage location for persistent storage (STORAGE_PATH).

The default login is admin:admin. You can change this and add new users by running the add-user script:

# Change admin password
docker-compose exec -it www /app/add-user "admin" "password"

# Add a new user
docker-compose exec -it www /app/add-user "username" "password"

You'll also need to edit the LAT and LON environment variables if you want accurate weather info.

To run the service, type the following command:

docker-compose up -d

and visit the webpage in your browser.

Authentication/Authorizing

Since I will probably forget how I've implemented authentication in the future, here's how I did it:

  • User clicks login
  • Server checks password against bcrypt hash in private db (the key is the user)
  • If the user has the right password continue, otherwise return 401
  • Create a JWT that stores the user as the payload
  • JWT is signed by the server
  • User can use this jwt cookie as authorization to prove they are a specific user

Mitigations agaisnt JWT bruteforcing

When the server starts up for the first time, it generates a random string of 2048 chars out of a choice of 88 chars. This is an arbitrary number that I think is strong enough against bruteforcing. Feel free to disagree with a pr.

Todo

  • Docker support
  • Basic file upload and download
  • No third-party cross-origin nonsense on client-side
  • File browser
  • File editor
    • Create files
    • Create folders
    • Upload files to directory
    • Delete files
    • Rename files
    • Rename folders
    • Edit text files
  • Layer 7 stuff
    • HTTP/2 support
    • HTTP/3 support
    • TLS support
  • Users and access control
    • Better cookie+jwt based auth
    • Access control
    • Sharing files and folders
  • Upload progress bar
  • Support multiple files
  • The weather and stuff
  • Custom dashboard creation

fort's People

Contributors

lockness-ko avatar

Stargazers

Chris Lo avatar Марко Кажић avatar

Watchers

James Cloos avatar avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.