actions maintenance

Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.24.1 to 1.25.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.24.1...tokio-1.25.0)

---
updated-dependencies:
- dependency-name: tokio
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.dev.env

@@ -0,0 +1,2 @@
+SIZE_LIMIT=10MiB
+VERBOSITY=debug

.dockerignore

@@ -1,15 +1,15 @@
 *
 
-!/backend/src
-!/backend/Cargo.lock
-!/backend/Cargo.toml
+!/packages
+!/package.json
+!/pnpm-lock.yaml
+!/pnpm-workspace.yaml
 
-!/frontend/locales
-!/frontend/src
-!/frontend/static
-!/frontend/.npmrc
-!/frontend/package.json
-!/frontend/pnpm-lock.yaml
-!/frontend/svelte.config.js
-!/frontend/tsconfig.json
-!/frontend/vite.config.js
+**/target
+**/node_modules
+**/dist
+**/bin
+**/*.tsbuildinfo
+**/build
+**/.svelte
+**/.svelte-kit

.github/workflows/docker.yml

@@ -1,24 +1,23 @@
-name: ci
+name: Publish
 
 on:
   workflow_dispatch:
   push:
     tags:
-      - "v*.*.*"
+      - 'v*.*.*'
 
 jobs:
   docker:
     runs-on: ubuntu-latest
     steps:
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+      - uses: actions/checkout@v3
+      - uses: docker/setup-qemu-action@v2
+      - uses: docker/setup-buildx-action@v2
         with:
           install: true
       - name: Docker Labels
         id: meta
-        uses: crazy-max/ghaction-docker-meta@v2
+        uses: docker/metadata-action@v4
         with:
           images: cupcakearmy/cryptgeon
           tags: |
@@ -26,16 +25,13 @@ jobs:
             type=semver,pattern={{major}}.{{minor}}
             type=semver,pattern={{major}}
       - name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Build and push
-        id: docker_build
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v4
         with:
           platforms: linux/amd64,linux/arm64
           push: true
           tags: ${{ steps.meta.outputs.tags }}
-      - name: Image digest
-        run: echo ${{ steps.docker_build.outputs.digest }}

.github/workflows/test.yaml

@@ -1,36 +1,35 @@
+name: Test
+
 on:
+  push:
+    branches:
+      - main
   pull_request:
 
 jobs:
   test:
     runs-on: ubuntu-latest
-    services:
-      redis:
-        image: redis:7-alpine
-        ports:
-          - 6379:6379
     steps:
       - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - uses: actions/setup-node@v3
         with:
-          node-version: "16"
-      - uses: pnpm/action-setup@v2
+          node-version-file: '.nvmrc'
+
+      - uses: docker/setup-qemu-action@v2
+      - uses: docker/setup-buildx-action@v2
         with:
-          version: 7
-      - uses: actions-rs/toolchain@v1
-        with:
-          toolchain: 1.61
+          install: true
+      - name: Build docker image
+        run: npm run test:prepare
+
       - name: Prepare
         run: |
-          pnpm install
-          pnpm run ci:prepare
-      - name: Install Playwright
-        run: npx playwright install --with-deps
+          npm install playwright
+          npx playwright install --with-deps
+
       - name: Run your tests
-        run: pnpm run test
-      - name: Upload test results
-        if: always()
-        uses: actions/upload-artifact@v2
+        run: npm test
+      - uses: actions/upload-artifact@v3
         with:
-          name: playwright-report
-          path: playwright-report
+          name: test-results
+          path: test-results

.gitignore

@@ -1,14 +1,10 @@
+.env
+*.tsbuildinfo
+node_modules
+dist
+bin
 
-# Backend
 target
 
-# Client
-.DS_Store
-node_modules
-/.svelte
-/build
-/functions
-.env
-
-General
+# Testing
 test-results

.nvmrc

@@ -0,0 +1 @@
+v18.16

.vscode/settings.json

@@ -1,6 +0,0 @@
-{
-  "cSpell.words": ["ciphertext", "cryptgeon"],
-  "i18n-ally.localesPaths": ["frontend/locales"],
-  "i18n-ally.enabledFrameworks": ["svelte"],
-  "i18n-ally.keystyle": "nested"
-}

CHANGELOG.md

@@ -5,13 +5,73 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.2.0] - 2023-01-14
+
+### Changed
+
+- Default port is now 8000, not 5000.
+- Moved to generic encryption library `occulto`.
+
+### Fixed
+
+- Bad chinese language code.
+
+### Security
+
+- Updated dependencies.
+
+## [2.1.0] - 2023-01-04
+
+### Added
+
+- QR Code to more easily copy and share links.
+
+## [2.0.7] - 2022-12-26
+
+### Changed
+
+- Svelte Kit now stable 🎉
+
+## [2.0.6] - 2022-11-12
+
+### Fixed
+
+- #66 Set minimum a view.
+
+### Security
+
+- Updated dependencies.
+
+## [2.0.5] - 2022-11-04
+
+### Fixed
+
+- Docker build pipeline.
+
+## [2.0.4] - 2022-10-29
+
+### Added
+
+- `THEME_PAGE_TITLE`.
+- `THEME_FAVICON`.
+
+## [2.0.3] - 2022-10-07
+
+### Added
+
+- Flag for verbosity.
+
+### Fixed
+
+- #58 Fixed bug in the max views frontend form.
+
 ## [2.0.2] - 2022-07-20
 
 ### Added
 
 - Toasts for events.
 - E2E Tests.
-- Make backend more configurable
+- Make backend more configurable.
 
 ## [2.0.1] - 2022-07-18
 

Dockerfile

@@ -1,20 +1,21 @@
 # FRONTEND
 FROM node:16-alpine as client 
 WORKDIR /tmp
-RUN npm install -g pnpm@7
-COPY ./frontend ./
-RUN pnpm install
-RUN pnpm exec svelte-kit sync
+RUN npm install -g pnpm@8
+COPY . .
+RUN pnpm install --frozen-lockfile
+# WORKDIR /tmp/packages/frontend
+# RUN pnpm exec svelte-kit sync
 RUN pnpm run build
 
 
 # BACKEND
-FROM rust:1.61-alpine as backend
+FROM rust:1.69-alpine as backend
 WORKDIR /tmp
 RUN apk add libc-dev openssl-dev alpine-sdk
-COPY ./backend/Cargo.* ./
+COPY ./packages/backend/Cargo.* ./
 RUN cargo fetch
-COPY ./backend ./
+COPY ./packages/backend ./
 RUN cargo build --release
 
 
@@ -22,8 +23,8 @@ RUN cargo build --release
 FROM alpine
 WORKDIR /app
 COPY --from=backend /tmp/target/release/cryptgeon .
-COPY --from=client /tmp/build ./frontend
+COPY --from=client /tmp/packages/frontend/build ./frontend
 ENV FRONTEND_PATH="./frontend"
 ENV REDIS="redis://redis/"
-EXPOSE 5000
+EXPOSE 8000
 ENTRYPOINT [ "/app/cryptgeon" ]

README.md

@@ -24,9 +24,9 @@ _cryptgeon_ is a secure, open source sharing note or file service inspired by [_
 >
 > Thanks to [Lokalise](https://lokalise.com/) for providing free access to their platform.
 
-## Demo
+## Live Service / Demo
 
-Check out the demo and see for yourself https://cryptgeon.nicco.io.
+Check out the live service / demo and see for yourself [cryptgeon.org](https://cryptgeon.org)
 
 ## Features
 
@@ -50,15 +50,18 @@ of the notes even if it tried to.
 
 ## Environment Variables
 
-| Variable         | Default          | Description                                                                                                                                                                                                   |
-| ---------------- | ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `REDIS`          | `redis://redis/` | Redis URL to connect to.                                                                                                                                                                                      |
-| `SIZE_LIMIT`     | `1 KiB`          | Max size for body. Accepted values according to [byte-unit](https://docs.rs/byte-unit/). <br> `512 MiB` is the maximum allowed. <br> The frontend will show that number including the ~35% encoding overhead. |
-| `MAX_VIEWS`      | `100`            | Maximal number of views.                                                                                                                                                                                      |
-| `MAX_EXPIRATION` | `360`            | Maximal expiration in minutes.                                                                                                                                                                                |
-| `ALLOW_ADVANCED` | `true`           | Allow custom configuration. If set to `false` all notes will be one view only.                                                                                                                                |
-| `THEME_IMAGE`    | `""`             | Custom image for replacing the logo. Must be publicly reachable                                                                                                                                               |
-| `THEME_TEXT`     | `""`             | Custom text for replacing the description below the logo                                                                                                                                                      |
+| Variable           | Default          | Description                                                                                                                                                                                                   |
+| ------------------ | ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `REDIS`            | `redis://redis/` | Redis URL to connect to. [According to format](https://docs.rs/redis/latest/redis/#connection-parameters)                                                                                                     |
+| `SIZE_LIMIT`       | `1 KiB`          | Max size for body. Accepted values according to [byte-unit](https://docs.rs/byte-unit/). <br> `512 MiB` is the maximum allowed. <br> The frontend will show that number including the ~35% encoding overhead. |
+| `MAX_VIEWS`        | `100`            | Maximal number of views.                                                                                                                                                                                      |
+| `MAX_EXPIRATION`   | `360`            | Maximal expiration in minutes.                                                                                                                                                                                |
+| `ALLOW_ADVANCED`   | `true`           | Allow custom configuration. If set to `false` all notes will be one view only.                                                                                                                                |
+| `VERBOSITY`        | `warn`           | Verbosity level for the backend. [Possible values](https://docs.rs/env_logger/latest/env_logger/#enabling-logging) are: `error`, `warn`, `info`, `debug`, `trace`                                             |
+| `THEME_IMAGE`      | `""`             | Custom image for replacing the logo. Must be publicly reachable                                                                                                                                               |
+| `THEME_TEXT`       | `""`             | Custom text for replacing the description below the logo                                                                                                                                                      |
+| `THEME_PAGE_TITLE` | `""`             | Custom text the page title                                                                                                                                                                                    |
+| `THEME_FAVICON`    | `""`             | Custom url for the favicon. Must be publicly reachable                                                                                                                                                        |
 
 ## Deployment
 
@@ -76,15 +79,19 @@ version: '3.8'
 services:
   redis:
     image: redis:7-alpine
+    # Set a size limit. See link below on how to customise.
+    # https://redis.io/docs/manual/eviction/
+    command: redis-server --maxmemory 1gb --maxmemory-policy allkeys-lru
 
   app:
     image: cupcakearmy/cryptgeon:latest
     depends_on:
       - redis
     environment:
+      # Size limit for a single note.
       SIZE_LIMIT: 4 MiB
     ports:
-      - 80:5000
+      - 80:8000
 ```
 
 ### NGINX Proxy
@@ -93,39 +100,20 @@ See the [examples/nginx](https://github.com/cupcakearmy/cryptgeon/tree/main/exam
 
 ### Traefik 2
 
-Assumptions:
+See the [examples/traefik](https://github.com/cupcakearmy/cryptgeon/tree/main/examples/traefik) folder.
 
-- External proxy docker network `proxy`
-- A certificate resolver `le`
-- A https entrypoint `secure`
-- Domain name `example.org`
+### Scratch
 
-```yaml
-version: '3.8'
+See the [examples/scratch](https://github.com/cupcakearmy/cryptgeon/tree/main/examples/scratch) folder. There you'll find a guide how to setup a server and install cryptgeon from scratch.
 
-networks:
-  proxy:
-    external: true
+### Synology
 
-services:
-  redis:
-    image: redis:7-alpine
-    restart: unless-stopped
+There is a [guide](https://mariushosting.com/how-to-install-cryptgeon-on-your-synology-nas/) you can follow.
 
-  app:
-    image: cupcakearmy/cryptgeon:latest
-    restart: unless-stopped
-    depends_on:
-      - redis
-    networks:
-      - default
-      - proxy
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.cryptgeon.rule=Host(`example.org`)
-      - traefik.http.routers.cryptgeon.entrypoints=secure
-      - traefik.http.routers.cryptgeon.tls.certresolver=le
-```
+### YouTube Guides
+
+- English by [DB Tech](https://www.youtube.com/watch?v=S0jx7wpOfNM) [Previous Video](https://www.youtube.com/watch?v=JhpIatD06vE)
+- German by [ApfelCast](https://www.youtube.com/watch?v=84ZMbE9AkHg)
 
 ## Development
 
@@ -150,9 +138,6 @@ cargo install cargo-watch
 
 Make sure you have docker running.
 
-> If you are on `macOS` you might need to disable AirPlay Receiver as it uses port 5000 (So stupid...)
-> https://developer.apple.com/forums/thread/682332
-
 ```bash
 pnpm run dev
 ```
@@ -170,15 +155,19 @@ You can see the app under [localhost:1234](http://localhost:1234).
 Tests are end to end tests written with Playwright.
 
 ```sh
-pnpm run ci:prepare
+pnpm run test:prepare
 docker compose up redis -d
-pnpm run ci:server
+pnpm run test:server
 
 # In another terminal.
 # Use the test or test:local script. The local version only runs in one browser for quicker development.
 pnpm run test:local
 ```
 
+## Security
+
+Please refer to the security section [here](./SECURITY.md).
+
 ###### Attributions
 
 - Test data:

README_zh-CN.md

@@ -26,7 +26,7 @@ _加密鸽_ 是一个受 [_PrivNote_](https://privnote.com)项目启发的安全
 
 ## 演示示例
 
-查看加密鸽的在线演示 demo： https://cryptgeon.nicco.io.
+查看加密鸽的在线演示 demo： [cryptgeon.org](https://cryptgeon.org)
 
 ## 功能
 
@@ -49,11 +49,13 @@ _加密鸽_ 是一个受 [_PrivNote_](https://privnote.com)项目启发的安全
 
 | 变量名称          | 默认值           | 描述                                                                              |
 | ----------------- | ---------------- | --------------------------------------------------------------------------------- |
-| `REDIS`           | `redis://redis/` | Redis URL to connect to.                                                          |
+| `REDIS`           | `redis://redis/` | Redis 连接 URL。                                                                  |
 | `SIZE_LIMIT`      | `1 KiB`          | 最大请求体(body)限制。有关支持的数值请查看 [字节单位](https://docs.rs/byte-unit/) |
 | `MAX_VIEWS`       | `100`            | 密信最多查看次数限制                                                              |
 | ` MAX_EXPIRATION` | `360`            | 密信最长过期时间限制(分钟)                                                        |
 | `ALLOW_ADVANCED`  | `true`           | 是否允许自定义设置，该项如果设为`false`，则不会显示自定义设置模块                 |
+| `THEME_IMAGE`     | `""`             | 自定义 Logo 图片，你在这里填写的的图片链接必须是可以公开访问的。                  |
+| `THEME_TEXT`      | `""`             | 自定义在 Logo 下方的文本。                                                        |
 
 ## 部署
 
@@ -80,7 +82,7 @@ services:
     environment:
       SIZE_LIMIT: 4 MiB
     ports:
-      - 80:5000
+      - 80:8000
 ```
 
 ### NGINX 反向代理
@@ -137,7 +139,7 @@ services:
 pnpm install
 pnpm --prefix frontend install
 
-# Also you need cargo watch if you don't already have it installed.
+# 你还需要安装CargoWatch.
 # https://lib.rs/crates/cargo-watch
 cargo install cargo-watch
 ```
@@ -146,9 +148,6 @@ cargo install cargo-watch
 
 确保你的 Docker 正在运行
 
-> If you are on `macOS` you might need to disable AirPlay Receiver as it uses port 5000 (So stupid...)
-> https://developer.apple.com/forums/thread/682332
-
 ```bash
 pnpm run dev
 ```
@@ -161,6 +160,25 @@ pnpm run dev
 
 你可以通过 1234 端口进入该应用，即 [localhost:1234](http://localhost:1234).
 
+## 测试
+
+这些测试是用 Playwright 实现的一些端到端测试用例。
+
+```sh
+pnpm run test:prepare
+docker compose up redis -d
+pnpm run test:server
+
+# 在另一个终端中：
+# 使用test或者test:local script。为了更快的开发，本地版本只会在一个浏览器中运行。
+pnpm run test:local
+```
+
 ###### Attributions
 
-本项目所使用的图标由<a href="https://www.flaticon.com/" title="Flaticon">www.flaticon.com 的<a href="https://www.freepik.com" title="Freepik">freepik</a>制作</a>
+- 测试数据:
+  - 测试文本 [Nietzsche Ipsum](https://nietzsche-ipsum.com/)
+  - [AES Paper](https://www.cs.miami.edu/home/burt/learning/Csc688.012/rijndael/rijndael_doc_V2.pdf)
+  - [Unsplash Pictures](https://unsplash.com/)
+- 加载动画由 [Nikhil Krishnan](https://codepen.io/nikhil8krishnan/pen/rVoXJa) 提供
+- 图标由来自 <a href="https://www.flaticon.com/" title="Flaticon">www.flaticon.com</a> 的 <a href="https://www.freepik.com" title="Freepik">freepik</a> 提供

SECURITY.md

@@ -0,0 +1,18 @@
+# Security Policy
+
+## Supported Versions
+
+Please ensure that you are using the latest major version available.
+
+| Version | Supported |
+| ------- | --------- |
+| 2.x     | ✅        |
+| < 1.x   | ❌        |
+
+## Reporting a vulnerability
+
+_cryptgeon_ has a full disclosure vulnerability policy.
+Report any bug / vulnerability directly to the [issue tracker](https://github.com/cupcakearmy/cryptgeon/issues).
+Please do NOT attempt to report any security vulnerability in this code privately to anybody.
+
+> Shamefully copied of the [ring security section](https://github.com/briansmith/ring#bug-reporting).

cryptgeon.code-workspace

@@ -0,0 +1,17 @@
+{
+  "folders": [
+	{
+		"path": "."
+	},
+	{
+		"path": "packages/backend"
+	},
+	{
+		"path": "packages/frontend"
+	}
+],
+  "settings": {
+    "i18n-ally.localesPaths": ["packages/frontend/locales"],
+    "cSpell.words": ["cryptgeon"]
+  }
+}

docker-compose.dev.yaml

@@ -11,9 +11,8 @@ services:
 
   app:
     build: .
+    env_file: .dev.env
     depends_on:
       - redis
-    environment:
-      SIZE_LIMIT: 128 MiB
     ports:
-      - 1234:5000
+      - 1234:8000

docker-compose.yaml

@@ -0,0 +1,18 @@
+version: '3.8'
+
+services:
+  redis:
+    image: redis:7-alpine
+    # Set a size limit. See link below on how to customise.
+    # https://redis.io/docs/manual/eviction/
+    # command: redis-server --maxmemory 1gb --maxmemory-policy allkeys-lru
+
+  app:
+    image: cupcakearmy/cryptgeon:latest
+    depends_on:
+      - redis
+    environment:
+      # Size limit for a single note.
+      SIZE_LIMIT: 4 MiB
+    ports:
+      - 80:8000

examples/nginx/nginx-plain.conf

@@ -4,7 +4,7 @@ server {
     server_name _;
 
     location / {
-      proxy_pass http://app:5000/;
+      proxy_pass http://app:8000/;
       proxy_set_header Host $host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

examples/nginx/nginx-tls.conf

@@ -20,7 +20,7 @@ server {
     ssl_trusted_certificate /path/to/fullchain.pem;
 
     location / {
-      proxy_pass http://app:5000/;
+      proxy_pass http://app:8000/;
       proxy_set_header Host $host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

examples/traefik/README.md

@@ -0,0 +1,36 @@
+# Install Cryptgeon with Traefik
+
+Assumptions:
+
+- Traefik 2 installed.
+- External proxy docker network `proxy`.
+- A certificate resolver `le`.
+- A https entrypoint `secure`.
+- Domain name `example.org`.
+
+```yaml
+version: '3.8'
+
+networks:
+  proxy:
+    external: true
+
+services:
+  redis:
+    image: redis:7-alpine
+    restart: unless-stopped
+
+  app:
+    image: cupcakearmy/cryptgeon:latest
+    restart: unless-stopped
+    depends_on:
+      - redis
+    networks:
+      - default
+      - proxy
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.cryptgeon.rule=Host(`example.org`)
+      - traefik.http.routers.cryptgeon.entrypoints=secure
+      - traefik.http.routers.cryptgeon.tls.certresolver=le
+```

frontend/.dockerignore

@@ -1,5 +0,0 @@
-.DS_Store
-node_modules
-/.svelte
-/build
-/functions

frontend/.npmrc

@@ -1 +0,0 @@
-engine-strict=true

frontend/locales/zh_CN.json

@@ -1,50 +0,0 @@
-{
-	"common": {
-		"note": "密信",
-		"file": "上传文件",
-		"advanced": "高级设置",
-		"create": "创建",
-		"loading": "加载中",
-		"mode": "模式",
-		"views": "{n, plural, =0 {可查看次数} =1 {1 次查看} other {# 次查看}}",
-		"minutes": "{n, plural, =0 {有效期(分钟)} =1 {1 分钟} other {# 分钟}}",
-		"max": "最大值",
-		"share_link": "分享链接",
-		"copy_clipboard": "复制到剪切版",
-		"copied_to_clipboard": "已复制到剪切板",
-		"encrypting": "加密",
-		"decrypting": "解密",
-		"uploading": "上传",
-		"downloading": "下载"
-	},
-	"home": {
-		"intro": "一键轻松发送 <i>完全加密的</i> 密信或者文件。只需创建一个密信然后分享链接。",
-		"explanation": "该密信会在{type}后失效。",
-		"new_note": "新建密信",
-		"new_note_notice": "<b>可用性警示：</b><br />由于加密鸽的所有数据是全部保存在内存中的，所以如果加密鸽的可用内存被用光了那么它将会删除最早的密信以释放内存，因此不保证该密信的可用性。<br />(一般情况下是您应该是不会遇到这个问题，只是警示一下。)",
-		"errors": {
-			"note_to_big": "无法创建密信，这个密信太大了！",
-			"note_error": "无法创建密信，请再试一遍。",
-			"max": "最大文件大小: {n}",
-			"empty_content": "密信为空！"
-		},
-		"messages": {
-			"note_created": "注释创建。"
-		}
-	},
-	"show": {
-		"errors": {
-			"not_found": "该密信无法被找到或者它已经被删除了！",
-			"decryption_failed": "密钥错误！您可能不小心粘贴了一个不完整的链接或者正在尝试破解该密信！但无论如何，该密信已被销毁！",
-			"unsupported_type": "不支持的票据类型。"
-		},
-		"explanation": "点击下方的按钮可以查看密信，如果它到达了限制将会被删除",
-		"show_note": "查看密信",
-		"warning_will_not_see_again": "您将<b>无法</b>再次查看该密信",
-		"download_all": "下载全部"
-	},
-	"file_upload": {
-		"selected_files": "已选中的文件",
-		"no_files_selected": "没有文件被选中"
-	}
-}

frontend/package.json

@@ -1,36 +0,0 @@
-{
-	"private": true,
-	"scripts": {
-		"dev": "vite dev",
-		"build": "vite build",
-		"preview": "vite preview --port 3000",
-		"check": "svelte-check --tsconfig tsconfig.json",
-		"licenses": "license-checker --summary > licenses.csv",
-		"locale:download": "node scripts/locale.js"
-	},
-	"type": "module",
-	"devDependencies": {
-		"@lokalise/node-api": "^7.3.1",
-		"@sveltejs/adapter-static": "^1.0.0-next.38",
-		"@sveltejs/kit": "^1.0.0-next.384",
-		"@types/dompurify": "^2.3.3",
-		"@types/file-saver": "^2.0.5",
-		"@zerodevx/svelte-toast": "^0.7.2",
-		"adm-zip": "^0.5.9",
-		"dotenv": "^16.0.1",
-		"svelte": "^3.49.0",
-		"svelte-check": "^2.8.0",
-		"svelte-intl-precompile": "^0.10.1",
-		"svelte-preprocess": "^4.10.7",
-		"tslib": "^2.4.0",
-		"typescript": "^4.7.4",
-		"vite": "^3.0.2"
-	},
-	"dependencies": {
-		"@fontsource/fira-mono": "^4.5.8",
-		"copy-to-clipboard": "^3.3.1",
-		"dompurify": "^2.3.10",
-		"file-saver": "^2.0.5",
-		"pretty-bytes": "^5.6.0"
-	}
-}

frontend/src/global.d.ts

@@ -1,3 +0,0 @@
-/// <reference types="@sveltejs/kit" />
-/// <reference types="svelte" />
-/// <reference types="vite/client" />

frontend/src/lib/adapters.ts

@@ -1,61 +0,0 @@
-import type { EncryptedFileDTO, FileDTO } from './api'
-import { Crypto } from './crypto'
-
-abstract class CryptAdapter<T> {
-	abstract encrypt(plaintext: T, key: CryptoKey): Promise<string>
-	abstract decrypt(ciphertext: string, key: CryptoKey): Promise<T>
-}
-
-class CryptTextAdapter implements CryptAdapter<string> {
-	async encrypt(plaintext: string, key: CryptoKey) {
-		return await Crypto.encrypt(new TextEncoder().encode(plaintext), key)
-	}
-	async decrypt(ciphertext: string, key: CryptoKey) {
-		const plaintext = await Crypto.decrypt(ciphertext, key)
-		return new TextDecoder().decode(plaintext)
-	}
-}
-
-class CryptBlobAdapter implements CryptAdapter<Blob> {
-	async encrypt(plaintext: Blob, key: CryptoKey) {
-		return await Crypto.encrypt(await plaintext.arrayBuffer(), key)
-	}
-
-	async decrypt(ciphertext: string, key: CryptoKey) {
-		const plaintext = await Crypto.decrypt(ciphertext, key)
-		return new Blob([plaintext], { type: 'application/octet-stream' })
-	}
-}
-
-class CryptFilesAdapter implements CryptAdapter<FileDTO[]> {
-	async encrypt(plaintext: FileDTO[], key: CryptoKey) {
-		const adapter = new CryptBlobAdapter()
-		const data: Promise<EncryptedFileDTO>[] = plaintext.map(async (file) => ({
-			name: file.name,
-			size: file.size,
-			type: file.type,
-			contents: await adapter.encrypt(file.contents, key),
-		}))
-		return JSON.stringify(await Promise.all(data))
-	}
-
-	async decrypt(ciphertext: string, key: CryptoKey) {
-		const adapter = new CryptBlobAdapter()
-		const data: EncryptedFileDTO[] = JSON.parse(ciphertext)
-		const files: FileDTO[] = await Promise.all(
-			data.map(async (file) => ({
-				name: file.name,
-				size: file.size,
-				type: file.type,
-				contents: await adapter.decrypt(file.contents, key),
-			}))
-		)
-		return files
-	}
-}
-
-export const Adapters = {
-	Text: new CryptTextAdapter(),
-	Blob: new CryptBlobAdapter(),
-	Files: new CryptFilesAdapter(),
-}

frontend/src/lib/api.ts

@@ -1,78 +0,0 @@
-export type NoteMeta = { type: 'text' | 'file' }
-
-export type Note = {
-	contents: string
-	meta: NoteMeta
-	views?: number
-	expiration?: number
-}
-export type NoteInfo = {}
-export type NotePublic = Pick<Note, 'contents' | 'meta'>
-export type NoteCreate = Omit<Note, 'meta'> & { meta: string }
-
-export type FileDTO = Pick<File, 'name' | 'size' | 'type'> & {
-	contents: Blob
-}
-
-export type EncryptedFileDTO = Omit<FileDTO, 'contents'> & {
-	contents: string
-}
-
-type CallOptions = {
-	url: string
-	method: string
-	body?: any
-}
-
-export class PayloadToLargeError extends Error {}
-
-export async function call(options: CallOptions) {
-	const response = await fetch('/api/' + options.url, {
-		method: options.method,
-		body: options.body === undefined ? undefined : JSON.stringify(options.body),
-		mode: 'cors',
-		headers: {
-			'Content-Type': 'application/json',
-		},
-	})
-
-	if (!response.ok) {
-		if (response.status === 413) throw new PayloadToLargeError()
-		else throw new Error('API call failed')
-	}
-	return response.json()
-}
-
-export async function create(note: Note) {
-	const { meta, ...rest } = note
-	const body: NoteCreate = {
-		...rest,
-		meta: JSON.stringify(meta),
-	}
-	const data = await call({
-		url: 'notes/',
-		method: 'post',
-		body,
-	})
-	return data as { id: string }
-}
-
-export async function get(id: string): Promise<NotePublic> {
-	const data = await call({
-		url: `notes/${id}`,
-		method: 'delete',
-	})
-	const { contents, meta } = data
-	return {
-		contents,
-		meta: JSON.parse(meta) as NoteMeta,
-	}
-}
-
-export async function info(id: string): Promise<NoteInfo> {
-	const data = await call({
-		url: `notes/${id}`,
-		method: 'get',
-	})
-	return data
-}

frontend/src/lib/crypto.ts

@@ -1,97 +0,0 @@
-export class Hex {
-	static encode(buffer: ArrayBuffer): string {
-		let s = ''
-		for (const i of new Uint8Array(buffer)) {
-			s += i.toString(16).padStart(2, '0')
-		}
-		return s
-	}
-
-	static decode(s: string): ArrayBuffer {
-		const size = s.length / 2
-		const buffer = new Uint8Array(size)
-		for (let i = 0; i < size; i++) {
-			const idx = i * 2
-			const segment = s.slice(idx, idx + 2)
-			buffer[i] = parseInt(segment, 16)
-		}
-		return buffer
-	}
-}
-
-export class ArrayBufferUtils {
-	static async toString(buffer: ArrayBuffer): Promise<string> {
-		const reader = new window.FileReader()
-		reader.readAsDataURL(new Blob([buffer]))
-		return new Promise((resolve) => {
-			reader.onloadend = () => resolve(reader.result as string)
-		})
-	}
-
-	static async fromString(s: string): Promise<ArrayBuffer> {
-		return fetch(s)
-			.then((r) => r.blob())
-			.then((b) => b.arrayBuffer())
-	}
-}
-
-export class Crypto {
-	private static ALG = 'AES-GCM'
-	private static DELIMITER = ':::'
-
-	public static getRandomBytes(size: number): Uint8Array {
-		return window.crypto.getRandomValues(new Uint8Array(size))
-	}
-
-	public static getKeyFromString(password: string) {
-		return window.crypto.subtle.importKey(
-			'raw',
-			new TextEncoder().encode(password),
-			'PBKDF2',
-			false,
-			['deriveBits', 'deriveKey']
-		)
-	}
-	public static async getDerivedForKey(key: CryptoKey, salt: ArrayBuffer) {
-		const iterations = 100_000
-		return window.crypto.subtle.deriveKey(
-			{
-				name: 'PBKDF2',
-				salt,
-				iterations,
-				hash: 'SHA-512',
-			},
-			key,
-			{ name: this.ALG, length: 256 },
-			true,
-			['encrypt', 'decrypt']
-		)
-	}
-
-	public static async encrypt(plaintext: ArrayBuffer, key: CryptoKey): Promise<string> {
-		const salt = this.getRandomBytes(16)
-		const derived = await this.getDerivedForKey(key, salt)
-		const iv = this.getRandomBytes(16)
-		const encrypted: ArrayBuffer = await window.crypto.subtle.encrypt(
-			{ name: this.ALG, iv },
-			derived,
-			plaintext
-		)
-		const data = [
-			Hex.encode(salt),
-			Hex.encode(iv),
-			await ArrayBufferUtils.toString(encrypted),
-		].join(this.DELIMITER)
-		return data
-	}
-
-	public static async decrypt(ciphertext: string, key: CryptoKey): Promise<ArrayBuffer> {
-		const splitted = ciphertext.split(this.DELIMITER)
-		const salt = Hex.decode(splitted[0])
-		const iv = Hex.decode(splitted[1])
-		const encrypted = await ArrayBufferUtils.fromString(splitted[2])
-		const derived = await this.getDerivedForKey(key, salt)
-		const plaintext = await window.crypto.subtle.decrypt({ name: this.ALG, iv }, derived, encrypted)
-		return plaintext
-	}
-}

frontend/src/lib/stores/status.ts

@@ -1,22 +0,0 @@
-import { call } from '$lib/api'
-import { writable } from 'svelte/store'
-
-export type Status = {
-	version: string
-	max_size: number
-	max_views: number
-	max_expiration: number
-	allow_advanced: boolean
-	theme_image: string
-	theme_text: string
-}
-
-export const status = writable<null | Status>(null)
-
-export async function init() {
-	const data = await call({
-		url: 'status/',
-		method: 'get',
-	})
-	status.set(data)
-}

package.json

@@ -1,24 +1,17 @@
 {
   "scripts": {
-    "dev:docker": "docker-compose up redis",
-    "dev:backend": "cd backend && cargo watch -x 'run --bin cryptgeon'",
-    "dev:front": "pnpm --prefix frontend run dev",
-    "dev:proxy": "node proxy.mjs",
+    "dev:docker": "docker-compose -f docker-compose.dev.yaml up redis",
+    "dev:packages": "pnpm --parallel run dev",
     "dev": "run-p dev:*",
     "test": "playwright test --project chrome firefox safari",
     "test:local": "playwright test --project local",
-    "ci:server": "cd backend && SIZE_LIMIT=10MiB LISTEN_ADDR=0.0.0.0:1234 cargo run",
-    "ci:server:backend": "cd backend && cargo run",
-    "ci:server:front": "pnpm --prefix frontend run preview",
-    "ci:server:proxy": "node proxy.mjs",
-    "ci:prepare": "run-p ci:prepare:*",
-    "ci:prepare:backend": "cd backend && cargo build",
-    "ci:prepare:front": "pnpm --prefix frontend install && pnpm --prefix frontend run build"
+    "test:server": "docker compose -f docker-compose.dev.yaml up",
+    "test:prepare": "docker compose -f docker-compose.dev.yaml build",
+    "build": "pnpm run --recursive --filter=!@cryptgeon/backend build"
   },
   "devDependencies": {
-    "@playwright/test": "^1.23.4",
-    "@types/node": "16",
-    "http-proxy": "^1.18.1",
+    "@playwright/test": "^1.32.3",
+    "@types/node": "^18.16.1",
     "npm-run-all": "^4.1.5"
   }
 }

packages/backend/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "cryptgeon"
-version = "2.0.2"
+version = "2.2.0"
 authors = ["cupcakearmy <hi@nicco.io>"]
 edition = "2021"
 
@@ -8,6 +8,9 @@ edition = "2021"
 name = "cryptgeon"
 path = "src/main.rs"
 
+[registries.crates-io]
+protocol = "sparse"
+
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]

packages/backend/package.json

@@ -0,0 +1,10 @@
+{
+  "private": true,
+  "name": "@cryptgeon/backend",
+  "scripts": {
+    "dev": "cargo watch -x 'run --bin cryptgeon'",
+    "build": "cargo build --release",
+    "test:server": "SIZE_LIMIT=10MiB LISTEN_ADDR=0.0.0.0:1234 cargo run",
+    "test:prepare": "cargo build"
+  }
+}

packages/backend/src/config.rs

@@ -8,7 +8,8 @@ lazy_static! {
     pub static ref FRONTEND_PATH: String =
         std::env::var("FRONTEND_PATH").unwrap_or("../frontend/build".to_string());
     pub static ref LISTEN_ADDR: String =
-        std::env::var("LISTEN_ADDR").unwrap_or("0.0.0.0:5000".to_string());
+        std::env::var("LISTEN_ADDR").unwrap_or("0.0.0.0:8000".to_string());
+    pub static ref VERBOSITY: String = std::env::var("VERBOSITY").unwrap_or("warn".to_string());
 }
 
 // CONFIG
@@ -41,4 +42,12 @@ lazy_static! {
         .unwrap_or("".to_string())
         .parse()
         .unwrap();
+    pub static ref THEME_PAGE_TITLE: String = std::env::var("THEME_PAGE_TITLE")
+        .unwrap_or("".to_string())
+        .parse()
+        .unwrap();
+    pub static ref THEME_FAVICON: String = std::env::var("THEME_FAVICON")
+        .unwrap_or("".to_string())
+        .parse()
+        .unwrap();
 }

packages/backend/src/main.rs

@@ -18,10 +18,11 @@ mod store;
 #[actix_web::main]
 async fn main() -> std::io::Result<()> {
     dotenv().ok();
-    env_logger::init_from_env(env_logger::Env::new().default_filter_or("warning"));
+    env_logger::init_from_env(env_logger::Env::new().default_filter_or(config::VERBOSITY.as_str()));
+
     return HttpServer::new(|| {
         App::new()
-            .wrap(Logger::new("%a \"%r\" %s %b %T"))
+            .wrap(Logger::new("\"%r\" %s %b %T"))
             .wrap(middleware::Compress::default())
             .wrap(middleware::DefaultHeaders::default())
             .configure(size::init)

packages/backend/src/note/routes.rs

@@ -49,7 +49,7 @@ async fn create(note: web::Json<Note>) -> impl Responder {
     }
     match n.views {
         Some(v) => {
-            if v > *config::MAX_VIEWS {
+            if v > *config::MAX_VIEWS || v < 1 {
                 return bad_req;
             }
             n.expiration = None; // views overrides expiration

packages/backend/src/size.rs

@@ -7,5 +7,6 @@ pub fn init(cfg: &mut web::ServiceConfig) {
     let plain = web::PayloadConfig::default()
         .limit(*config::LIMIT)
         .mimetype(mime::STAR_STAR);
+    // cfg.app_data(plain);
     cfg.app_data(json).app_data(plain);
 }

packages/backend/src/status/model.rs

@@ -12,4 +12,6 @@ pub struct Status {
     // Theme
     pub theme_image: String,
     pub theme_text: String,
+    pub theme_page_title: String,
+    pub theme_favicon: String,
 }

packages/backend/src/status/routes.rs

@@ -13,6 +13,8 @@ async fn get_status() -> impl Responder {
         allow_advanced: *config::ALLOW_ADVANCED,
         theme_image: config::THEME_IMAGE.to_string(),
         theme_text: config::THEME_TEXT.to_string(),
+        theme_page_title: config::THEME_PAGE_TITLE.to_string(),
+        theme_favicon: config::THEME_FAVICON.to_string()
     });
 }
 

packages/cli/package.json

@@ -0,0 +1,43 @@
+{
+  "name": "@cryptgeon/cli",
+  "type": "module",
+  "scripts": {
+    "dev": "esbuild ./src/index.ts --bundle --platform=node --outfile=dist/index.cjs --watch",
+    "build": "esbuild ./src/index.ts --bundle --platform=node --outfile=dist/index.cjs",
+    "bin": "pkg ."
+  },
+  "bin": {
+    "cryptgeon": "./dist/index.cjs"
+  },
+  "files": [
+    "dist"
+  ],
+  "pkg": {
+    "scripts": "dist/**/*.js",
+    "targets": [
+      "node18-macos-arm64",
+      "node18-macos-x64",
+      "node18-linux-arm64",
+      "node18-linux-x64",
+      "node18-win-arm64",
+      "node18-win-x64"
+    ],
+    "outputPath": "bin"
+  },
+  "devDependencies": {
+    "@types/inquirer": "^9.0.3",
+    "@types/mime": "^3.0.1",
+    "esbuild": "^0.17.18",
+    "pkg": "^5.8.1",
+    "typescript": "^4.9.5"
+  },
+  "dependencies": {
+    "@commander-js/extra-typings": "^9.5.0",
+    "@cryptgeon/shared": "workspace:*",
+    "commander": "^9.5.0",
+    "inquirer": "^9.2.0",
+    "mime": "^3.0.0",
+    "occulto": "^2.0.1",
+    "pretty-bytes": "^6.1.0"
+  }
+}

packages/cli/src/download.ts

@@ -0,0 +1,63 @@
+import { Adapters, get, info, setBase } from '@cryptgeon/shared'
+import inquirer from 'inquirer'
+import { access, constants, writeFile } from 'node:fs/promises'
+import { basename, resolve } from 'node:path'
+import { Hex } from 'occulto'
+import pretty from 'pretty-bytes'
+
+import { exit } from './utils'
+
+export async function download(url: URL) {
+  setBase(url.origin)
+  const id = url.pathname.split('/')[2]
+  await info(id).catch(() => exit('Note does not exist or is expired'))
+  const note = await get(id)
+
+  const password = url.hash.slice(1)
+  const key = Hex.decode(password)
+
+  const couldNotDecrypt = () => exit('Could not decrypt note. Probably an invalid password')
+  switch (note.meta.type) {
+    case 'file':
+      const files = await Adapters.Files.decrypt(note.contents, key).catch(couldNotDecrypt)
+      if (!files) {
+        exit('No files found in note')
+        return
+      }
+      console.log(files)
+      const { names } = await inquirer.prompt([
+        {
+          type: 'checkbox',
+          message: 'What files should be saved?',
+          name: 'names',
+          choices: files.map((file) => ({
+            value: file.name,
+            name: `${file.name} - ${file.type} - ${pretty(file.size, { binary: true })}`,
+            checked: true,
+          })),
+        },
+      ])
+
+      const selected = files.filter((file) => names.includes(file.name))
+
+      if (!selected.length) exit('No files selected')
+
+      await Promise.all(
+        files.map(async (file) => {
+          let filename = resolve(file.name)
+          try {
+            // If exists -> prepend timestamp to not overwrite the current file
+            await access(filename, constants.R_OK)
+            filename = resolve(`${Date.now()}-${file.name}`)
+          } catch {}
+          await writeFile(filename, new Uint8Array(await file.contents.arrayBuffer()))
+          console.log(`Saved: ${basename(filename)}`)
+        })
+      )
+      break
+    case 'text':
+      const plaintext = await Adapters.Text.decrypt(note.contents, key).catch(couldNotDecrypt)
+      console.log(plaintext)
+      break
+  }
+}

packages/cli/src/index.ts

@@ -0,0 +1,82 @@
+#!/usr/bin/env node
+
+import { Argument, Option, program } from '@commander-js/extra-typings'
+import { setBase, status } from '@cryptgeon/shared'
+
+import { download } from './download.js'
+import { parseFile, parseNumber } from './parsers.js'
+import { uploadFiles, uploadText } from './upload.js'
+import { exit } from './utils.js'
+
+const defaultServer = process.env['CRYPTGEON_SERVER'] || 'https://cryptgeon.org'
+const server = new Option('-s --server <url>', 'the cryptgeon server to use').default(defaultServer)
+const files = new Argument('<file...>', 'Files to be sent').argParser(parseFile)
+const text = new Argument('<text>', 'Text content of the note')
+const password = new Option('-p --password <string>', 'manually set a password')
+const url = new Argument('<url>', 'The url to open')
+const views = new Option('-v --views <number>', 'Amount of views before getting destroyed').argParser(parseNumber)
+const minutes = new Option('-m --minutes <number>', 'Minutes before the note expires').argParser(parseNumber)
+
+async function checkConstrains(constrains: { views?: number; minutes?: number }) {
+  const { views, minutes } = constrains
+  if (views && minutes) exit('cannot set view and minutes constrains simultaneously')
+  if (!views && !minutes) constrains.views = 1
+
+  const response = await status()
+  if (views && views > response.max_views)
+    exit(`Only a maximum of ${response.max_views} views allowed. ${views} given.`)
+  if (minutes && minutes > response.max_expiration)
+    exit(`Only a maximum of ${response.max_expiration} minutes allowed. ${minutes} given.`)
+}
+
+program.name('cryptgeon').version('1.0.0').configureHelp({ showGlobalOptions: true })
+
+program
+  .command('info')
+  .addOption(server)
+  .action(async (options) => {
+    setBase(options.server)
+    const response = await status()
+    for (const key of Object.keys(response)) {
+      if (key.startsWith('theme_')) delete response[key as keyof typeof response]
+    }
+    console.table(response)
+  })
+
+const send = program.command('send')
+send
+  .command('file')
+  .addArgument(files)
+  .addOption(server)
+  .addOption(views)
+  .addOption(minutes)
+  .action(async (files, options) => {
+    setBase(options.server!)
+    await checkConstrains(options)
+    await uploadFiles(files, { views: options.views, expiration: options.minutes })
+  })
+send
+  .command('text')
+  .addArgument(text)
+  .addOption(server)
+  .addOption(views)
+  .addOption(minutes)
+  .action(async (text, options) => {
+    setBase(options.server!)
+    await checkConstrains(options)
+    await uploadText(text, { views: options.views, expiration: options.minutes })
+  })
+
+program
+  .command('open')
+  .addArgument(url)
+  .action(async (note, options) => {
+    try {
+      const url = new URL(note)
+      await download(url)
+    } catch {
+      exit('Invalid URL')
+    }
+  })
+
+program.parse()

packages/cli/src/parsers.ts

@@ -0,0 +1,27 @@
+import { InvalidArgumentError, InvalidOptionArgumentError } from '@commander-js/extra-typings'
+import { accessSync, constants } from 'node:fs'
+import path from 'node:path'
+
+export function parseFile(value: string, before: string[] = []) {
+  try {
+    const file = path.resolve(value)
+    accessSync(file, constants.R_OK)
+    return [...before, file]
+  } catch {
+    throw new InvalidArgumentError('cannot access file')
+  }
+}
+
+export function parseURL(value: string, _: URL): URL {
+  try {
+    return new URL(value)
+  } catch {
+    throw new InvalidArgumentError('is not a valid url')
+  }
+}
+
+export function parseNumber(value: string, _: number): number {
+  const n = parseInt(value, 10)
+  if (isNaN(n)) throw new InvalidOptionArgumentError('invalid number')
+  return n
+}

packages/cli/src/upload.ts

@@ -0,0 +1,49 @@
+import { Blob } from 'node:buffer'
+import { readFile, stat } from 'node:fs/promises'
+import { basename } from 'node:path'
+
+import { Adapters, BASE, create, FileDTO, Note } from '@cryptgeon/shared'
+import mime from 'mime'
+import { AES, Hex, TypedArray } from 'occulto'
+
+import { exit } from './utils.js'
+
+type UploadOptions = Pick<Note, 'views' | 'expiration'>
+
+export async function upload(key: TypedArray, note: Note) {
+  try {
+    const result = await create(note)
+    const password = Hex.encode(key)
+    const url = `${BASE}/note/${result.id}#${password}`
+    console.log(`Note created under:\n\n${url}`)
+  } catch {
+    exit('Could not create note')
+  }
+}
+
+export async function uploadFiles(paths: string[], options: UploadOptions) {
+  const key = await AES.generateKey()
+  const files: FileDTO[] = await Promise.all(
+    paths.map(async (path) => {
+      const data = new Uint8Array(await readFile(path))
+      const stats = await stat(path)
+      const extension = path.substring(path.indexOf('.') + 1)
+      const type = mime.getType(extension) ?? 'application/octet-stream'
+      return {
+        name: basename(path),
+        size: stats.size,
+        contents: new Blob([data]) as FileDTO['contents'],
+        type,
+      }
+    })
+  )
+
+  const contents = await Adapters.Files.encrypt(files, key)
+  await upload(key, { ...options, contents, meta: { type: 'file' } })
+}
+
+export async function uploadText(text: string, options: UploadOptions) {
+  const key = await AES.generateKey()
+  const contents = await Adapters.Text.encrypt(text, key)
+  await upload(key, { ...options, contents, meta: { type: 'text' } })
+}

packages/cli/src/utils.ts

@@ -0,0 +1,6 @@
+import process from 'node:process'
+
+export function exit(message: string) {
+  console.error(message)
+  process.exit(1)
+}

packages/cli/tsconfig.json

@@ -0,0 +1,110 @@
+{
+  "compilerOptions": {
+    /* Visit https://aka.ms/tsconfig to read more about this file */
+
+    /* Projects */
+    // "incremental": true,                              /* Save .tsbuildinfo files to allow for incremental compilation of projects. */
+    // "composite": true,                                /* Enable constraints that allow a TypeScript project to be used with project references. */
+    // "tsBuildInfoFile": "./.tsbuildinfo",              /* Specify the path to .tsbuildinfo incremental compilation file. */
+    // "disableSourceOfProjectReferenceRedirect": true,  /* Disable preferring source files instead of declaration files when referencing composite projects. */
+    // "disableSolutionSearching": true,                 /* Opt a project out of multi-project reference checking when editing. */
+    // "disableReferencedProjectLoad": true,             /* Reduce the number of projects loaded automatically by TypeScript. */
+
+    /* Language and Environment */
+    "target": "es2022" /* Set the JavaScript language version for emitted JavaScript and include compatible library declarations. */,
+    // "lib": [],                                        /* Specify a set of bundled library declaration files that describe the target runtime environment. */
+    // "jsx": "preserve",                                /* Specify what JSX code is generated. */
+    // "experimentalDecorators": true,                   /* Enable experimental support for TC39 stage 2 draft decorators. */
+    // "emitDecoratorMetadata": true,                    /* Emit design-type metadata for decorated declarations in source files. */
+    // "jsxFactory": "",                                 /* Specify the JSX factory function used when targeting React JSX emit, e.g. 'React.createElement' or 'h'. */
+    // "jsxFragmentFactory": "",                         /* Specify the JSX Fragment reference used for fragments when targeting React JSX emit e.g. 'React.Fragment' or 'Fragment'. */
+    // "jsxImportSource": "",                            /* Specify module specifier used to import the JSX factory functions when using 'jsx: react-jsx*'. */
+    // "reactNamespace": "",                             /* Specify the object invoked for 'createElement'. This only applies when targeting 'react' JSX emit. */
+    // "noLib": true,                                    /* Disable including any library files, including the default lib.d.ts. */
+    // "useDefineForClassFields": true,                  /* Emit ECMAScript-standard-compliant class fields. */
+    // "moduleDetection": "auto",                        /* Control what method is used to detect module-format JS files. */
+
+    /* Modules */
+    "module": "es2022" /* Specify what module code is generated. */,
+    // "rootDir": "./src" /* Specify the root folder within your source files. */,
+    "moduleResolution": "node" /* Specify how TypeScript looks up a file from a given module specifier. */,
+    // "baseUrl": "./" /* Specify the base directory to resolve non-relative module names. */,
+    // "paths": {
+    //   "@shared/*": ["../shared/*"],
+    //   "@shared": ["../shared"]
+    // } /* Specify a set of entries that re-map imports to additional lookup locations. */,
+    // "rootDirs": [],                                   /* Allow multiple folders to be treated as one when resolving modules. */
+    // "typeRoots": [],                                  /* Specify multiple folders that act like './node_modules/@types'. */
+    // "types": [
+    //   "../shared/types.ts",
+    //   "node"
+    // ] /* Specify type package names to be included without being referenced in a source file. */,
+    // "allowUmdGlobalAccess": true,                     /* Allow accessing UMD globals from modules. */
+    // "moduleSuffixes": [],                             /* List of file name suffixes to search when resolving a module. */
+    // "resolveJsonModule": true,                        /* Enable importing .json files. */
+    // "noResolve": true,                                /* Disallow 'import's, 'require's or '<reference>'s from expanding the number of files TypeScript should add to a project. */
+
+    /* JavaScript Support */
+    // "allowJs": true,                                  /* Allow JavaScript files to be a part of your program. Use the 'checkJS' option to get errors from these files. */
+    // "checkJs": true,                                  /* Enable error reporting in type-checked JavaScript files. */
+    // "maxNodeModuleJsDepth": 1,                        /* Specify the maximum folder depth used for checking JavaScript files from 'node_modules'. Only applicable with 'allowJs'. */
+
+    /* Emit */
+    // "declaration": true,                              /* Generate .d.ts files from TypeScript and JavaScript files in your project. */
+    // "declarationMap": true,                           /* Create sourcemaps for d.ts files. */
+    // "emitDeclarationOnly": true,                      /* Only output d.ts files and not JavaScript files. */
+    // "sourceMap": true,                                /* Create source map files for emitted JavaScript files. */
+    // "outFile": "./",                                  /* Specify a file that bundles all outputs into one JavaScript file. If 'declaration' is true, also designates a file that bundles all .d.ts output. */
+    "outDir": "./dist" /* Specify an output folder for all emitted files. */,
+    // "removeComments": true,                           /* Disable emitting comments. */
+    // "noEmit": true,                                   /* Disable emitting files from a compilation. */
+    // "importHelpers": true,                            /* Allow importing helper functions from tslib once per project, instead of including them per-file. */
+    // "importsNotUsedAsValues": "remove",               /* Specify emit/checking behavior for imports that are only used for types. */
+    // "downlevelIteration": true,                       /* Emit more compliant, but verbose and less performant JavaScript for iteration. */
+    // "sourceRoot": "",                                 /* Specify the root path for debuggers to find the reference source code. */
+    // "mapRoot": "",                                    /* Specify the location where debugger should locate map files instead of generated locations. */
+    // "inlineSourceMap": true,                          /* Include sourcemap files inside the emitted JavaScript. */
+    // "inlineSources": true,                            /* Include source code in the sourcemaps inside the emitted JavaScript. */
+    // "emitBOM": true,                                  /* Emit a UTF-8 Byte Order Mark (BOM) in the beginning of output files. */
+    // "newLine": "crlf",                                /* Set the newline character for emitting files. */
+    // "stripInternal": true,                            /* Disable emitting declarations that have '@internal' in their JSDoc comments. */
+    // "noEmitHelpers": true,                            /* Disable generating custom helper functions like '__extends' in compiled output. */
+    // "noEmitOnError": true,                            /* Disable emitting files if any type checking errors are reported. */
+    // "preserveConstEnums": true,                       /* Disable erasing 'const enum' declarations in generated code. */
+    // "declarationDir": "./",                           /* Specify the output directory for generated declaration files. */
+    // "preserveValueImports": true,                     /* Preserve unused imported values in the JavaScript output that would otherwise be removed. */
+
+    /* Interop Constraints */
+    "isolatedModules": true /* Ensure that each file can be safely transpiled without relying on other imports. */,
+    // "allowSyntheticDefaultImports": true,             /* Allow 'import x from y' when a module doesn't have a default export. */
+    "esModuleInterop": true /* Emit additional JavaScript to ease support for importing CommonJS modules. This enables 'allowSyntheticDefaultImports' for type compatibility. */,
+    // "preserveSymlinks": true,                         /* Disable resolving symlinks to their realpath. This correlates to the same flag in node. */
+    "forceConsistentCasingInFileNames": true /* Ensure that casing is correct in imports. */,
+
+    /* Type Checking */
+    "strict": true /* Enable all strict type-checking options. */,
+    // "noImplicitAny": true,                            /* Enable error reporting for expressions and declarations with an implied 'any' type. */
+    // "strictNullChecks": true,                         /* When type checking, take into account 'null' and 'undefined'. */
+    // "strictFunctionTypes": true,                      /* When assigning functions, check to ensure parameters and the return values are subtype-compatible. */
+    // "strictBindCallApply": true,                      /* Check that the arguments for 'bind', 'call', and 'apply' methods match the original function. */
+    // "strictPropertyInitialization": true,             /* Check for class properties that are declared but not set in the constructor. */
+    // "noImplicitThis": true,                           /* Enable error reporting when 'this' is given the type 'any'. */
+    // "useUnknownInCatchVariables": true,               /* Default catch clause variables as 'unknown' instead of 'any'. */
+    // "alwaysStrict": true,                             /* Ensure 'use strict' is always emitted. */
+    // "noUnusedLocals": true,                           /* Enable error reporting when local variables aren't read. */
+    // "noUnusedParameters": true,                       /* Raise an error when a function parameter isn't read. */
+    // "exactOptionalPropertyTypes": true,               /* Interpret optional property types as written, rather than adding 'undefined'. */
+    // "noImplicitReturns": true,                        /* Enable error reporting for codepaths that do not explicitly return in a function. */
+    // "noFallthroughCasesInSwitch": true,               /* Enable error reporting for fallthrough cases in switch statements. */
+    // "noUncheckedIndexedAccess": true,                 /* Add 'undefined' to a type when accessed using an index. */
+    // "noImplicitOverride": true,                       /* Ensure overriding members in derived classes are marked with an override modifier. */
+    // "noPropertyAccessFromIndexSignature": true,       /* Enforces using indexed accessors for keys declared using an indexed type. */
+    // "allowUnusedLabels": true,                        /* Disable error reporting for unused labels. */
+    // "allowUnreachableCode": true,                     /* Disable error reporting for unreachable code. */
+
+    /* Completeness */
+    // "skipDefaultLibCheck": true,                      /* Skip type checking .d.ts files that are included with TypeScript. */
+    "skipLibCheck": true /* Skip type checking all .d.ts files. */
+  }
+  // "references": [{ "path": "../shared" }]
+}

packages/frontend/licenses.csv

@@ -1,8 +1,8 @@
-├─ MIT: 12
+├─ MIT: 13
+├─ ISC: 2
 ├─ BSD-3-Clause: 1
 ├─ (MPL-2.0 OR Apache-2.0): 1
 ├─ BSD-2-Clause: 1
-├─ ISC: 1
 ├─ 0BSD: 1
 └─ Apache-2.0: 1
 

packages/frontend/locales/de.json

@@ -15,7 +15,8 @@
 		"encrypting": "verschlüsseln",
 		"decrypting": "entschlüsselt",
 		"uploading": "hochladen",
-		"downloading": "wird heruntergeladen"
+		"downloading": "wird heruntergeladen",
+		"qr_code": "qr-code"
 	},
 	"home": {
 		"intro": "Senden Sie ganz einfach <i>vollständig verschlüsselte</i>, sichere Notizen oder Dateien mit einem Klick. Erstellen Sie einfach eine Notiz und teilen Sie den Link.",

packages/frontend/locales/en.json

@@ -15,7 +15,8 @@
 		"encrypting": "encrypting",
 		"decrypting": "decrypting",
 		"uploading": "uploading",
-		"downloading": "downloading"
+		"downloading": "downloading",
+		"qr_code": "qr code"
 	},
 	"home": {
 		"intro": "Easily send <i>fully encrypted</i>, secure notes or files with one click. Just create a note and share the link.",

packages/frontend/locales/es.json

@@ -15,7 +15,8 @@
 		"encrypting": "encriptando",
 		"decrypting": "descifrando",
 		"uploading": "cargando",
-		"downloading": "descargando"
+		"downloading": "descargando",
+		"qr_code": "código qr"
 	},
 	"home": {
 		"intro": "Envía fácilmente notas o archivos <i>totalmente encriptados</i> y seguros con un solo clic. Solo tienes que crear una nota y compartir el enlace.",

packages/frontend/locales/fr.json

@@ -15,7 +15,8 @@
 		"encrypting": "cryptage",
 		"decrypting": "déchiffrer",
 		"uploading": "téléchargement",
-		"downloading": "téléchargement"
+		"downloading": "téléchargement",
+		"qr_code": "code qr"
 	},
 	"home": {
 		"intro": "Envoyez facilement des notes ou des fichiers <i>entièrement cryptés</i> et sécurisés en un seul clic. Il suffit de créer une note et de partager le lien.",

packages/frontend/locales/it.json

@@ -15,7 +15,8 @@
 		"encrypting": "criptando",
 		"decrypting": "decifrando",
 		"uploading": "caricamento",
-		"downloading": "scaricando"
+		"downloading": "scaricando",
+		"qr_code": "codice qr"
 	},
 	"home": {
 		"intro": "Invia facilmente note o file <i>completamente criptati</i> e sicuri con un solo clic. Basta creare una nota e condividere il link.",

packages/frontend/locales/zh.json

@@ -0,0 +1,51 @@
+{
+	"common": {
+		"note": "密信",
+		"file": "上传文件",
+		"advanced": "高级设置",
+		"create": "创建",
+		"loading": "加载中",
+		"mode": "模式",
+		"views": "{n, plural, =0 {可读次数} =1 {1 次查看} other {# 次查看}}",
+		"minutes": "{n, plural, =0 {有效期（分钟）} =1 {1 分钟} other {# 分钟}}",
+		"max": "最大值",
+		"share_link": "分享链接",
+		"copy_clipboard": "复制到粘贴板",
+		"copied_to_clipboard": "已成功复制到粘贴板",
+		"encrypting": "加密",
+		"decrypting": "解密",
+		"uploading": "上传",
+		"downloading": "下载",
+		"qr_code": "二维码"
+	},
+	"home": {
+		"intro": "飞鸽传书，一键传输完全加密的密信或文件，阅后即焚。",
+		"explanation": "该密信会在{type}后失效。",
+		"new_note": "新建密信",
+		"new_note_notice": "<b>提醒：</b><br>密信保存在内存中，如果内存满了，则最早的密信将被删除以释放内存，因此不保证该密信的可用性。一般不会出现这种情况，无需担心。",
+		"errors": {
+			"note_to_big": "创建失败，密信过大。",
+			"note_error": "创建失败，请稍后重试。",
+			"max": "次数上限：{n}",
+			"empty_content": "密信不能为空。"
+		},
+		"messages": {
+			"note_created": "密信创建成功。"
+		}
+	},
+	"show": {
+		"errors": {
+			"not_found": "密信不存在，可能已被查看或删除。",
+			"decryption_failed": "密钥错误，无法查看。",
+			"unsupported_type": "不支持的类型。"
+		},
+		"explanation": "点击下方按钮即可查看密信，阅后即焚。",
+		"show_note": "查看密信",
+		"warning_will_not_see_again": "你将<b>无法</b>再次查看该密信，请尽快复制到粘贴板。",
+		"download_all": "下载全部"
+	},
+	"file_upload": {
+		"selected_files": "已选中的文件",
+		"no_files_selected": "没有文件被选中"
+	}
+}

packages/frontend/package.json

@@ -0,0 +1,41 @@
+{
+	"private": true,
+	"name": "@cryptgeon/web",
+	"scripts": {
+		"dev": "vite dev",
+		"build": "vite build",
+		"preview": "vite preview",
+		"check": "svelte-check --tsconfig tsconfig.json",
+		"licenses": "license-checker --summary > licenses.csv",
+		"locale:download": "node scripts/locale.js",
+		"test:prepare": "pnpm run build"
+	},
+	"type": "module",
+	"devDependencies": {
+		"@lokalise/node-api": "^9.8.0",
+		"@sveltejs/adapter-static": "^1.0.6",
+		"@sveltejs/kit": "^1.15.8",
+		"@types/dompurify": "^2.4.0",
+		"@types/file-saver": "^2.0.5",
+		"@zerodevx/svelte-toast": "^0.7.2",
+		"adm-zip": "^0.5.10",
+		"dotenv": "^16.0.3",
+		"svelte": "^3.58.0",
+		"svelte-check": "^2.10.3",
+		"svelte-intl-precompile": "^0.10.1",
+		"svelte-preprocess": "^4.10.7",
+		"tslib": "^2.5.0",
+		"typescript": "^4.9.5",
+		"vite": "^4.3.3"
+	},
+	"dependencies": {
+		"@cryptgeon/shared": "workspace:*",
+		"@fontsource/fira-mono": "^4.5.10",
+		"copy-to-clipboard": "^3.3.3",
+		"dompurify": "^2.4.5",
+		"file-saver": "^2.0.5",
+		"occulto": "^2.0.1",
+		"pretty-bytes": "^6.1.0",
+		"qrious": "^4.0.2"
+	}
+}

packages/frontend/scripts/locale.js

@@ -1,7 +1,7 @@
-import dotenv from 'dotenv'
 import { LokaliseApi } from '@lokalise/node-api'
-import https from 'https'
 import AdmZip from 'adm-zip'
+import dotenv from 'dotenv'
+import https from 'https'
 
 dotenv.config()
 

packages/frontend/src/app.css

@@ -87,6 +87,8 @@ button {
 	font-size: inherit;
 	background: inherit;
 	color: inherit;
+	border: none;
+	padding-inline: initial;
 }
 
 *:disabled,

packages/frontend/src/app.d.ts

@@ -0,0 +1,9 @@
+// See https://kit.svelte.dev/docs/types#app
+// for information about these interfaces
+// and what to do when importing types
+declare namespace App {
+	// interface Error {}
+	// interface Locals {}
+	// interface PageData {}
+	// interface Platform {}
+}

packages/frontend/src/app.html

@@ -2,7 +2,6 @@
 <html lang="en">
 	<head>
 		<meta charset="utf-8" />
-		<link rel="icon" href="/favicon.png" />
 		<meta name="viewport" content="width=device-width, initial-scale=1" />
 
 		%sveltekit.head%

packages/frontend/src/lib/stores/status.ts

@@ -0,0 +1,8 @@
+import { status as getStatus, type Status } from '@cryptgeon/shared'
+import { writable } from 'svelte/store'
+
+export const status = writable<null | Status>(null)
+
+export async function init() {
+	status.set(await getStatus())
+}

packages/frontend/src/lib/ui/AdvancedParameters.svelte

@@ -1,10 +1,10 @@
 <script lang="ts">
 	import { t } from 'svelte-intl-precompile'
 
-	import type { Note } from '$lib/api'
 	import { status } from '$lib/stores/status'
 	import Switch from '$lib/ui/Switch.svelte'
 	import TextInput from '$lib/ui/TextInput.svelte'
+	import type { Note } from '@cryptgeon/shared'
 
 	export let note: Note
 	export let timeExpiration = false
@@ -18,8 +18,9 @@
 		bind:value={note.views}
 		disabled={timeExpiration}
 		max={$status?.max_views}
+		min={1}
 		validate={(v) =>
-			($status && v < $status?.max_views) ||
+			($status && v <= $status?.max_views && v > 0) ||
 			$t('home.errors.max', { values: { n: $status?.max_views ?? 0 } })}
 	/>
 	<div class="middle-switch">

packages/frontend/src/lib/ui/Canvas.svelte

@@ -0,0 +1,42 @@
+<script lang="ts">
+	// @ts-ignore
+	import QR from 'qrious'
+	import { t } from 'svelte-intl-precompile'
+
+	import { getCSSVariable } from '$lib/utils'
+
+	export let value: string
+
+	let canvas: HTMLCanvasElement
+
+	$: {
+		new QR({
+			value,
+			level: 'Q',
+			size: 800,
+			background: getCSSVariable('--ui-bg-0'),
+			foreground: getCSSVariable('--ui-text-0'),
+			element: canvas,
+		})
+	}
+</script>
+
+<small>{$t('common.qr_code')}</small>
+<div>
+	<canvas bind:this={canvas} />
+</div>
+
+<style>
+	div {
+		padding: 0.5rem;
+		width: fit-content;
+		border: 2px solid var(--ui-bg-1);
+		background-color: var(--ui-bg-0);
+		margin-top: 0.125rem;
+	}
+
+	canvas {
+		width: 100%;
+		height: auto;
+	}
+</style>

packages/frontend/src/lib/ui/FileUpload.svelte

@@ -1,9 +1,9 @@
 <script lang="ts">
 	import { t } from 'svelte-intl-precompile'
 
-	import type { FileDTO } from '$lib/api'
 	import Button from '$lib/ui/Button.svelte'
 	import MaxSize from '$lib/ui/MaxSize.svelte'
+	import type { FileDTO } from '@cryptgeon/shared'
 
 	export let label: string = ''
 	export let files: FileDTO[] = []

packages/frontend/src/lib/ui/NoteResult.svelte

@@ -10,9 +10,12 @@
 
 	import Button from '$lib/ui/Button.svelte'
 	import TextInput from '$lib/ui/TextInput.svelte'
+	import Canvas from './Canvas.svelte'
 
 	export let result: NoteResult
 
+	$: url = `${window.location.origin}/note/${result.id}#${result.password}`
+
 	function reset() {
 		window.location.reload()
 	}
@@ -22,11 +25,15 @@
 	type="text"
 	readonly
 	label={$t('common.share_link')}
-	value="{window.location.origin}/note/{result.id}#{result.password}"
+	value={url}
 	copy
 	data-testid="share-link"
 />
-<br />
+
+<div>
+	<Canvas value={url} />
+</div>
+
 <p>
 	{@html $t('home.new_note_notice')}
 </p>
@@ -34,4 +41,9 @@
 <Button on:click={reset}>{$t('home.new_note')}</Button>
 
 <style>
+	div {
+		width: min(12rem, 100%);
+		margin-top: 1rem;
+		margin-bottom: 1rem;
+	}
 </style>

packages/frontend/src/lib/ui/ShowNote.svelte

@@ -8,9 +8,9 @@
 	import prettyBytes from 'pretty-bytes'
 	import { t } from 'svelte-intl-precompile'
 
-	import type { FileDTO, NotePublic } from '$lib/api'
 	import Button from '$lib/ui/Button.svelte'
 	import { copy } from '$lib/utils'
+	import type { FileDTO, NotePublic } from '@cryptgeon/shared'
 
 	export let note: DecryptedNote
 
@@ -53,7 +53,9 @@
 	{:else}
 		{#each files as file}
 			<div class="note file">
-				<b on:click={() => downloadFile(file)}>↓ {file.name}</b>
+				<button on:click={() => downloadFile(file)}>
+					<b>↓ {file.name}</b>
+				</button>
 				<small> {file.type} － {prettyBytes(file.size)}</small>
 			</div>
 		{/each}

packages/frontend/src/lib/ui/TextInput.svelte

@@ -1,7 +1,7 @@
 <script lang="ts">
-	import { Crypto, Hex } from '$lib/crypto'
 	import Icon from '$lib/ui/Icon.svelte'
 	import { copy as copyFN } from '$lib/utils'
+	import { getRandomBytes, Hex } from 'occulto'
 
 	export let label: string = ''
 	export let value: any
@@ -23,8 +23,9 @@
 	function toggle() {
 		hidden = !hidden
 	}
-	function randomFN() {
-		value = Hex.encode(Crypto.getRandomBytes(20))
+
+	async function randomFN() {
+		value = Hex.encode(await getRandomBytes(32))
 	}
 </script>
 

packages/frontend/src/lib/ui/ThemeToggle.svelte

@@ -40,19 +40,19 @@
 	}
 </script>
 
-<div on:click={change}>
+<button on:click={change}>
 	<Icon class="icon" icon="contrast" />
 	{$theme}
-</div>
+</button>
 
 <style>
-	div :global(.icon) {
+	button :global(.icon) {
 		height: 1rem;
 		width: 1rem;
 		margin-right: 0.5rem;
 	}
 
-	div {
+	button {
 		display: flex;
 		flex-direction: row;
 		justify-content: flex-end;

packages/frontend/src/lib/utils.ts

@@ -9,3 +9,8 @@ export function copy(value: string) {
 	const msg = get(t)('common.copied_to_clipboard')
 	notify.success(msg)
 }
+
+export function getCSSVariable(variable: string): string {
+	if (typeof window === 'undefined') return ''
+	return window.getComputedStyle(window.document.body).getPropertyValue(variable)
+}

packages/frontend/src/lib/views/Create.svelte

@@ -1,11 +1,8 @@
 <script lang="ts">
+	import { AES, Hex } from 'occulto'
 	import { t } from 'svelte-intl-precompile'
 	import { blur } from 'svelte/transition'
 
-	import { Adapters } from '$lib/adapters'
-	import type { FileDTO, Note } from '$lib/api'
-	import { create, PayloadToLargeError } from '$lib/api'
-	import { Crypto, Hex } from '$lib/crypto'
 	import { status } from '$lib/stores/status'
 	import { notify } from '$lib/toast'
 	import AdvancedParameters from '$lib/ui/AdvancedParameters.svelte'
@@ -16,6 +13,8 @@
 	import Result, { type NoteResult } from '$lib/ui/NoteResult.svelte'
 	import Switch from '$lib/ui/Switch.svelte'
 	import TextArea from '$lib/ui/TextArea.svelte'
+	import type { FileDTO, Note } from '@cryptgeon/shared'
+	import { Adapters, create, PayloadToLargeError } from '@cryptgeon/shared'
 
 	let note: Note = {
 		contents: '',
@@ -58,8 +57,8 @@
 		try {
 			loading = $t('common.encrypting')
 
-			const password = Hex.encode(Crypto.getRandomBytes(32))
-			const key = await Crypto.getKeyFromString(password)
+			const key = await AES.generateKey()
+			const password = Hex.encode(key)
 
 			const data: Note = {
 				contents: '',

packages/frontend/src/lib/views/Footer.svelte

@@ -7,7 +7,9 @@
 	<nav>
 		<a href="/">/home</a>
 		<a href="/about">/about</a>
-		<a href="https://github.com/cupcakearmy/cryptgeon" target="_blank" rel="noopener">/code</a>
+		<a href="https://github.com/cupcakearmy/cryptgeon" target="_blank" rel="noopener noreferrer">
+			code
+		</a>
 	</nav>
 </footer>
 

packages/frontend/src/routes/+layout.svelte

@@ -1,18 +1,11 @@
-<script lang="ts" context="module">
-	import { getLocaleFromNavigator, init, waitLocale } from 'svelte-intl-precompile'
-	// @ts-ignore
-	import { registerAll } from '$locales'
-	registerAll()
-	init({ initialLocale: getLocaleFromNavigator() ?? undefined, fallbackLocale: 'en' })
-</script>
-
 <script lang="ts">
 	import { SvelteToast } from '@zerodevx/svelte-toast'
 	import { onMount } from 'svelte'
+	import { waitLocale } from 'svelte-intl-precompile'
 
 	import '../app.css'
 
-	import { init as initStores } from '$lib/stores/status'
+	import { init as initStores, status } from '$lib/stores/status'
 	import Footer from '$lib/views/Footer.svelte'
 	import Header from '$lib/views/Header.svelte'
 
@@ -22,7 +15,8 @@
 </script>
 
 <svelte:head>
-	<title>cryptgeon</title>
+	<title>{$status?.theme_page_title || 'cryptgeon'}</title>
+	<link rel="icon" href={$status?.theme_favicon || '/favicon.png'} />
 </svelte:head>
 
 {#await waitLocale() then _}

packages/frontend/src/routes/+layout.ts

@@ -0,0 +1,5 @@
+import { getLocaleFromNavigator, init } from 'svelte-intl-precompile'
+// @ts-ignore
+import { registerAll } from '$locales'
+registerAll()
+init({ initialLocale: getLocaleFromNavigator() ?? undefined, fallbackLocale: 'en' })

packages/frontend/src/routes/about/+page.svelte

@@ -1,10 +1,6 @@
-<script context="module">
-	import { browser, dev } from '$app/env'
+<script lang="ts">
 	import { status } from '$lib/stores/status'
 	import AboutParagraph from '$lib/ui/AboutParagraph.svelte'
-
-	export const hydrate = dev
-	export const router = browser
 </script>
 
 <svelte:head>
@@ -43,7 +39,7 @@
 			the backend is written in rust and the frontend is svelte and typescript.
 			<br />
 			you are welcomed to check & audit the
-			<a href="https://github.com/cupcakearmy/cryptgeon" target="_blank" rel="noopener">
+			<a href="https://github.com/cupcakearmy/cryptgeon" target="_blank" rel="noopener noreferrer">
 				source code
 			</a>.
 		</span>
@@ -51,9 +47,12 @@
 
 	<AboutParagraph title="translations">
 		<span
-			>translations are managed on <a href="https://lokalise.com/" target="_blank">Lokalise</a>,
-			which granted an open source license to use the paid version. If you are interested in helping
-			translating don't hesitate to contact me!
+			>translations are managed on <a
+				href="https://lokalise.com/"
+				target="_blank"
+				rel="noopener noreferrer">Lokalise</a
+			>, which granted an open source license to use the paid version. If you are interested in
+			helping translating don't hesitate to contact me!
 		</span>
 	</AboutParagraph>
 

packages/frontend/src/routes/note/[id]/+page.svelte

@@ -1,26 +1,17 @@
-<script context="module" lang="ts">
-	import type { Load } from '@sveltejs/kit'
-
-	export const load: Load = async ({ params }) => {
-		return {
-			props: params,
-		}
-	}
-</script>
-
 <script lang="ts">
+	import { Hex } from 'occulto'
 	import { onMount } from 'svelte'
 	import { t } from 'svelte-intl-precompile'
 
-	import { Adapters } from '$lib/adapters'
-	import { get, info } from '$lib/api'
-	import { Crypto } from '$lib/crypto'
 	import Button from '$lib/ui/Button.svelte'
 	import Loader from '$lib/ui/Loader.svelte'
 	import ShowNote, { type DecryptedNote } from '$lib/ui/ShowNote.svelte'
+	import { Adapters, get, info } from '@cryptgeon/shared'
+	import type { PageData } from './$types'
 
-	export let id: string
+	export let data: PageData
 
+	let id = data.id
 	let password: string
 	let note: DecryptedNote | null = null
 	let exists = false
@@ -51,7 +42,7 @@
 			loading = $t('common.downloading')
 			const data = await get(id)
 			loading = $t('common.decrypting')
-			const key = await Crypto.getKeyFromString(password)
+			const key = Hex.decode(password)
 			switch (data.meta.type) {
 				case 'text':
 					note = {

packages/frontend/src/routes/note/[id]/+page.ts

@@ -0,0 +1,5 @@
+import type { PageLoad } from './$types'
+
+export const load: PageLoad = async ({ params }) => {
+	return params
+}