Nicco
a5d98b76bd
* locale from lokalise * version bump * update dependencies * show size with overhead * use base64 instead of hex and refactor a bit * changelog & readme * size limit * locale * add sync for svelte * refarcor create & add loading animation * changelog |
||
|---|---|---|
| .github | ||
| .vscode | ||
| backend | ||
| design | ||
| examples | ||
| frontend | ||
| .dockerignore | ||
| .gitattributes | ||
| .gitignore | ||
| CHANGELOG.md | ||
| docker-compose.yml | ||
| Dockerfile | ||
| LICENSE | ||
| package.json | ||
| pnpm-lock.yaml | ||
| proxy.mjs | ||
| README_zh-CN.md | ||
| README.md | ||
EN | 简体中文
About?
cryptgeon is a secure, open source sharing note or file service inspired by PrivNote
🌍 If you want to translate the project feel free to reach out to me.
Thanks to Lokalise for providing free access to their platform.
Demo
Check out the demo and see for yourself https://cryptgeon.nicco.io.
Features
- server cannot decrypt contents due to client side encryption
- view or time constraints
- in memory, no persistence
- obligatory dark mode support
How does it work?
each note has a generated id (256bit) and key 256(bit). The
id
is used to save & retrieve the note. the note is then encrypted with aes in gcm mode on the
client side with the key and then sent to the server. data is stored in memory and
never persisted to disk. the server never sees the encryption key and cannot decrypt the contents
of the notes even if it tried to.
Screenshot
Environment Variables
| Variable | Default | Description |
|---|---|---|
REDIS |
redis://redis/ |
Redis URL to connect to. |
SIZE_LIMIT |
1 KiB |
Max size for body. Accepted values according to byte-unit. 512 MiB is the maximum allowed. The frontend will show that number including the ~35% encoding overhead. |
MAX_VIEWS |
100 |
Maximal number of views. |
MAX_EXPIRATION |
360 |
Maximal expiration in minutes. |
ALLOW_ADVANCED |
true |
Allow custom configuration. If set to false all notes will be one view only. |
THEME_IMAGE |
"" |
Custom image for replacing the logo. Must be publicly reachable |
THEME_TEXT |
"" |
Custom text for replacing the description below the logo |
Deployment
ℹ️ https is required otherwise browsers will not support the cryptographic functions.
Docker
Docker is the easiest way. There is the official image here.
# docker-compose.yml
version: '3.8'
services:
redis:
image: redis:7-alpine
app:
image: cupcakearmy/cryptgeon:latest
depends_on:
- redis
environment:
SIZE_LIMIT: 4 MiB
ports:
- 80:5000
NGINX Proxy
See the examples/nginx folder. There an example with a simple proxy, and one with https. You need to specify the server names and certificates.
Traefik 2
Assumptions:
- External proxy docker network
proxy - A certificate resolver
le - A https entrypoint
secure - Domain name
example.org
version: '3.8'
networks:
proxy:
external: true
services:
redis:
image: redis:7-alpine
restart: unless-stopped
app:
image: cupcakearmy/cryptgeon:latest
restart: unless-stopped
depends_on:
- redis
networks:
- default
- proxy
labels:
- traefik.enable=true
- traefik.http.routers.cryptgeon.rule=Host(`example.org`)
- traefik.http.routers.cryptgeon.entrypoints=secure
- traefik.http.routers.cryptgeon.tls.certresolver=le
Development
Requirements
pnpm:>=6node:>=16rust: edition2021
Install
pnpm install
pnpm --prefix frontend install
# Also you need cargo watch if you don't already have it installed.
# https://lib.rs/crates/cargo-watch
cargo install cargo-watch
Run
Make sure you have docker running.
If you are on
macOSyou might need to disable AirPlay Receiver as it uses port 5000 (So stupid...) https://developer.apple.com/forums/thread/682332
pnpm run dev
Running pnpm run dev in the root folder will start the following things:
- redis docker container
- rust backend
- client
You can see the app under localhost:1234.
Attributions
Icons made by freepik from www.flaticon.com