Skip to content

Commit

Permalink
Added option for internal pathing
Browse files Browse the repository at this point in the history
  • Loading branch information
Andrej Onufrak committed Apr 4, 2024
1 parent 0045b43 commit a538465
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 11 deletions.
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ Deploy the app in a Docker Compose stack with (non-persistent) **Redis** and (re

Once deployed, open the app, input the data, stash it and share the generated **Safe** link as needed.

Optionally, limit access to an internal route with the help of NGINX allow and deny configuration.

## Security 101

Limit secret information view count and lifetime as much as possible.
Expand Down
29 changes: 20 additions & 9 deletions gui_landing.html
Original file line number Diff line number Diff line change
Expand Up @@ -193,6 +193,7 @@
color: var(--button-text-color);
padding: 10px;
border: none;
width: 100%;
border-radius: var(--input-border-radius);
cursor: pointer;
display: flex;
Expand Down Expand Up @@ -316,8 +317,6 @@
let selectedLifetimeOption;

function createOptions() {
const submitButtonElement = document.getElementById("submit");

const viewsDropdownElement = document.getElementById("viewsDropdown");
const lifetimeDropdownElement = document.getElementById("lifetimeDropdown");

Expand Down Expand Up @@ -409,7 +408,7 @@
document.activeElement.blur();
}

async function buttonPress() {
async function buttonPress(internal) {
if (document.getElementById("secret").value === "") {
return;
}
Expand All @@ -428,6 +427,7 @@
"Content-Type": "application/json",
},
body: JSON.stringify({
internal,
secret: document.getElementById("secret").value,
requestLimit: selectedViewsOption.innerText,
timeLimitInMinutes: lifetimeOptions.find((el) => el.label === selectedLifetimeOption.innerText).value
Expand All @@ -439,7 +439,9 @@

document.getElementById("secret").value = "";
document.getElementById("secret").dispatchEvent(new Event("input"))
document.getElementById("submit").classList.add("disabled");
for (submitButton of document.getElementsByTagName("button")) {
submitButton.classList.add("disabled");
}
document.getElementById("link").classList.add("visible");
document.querySelector("code").innerText = `${baseUrl}/${secretID}`;

Expand All @@ -448,12 +450,16 @@

function attachEventListeners() {
createOptions();
const submitButton = document.getElementById("submit");
const submitButtons = document.getElementsByTagName("button");
document.getElementById("secret").addEventListener("input", (event) => {
if (event.target.value !== "") {
submitButton.classList.remove("disabled");
for (submitButton of submitButtons) {
submitButton.classList.remove("disabled");
}
} else {
submitButton.classList.add("disabled");
for (submitButton of submitButtons) {
submitButton.classList.add("disabled");
}
}
});
}
Expand Down Expand Up @@ -540,9 +546,14 @@
<ul id="lifetimeDropdown" class="dropdown"></ul>
</div>
</div>
<button type="button" id="submit" class="disabled" onclick="buttonPress()">
Stash into the Safe
<div class="form-group">
<button type="button" id="submit-company" class="disabled" onclick="buttonPress(true)">
Stash into the Company Safe
</button>
<button type="button" id="submit-client" class="disabled" onclick="buttonPress(false)">
Stash into the Client Safe
</button>
</div>
<p>Limit view count and lifetime as much as possible. Try not to share sets of secrets, or unnecessarily note their purpose. Share the generated links only through secure channels. Stay Safe.</p>
</div>
<div id="link">
Expand Down
5 changes: 3 additions & 2 deletions index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,10 @@ export default {
}

if (method === 'POST' && body) {
const { secret, requestLimit, timeLimitInMinutes } = await Bun.readableStreamToJSON(body)
const { internal, secret, requestLimit, timeLimitInMinutes } = await Bun.readableStreamToJSON(body)

const secretID = crypto.randomUUID()
const internalPath = process.env.INTERNAL_PATH || 'internal'
const secretID = `${internal ? internalPath + '/' : ''}${crypto.randomUUID()}`

await redis.set(`${secretID}-value`, secret, 'EX', timeLimitInMinutes * 60)
await redis.set(`${secretID}-requests`, requestLimit, 'EX', timeLimitInMinutes * 60)
Expand Down

0 comments on commit a538465

Please sign in to comment.