diff --git a/README.md b/README.md index a50d698..fa71dc3 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,8 @@ Deploy the app in a Docker Compose stack with (non-persistent) **Redis** and (re Once deployed, open the app, input the data, stash it and share the generated **Safe** link as needed. +Optionally, limit access to an internal route with the help of NGINX allow and deny configuration. + ## Security 101 Limit secret information view count and lifetime as much as possible. diff --git a/gui_landing.html b/gui_landing.html index 61f9ee8..537932c 100644 --- a/gui_landing.html +++ b/gui_landing.html @@ -193,6 +193,7 @@ color: var(--button-text-color); padding: 10px; border: none; + width: 100%; border-radius: var(--input-border-radius); cursor: pointer; display: flex; @@ -316,8 +317,6 @@ let selectedLifetimeOption; function createOptions() { - const submitButtonElement = document.getElementById("submit"); - const viewsDropdownElement = document.getElementById("viewsDropdown"); const lifetimeDropdownElement = document.getElementById("lifetimeDropdown"); @@ -409,7 +408,7 @@ document.activeElement.blur(); } - async function buttonPress() { + async function buttonPress(internal) { if (document.getElementById("secret").value === "") { return; } @@ -428,6 +427,7 @@ "Content-Type": "application/json", }, body: JSON.stringify({ + internal, secret: document.getElementById("secret").value, requestLimit: selectedViewsOption.innerText, timeLimitInMinutes: lifetimeOptions.find((el) => el.label === selectedLifetimeOption.innerText).value @@ -439,7 +439,9 @@ document.getElementById("secret").value = ""; document.getElementById("secret").dispatchEvent(new Event("input")) - document.getElementById("submit").classList.add("disabled"); + for (submitButton of document.getElementsByTagName("button")) { + submitButton.classList.add("disabled"); + } document.getElementById("link").classList.add("visible"); document.querySelector("code").innerText = `${baseUrl}/${secretID}`; @@ -448,12 +450,16 @@ function attachEventListeners() { createOptions(); - const submitButton = document.getElementById("submit"); + const submitButtons = document.getElementsByTagName("button"); document.getElementById("secret").addEventListener("input", (event) => { if (event.target.value !== "") { - submitButton.classList.remove("disabled"); + for (submitButton of submitButtons) { + submitButton.classList.remove("disabled"); + } } else { - submitButton.classList.add("disabled"); + for (submitButton of submitButtons) { + submitButton.classList.add("disabled"); + } } }); } @@ -540,9 +546,14 @@