From a538465950fd79f75f255eb8397336fa0a326c98 Mon Sep 17 00:00:00 2001 From: Andrej Onufrak Date: Thu, 4 Apr 2024 10:17:41 +0200 Subject: [PATCH] Added option for internal pathing --- README.md | 2 ++ gui_landing.html | 29 ++++++++++++++++++++--------- index.ts | 5 +++-- 3 files changed, 25 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index a50d698..fa71dc3 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,8 @@ Deploy the app in a Docker Compose stack with (non-persistent) **Redis** and (re Once deployed, open the app, input the data, stash it and share the generated **Safe** link as needed. +Optionally, limit access to an internal route with the help of NGINX allow and deny configuration. + ## Security 101 Limit secret information view count and lifetime as much as possible. diff --git a/gui_landing.html b/gui_landing.html index 61f9ee8..537932c 100644 --- a/gui_landing.html +++ b/gui_landing.html @@ -193,6 +193,7 @@ color: var(--button-text-color); padding: 10px; border: none; + width: 100%; border-radius: var(--input-border-radius); cursor: pointer; display: flex; @@ -316,8 +317,6 @@ let selectedLifetimeOption; function createOptions() { - const submitButtonElement = document.getElementById("submit"); - const viewsDropdownElement = document.getElementById("viewsDropdown"); const lifetimeDropdownElement = document.getElementById("lifetimeDropdown"); @@ -409,7 +408,7 @@ document.activeElement.blur(); } - async function buttonPress() { + async function buttonPress(internal) { if (document.getElementById("secret").value === "") { return; } @@ -428,6 +427,7 @@ "Content-Type": "application/json", }, body: JSON.stringify({ + internal, secret: document.getElementById("secret").value, requestLimit: selectedViewsOption.innerText, timeLimitInMinutes: lifetimeOptions.find((el) => el.label === selectedLifetimeOption.innerText).value @@ -439,7 +439,9 @@ document.getElementById("secret").value = ""; document.getElementById("secret").dispatchEvent(new Event("input")) - document.getElementById("submit").classList.add("disabled"); + for (submitButton of document.getElementsByTagName("button")) { + submitButton.classList.add("disabled"); + } document.getElementById("link").classList.add("visible"); document.querySelector("code").innerText = `${baseUrl}/${secretID}`; @@ -448,12 +450,16 @@ function attachEventListeners() { createOptions(); - const submitButton = document.getElementById("submit"); + const submitButtons = document.getElementsByTagName("button"); document.getElementById("secret").addEventListener("input", (event) => { if (event.target.value !== "") { - submitButton.classList.remove("disabled"); + for (submitButton of submitButtons) { + submitButton.classList.remove("disabled"); + } } else { - submitButton.classList.add("disabled"); + for (submitButton of submitButtons) { + submitButton.classList.add("disabled"); + } } }); } @@ -540,9 +546,14 @@ - + +

Limit view count and lifetime as much as possible. Try not to share sets of secrets, or unnecessarily note their purpose. Share the generated links only through secure channels. Stay Safe.