/coquelicot

Fork of Coquelicot - "one-click" file sharing web application with a focus on users' privacy

Primary LanguageRubyGNU Affero General Public License v3.0AGPL-3.0

About “Coquelicot”
==================

[Coquelicot] — /kɔ.kli.ko/ —  is a "one-click" file sharing web application
with a focus on protecting users' privacy.

Basic principle: users can upload a file to the server, in return they
get a unique URL which can be shared with others in order to download
the file.

Coquelicot aims to protect, to some extent, users and system
administrators from disclosure of the files exchanged from passive and
not so active attackers.

[Coquelicot]: https://coquelicot.potager.org/

Features
--------

 * Support for different authentication methods

   In order to prevent random Internet users to eat bandwidth and
   disk space, Coquelicot limits upload to authenticated users.
   It currently ships with three authentication mechanisms:

    - "simplepass": uploading users need to provide a global,
      pre-shared, password;
    - "userpass": users will need to provide a login and a
      pre-shared password stored in a local configuration file;
    - "imap": users will need to provide a login and a password,
      that are used to authenticate against an existing IMAP server.
    - "ldap": users will need to provide a uid and a password,
      that are used to authenticate against an existing LDAP server.

   It is possible to integrate more authentication mechanisms by
   implementing a single method, some JavaScript, and a partial template
   to render the common fields. For more information have a look at the
   notes below.

 * Mandatory expiration

   When uploading, a time limit has to be specified. The file will be
   unavailable once this much time has passed.

   During a configurable period of time, trying to download the file
   will return a page saying "too late" instead of "not found".

 * Support for one-time download

   A user might want to allow exactly _one_ download of a file, to more
   closely replace an email attachment. The file will be removed after
   the first complete download and concurrent downloads are prevented.

 * Upload progress bar

   Users having JavaScript enabled will see a nice progress bar during
   the file upload.

 * Downgrade nicely

   The application works fine without JavaScript or CSS.

 * Download URL can be written on paper

   URLs generated to download files uses the Base32 character set. This
   set is specifically designed to overcome misread of 'l', '1', '0' and
   'O' characters. Coquelicot will automatically convert case and
   ambiguous characters to facilitate URL exchanges using pieces of
   paper.

 * Files are stored encrypted on the server

   While being uploaded, files are written to the disk using symmetric
   encryption. The encryption key is _not_ stored directly by
   Coquelicot. It is either generated randomly and given as part of the
   download URL, or specified by the uploader.

 * Download can be protected by a password

   When uploading, a password can be specified which will then be used
   to encrypt the file. For subsequent downloads, the password
   must be entered through in a POST'ed form. This prevents the password
   from appearing in most server logs.

 * Files are stored with a random name

   To prevent disclosure of the shared file name, it is stored encrypted
   together with the file content. On the server, this encrypted file is
   stored with a random name.

 * Download URLs do not reflect stored file names

   The random names given in download URLs do not map directly to file
   names on the server. This prevent server logs from giving a direct
   mapping to the shared files. This creates another difficulty to
   link users to files through forensic techniques.

 * File content is zero'ed before removal

   When a file has expired, it is removed from the server. In order
   to make it harder to retrieve its content through filesystem
   analysis, it is filled with zeros first.

Reporting bugs
--------------

Please report bugs or suggest new features on the users and developers [mailing
list].

[mailing list]: https://listes.potager.org/listinfo/coquelicot

Authors
-------

    Coquelicot © 2010-2016 potager.org <jardiniers@potager.org>
               © 2014-2016 Rowan Thorpe <rowan@rowanthorpe.com>
               © 2010-2012 Jake Santee <jake@nadir.org>
               © 2012 Silvio Rhatto <rhatto@riseup.net>
               © 2011 mh / immerda.ch  <mh+coquelicot@immerda.ch>

Coquelicot is distributed under the [GNU Affero General Public License]
version 3 or (at your option) any later version.

Background image (`public/images/background.jpg`) derived from:  
[“coquelicot” picture] © 2008 Jean-Louis Zimmermann  
Licensed under [Creative Commons Attributions 2.0 Generic]  

*jQuery* is © 2011 John Resig. Licensed under the [MIT license].  
*jquery.uploadProgress* is © 2008 Piotr Sarnacki. Licensed under the
[MIT license].  
*lightboxFu* is © 2008 Piotr Sarnacki. Licensed under the [MIT license].

[“coquelicot” picture]: https://secure.flickr.com/photos/jeanlouis_zimmermann/2478019744/
[GNU Affero General Public License]: http://www.gnu.org/licenses/agpl.txt
[Creative Commons Attributions 2.0 Generic]: https://creativecommons.org/licenses/by/2.0/deed
[MIT license]: http://www.opensource.org/licenses/mit-license.php