/ctrlv.space

Encrypted paste service.

Primary LanguageHTMLGNU General Public License v3.0GPL-3.0

Ctrl + V Space

Docker

Encrypted paste service. Encryption (AES256 GCM using Stanford Javascript Crypto Library) only happens on the client-side and the password is never sent to the server.

The paste creation process:

  • Save button triggers save() function in index.html.
  • Validation checks, generate random password and encrypt text box content.
  • If self-destruct 'once read' option is enabled, generate random token and encrypt with password.
  • POST /api/v1/create with:
    • Encrypted text box content, if self-destruct is disabled.
    • Encrypted text box content + token & encrypted token, if self-destruct 'once read' option is enabled.
    • Encrypted text box content + self-destruct option (e.g. 1h), if self-destruct timing option is enabled.
  • Backend saves things in S3 and returns a key. We now construct the sharing URL:
    • https://ctrlv.space/*key*#*password* where:
      • key: used to retrieve the encrypted content from the server.
      • password: used to decrypt the content. Password is never sent to the server as it resides after the # fragment.

The paste viewing process:

  • We open the link and GET /key. Backend checks if key exists in DB (return 404 if not), pre-fill encrypted content in paste.html template. If encrypted token exists in DB for the key (self-destruct 'once read' option was enabled), pre-fill encrypted token as well.
  • On the client-side, get the password from the # fragment in the URL.
  • Decrypt encrypted content and encrypted token (if self-destruct 'once read' option was enabled) using the password.
  • If successfully decrypted, show the content in the text box.
  • If self-destruct 'once read' option was enabled and the token was decrypted successfully, POST /api/v1/destruct with the key and the decrypted token. Backend will delete the paste if the token matches the one generated by the creator. Paste will not self-destruct if the password is wrong; it will only do so once someone has successfully decrypted and read the content.

Env vars

S3_BUCKET - the name of the S3 bucket where to store the files (make sure to configure AWS SDK for proper authentication)
SELF_DESTRUCT_MANDATORY - defaults to false (If set, will disable the 'Self-destruct' checkbox so it's always ticked)
MAX_LENGTH - defaults to 5000 (Maximum number of characters allowed in the text box)
GOOGLE_ANALYTICS_ID - defaults to ""

Run

Using Docker:

  • Run the app: docker run -d -p 80:5000 -e S3_BUCKET="my_beautiful_bucket" ghcr.io/adrianchifor/ctrlv.space:latest

Using dokku:

  • Create ctrlv app on dokku
  • Create a S3 bucket
  • Set the rest of the env vars on dokku: dokku config:set ctrlv <ENV>=<VALUE>
  • Set the dokku remote in the git repo: git remote add dokku dokku@example.com:ctrlv
  • Deploy: git push dokku master

License

Copyright © 2020 Adrian Chifor; 2021 Tomás Pinho

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.