|
1 | | -# TempFiles |
2 | | -**Upload files securely over the internet for a set amount of time.** |
| 1 | +# TempFiles Frontend |
| 2 | +**Share files securely over the internet for a day.** |
3 | 3 |
|
4 | 4 | ## Why? |
| 5 | + |
5 | 6 | I, [@Carlgo11](https://github.com/Carlgo11/), have for a long time been very interested in information security and encryption. |
6 | 7 | Back in 2014 I set up a site called [UploadMe](https://github.com/Carlgo11/UploadMe). |
| 8 | + |
7 | 9 | The main goal of the site was to help people securely share files with their friends without the NSA or any other spying eyes seeing the information. |
8 | | -The concept was to store the files with the same level of safety. Whether it was cat pictures or state secrets didn't matter. |
| 10 | +The concept was to store the files with the same level of safety regardless of whether it was cat pictures or state secrets. |
9 | 11 |
|
10 | 12 | Due to the lack of resources I had to stop hosting UploadMe. |
11 | 13 | I however never stopped thinking about the idea. TempFiles is a remastered version of UploadMe. |
12 | | -Now with updated encryption methods and storage principles. |
13 | | - |
14 | | -## How? |
15 | | -When a file is uploaded to TempFiles it is sent over HTTPS(TLS) to the server where it is encrypted using `AES-256-GCM` and then stored either in a JSON-file on the filesystem or as a blob in a MySQL database. |
16 | | - |
17 | | -The encrypted metadata is stored separately to the file content in an array. The array looks like this: |
18 | | - |
19 | | -File Name | File Size | File Type | Deletion Password |
20 | | - -------- | --------- | --------- | ----------------- |
21 | | - meme.gif | 18 Kb | Image/Gif | jpNUeOBfvFRCr9zowyPhbX |
22 | | - |
23 | | -The file is also given a unique ID using the uniqid() function of PHP. |
24 | | -All Unique IDs start with a `D`. This is to make it easier to debug when something doesn't work. |
25 | | - |
26 | | -A cronjob is run every hour to delete files older than 24 hours. |
27 | | - |
28 | | -## What is in the database? :mag: |
29 | | -I will in this part of the text go through every part collected in the database. |
30 | | -Please see the above mentioned image for reference. |
31 | | - |
32 | | -* **id** - This is the Unique ID of the uploaded file. This data is stored in plain text as the server needs to grab the specific row without having to try and decrypt every single file stored in the database. |
| 14 | +Now with updated encryption methods, improved storage mechanisms and better resource management resulting in a lower hosting bill. |
33 | 15 |
|
34 | | -* **iv** - IV stands for Initialization Vector and is used by the encryption algorithm AES CBC. It's basically randomness collected from the server in order to keep the files safer from bruteforce decryption. |
35 | | -This data is stored in base64 encoded plain text as it needs to be readable in order for the actual decryption to work. |
36 | | - |
37 | | -* **metadata** - Metadata is everything around the file that needs to be stored. This includes the name of the file, size and what type the file is (image, video, text file etc.). |
38 | | -This data is stored in base64 encoded AES 256 GCM. |
39 | | - |
40 | | -* **content** - Content is what's in the actual file. For efficiency purposes it's stored as a "blob" in the database. |
41 | | -This data is stored in base64 encoded AES 256 GCM. |
42 | | - |
43 | | -* **time** - The is the time and date of when the file was uploaded to the system. Every hour the database is crawled and if a file is older than 24 hours it is deleted. |
44 | | -This data is stored in plain text as it needs to be readable by the crawler in order to be deleted. |
45 | | - |
46 | | -## API calls :mega: |
47 | | -If you'd rather use your own program to upload files to TempFiles that's fine. |
48 | | -A list of available API calls can be found at [Postman](https://documenter.getpostman.com/view/TzK2bEsi). |
| 16 | +## Installation |
49 | 17 |
|
50 | | -## Why not use... |
51 | | -* **Public key encryption**: While this is a nice way of encrypting things I couldn't find an easy implementation of public key encryption that at the same time was easy to use for the users. |
| 18 | +The following text describes how to install the static website (Frontend). |
| 19 | +For instructions on how to install the Backend service responsible for the encryption and storage of uploaded files, see [tempfiles-download/Backend](https://github.com/tempfiles-download/Backend). |
52 | 20 |
|
53 | | -## Current Weaknesses |
54 | | -1. **Lack of client side encryption**: Files uploaded to TempFiles is currently sent in an unencrypted form over TLS _(Yes this is encryption but it's decrypted as the packages arrive at the web server)_ to the server. This means that the users don't have any way to make sure the host really encrypts their data. |
| 21 | +### JAMstack CDN _(GitHub Pages / Cloudflare Pages)_ |
55 | 22 |
|
56 | | -2. **Lack of _better_ encryption algorithms**: While AES 256 still is more than good enough for most activities, sometimes people seek safer encryption algorithms. While this will be fixed in the future, current users can choose to encrypt their files before sending them to TempFiles if they seek stronger encryption algorithms. |
| 23 | +TempFiles Frontend is primarily built to be hosted on CDNs as a static website. |
| 24 | +It's therefore trivial to use GitHub Pages to host the website for free: |
57 | 25 |
|
58 | | -## Installation |
| 26 | +1. Fork this repository. |
| 27 | +1. Edit the URLs in [_config.yml](_config.yml) to reflect your Backend server's address. |
| 28 | +1. Select `master` as source branch and `/ (root)` as source path on __Settings__ > __Pages__ |
| 29 | +1. (Optionally) Create a `CNAME` file with your desired domain name and point your domain to `<username>.github.io`. |
59 | 30 |
|
60 | 31 | ### Docker |
61 | 32 |
|
62 | 33 | To run the frontend site for your own TempFiles instance using Docker, do the following: |
63 | 34 |
|
64 | | -1. Download this repository. |
65 | | -2. Edit the URIs in [upload.js](js/upload.js), [download.js](js/download.js), [delete.js](js/delete.js) to reflect your backend server's address. |
66 | | -3. (Optionally) change the repository value in [_config.yml](_config.yml). |
67 | | -4. Open docker-compose.yml and forward port `4000` to your desired outgoing port. |
68 | | -5. Run `docker-compose up -d` |
69 | | -6. The frontend should now be reachable on the outgoing port you selected in step 4. A reverse proxy is recommended for TLS. |
| 35 | +1. Download `docker-composer.json` and `_config.yml`. |
| 36 | +1. Edit the URLs in [_config.yml](_config.yml) to reflect your backend server's address. |
| 37 | +1. (Optionally) change the repository value in [_config.yml](_config.yml). |
| 38 | +1. (Optionally) Open docker-compose.yml and forward port `4000` to your desired outgoing port. |
| 39 | +1. Run `docker-compose up -d`. |
| 40 | +1. The frontend should now be reachable on the outgoing port you selected in step 4. A reverse proxy is recommended for TLS. |
70 | 41 |
|
71 | 42 | ### Jekyll |
72 | 43 |
|
73 | | -Here's how to install and run the frontend part of TempFiles without Docker. |
74 | | -Instructions on installing the backend can be found over at [tempfiles-download/Backend](https://github.com/tempfiles-download/Backend). |
| 44 | +Here's how to install and run the Frontend of TempFiles locally without Docker: |
75 | 45 |
|
76 | 46 | 1. Download the code |
77 | 47 | ```BASH |
78 | 48 | git clone https://github.com/tempfiles-download/Frontend.git |
79 | 49 | cd Frontend |
80 | 50 | ``` |
81 | 51 |
|
82 | | -2. Install Ruby |
| 52 | +1. Install Ruby |
83 | 53 | ```BASH |
84 | 54 | sudo snap install ruby --classic |
85 | 55 | ``` |
86 | 56 |
|
87 | | -3. Install the required Ruby gems :gem: |
| 57 | +1. Install the required Ruby gems :gem: |
88 | 58 | ```BASH |
89 | 59 | bundle install --path vendor/bundle |
90 | 60 | ``` |
91 | 61 |
|
92 | | -4. Run minification and cleanup scripts |
| 62 | +1. Run minification and cleanup scripts |
93 | 63 | ```BASH |
94 | 64 | ./_scripts/*.sh |
95 | 65 | ``` |
96 | 66 |
|
97 | | -5. Build the site |
| 67 | +1. Build the site |
98 | 68 | ```BASH |
99 | 69 | bundle exec jekyll build |
100 | 70 | ``` |
101 | 71 |
|
102 | | -6. Point your web server or reverse proxy server to the newly generated `_site/` directory. |
| 72 | +1. Either: |
| 73 | + 1. Point your web server or reverse proxy server to the newly generated `_site/` directory. |
| 74 | + 1. Set up a simple web server with: |
| 75 | + ```BASH |
| 76 | + bundle exec jekyll serve |
| 77 | + ``` |
103 | 78 |
|
104 | | -7. If you're going to use your own backend, remember to change the URL values in `_config.yml`. |
| 79 | +1. If you're going to use your own backend server, remember to change the URL values in `_config.yml`. |
105 | 80 |
|
106 | 81 | ## Contributing |
| 82 | +
|
107 | 83 | See something missing in TempFiles? Contributions are appreciated! |
108 | | -Before doing changes to the code of TempFiles make sure you write in a program that complies with our [EditorConfig](https://editorconfig.org/#download). |
| 84 | +Before doing changes to the code of TempFiles make sure you write in a program that complies with our [EditorConfig](https://editorconfig.org/#download). |
109 | 85 |
|
110 | | -You can also create a [new issue](https://github.com/tempfiles-download/Frontend/issues/new). |
| 86 | +You can also create a [new issue](https://github.com/tempfiles-download/Frontend/issues/new). |
0 commit comments