search

Greenheart / pagecrypt

Password Protected Single Page Applications and HTML files
GNU Affero General Public License v3.0
242 stars 26 forks source link

Add ability to encrypt entire folders with the same password for deployment #47

Open souramoo opened 1 year ago

souramoo commented 1 year ago

A few small tweaks to extend support to non-Single Page Applications, i.e. the ability to encrypt an entire folder of html pages, with the same password, and then to publish these encrypted html files such that the user only needs to enter the password once to then access the whole site.

The intention is to act similarly to a JS-version of HTTP basic auth-like behaviour (i.e. assumes that the client holding the password is trusted [kind of needs to be for any of this to work!], and so the security model is intentionally broken in a very specific way to enable this - by storing the password entered in localStorage, along with caching the different k's based on the URL in localStorage).

The idea is to be able to use pagecrypt as a drop-in replacement for situations where HTTP Basic auth is not possible (e.g. Google Cloud Storage, S3, Github Pages), in order to prevent access from strangers stumbling across a website.

These patches also mean that different pages with different passwords hosted on the same server do not log you out of the other pages once you enter a password for another page (by storing the k values separately per window.location.href) (e.g. in the verify:test suite, logging into one page and then another, and then going back to the first page will not reprompt for the password again as happens in the current master branch)

AtrusRiven commented 1 year ago

Thanks for the initiative! Sounds like an important use case and your description seems to me very good (although I cannot evaluate the implementation). I'd like to use that in my use case.

souramoo commented 1 year ago

Thanks for the initiative! Sounds like an important use case and your description seems to me very good (although I cannot evaluate the implementation). I'd like to use that in my use case.

You're very welcome! You can use this straight away from my branch at https://github.com/souramoo/pagecrypt (upon which this pull request is based).

I have added some usage instructions for this use case in the readme file there, i.e. assuming a source folder src and an empty folder dest in the current working directory:

PASSWORD=hunter2
dir=$(pwd)
cd src
find . -name "*.html" -print -exec npx pagecrypt {} ${dir}/dist/{} ${PASSWORD} \;
cd ..

Will produce the encrypted version of the website in dest/

AtrusRiven commented 1 year ago

Thanks, sounds great. But I don't seem to get it running. I have created two folders src and dist. The site to be encrypted is located in src. I installed via npm i -D https://github.com/souramoo/pagecrypt/releases/download/6.2.1/pagecrypt-6.2.1.tgz. If the code block you provided is meant for CLI it does not work properly for me (the CLI complains...). Would you be so kind and provide a more detailled instruction for working with your implementation? That would be great. Thanks a lot!

souramoo commented 1 year ago

Sure, what errors do you get?

souramoo commented 4 months ago

bump @Greenheart