friendship ended with no-storage, no-trust is new best friend

bhark · Oct 26, 2024 · 40677ce · 40677ce
1 parent ddd47b6
commit 40677ce
Show file tree

Hide file tree

Showing 9 changed files with 390 additions and 85 deletions.
diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 # Lyra
 
-Simple no-storage password sharing with expiring links. No fancy - everything is kept as minimal as possible, as we aim to add a layer of security to secret sharing done by clients who would not bother to use complete suites. 
+Simple zero-trust password sharing with expiring and self-destructing links. No fancy - everything is kept as minimal as possible, as we aim to add a layer of security to secret sharing done by clients who would not bother to use complete suites. 
 
-**NB**: The server has to be trusted, as it could log links and holds the secret. Please self-host this for internal use. 
+Encrypted values are stored by the server, while all encryption happens client-side. Secrets never leave the client machine, until they decide to share the link. 
 
 [![Lyra](https://lyra.tetrabit.coop/banner.jpg)](https://lyra.tetrabit.coop)
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -21,6 +21,9 @@
 		"vite": "^5.0.3"
 	},
 	"dependencies": {
+		"@supabase/supabase-js": "^2.45.6",
+		"base64url": "^3.0.1",
+		"buffer": "^6.0.3",
 		"sass": "^1.80.4",
 		"scss": "^0.2.4",
 		"svelte-preprocess": "^6.0.3"

diff --git a/src/lib/server/supabase.js b/src/lib/server/supabase.js
@@ -0,0 +1,4 @@
+import { createClient } from '@supabase/supabase-js'
+import { SUPABASE_URL, SUPABASE_KEY } from '$env/static/private'
+
+export const sb = createClient(SUPABASE_URL, SUPABASE_KEY)
diff --git a/src/routes/+error.svelte b/src/routes/+error.svelte
@@ -28,6 +28,8 @@
         align-items: center;
         flex-direction: column;
         gap: 10px;
+        padding: 20px;
+        text-align: center;
 
         a {
             text-decoration: none;

diff --git a/src/routes/[[encrypted]]/+page.js b/src/routes/[[encrypted]]/+page.js
diff --git a/src/routes/[[uuid]]/+page.server.js b/src/routes/[[uuid]]/+page.server.js
@@ -0,0 +1,51 @@
+import { error, json } from '@sveltejs/kit'
+import { sb } from '$lib/server/supabase'
+
+export const load = async ({ params, fetch }) => {
+    if (params.uuid) {
+
+        const deleteEncryptedPassword = async () => {
+            const { error } = await sb.from('encrypted_passwords').delete().eq('id', params.uuid)
+            if (error) error(500, error.message || 'Something went wrong when trying to delete the encrypted password')
+        }
+
+        // get the encrypted password from the database
+        const { data, error: err } = await sb
+            .from('encrypted_passwords')
+            .select('ciphertext, created_at')
+            .eq('id', params.uuid)
+            .maybeSingle()
+
+        if (err) error(500, err.message || 'Something went wrong when trying to retrieve the encrypted password')
+        if (!data) error(404, 'The encrypted password does not exist')
+
+        console.log(data)
+
+        const { ciphertext, created_at } = data
+
+        await deleteEncryptedPassword()
+
+        // check if it's older than 1 week
+        if (Date.now() - new Date(created_at).getTime() > 604800000) return { expired: true }
+
+        return { ciphertext }
+    }
+}
+
+export const actions = {
+    default: async ({ request }) => {
+        const data = await request.formData()
+        const { ciphertext } = Object.fromEntries(data)
+
+        // insert the encrypted password into the database
+        const { data: res, error: err } = await sb
+            .from('encrypted_passwords')
+            .insert({ ciphertext })
+            .select('id')
+            .single()
+
+        if (err) error(500, err.message || 'Something went wrong when trying to save the encrypted password')
+
+        return { id: res.id }
+    }
+}