interface improvements publication on github

syseleven · Nov 8, 2016 · 726634f · 726634f
1 parent d1a55ec
commit 726634f
Show file tree

Hide file tree

Showing 21 changed files with 163 additions and 88 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,34 @@
+# 0.9b0 (2016-11-08)
+
+* version bump for interface improvements publication on github
+
+# 0.8b5 (2016-10-21)
+
+* introduced dynamic indentation for shell command on how page
+* tested interface improvements within chroot environment
+
+# 0.8b4 (2016-10-20)
+
+* introduced dummy parameters to fix cached-subresource-checksum-mismatch problem when changing CSS/JS files
+
+# 0.8b3 (2016-10-20)
+
+* removed copy-to-clipboard functionality as it proves to be unreliable
+* improved style to simplify manual copying of generated shared secret link
+* updated readme accordingly
+
+# 0.8b2 (2016-10-19)
+
+* fixed secret-already-retrieved error message
+
+# 0.8b1 (2016-10-07)
+
+* introduced the parameter "plain" for the share action to just return the link without surrounding HTML
+* introduced the parameter "plain" for the read action to just return the secret without surrounding HTML
+* introduced some minor changes to make parameter constant naming more consistent
+* introduced .htaccess to simplify installation using Apache HTTPD
+* updated included libraries to newer releases
+
 # 0.8b0 (2016-09-11)
 
 * version bump for GnuPG PECL package support publication on github

diff --git a/README.md b/README.md
@@ -14,10 +14,21 @@ To protect your secret from getting known by the server or an attacker, you can
 
 Simply enter your secret on the default page of the Shared-Secrets service. You can decide to password-protect the entered secret before sending it to the server by checking the "Password-protected:" box, entering your password and pressing the "Protect!" button. After that, press the "Share the Secret!" button. The secret will be GPG-encrypted and converted into a secret sharing link.
 
+Secret sharing links can also be created by using a simple POST request:
+```
+curl -X POST -d "secret=<secret>&plain" https://example.com/
+```
+
 ### Read a Secret
 
 To retrieve the secret, simply open the secret sharing link and press the "Read the Secret!" button. Should your secret be password-protected, check the "Password-protected:" box, enter your password and read your actual secret by pressing the "Unprotect!" button.
 
+Secrets can also be retrieved using a simple POST request:
+
+```
+curl -X POST -d "plain" <secret sharing link>
+```
+
 ## Installation
 
 ### Requirements
@@ -109,7 +120,7 @@ sudo apt-get install libgpgme11-dev
 # install the GnuPG PECL package
 sudo pecl install gnupg
 
-# register tje GnuPG PECL package as an available module
+# register the GnuPG PECL package as an available module
 sudo sh -c 'echo "extension=gnupg.so" > /etc/php/7.0/mods-available/gnupg.ini'
 
 # activate the GnuPG PECL package in PHP CLI and PHP-FPM
@@ -135,7 +146,6 @@ It is strongly recommended to use TLS to protect the connection between the serv
 * [asmCrypto](https://github.com/vibornoff/asmcrypto.js): for providing PBKDF2 and AES functions 
 * [Bootstrap](https://getbootstrap.com): for providing an easy-to-use framework to build nice-looking applications
 * [buffer](https://github.com/feross/buffer): for providing Base64 encoding and array conversion functions
-* [clipboard.js](https://clipboardjs.com): for simplifying the copy-to-clipboard use-case a lot
 * [GnuPG](https://www.gnupg.org): for providing a reliable tool for secure communication
 * [GnuPG PECL package](https://pecl.php.net/package/gnupg): for providing a clean interface to GnuPG
 * [html5shiv](https://github.com/aFarkas/html5shiv): for handling Internet Explorer compatibility stuff
@@ -147,6 +157,7 @@ It is strongly recommended to use TLS to protect the connection between the serv
 
 * make PECL method work in a chroot environment to get rid of the direct call method
 * switch to a more personalized design (current design is taken from [here](https://github.com/twbs/bootstrap/tree/master/docs/examples/starter-template))
+* implement an alternative encryption scheme based on AES instead of GPG (fewer dependencies)
 * implement an expiry date functionality
 
 ## License

diff --git a/actions/read.php b/actions/read.php
@@ -65,7 +65,7 @@ function read_secret($secret) {
                         $decrypted_secret = decrypt_pecl(base64_decode($secret), GPG_KEY_FINGERPRINT, GPG_HOME_DIR, GPG_PASSPHRASE_FILE);
                       } else {
                         $decrypted_secret = decrypt(base64_decode($secret), GPG_HOME_DIR, GPG_PASSPHRASE_FILE);
-                      }
+                      }  
                     }
 
                     if (null !== $decrypted_secret) {
@@ -95,9 +95,9 @@ function read_secret($secret) {
                         }
                       }
                     }
+                  } else {
+                    $result = "<strong>ERROR: SECRET HAS ALREADY BEEN RETRIEVED.</strong>";
                   }
-                } else {
-                  $result = "<strong>ERROR: SECRET HAS ALREADY BEEN RETRIEVED.</strong>";
                 }
               }
             }

diff --git a/index.php b/index.php
@@ -1,6 +1,6 @@
 <?php
 
-  # Shared-Secrets v0.8b0
+  # Shared-Secrets v0.9b0
   #
   # Copyright (c) 2016, SysEleven GmbH
   # All rights reserved.
@@ -46,15 +46,22 @@
   # prepare request method
   define("REQUEST_METHOD", strtolower($_SERVER["REQUEST_METHOD"]));
 
-  # prepare param
+  # prepare secret param
   $param = null;
-  if (isset($_POST[PARAM_NAME])) {
-    if (!empty($_POST[PARAM_NAME])) {
-      $param = $_POST[PARAM_NAME];
+  if (isset($_POST[SECRET_PARAM_NAME])) {
+    if (!empty($_POST[SECRET_PARAM_NAME])) {
+      $param = $_POST[SECRET_PARAM_NAME];
     }
   }
   define("SECRET_PARAM", $param);
 
+  # prepare plain param
+  $param = null;
+  if (isset($_POST[PLAIN_PARAM_NAME])) {
+    $param = true;
+  }
+  define("PLAIN_PARAM", $param);
+
   # prepare URI
   $uri = $_SERVER["REQUEST_URI"];
   if (0 === stripos($uri, "/")) {

diff --git a/libs/shared-secrets.def.php b/libs/shared-secrets.def.php
@@ -22,8 +22,9 @@
   define("SHARE_PAGE_NAME",   "share");
 
   # define parameter values
-  define("MAX_PARAM_SIZE", 512);
-  define("PARAM_NAME",     "secret");
+  define("MAX_PARAM_SIZE",    512);
+  define("PLAIN_PARAM_NAME",  "plain");
+  define("SECRET_PARAM_NAME", "secret");
 
   # define stream buffer size
   define("STREAM_BUFFER", 1024);

diff --git a/libs/shared-secrets.exec.php b/libs/shared-secrets.exec.php
@@ -14,9 +14,12 @@ function url_base64_decode($url_base64_content) {
                             BASE64_MARKER_B,
                             str_replace(URL_BASE64_MARKER_A, 
                                         BASE64_MARKER_A,
-                                        $url_base64_content)).
-                str_repeat(BASE64_MARKER_END,
-                           strlen($url_base64_content) % 4);
+                                        $url_base64_content));
+
+      # fill up with end markers as necessary
+      while (0 !== (strlen($result) % 4)) {
+        $result .= BASE64_MARKER_END;
+      }
     }
 
     return $result;

diff --git a/pages/how/get.php b/pages/how/get.php
@@ -9,6 +9,16 @@
   # include header
   require_once(ROOT_DIR."/template/header.php");
 
+  # prevents cache hits with wrong CSS
+  $cache_value = md5_file(__FILE__);
+
+  # handle indentation within shell command
+  $indentation = "";
+  $space_count = 64-strlen(SECRET_SHARING_URL);
+  if (0 < $space_count) {
+    $indentation = str_repeat(" ", $space_count);
+  }
+
 ?>
 
   <h2>Short description of this service.</h2>
@@ -43,7 +53,7 @@
 tr -d "="                                                                         | # remove equation signs
 tr "+" "-"                                                                        | # replace "+" with "-"
 tr "/" "_"                                                                        | # replace "/" with "_"
-awk '{print "<?php print(htmlentities(SECRET_SHARING_URL)); ?>" $0}'                                        # prepend secret sharing URL</pre></p>
+awk '{print "<?php print(htmlentities(SECRET_SHARING_URL)); ?>" $0}'<?php print($indentation); ?> # prepend secret sharing URL</pre></p>
 
   <h3>Or...</h3>
   <p>...just use the <a href="/">secret sharing form</a> we provide for your convenience.</p>

diff --git a/pages/read/get.php b/pages/read/get.php
@@ -9,6 +9,9 @@
   # include header
   require_once(ROOT_DIR."/template/header.php");
 
+  # prevents cache hits with wrong CSS
+  $cache_value = md5_file(__FILE__);
+
 ?>
 
 <?php
@@ -30,7 +33,7 @@
     <button type="submit" class="btn btn-default pull-right" id="read-secret-btn" name="read-secret-btn">Read the Secret!</button>
   </form>
 
-  <link href="/resources/css/read.css" integrity="sha256-miIkI5gYeETYUyNUudOMl2RkZ9Akko+1KXYfxih5dD0=" rel="stylesheet" type="text/css" />
+  <link href="/resources/css/read.css?<?php print($cache_value); ?>" integrity="sha256-wgpxEGDMqG2EJxicZqc40OJMPwN8rBAZTYLdGyagQGw=" rel="stylesheet" type="text/css" />
 
 <?php
 

diff --git a/pages/read/post.php b/pages/read/post.php
@@ -6,8 +6,16 @@
   # define page title
   define("PAGE_TITLE", "Read a Secret.");
 
-  # include header
-  require_once(ROOT_DIR."/template/header.php");
+  $secret = read_secret(SECRET_URI);
+
+  if (null !== PLAIN_PARAM) {
+    print($secret);
+  } else {
+    # include header
+    require_once(ROOT_DIR."/template/header.php");
+
+    # prevents cache hits with wrong CSS
+    $cache_value = md5_file(__FILE__);
 
 ?>
 
@@ -27,13 +35,9 @@
 ?>
 
   <h1>Read a Secret:</h1>
-  <p><pre id="secret"><?php print(read_secret(SECRET_URI)); ?></pre>
-     <button type="btn" class="btn btn-default pull-right" data-clipboard-target="#secret" id="copy-to-clipboard">Copy to Clipboard!</button></p>
+  <p><pre id="secret"><?php print($secret); ?></pre></p>
 
-  <link href="/resources/css/read.css" integrity="sha256-miIkI5gYeETYUyNUudOMl2RkZ9Akko+1KXYfxih5dD0=" rel="stylesheet" type="text/css" />
-
-  <script src="/vendors/clipboard/clipboard.min.js" integrity="sha256-YPxFEfHAzLj9n2T+2UXAKGNCRUINk0BexppujiVhRH0=" type="text/javascript"></script>
-  <script src="/resources/js/copy-to-clipboard.js" integrity="sha256-LRwH9pTwY5TAE7KIJSReEy1y29iPc/AbugOTd1LOjrc=" type="text/javascript"></script>
+  <link href="/resources/css/read.css?<?php print($cache_value); ?>" integrity="sha256-wgpxEGDMqG2EJxicZqc40OJMPwN8rBAZTYLdGyagQGw=" rel="stylesheet" type="text/css" />
 
 <?php
   if (ENABLE_PASSWORD_PROTECTION) {
@@ -42,16 +46,17 @@
   <input type="password" autocomplete="off" class="form-control" id="password" maxlength="64" size="32" />
   <input type="button" class="btn btn-default" id="decrypt" value="Unprotect!" />
 
-  <script src="/vendors/asmcrypto/asmcrypto.js" integrity="sha256-+3Ja+u+3rug2giERjvQSkhc1GZ1jG8ebXZ5TbQe2890=" type="text/javascript"></script>
-  <script src="/vendors/buffer/index.js" integrity="sha256-+fItxTnTLDK8HaHyqiP4cD+RxwDK66DqoTE91HqUfnM=" type="text/javascript"></script>
-  <script src="/resources/js/read.js" integrity="sha256-BQqHaEJFlJhgMLM7401/LIdtAQ1VNLmhqePSQPS1foY=" type="text/javascript"></script>
+  <script src="/vendors/asmcrypto/asmcrypto.js?<?php print($cache_value); ?>" integrity="sha256-+3Ja+u+3rug2giERjvQSkhc1GZ1jG8ebXZ5TbQe2890=" type="text/javascript"></script>
+  <script src="/vendors/buffer/index.js?<?php print($cache_value); ?>" integrity="sha256-IPmwFfeUWk24ndz0SJHTzsHYZPAQac6HfnxyZ+EbqFM=" type="text/javascript"></script>
+  <script src="/resources/js/read.js?<?php print($cache_value); ?>" integrity="sha256-BQqHaEJFlJhgMLM7401/LIdtAQ1VNLmhqePSQPS1foY=" type="text/javascript"></script>
 <?php
   }
 ?>
 
 <?php
 
-  # include footer
-  require_once(ROOT_DIR."/template/footer.php");
+    # include footer
+    require_once(ROOT_DIR."/template/footer.php");
+  }
 
 ?>
diff --git a/pages/share/get.php b/pages/share/get.php
@@ -9,6 +9,9 @@
   # include header
   require_once(ROOT_DIR."/template/header.php");
 
+  # prevents cache hits with wrong CSS
+  $cache_value = md5_file(__FILE__);
+
 ?>
 
 <?php
@@ -32,7 +35,7 @@
     <button type="submit" class="btn btn-default pull-right" id="share-secret-btn" name="share-secret-btn">Share the Secret!</button>
   </form>
 
-  <link href="/resources/css/share.css" integrity="sha256-d3wZL0SNgWVcA6m0aWipQ9T/4I0p55dnYZCVKzsaYlo=" rel="stylesheet" type="text/css" />
+  <link href="/resources/css/share.css?<?php print($cache_value); ?>" integrity="sha256-tByl5f3IGvPqqtUvyHcSIe4SXVXRnx7wiMlmG07yZbA=" rel="stylesheet" type="text/css" />
 
 <?php
   if (ENABLE_PASSWORD_PROTECTION) {
@@ -41,9 +44,9 @@
   <input type="password" autocomplete="off" class="form-control" id="password" maxlength="64" size="32" />
   <input type="button" class="btn btn-default" id="encrypt" value="Protect!" />
 
-  <script src="/vendors/asmcrypto/asmcrypto.js" integrity="sha256-+3Ja+u+3rug2giERjvQSkhc1GZ1jG8ebXZ5TbQe2890=" type="text/javascript"></script>
-  <script src="/vendors/buffer/index.js" integrity="sha256-+fItxTnTLDK8HaHyqiP4cD+RxwDK66DqoTE91HqUfnM=" type="text/javascript"></script>
-  <script src="/resources/js/share.js" integrity="sha256-tOjQ3Gc/ZSpJ7lVty0FOkP3NRPJkxir1UFXVF3JM4Mw=" type="text/javascript"></script>
+  <script src="/vendors/asmcrypto/asmcrypto.js?<?php print($cache_value); ?>" integrity="sha256-+3Ja+u+3rug2giERjvQSkhc1GZ1jG8ebXZ5TbQe2890=" type="text/javascript"></script>
+  <script src="/vendors/buffer/index.js?<?php print($cache_value); ?>" integrity="sha256-IPmwFfeUWk24ndz0SJHTzsHYZPAQac6HfnxyZ+EbqFM=" type="text/javascript"></script>
+  <script src="/resources/js/share.js?<?php print($cache_value); ?>" integrity="sha256-tOjQ3Gc/ZSpJ7lVty0FOkP3NRPJkxir1UFXVF3JM4Mw=" type="text/javascript"></script>
 <?php
   }
 ?>

diff --git a/pages/share/post.php b/pages/share/post.php
@@ -6,8 +6,16 @@
   # define page title
   define("PAGE_TITLE", "Share a Secret.");
 
-  # include header
-  require_once(ROOT_DIR."/template/header.php");
+  $secret = share_secret(SECRET_PARAM);
+
+  if (null !== PLAIN_PARAM) {
+    print($secret);
+  } else {
+    # include header
+    require_once(ROOT_DIR."/template/header.php");
+
+    # prevents cache hits with wrong CSS
+    $cache_value = md5_file(__FILE__);
 
 ?>
 
@@ -24,17 +32,14 @@
 ?>
 
   <h1>Share a Secret:</h1>
-  <p><pre id="secret"><?php print(share_secret(SECRET_PARAM)); ?></pre>
-     <button type="btn" class="btn btn-default pull-right" data-clipboard-target="#secret" id="copy-to-clipboard">Copy to Clipboard!</button></p>
+  <p><pre id="secret"><?php print($secret); ?></pre></p>
 
-  <link href="/resources/css/share.css" integrity="sha256-d3wZL0SNgWVcA6m0aWipQ9T/4I0p55dnYZCVKzsaYlo=" rel="stylesheet" type="text/css" />
-
-  <script src="/vendors/clipboard/clipboard.min.js" integrity="sha256-YPxFEfHAzLj9n2T+2UXAKGNCRUINk0BexppujiVhRH0=" type="text/javascript"></script>
-  <script src="/resources/js/copy-to-clipboard.js" integrity="sha256-LRwH9pTwY5TAE7KIJSReEy1y29iPc/AbugOTd1LOjrc=" type="text/javascript"></script>
+  <link href="/resources/css/share.css?<?php print($cache_value); ?>" integrity="sha256-tByl5f3IGvPqqtUvyHcSIe4SXVXRnx7wiMlmG07yZbA=" rel="stylesheet" type="text/css" />
 
 <?php
 
-  # include footer
-  require_once(ROOT_DIR."/template/footer.php");
+    # include footer
+    require_once(ROOT_DIR."/template/footer.php");
+  }
 
 ?>
diff --git a/resources/css/read.css b/resources/css/read.css
@@ -1,3 +1,7 @@
+#decrypt {
+  visibility: hidden;
+}
+
 #decrypt-error {
   display: none;
 }
@@ -8,6 +12,7 @@
   width:      25%;
 }
 
-#decrypt {
-  visibility: hidden;
+#secret {
+  white-space: pre-wrap;
+  word-wrap:   break-all;
 }
diff --git a/resources/css/share.css b/resources/css/share.css
@@ -1,9 +1,9 @@
-#encrypt-error {
-  display: none;
+#encrypt {
+  visibility: hidden;
 }
 
-#share-secret-btn {
-  margin-top: 0.5em;
+#encrypt-error {
+  display: none;
 }
 
 #password {
@@ -13,6 +13,11 @@
   width:      25%;
 }
 
-#encrypt {
-  visibility: hidden;
+#secret {
+  white-space: pre-wrap;
+  word-wrap:   break-all;
+}
+
+#share-secret-btn {
+  margin-top: 0.5em;
 }