Ailur
/
burgernotes-client-web
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

Fixed libreJS on a few more pages, updated the privacy policy, fixed the weird bug of the feature divs resizing incorrectly

This commit is contained in:
Tracker-Friendly 2024-07-06 16:02:20 +01:00
parent d75bdbccf4
commit dd5a72c082
9 changed files with 117 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
index.html
View File

@ -30,7 +30,7 @@
<div class="feature black">
<h1>Secure, always.</h1>
<p>Burgernotes features industry standard end-to-end encryption, so you can write knowing your notes are secure and private.</p>
<p>Burgernotes features industry-leading end-to-end encryption, so you can write knowing your notes are secure and private.</p>
</div>
<div class="feature black">
@ -56,7 +56,7 @@
<details>
<summary>How can I trust Burgernotes to keep my notes private and secure?</summary>
<br>
We use industry-standard encryption (AES-256) to keep your notes secure.<br>End-to-end encryption ensures your notes are only visible to you, not us, or anyone else. Our source code is fully open, meaning anyone can audit our encryption.
We use bleeding-edge industry-leading encryption (AES-256 CBC) to keep your notes secure.<br>End-to-end encryption ensures your notes are only visible to you, not us, or anyone else. Our source code is fully open, meaning anyone can audit our encryption.<br>Our encryption is constantly recieving updates to remain on the very tip of what is most secure.
</details>
<br>
<details>
@ -67,7 +67,7 @@
</div>
<div class="links">
<a href="https://centrifuge.hectabit.org/hectabit/burgernotes"><img src="/static/svg/code.svg" alt="">Source
<a href="https://concord.hectabit.org/hectabit/burgernotes"><img src="/static/svg/code.svg" alt="">Source
Code</a>
<a href="/privacy"><img src="/static/svg/info.svg" alt="">Privacy &amp; Terms</a>
<a href="https://discord.gg/8EbKTjmH2d"><img src="/static/svg/forum.svg" alt="">Discord</a>

6
login/index.html
View File

@ -28,9 +28,9 @@
<span id="inputNameBox" style="margin-right: 10px;color: var(--text-color);"></span>
<input id="usernameBox" class="hidden" type="text" placeholder="Enter your username">
<input id="passwordBox" class="hidden" type="password" placeholder="Enter your password">
<button id="signupButton">Next</button>
<button id="backButton" class="hidden nonimportant">Back</button>
<button id="opButton" class="nonimportant">Create account</button>
<button class="clickButton" id="signupButton">Next</button>
<button id="backButton" class="clickButton hidden nonimportant">Back</button>
<button id="opButton" class="clickButton nonimportant">Create account</button>
<br><br>
<div style="display: flex;"><p class="hidden" id="homeserver">Your homeserver is loading... </p><div style="display: flex;flex-direction: column;justify-content: center;"><a class="hidden" href="/homeserver">Change</a></div></div>
<a class="iconbutton" title="Change homeserver" href="/homeserver/"><img src="/static/svg/server.svg"></a><br><br>

7
logout/index.html
View File

@ -8,9 +8,4 @@
<link rel="icon" href="/static/svg/favicon.svg">
</head>
<p>Logging out...</p>
<script>
localStorage.removeItem("DONOTSHARE-secretkey")
localStorage.removeItem("DONOTSHARE-password")
localStorage.removeItem("CACHE-username")
window.location.replace("/login")
</script>
<script src="/static/js/logout.js"></script>

57
privacy/index.html
View File

@ -8,58 +8,91 @@
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<link rel="stylesheet" type="text/css" href="/static/css/style.css" />
<link rel="icon" href="/static/svg/favicon.svg">
<script src="/static/js/back.js"></script>
</head>
<body>
<h1 class="w300">Burgernotes Privacy Policy &amp; Terms & Conditions</h1>
<h2 class="w300">Preamble</h2>
<p><i>Please note that I am not a lawyer, please don't expect too much of this policy :3</i></p>
<p><i>Please note that I am not a lawyer. If you find any issues in this privacy policy, please create an issue <a href="https://concord.hectabit.org/HectaBit/Burgernotes/issues/new">on our git repository</a>.</i></p>
<p>Welcome to the Burgernotes privacy policy! Burgernotes is <a
href="https://centrifuge.hectabit.org/hectabit/burgernotes">free & open source</a> software licensed under <a
href="https://concord.hectabit.org/hectabit/burgernotes">free & open source</a> software licensed under the <a
href="https://www.gnu.org/licenses/agpl-3.0.en.html">GNU AGPL-3.0</a>.</p>
<p>In this document, the terms "we" and "us" refer to the Hectabit Project, an open source initiative and the creator of Burgernotes. The terms "you" and "the user" refer the the reader of this privacy policy and all users of Burgernotes. "This website" and "this service" refer to Burgernotes, an online website you are currently using.</p>
<h2 class="w300">Information collected when signing up</h2>
<p>When signing up for an account, we collect and store the following information:</p>
<ul>
<li>Username, and your password hashed</li>
<li>Date of creating account</li>
<p>This is used to authenticate you into our service when you log in</p>
<li>Date of account creation</li>
<p>This is used so that we can see inactive accounts and suspend them</p>
<li>Web browser "User Agent"</li>
<p>This is used so you are able to recognise your devices signing into your account</p>
</ul>
<h2 class="w300">Information collected when logging in</h2>
<p>When logging back in to your account, we collect and store the following information:</p>
<ul>
<li>Web browser "User agent"</li>
<p>This is used so you are able to recognise your devices signing into your account</p>
</ul>
<h2 class="w300">Information we collect while using our services</h2>
<p>When you create a note, we collect and use this information:</p>
<ul>
<li>Encrypted note content and title</li>
<p>This is used so that you may retrieve the note later</p>
<li>Note creator</li>
<p>This is used so that we can make sure your note is not given to anyone else</p>
<li>Note creation date</li>
<p>This is used so that your notes are listed by age if no edited date exists</p>
<li>Note last edited date</li>
<p>This is used so that your notes are listed by age</p>
</ul>
<p>When you edit a note, we collect and use this information:</p>
<ul>
<li>Encrypted note content and title</li>
<p>This is used so that you may retrieve the note later</p>
<li>Note last edited date</li>
<p>This is used so that your notes are listed by age</p>
</ul>
<h2 class="w300">How we use your data</h2>
<p>We use your data to make our services work. We don't share your information with third-parties.</p>
<h2 class="w300">We can't see the content and title of the notes you create</h2>
<p>Your notes are <a href="https://en.wikipedia.org/wiki/End-to-end_encryption">encrypted end-to-end</a> using AES
(Advanced Encryption Standard) 256-bit encryption.</p>
<p>Your notes are <a href="https://en.wikipedia.org/wiki/End-to-end_encryption">encrypted end-to-end</a> using <a href="https://en.wikipedia.org/wiki/Advanced_Encryption_Standard">AES</a>-<a href="https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation">CBC</a>
(Advanced Encryption Standard - Cipher Block Chaining) 256-bit encryption.</p>
<p>We can only see:</p>
<ul>
<li>Note creation date</li>
<p>This is used so that your notes are listed by age if no edited date exists</p>
<li>Note last edited date</li>
<p>This is used so that your notes are listed by age</p>
<li>Note creator</li>
<p>This is used so that we can make sure your note is not given to anyone else</p>
</ul>
<p>Not note content or title.</p>
<p><b>Not</b> note content or title.</p>
<h2 class="w300">Use of cookies</h2>
<p>Burgernotes does not use cookies in the conventional sense. Burgernotes places infomation into localStorage, a type of blob storage similar to cookies, but not accessible to third-party websites or the server.</p>
<p>This ensures that a malicious server or third-party websites cannot tell your infomation.</p>
<ul>
<li>DONOTSHARE-secretkey</li>
<p>This is used by the client to send to the server in order to identify you as... you.</p>
<p>This contains no useful infomation and is simply a string of random bytes. If this is shared, you may simply remove the offending secretKey from your session list, by clicking "X" on the device you have logged in on to create this key.</p>
<li>DONOTSHARE-password</li>
<p>This is used by the aformentioned AES to encrypt and decrypt your notes. It never leaves your device.</p>
<p>This is derived from your password and is therefore sensitive and should NEVER, EVER be shared. If you have done so, change your password as soon as possible.</p>
<li>SETTING-fontsize</li>
<p>This is used to determine the size of your font. It is not sensitive infomation and can be freely shared, though it never leaves your device.</p>
<li>FIRSTVISIT</li>
<p>This is used to determine if the user guide should be played, showing on a mobile device how touch gestures are used. It is not sensitive infomation and can be freely shared, though it never leaves your device.</p>
<li>NEWVERSION<li>
<p>This determines if you have seen the "What's New?" dialouge displayed in each new version. It is not sensitive infomation and can be freely shared, though it never leaves your device.</p>
<li>homeserver</li>
<p>This determines which server Burgernotes should connect to. It is not sensitive infomation and can be freely shared, though it never leaves your device.</li>
<h2 class="w300">We don't sell your data</h2>
<p>We don't sell or share your data to advertisers or third-parties.</p>
<p>We don't sell or share your data to advertisers or third-parties, and no such thing exists on this website - it is entirely self-contained. Not even an external font service is used.</p>
<h2 class="w300">Liability</h2>
<p>We take no responsibility for the use of burgernotes, or any external instances provided by third-parties. We
refuse liability for any inappropriate or illegal use of burgernotes.</p>
<p>You may view the AGPL-3.0 license which this software is provided to you with. A copy of the section is below.</p>
<p>We take no responsibility for the use of Burgernotes, or any external instances provided by third-parties. We
refuse liability for any inappropriate or illegal use of Burgernotes, as it is not within our power to prevent it.</p>
<p>This is a summerisation of the below paragraph, found in AGPL-3.0, as linked above.</p>
<p>IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
@ -69,8 +102,10 @@
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.</p>
<p>Burgernotes comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.</p>
<p>Burgernotes is compatible with the UK GDPR and the Californian Data Protection Regulation. We do not knowingly serve citizens in the European Union, and those who do so do so at their own risk. The only violating law of the EU GDPR is that it is no longer hosted in an EU country after the events of Brexit.</p>
<br>
<button onclick="if(document.referrer!==' '){if(document.referrer!==''){window.location.href=document.referrer;}else{window.location.href='/';}window.location.href=document.referrer; }else{window.location.href='../index.html';}" style="cursor: pointer; padding: 15px 20px;margin-right: auto;color: white;text-decoration: none;background-color: var(--theme-color);border-radius: 25px;border: medium;font-size: 15px;">Take me back where I was!</button>
<button class="clickButton" onclick="back()">Take me back where I was!</button>
<br><br>
</body>

2
signup/index.html
View File

@ -21,7 +21,7 @@
<input id="usernameBox" type="text" placeholder="Username">
<span id="inputNameBox" style="margin-right: 13px;color: var(--text-color);">Password: </span>
<input id="passwordBox" type="password" placeholder="Password"><br>
<button id="signupButton">Create account</button><button id="opButton" class="nonimportant">Already have an account</button><br><br>
<button class="clickButton" id="signupButton">Create account</button><button id="opButton" class="clickButton nonimportant">Already have an account</button><br><br>
<div style="display: flex;"><p class="hidden" id="homeserver">Your homeserver is loading... </p><div style="display: flex;flex-direction: column;justify-content: center;"><a class="hidden" href="/homeserver">Change</a></div></div>
<a class="iconbutton" title="Change homeserver" href="/homeserver/"><img src="/static/svg/server.svg"></a>
<a href="/privacy/">Privacy &amp; Terms</a>

30
static/css/style.css
View File

@ -414,7 +414,7 @@ body {
}
.pell-button {
background-color: var(--button);
background-color: var(--note-button);
border: 1px var(--border-color) solid;
min-width: 35px;
max-width: 35px;
@ -424,6 +424,10 @@ body {
border-radius: 10px;
}
button:hover {
background-color: var(--note-button-hover);
}
.pell-actionbar {
display: flex;
margin-bottom: 5px;
@ -678,7 +682,7 @@ body {
border-color: var(--hover-theme-color)
}
.inoutdiv button {
.clickButton {
background-color: var(--theme-color);
color: white;
margin-right: 5px;
@ -691,7 +695,7 @@ body {
transition: 0.125s;
}
.inoutdiv button:hover {
.clickButton:hover {
background-color: var(--hover-theme-color);
}
@ -907,10 +911,10 @@ body {
}
.mainDiv .feature {
max-width: calc(100% - 12vh - 12vh - 3.5vh);
max-width: 85%;
margin-bottom: 10px;
margin-left: 12vh;
margin-right: 12vh;
margin-left: 7.5%;
margin-right: 7.5%;
border: none;
border-radius: 12px;
@ -919,20 +923,6 @@ body {
overflow-x: auto;
}
@media only screen and (max-width: 750px) {
.mainDiv .feature {
width: 80%;
margin-left: 7.5%;
}
}
@media only screen and (max-width: 750px) {
.mainDiv .feature {
width: 80%;
margin-left: 7.5%;
}
}
.mainDiv .green {
background-color: #ebffeb;
}

11
static/js/back.js Normal file
View File

@ -0,0 +1,11 @@
// @license magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt AGPL-3.0
function back() {
if (document.referrer !== ' ' || document.referrer !== '') {
window.location.href=document.referrer;
} else {
window.location.href='/';
}
}
// @license-end

8
static/js/logout.js Normal file
View File

@ -0,0 +1,8 @@
// @license magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt AGPL-3.0
window.localStorage.removeItem("DONOTSHARE-secretkey")
window.localStorage.removeItem("DONOTSHARE-password")
window.localStorage.removeItem("CACHE-username")
window.location.replace("/login")
// @license-end

34
static/js/main.js
View File

@ -71,6 +71,40 @@ let indiv = false
let mobile = false
let selectLatestNote = false
async function getKey() {
let password = localStorage.getItem("DONOTSHARE-password")
let cryptoKey = await window.crypto.subtle.importKey("raw", new TextEncoder().encode(password), "PBKDF2", false, ["deriveBits", "deriveKey"])
let salt = new TextEncoder().encode("I love Burgernotes!")
return await window.crypto.subtle.deriveKey({
name: "PBKDF2",
salt,
iterations: 100000,
hash: "SHA-512"
}, cryptoKey, {name: "AES-GCM", length: 256}, true, ["encrypt", "decrypt"])
}
function encrypt(text) {
getKey()
.then((key) => {
let iv = window.crypto.getRandomValues(new Uint8Array(12))
window.crypto.subtle.encrypt({
name: "AES-GCM",
iv: iv
}, key, new TextEncoder().encode(text))
.then((encrypted) => {
return btoa(JSON.stringify({
encrypted: encrypted,
iv: iv
}))
})
})
}
function decrypt(encrypted) {
getKey()
.then((key) => {
})
}
function handleGesture() {
if (indiv) {