From bcd6a0760745ef401028dbd9ef6f77970d1ec3c4 Mon Sep 17 00:00:00 2001 From: maaa Date: Sun, 6 Aug 2023 00:28:57 +0200 Subject: [PATCH] fart --- APIDOCS.md | 53 +++++++++++++++++++++++++++++++++++++++++++++++ main | 12 ++++++++++- static/js/main.js | 9 ++++++-- 3 files changed, 71 insertions(+), 3 deletions(-) create mode 100644 APIDOCS.md diff --git a/APIDOCS.md b/APIDOCS.md new file mode 100644 index 0000000..9e15cf1 --- /dev/null +++ b/APIDOCS.md @@ -0,0 +1,53 @@ +# Burgernotes API docs +Use the Burgernotes API to automate tasks, build your own client, and more! + +## Authentication + +POST - /api/signup - provide "username" and "password". + +POST - /api/login - provide "username" and "password". + +To prevent the server from knowing the encryption key, password you provide in the request must be hashed with the argon2 algorithm. +The salt should be the password. + +Password must be at least 14 characters, username must be under 20 characters and alphanumeric. + +If username is taken, error code 422 will return. + +Assuming everything went correctly, the server will return a secret key. + +You'll need to store two things in local storage: +- The secret key you just got, used to fetch notes, save stuff etc. +- SHA512 hashed password, used as encryption key + +## Encryption + +Note content and title is encrypted using AES 256-bit. + +Encryption password is the SHA512 hashed password we talked about earlier. + +## Basic stuff + +POST - /api/userinfo - get user info such as username, provide "secretKey" + +POST - /api/listnotes - list notes, provide "secretKey" +note titles will have to be decrypted. + +POST - /api/newnote - create a note, provide "secretKey" and "noteName" +"noteName" should be encrypted. + +POST - /api/readnote - read notes, provide "secretKey" and "noteId" +note content will have to be decrypted. + +POST - /api/editnote - edit notes, provide "secretKey", "noteId", and "content" +"content" should be encrypted. + +POST - /api/removenote - remove notes, provide "secretKey" and "noteId" + +## More stuff + +POST - /api/deleteaccount - delete account, provide "secretKey" +please display a warning before this action + +POST - /api/exportnotes - export notes, provide "secretKey" +note content and title will have to be decrypted \ No newline at end of file diff --git a/main b/main index b54d7d5..edb0fc1 100644 --- a/main +++ b/main @@ -58,6 +58,15 @@ def get_space(id): spacetaken = spacetaken + len(x["title"].encode("utf-8")) return spacetaken +def get_note_count(id): + conn = get_db_connection() + notes = conn.execute("SELECT content, title FROM notes WHERE creator = ? ORDER BY id DESC;", (id,)).fetchall() + conn.close() + notecount = 0 + for x in notes: + notecount = notecount + 1 + return notecount + def get_session(id): conn = get_db_connection() post = conn.execute("SELECT * FROM sessions WHERE session = ?", @@ -187,7 +196,8 @@ def apiuserinfo(): "id": user["id"], "created": user["created"], "storageused": get_space(user["id"]), - "storagemax": MAX_STORAGE + "storagemax": MAX_STORAGE, + "notecount": get_note_count(user["id"]) } return datatemplate diff --git a/static/js/main.js b/static/js/main.js index 7585ed1..5fda675 100644 --- a/static/js/main.js +++ b/static/js/main.js @@ -90,6 +90,8 @@ if (/Android|iPhone/i.test(navigator.userAgent)) { noteBox.value = "" noteBox.readOnly = true +let noteCount = 0 + function updateUserInfo() { fetch("/api/userinfo", { method: "POST", @@ -109,6 +111,7 @@ function updateUserInfo() { storageThing.innerText = "you've used " + formatBytes(responseData["storageused"]) + " out of " + formatBytes(responseData["storagemax"]) storageProgressThing.value = responseData["storageused"] storageProgressThing.max = responseData["storagemax"] + noteCount = responseData["notecount"] } doStuff() }); @@ -333,6 +336,8 @@ function exportNotes() { async function doStuff() { let responseData = await response.json() for (let i in responseData) { + exportNotes.innerText = "decrypting " + i + "/" + noteCount + let bytes = CryptoJS.AES.decrypt(responseData[i]["title"], password); let originalTitle = bytes.toString(CryptoJS.enc.Utf8); @@ -346,6 +351,7 @@ function exportNotes() { let jsonString = JSON.parse(JSON.stringify(responseData)) console.log(jsonString) + exportNotesButton.innerText = "export notes" downloadObjectAsJson(jsonString, "data") } doStuff() @@ -353,7 +359,6 @@ function exportNotes() { } exportNotesButton.addEventListener("click", (event) => { - exportNotesButton.innerText = "exporting.." + exportNotesButton.innerText = "downloading.." exportNotes() - exportNotesButton.innerText = "export notes" }); \ No newline at end of file