TySS-Dev/PacCrypt-Webapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Two-Factor Authentication (2FA) support and key management features

Browse Source 
- Implemented 2FA management in admin panel with enable/disable options.
- Added QR code display for 2FA setup and input for TOTP codes in login and pickup forms.
- Introduced key management section for generating, loading, and clearing RSA key pairs.
- Enhanced file upload and sharing functionality with optional 2FA.
- Added buttons for switching between development and production modes in admin panel.
- Updated API documentation to reflect new 2FA and key management features.
This commit is contained in:
Tyler Sammons
2025-09-14 13:10:04 -10:00
parent 36cf8f18f8
commit 5d568f7f89
19 changed files with 2625 additions and 990 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ROADMAP.md
+136 -127
View File
@@ -5,7 +5,9 @@
### Phase 0
- [x] Remove docker files (Dropping official docker support)
- [x] ~~Remove docker files (Dropping official docker support)~~
- [ ] Readd docker support
- [x] Update README.md to be current.
@@ -17,34 +19,34 @@
- [x] Create /paccrypt_algos/ folder
- [x] Builder better start, stop and restart scripts both prod and dev (Linux Only)
- [x] Builder better start, stop and restart scripts both prod and dev (Cross-platform: Windows & Linux)
- [ ] Add a button in the admin panel to switch to and from prod and dev modes - **Saving for UI Revamp**
- [x] Add a button in the admin panel to switch to and from prod and dev modes - **COMPLETED: `/admin-switch-dev-mode` and `/admin-switch-prod-mode` endpoints implemented**
### Phase 1: app.py - Modular Python Web App
##### app.py Responsibilities
- [ ] Flask app + routing
- [x] Flask app + routing
- [ ] Handle:
- /encrypt
- /decrypt
- /pickup/<file_id>
- [x] Handle:
- [x] /encrypt (via API endpoints)
- [x] /decrypt (via API endpoints)
- [x] /pickup/<file_id>
- [ ] Receive:
- File or text
- pickup_password (required)
- encryption_password (required)
- encryption_mode
- [x] Receive:
- [x] File or text
- [x] pickup_password (required)
- [x] encryption_password (required)
- [x] encryption_mode (algorithm selection implemented)
- [ ] Encrypt metadata using pickup password
- [x] Encrypt metadata using pickup password
- [ ] Encrypt file using encryption password
- [x] Encrypt file using encryption password
- [ ] Dynamically load correct engine via decrypted metadata
- [x] Dynamically load correct engine via decrypted metadata
- [ ] Save .enc + .meta, return pickup link
- [x] Save .encrypted + .json metadata, return pickup link
- [ ] Update PacMan like mini game logic revamp "(LOW PRIORITY)"
@@ -56,7 +58,7 @@
- [x] Create folder + interface
- [ ] Remove basic cypher
- [x] Remove basic cypher
Implement engines:
@@ -68,17 +70,18 @@ Implement engines:
- [x] rsa_hybrid.py
- [x] PQCrypt_hybrid.py (Testing)
- [x] ~~PQCrypt_hybrid.py (Testing)~~ **REMOVED: Post-quantum crypto removed for simplicity**
- [x] Each must expose:
```
def encrypt\_text(text, key, metadata): ...
def decrypt\_text(ciphertext, key, metadata): ...
def encrypt\_file(in\_path, out\_path, key, metadata): ...
def decrypt\_file(in\_path, out\_path, key, metadata): ...
def get\_name(): return "AES-GCM"
def encrypt_text(text, key): ...
def decrypt_text(ciphertext, key): ...
def encrypt_file(in_path, out_path, key): ...
def decrypt_file(in_path, out_path, key): ...
def generate_key_pair(): ... (for RSA hybrid)
```
**COMPLETED: All modules implemented with correct API**
---
@@ -86,21 +89,21 @@ def get\_name(): return "AES-GCM"
/encrypt Route Flow
- [ ] JS submits (PacShare "Form"):
- File
- pickup_password (for metadata)
- encryption_password (for file)
- encryption_mode
- 2FA token code / Yubi/Passkey set up
- [x] JS submits (PacShare "Form"):
- [x] File
- [x] pickup_password (for metadata)
- [x] encryption_password (for file)
- [x] encryption_mode
- [x] 2FA TOTP setup (Yubi/Passkey not implemented)
- [ ] Python logic:
- Encrypt file using selected algo + encryption_password
- Generate metadata dict:
- filename, enc_mode, pickup_hash, timestamp, optional 2FA
- Encrypt metadata using AES-GCM derived from pickup_password
- Save .paccrypt and .meta files
- Generate random file_id
- Return /pickup/<file_id> link
- [x] Python logic:
- [x] Encrypt file using selected algo + encryption_password
- [x] Generate metadata dict:
- [x] filename, enc_mode, pickup_hash, timestamp, optional 2FA
- [x] Encrypt metadata using AES-GCM derived from pickup_password
- [x] Save .{algorithm}.encrypted and .json files
- [x] Generate random file_id
- [x] Return /pickup/<file_id> link
> [!IMPORTANT]
> Both passwords are required. One reveals the mode + metadata, the other decrypts the file.
@@ -109,15 +112,15 @@ def get\_name(): return "AES-GCM"
##### /pickup/<file_id> Route Flow
- [ ] Prompt for pickup_password
- [x] Prompt for pickup_password
- [ ] Decrypt .meta and validate hash
- [x] Decrypt .json metadata and validate hash
- [ ] Show original filename, prompt for encryption_password
- [x] Show original filename, prompt for encryption_password
- [ ] Load correct module, decrypt file
- [x] Load correct module, decrypt file
- [ ] Offer file download
- [x] Offer file download
---
@@ -125,16 +128,18 @@ def get\_name(): return "AES-GCM"
```
"filename": "report.pdf",
"enc\_mode": "aes\_gcm",
"pickup\_hash": "<argon2>",
"created\_at": "2025-08-05T18:00Z",
"2fa\_seed": "base32string", // optional
"yubi\_token\_hash": "sha256", // optional
"algorithm": "aes_cbc",
"pickup_password": "<sha256>",
"created_at": "2025-08-05T18:00Z",
"require_2fa": true, // optional
"totp_secret": "base32string", // optional
"service_name": "PacCrypt File: report.pdf..." // optional
```
> [!NOTE]
> Stored as .meta
> Encrypted with AES-GCM using key from pickup\_password
> Stored as .json
> Encrypted with AES-GCM using key derived from pickup_password
> **COMPLETED: Metadata encryption implemented**
---
@@ -143,15 +148,19 @@ def get\_name(): return "AES-GCM"
##### Endpoint Description
```
POST /api/encrypt Local-only file/text encryption (returns file/meta)
POST /api/ps-send Upload + encrypt + return pickup link (JSON)
POST /api/ps-pickup Provide pickup ID + passwords, return decrypted file
POST /api/decrypt Decrypt local .enc + .meta bundle
GET /api/version Return current version tag
✅ GET /api/algorithms List available encryption algorithms
POST /api/generate-keypair Generate RSA key pairs
POST /api/encrypt File/text encryption (returns encrypted data)
POST /api/decrypt File/text decryption
✅ POST /api/pacshare Upload + encrypt + return pickup link (JSON)
❌ POST /api/ps-pickup Provide pickup ID + passwords, return decrypted file (Use web interface)
❌ GET /api/version Return current version tag (Not implemented)
```
> [!NOTE]
> These endpoints must receive both passwords. Encryption password is never saved.
> [!NOTE]
> **COMPLETED: Core API endpoints implemented**
> Pickup is handled via web interface at /pickup/<file_id>
> Encryption password is never saved server-side
---
@@ -260,94 +269,94 @@ Optional (Send + Pickup)
---
### PacShare File Format
### PacShare File Format ✅ **COMPLETED**
```
pacshare/
├── <file_id>pdf/jpeg/etc.paccrypt # Encrypted binary file
└── <file_id>meta.paccrypt # Encrypted metadata
├── <file_id>.<algorithm>.encrypted # Encrypted binary file
└── <file_id>.json # Encrypted metadata (JSON)
```
**Current Implementation:**
- Files are stored as `.{algorithm}.encrypted` (e.g., `.aes_cbc.encrypted`)
- Metadata stored as `.json` files with encrypted content
- Algorithm info embedded in filename for automatic detection
---
### Development Order
0. - [ ] Phase 0 Tasks
1. - [ ] paccrypt_algos/ + aes_gcm.py
2. - [ ] app.py routes: /encrypt, /pickup/<id>
3. - [ ] Add /decrypt route
4. - [ ] Build metadata encryption helpers
5. - [ ] Finish other engine modules
6. - [ ] Build /api/* equivalents
7. - [ ] Update README.md with all changed to the webapp.
8. - [ ] Create a new installation guide.
9. - [ ] Build CLI
0. - [x] **Phase 0 Tasks**
1. - [x] **paccrypt_algos/ + aes_gcm.py**
2. - [x] **app.py routes: /encrypt, /pickup/<id>**
3. - [x] **Add /decrypt route**
4. - [x] **Build metadata encryption helpers**
5. - [x] **Finish other engine modules**
6. - [x] **Build /api/* equivalents**
7. - [x] **Update README.md with all changes to the webapp**
8. - [x] **Create a new installation guide** ✅ (Included in README.md)
9. - [ ] Build CLI*Next Priority*
10. - [ ] Test CLI with --pickup + --share
12. - [ ] Build GUI app on Linux
13. - [ ] Test GUI app on Linux
14. - [ ] Build GUI app on Android
15. - [ ] Test GUI app on Android
16. - [ ] Finilize all releases and push to main.
16. - [ ] Finalize all releases and push to main
17. - [ ] Create Wiki
**🎉 WEBAPP CORE COMPLETE! 🎉**
**Current Status:** All core webapp functionality implemented including:
- ✅ Modular encryption engines (AES-GCM, AES-CBC, XChaCha20, RSA Hybrid)
- ✅ Complete API with documentation
- ✅ PacShare file sharing with 2FA support
- ✅ Admin panel with full management features
- ✅ Cross-platform deployment scripts
- ✅ Comprehensive documentation
---
### Draft tree for webapp
### Current Webapp Structure ✅ **COMPLETED**
```
paccrypt-webapp/
├── static/
│ ├── audio/
│ │ └── chomp.mp3
│ ├── css/
│ │ └── styles.css
│ ├── fonts/
│ └── PressStart2P-Regular.ttf
│ ├── img/
│ │ ├── Github_logo.png
│ │ ├── PacCrypt.png
│ │ ├── PacCrypt_W-Background.png
│ │ ── PacCrypt_W-Backgroud_Name.png
│ ├── PacCrypt_W-Name.png
│ └── sitemap.png <-- **Change img**
── js/ <-- **Pending changes**
├── encryption.js
├── fileops.js
│ ├── main.js
├── pacman.js
└── ui.js
├── templates/
│ ├── 403.html
── 404.html
│ ├── 500.html
│ ├── admin.html
── admin_login.html
│ ├── admin_settings.html
│ ├── admin_setup.html
│ ├── index.html
── pickup.html
├── application_data/ <-- *New*
│ ├── scripts/ <-- *New*
│ │ ├── start_dev <-- *Moved*
│ │ ├── start_prod <-- *Moved*
│ │ ├── restart_dev <-- *New*
│ │ ├── restart_prod <-- *New*
│ │ └── stop <-- *New*
│ ├── settings.json <-- *Moved*
│ ├── requirements.txt <-- *Moved*
│ ├── admin_cred <-- **Generated once admin is setup** / *Moved*
│ └── admin_hash <-- **Generated once admin is setup** / *Moved*
├── paccrypt_algos/ <-- *New*
│ ├── aes_gcm.py <-- *New*
│ ├── aes_cbc.py <-- *New*
│ ├── xchacha.py <-- *New*
│ ├── rsa_hybrid.py <-- *New*
│ └── kyber_hybrid.py <-- *New*
├── pacshare/ <-- **Generated at time of first PacShare upload, location customizable** / *New*
│ ├── <file_id>pdf/jpeg/etc.paccrypt <-- **Encrypted binary file** / *Moved*
│ └── <file_id>meta.paccrypt <-- **Encrypted metadata** / *Moved*
├── README.md <-- **Needs Updated**
├── ROADMAP.md
├── LICENSE <-- *New*
└── app.py
PacCrypt-Webapp/
├── app.py # Main Flask application ✅
├── README.md # Updated documentation ✅
├── ROADMAP.md # This file ✅
├── API.md # API documentation ✅ *NEW*
├── LICENSE # MIT License ✅
├── application_data/ ✅ # Application configuration
├── control_scripts/ ✅ # Server management scripts
│ ├── start_dev.py ✅ # Development mode starter
│ │ ├── start_prod.py ✅ # Production mode starter
│ │ ├── restart_dev.py ✅ # Development restart
│ │ ├── restart_prod.py ✅ # Production restart
│ │ ── stop.py ✅ # Server stop script
│ ├── requirements.txt ✅ # Python dependencies
├── settings.json ✅ # Application settings
── admin_creds.json ✅ # Encrypted admin credentials
│ ├── admin_key.key ✅ # Admin encryption key
└── admin_logs.enc ✅ # Encrypted audit logs
├── paccrypt_algos/ ✅ # Encryption modules
├── __init__.py ✅ # Package initialization
├── aes_cbc.py ✅ # AES-CBC implementation
│ ├── aes_gcm.py ✅ # AES-GCM implementation
│ ├── xchacha.py ✅ # XChaCha20-Poly1305
── rsa_hybrid.py ✅ # RSA hybrid encryption
├── pacshare/ ✅ # File upload storage
│ ├── *.{algorithm}.encrypted ✅ # Encrypted uploaded files
── *.json ✅ # File metadata
├── templates/ ✅ # HTML templates
│ ├── index.html ✅ # Main interface
│ ├── pickup.html ✅ # File pickup page
── admin*.html ✅ # Admin panel pages
│ └── error pages (403,404,500) ✅
└── static/ ✅ # Static assets
├── css/styles.css ✅ # Application styling
├── js/ ✅ # JavaScript modules
├── img/ ✅ # Images and icons
├── fonts/ ✅ # Custom fonts
└── audio/ ✅ # Sound effects
```
**🏆 PROJECT STRUCTURE FULLY IMPLEMENTED 🏆**