diff --git a/README.md b/README.md index 0a3d381..6f6ed3e 100644 --- a/README.md +++ b/README.md @@ -1,177 +1,266 @@ -# PacCrypt WebApp - -**PacCrypt** is a secure, feature-rich web app for encrypting and decrypting text and files โ€” built with Flask, JavaScript, and AES-GCM encryption. -Now with an admin control panel, GitHub updater, and a built-in Pac-Man easter egg! ๐Ÿ•น๏ธ - -Offically Hosted: [paccrypt.unnaturalll.dev](http://paccrypt.unnaturalll.dev) - ---- - -## โœจ Features - -- ๐Ÿ”’ Basic and Advanced Encryption for Text & Files -- ๐Ÿ“ Secure File Uploads with Pickup Passwords -- ๐Ÿ”‘ Random Password Generator -- ๐ŸŽฎ Hidden Pac-Man Game โ€” type `pacman` to play -- ๐Ÿง  Smart UI: Auto-switches input sections, toggles encryption labels -- ๐Ÿ“‹ Clipboard Copy Feedback with styled status boxes -- ๐Ÿงพ Admin Panel: - - Site map with live route list - - Server restart & GitHub update button - - Secure admin credential management - - Server logs & upload cleanup -- ๐Ÿงฉ System Settings Page for upload config -- ๐Ÿ“œ Custom 403, 404, and 500 Error Pages -- ๐Ÿค– robots.txt and /sitemap for crawlers -- ๐Ÿ“ฑ Mobile-Responsive UI - ---- - -## ๐Ÿ‘จโ€๐Ÿ’ป Installation - -### ๐Ÿ“‹ Prerequisites - -- Python 3.7+ -- Flask 3+ -- Cryptography 42+ -- Waitress 2.1+ -- Git (for update feature) -- Nginx (recommended) - ---- - -### โšก Quick Setup - -```bash -git clone https://github.com/TySP-Dev/PacCrypt.git -cd paccrypt-webapp-final -python -m venv venv -source venv/bin/activate # or venv\Scripts\activate on Windows -pip install -r requirements.txt -``` - -Then run: - -- Development Mode: - ```bash - ./start_dev.sh # or start_dev.bat - ``` - -- Production Mode: - ```bash - ./start_prod.sh # or start_prod.bat - ``` - -Visit [http://127.0.0.1:5000](http://127.0.0.1:5000) - ---- - -## ๐Ÿงญ Navigation & Usage - -### ๐Ÿ” Encrypt & Decrypt - -- Choose between Basic Cipher or Advanced AES -- Type your message or upload a file -- Enter password (if AES) -- Select mode using toggle (Encrypt/Decrypt) -- Hit Execute - -### ๐Ÿ“ค Share Files - -- Upload a file with two passwords: - - Encryption password - - Pickup password -- Get a shareable URL and click ๐Ÿ“‹ Copy Link - -### ๐Ÿ”‘ Generate Passwords - -- Click Generate -- Then hit ๐Ÿ“‹ Copy - -### ๐ŸŽฎ Pac-Man Game - -- Type `pacman` in the input box -- Game appears with Restart/Exit controls -- Classic arrow key controls ๐Ÿ•น๏ธ - ---- - -## ๐Ÿ› ๏ธ Admin Panel - -Visit `/adminpage` after setting up credentials at `/admin-setup`. - -Features: -- ๐Ÿ”„ Restart server -- ๐Ÿ”ƒ Update from GitHub (git pull) -- ๐Ÿงฝ Clear uploads -- ๐Ÿ” Change admin password -- ๐Ÿ“ View logs -- โš™๏ธ Adjust upload settings - ---- - -## ๐Ÿ›ก๏ธ Deployment Tips - -Minimal Nginx config: - -```nginx -server { - listen 80; - server_name yourdomain.com; - - location / { - proxy_pass http://127.0.0.1:5000; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } -} -``` - -Use Let's Encrypt to add SSL/TLS support. - ---- - -## ๐Ÿ—‚๏ธ Project Structure - -``` -paccrypt-webapp-final/ -โ”œโ”€โ”€ app.py -โ”œโ”€โ”€ requirements.txt -โ”œโ”€โ”€ README.md -โ”œโ”€โ”€ templates/ -โ”‚ โ”œโ”€โ”€ index.html -โ”‚ โ”œโ”€โ”€ 404.html -โ”‚ โ””โ”€โ”€ 403.html -โ”‚ โ””โ”€โ”€ 500.html -โ”‚ โ””โ”€โ”€ admin.html -โ”‚ โ””โ”€โ”€ admin_login.html -โ”‚ โ””โ”€โ”€ admin_settings.html -โ”‚ โ””โ”€โ”€ admin_setup.html -โ”‚ โ””โ”€โ”€ pickup.html -โ”œโ”€โ”€ static/ -โ”‚ โ”œโ”€โ”€ css/ -โ”‚ โ”‚ โ””โ”€โ”€ styles.css -โ”‚ โ”œโ”€โ”€ js/ -โ”‚ โ”‚ โ””โ”€โ”€ ui.js -โ”‚ โ”‚ โ””โ”€โ”€ pacman.js -โ”‚ โ”‚ โ””โ”€โ”€ main.js -โ”‚ โ”‚ โ””โ”€โ”€ fileops.js -โ”‚ โ”‚ โ””โ”€โ”€ encryption.js -โ”‚ โ”œโ”€โ”€ img/ -โ”‚ โ”‚ โ””โ”€โ”€ PacCrypt.png -โ”‚ โ”‚ โ””โ”€โ”€ Github_logo.png -โ”‚ โ”‚ โ””โ”€โ”€ sitemap.png -โ”‚ โ””โ”€โ”€ audio/ -โ”‚ โ””โ”€โ”€ chomp.mp3 -โ”œโ”€โ”€ start_dev.bat -โ”œโ”€โ”€ start_prod.bat -โ”œโ”€โ”€ start_dev.sh -โ”œโ”€โ”€ start_prod.sh -``` - ---- - -## ๐Ÿ“„ License - -MIT ยฉ [TySP-Dev](https://github.com/TySP-Dev) +**PacCrypt** is a secure, feature-rich web app for encrypting and decrypting text and files โ€” built with Flask, JavaScript, and AES-GCM encryption. +Now with an admin control panel, GitHub updater, and a built-in Pac-Man easter egg! ๐Ÿ•น๏ธ + +Officially Hosted Here: [paccrypt.unnaturalll.dev](http://paccrypt.unnaturalll.dev) + +--- + +## โœจ Features + +- ๐Ÿ”’ Basic and Advanced Encryption for Text & Files +- ๐Ÿ“ Secure File Uploads with Pickup Passwords +- ๐Ÿ”‘ Random Password Generator +- ๐ŸŽฎ Hidden Pac-Man Game โ€” type `pacman` to play +- ๐Ÿง  Smart UI: Auto-switches input sections, toggles encryption labels +- ๐Ÿ“‹ Clipboard Copy Feedback with styled status boxes +- ๐Ÿงพ Admin Panel: + - Site map with live route list + - Server restart & GitHub update button + - Secure admin credential management + - Server logs & upload cleanup +- ๐Ÿงฉ System Settings Page for upload config +- ๐Ÿ“œ Custom 403, 404, and 500 Error Pages +- ๐Ÿค– robots.txt and /sitemap for crawlers +- ๐Ÿ“ฑ Mobile-Responsive UI + +--- + +## ๐Ÿ‘จโ€๐Ÿ’ป Installation + +### ๐Ÿ“‹ Prerequisites + +- Python 3.7+ +- Flask 3+ +- Cryptography 42+ +- Waitress 2.1+ +- Git (For update feature) +- Nginx (Recommended) +- Cockpit (Recommended if hosted on **Linux**) + +--- + +### โšก Quick Setup + +```bash +git clone https://github.com/TySP-Dev/PacCrypt.git +cd paccrypt-webapp-final +python -m venv venv +source venv/bin/activate # or venv\Scripts\activate on Windows +pip install -r requirements.txt +``` + +Then run: + +- Development Mode: + ```bash + ./start_dev.sh #<-- start_dev.bat (Windows) + ``` + +- Production Mode: + ```bash + ./start_prod.sh #<-- start_prod.bat (Windows) + ``` + +Visit [http://127.0.0.1:5000](http://127.0.0.1:5000) or [http://localhost:5000](http://localhost:5000) - *If* you **are** on the host system +Visit http://hosts_private_ip - *If* you are **not** on the host system + +--- + +## ๐Ÿงญ Navigation & Usage + +### ๐Ÿ”‘ Generate Passwords + +- Click Generate +- Then hit `๐Ÿ“‹ Copy Password` +- **Note:** This is also used as a seed generator for the Pac-Man *like* game + +### ๐Ÿ” Encrypt & Decrypt + +- Choose between Basic Cipher or Advanced AES +- Select mode using toggle (Encrypt/Decrypt) +- Type your message or upload a file +- Enter password (Advanced AES) +- Hit Execute +- Then hit `๐Ÿ“‹ Copy Output` + +### ๐Ÿ“ค Share Files + +- Upload a file with two passwords: + - Encryption password + - Pickup password +- Get a shareable URL and click `๐Ÿ“‹ Copy Link` + +### ๐ŸŽฎ Pac-Man *like* Game + +- Type `pacman` in the input box +- Game appears with `Restart` and `Exit` buttons +- Arrow key and Swipe controls ๐Ÿ•น๏ธ +- Game restarts and a new seed is generated once all dots are eaten + +--- + +## ๐Ÿ› ๏ธ Admin Panel + +Visit `/adminpage` after setting up credentials at `/admin-setup`. + +Features: +- ๐Ÿ”„ Restart server +- ๐Ÿ”ƒ Update from GitHub (git pull) +- ๐Ÿงฝ Clear uploads +- ๐Ÿ” Change admin password +- ๐Ÿ“ View logs +- โš™๏ธ Adjust upload settings + +--- + +## ๐Ÿ›ก๏ธ Deployment Tips +##### I recommend using Linux as the host server, the follow confs are Linux focused +The official PacCrypt host is **Debian** minimal install. + +**HTTP** Nginx config (Not recommended): + +```nginx +server { + listen 80; + server_name yourdomain.com; #<-- Your URL here + + # Basic Privacy-Respecting Logging + access_log off; #<-- set to syslog:server=unix:/dev/log; for logging + error_log syslog:server=unix:/dev/log crit; #<-- Currently set for only critical logs, remove crit for all logs + + # Hardened Proxy Settings + location / { + proxy_pass http://127.0.0.1:5000; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_http_version 1.1; + proxy_set_header Connection ""; + + # Timeouts + proxy_connect_timeout 5s; + proxy_send_timeout 30s; + proxy_read_timeout 30s; + } + + # Basic Hardening Headers + add_header X-Frame-Options "DENY" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Referrer-Policy "no-referrer" always; + add_header Permissions-Policy "geolocation=(), microphone=()" always; + + # Prevent Abuse + client_max_body_size 10M; + keepalive_timeout 10; + server_tokens off; +} +``` + +**HTTPS** Nginx config (Recommended): + +```nginx +# Redirect HTTP to HTTPS +server { + listen 80; + server_name yourdomain.com; #<-- Your URL here + + # Basic Privacy-Respecting Logging + access_log off; #<-- set to syslog:server=unix:/dev/log; for logging + error_log syslog:server=unix:/dev/log crit; #<-- Currently set for only critical logs, remove crit for all logs + + location / { + return 301 https://$host$request_uri; + } +} + +# HTTPS Server Block +server { + listen 443 ssl http2; + server_name yourdomain.com; + + ssl_certificate path/to/yourdomain.com.cert; #<-- Could also be .cert.pem + ssl_certificate_key path/to/yourdomain.com.key; #<-- Could also be .key.pem + + # SSL Hardening + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384'; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + # Strong security headers (adjust as needed) + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; + add_header X-Content-Type-Options nosniff always; + add_header X-Frame-Options DENY always; + add_header Referrer-Policy "no-referrer" always; + add_header Permissions-Policy "geolocation=(), camera=()" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Basic Privacy-Respecting Logging + access_log off; #<-- set to syslog:server=unix:/dev/log; for logging + error_log syslog:server=unix:/dev/log crit; #<-- Currently set for only critical logs, remove crit for all logs + + client_max_body_size xG; #<-- Change to what the max upload for PacCrypt Share + + # Reverse proxy to Flask + location / { + proxy_pass http://127.0.0.1:5000; + proxy_set_header Host $host; + + # Comment these out if you want complete anonymity between client and app + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header X-Forwarded-Proto $scheme; + + # Optional privacy: strip identifying headers + proxy_hide_header X-Powered-By; + } +} +``` +--- + +## ๐Ÿ—‚๏ธ Project Structure + +``` +paccrypt-webapp-final/ +โ”œโ”€โ”€ app.py +โ”œโ”€โ”€ requirements.txt +โ”œโ”€โ”€ README.md +โ”œโ”€โ”€ templates/ +โ”‚ โ”œโ”€โ”€ index.html +โ”‚ โ”œโ”€โ”€ 404.html +โ”‚ โ””โ”€โ”€ 403.html +โ”‚ โ””โ”€โ”€ 500.html +โ”‚ โ””โ”€โ”€ admin.html +โ”‚ โ””โ”€โ”€ admin_login.html +โ”‚ โ””โ”€โ”€ admin_settings.html +โ”‚ โ””โ”€โ”€ admin_setup.html +โ”‚ โ””โ”€โ”€ pickup.html +โ”œโ”€โ”€ static/ +โ”‚ โ”œโ”€โ”€ css/ +โ”‚ โ”‚ โ””โ”€โ”€ styles.css +โ”‚ โ”œโ”€โ”€ js/ +โ”‚ โ”‚ โ””โ”€โ”€ ui.js +โ”‚ โ”‚ โ””โ”€โ”€ pacman.js +โ”‚ โ”‚ โ””โ”€โ”€ main.js +โ”‚ โ”‚ โ””โ”€โ”€ fileops.js +โ”‚ โ”‚ โ””โ”€โ”€ encryption.js +โ”‚ โ”œโ”€โ”€ img/ +โ”‚ โ”‚ โ””โ”€โ”€ PacCrypt.png +โ”‚ โ”‚ โ””โ”€โ”€ Github_logo.png +โ”‚ โ”‚ โ””โ”€โ”€ sitemap.png +โ”‚ โ””โ”€โ”€ audio/ +โ”‚ โ””โ”€โ”€ chomp.mp3 +โ”œโ”€โ”€ start_dev.bat +โ”œโ”€โ”€ start_prod.bat +โ”œโ”€โ”€ start_dev.sh +โ”œโ”€โ”€ start_prod.sh +``` + +--- + +## ๐Ÿ“„ License + +MIT ยฉ [TySP-Dev](https://github.com/TySP-Dev) diff --git a/static/img/PacCrypt.png b/static/img/PacCrypt.png index 905d3ab..7b143f4 100644 Binary files a/static/img/PacCrypt.png and b/static/img/PacCrypt.png differ