TySS-Dev/PacCrypt-Webapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Small changed

Browse Source 
Updated README and Logo Change
This commit is contained in:
Tyler
2025-05-04 13:29:08 -10:00
committed by GitHub
parent 05a9ada8d9
commit db00538aee
2 changed files with 266 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+111 -22
View File
@@ -1,9 +1,7 @@
# PacCrypt WebApp
**PacCrypt** is a secure, feature-rich web app for encrypting and decrypting text and files — built with Flask, JavaScript, and AES-GCM encryption. **PacCrypt** is a secure, feature-rich web app for encrypting and decrypting text and files — built with Flask, JavaScript, and AES-GCM encryption.
Now with an admin control panel, GitHub updater, and a built-in Pac-Man easter egg! 🕹️ Now with an admin control panel, GitHub updater, and a built-in Pac-Man easter egg! 🕹️
Offically Hosted: [paccrypt.unnaturalll.dev](http://paccrypt.unnaturalll.dev) Officially Hosted Here: [paccrypt.unnaturalll.dev](http://paccrypt.unnaturalll.dev)
--- ---
@@ -35,8 +33,9 @@ Offically Hosted: [paccrypt.unnaturalll.dev](http://paccrypt.unnaturalll.dev)
- Flask 3+ - Flask 3+
- Cryptography 42+ - Cryptography 42+
- Waitress 2.1+ - Waitress 2.1+
- Git (for update feature) - Git (For update feature)
- Nginx (recommended) - Nginx (Recommended)
- Cockpit (Recommended if hosted on **Linux**)
--- ---
@@ -54,45 +53,49 @@ Then run:
- Development Mode: - Development Mode:
```bash ```bash
./start_dev.sh # or start_dev.bat ./start_dev.sh #<-- start_dev.bat (Windows)
``` ```
- Production Mode: - Production Mode:
```bash ```bash
./start_prod.sh # or start_prod.bat ./start_prod.sh #<-- start_prod.bat (Windows)
``` ```
Visit [http://127.0.0.1:5000](http://127.0.0.1:5000) Visit [http://127.0.0.1:5000](http://127.0.0.1:5000) or [http://localhost:5000](http://localhost:5000) - *If* you **are** on the host system
Visit http://hosts_private_ip - *If* you are **not** on the host system
--- ---
## 🧭 Navigation & Usage ## 🧭 Navigation & Usage
### 🔑 Generate Passwords
- Click Generate
- Then hit `📋 Copy Password`
- **Note:** This is also used as a seed generator for the Pac-Man *like* game
### 🔐 Encrypt & Decrypt ### 🔐 Encrypt & Decrypt
- Choose between Basic Cipher or Advanced AES - Choose between Basic Cipher or Advanced AES
- Type your message or upload a file
- Enter password (if AES)
- Select mode using toggle (Encrypt/Decrypt) - Select mode using toggle (Encrypt/Decrypt)
- Type your message or upload a file
- Enter password (Advanced AES)
- Hit Execute - Hit Execute
- Then hit `📋 Copy Output`
### 📤 Share Files ### 📤 Share Files
- Upload a file with two passwords: - Upload a file with two passwords:
- Encryption password - Encryption password
- Pickup password - Pickup password
- Get a shareable URL and click 📋 Copy Link - Get a shareable URL and click `📋 Copy Link`
### 🔑 Generate Passwords ### 🎮 Pac-Man *like* Game
- Click Generate
- Then hit 📋 Copy
### 🎮 Pac-Man Game
- Type `pacman` in the input box - Type `pacman` in the input box
- Game appears with Restart/Exit controls - Game appears with `Restart` and `Exit` buttons
- Classic arrow key controls 🕹️ - Arrow key and Swipe controls 🕹️
- Game restarts and a new seed is generated once all dots are eaten
--- ---
@@ -111,25 +114,111 @@ Features:
--- ---
## 🛡️ Deployment Tips ## 🛡️ Deployment Tips
##### I recommend using Linux as the host server, the follow confs are Linux focused
The official PacCrypt host is **Debian** minimal install.
Minimal Nginx config: **HTTP** Nginx config (Not recommended):
```nginx ```nginx
server { server {
listen 80; listen 80;
server_name yourdomain.com; server_name yourdomain.com; #<-- Your URL here
# Basic Privacy-Respecting Logging
access_log off; #<-- set to syslog:server=unix:/dev/log; for logging
error_log syslog:server=unix:/dev/log crit; #<-- Currently set for only critical logs, remove crit for all logs
# Hardened Proxy Settings
location / { location / {
proxy_pass http://127.0.0.1:5000; proxy_pass http://127.0.0.1:5000;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
# Timeouts
proxy_connect_timeout 5s;
proxy_send_timeout 30s;
proxy_read_timeout 30s;
} }
# Basic Hardening Headers
add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer" always;
add_header Permissions-Policy "geolocation=(), microphone=()" always;
# Prevent Abuse
client_max_body_size 10M;
keepalive_timeout 10;
server_tokens off;
} }
``` ```
Use Let's Encrypt to add SSL/TLS support. **HTTPS** Nginx config (Recommended):
```nginx
# Redirect HTTP to HTTPS
server {
listen 80;
server_name yourdomain.com; #<-- Your URL here
# Basic Privacy-Respecting Logging
access_log off; #<-- set to syslog:server=unix:/dev/log; for logging
error_log syslog:server=unix:/dev/log crit; #<-- Currently set for only critical logs, remove crit for all logs
location / {
return 301 https://$host$request_uri;
}
}
# HTTPS Server Block
server {
listen 443 ssl http2;
server_name yourdomain.com;
ssl_certificate path/to/yourdomain.com.cert; #<-- Could also be .cert.pem
ssl_certificate_key path/to/yourdomain.com.key; #<-- Could also be .key.pem
# SSL Hardening
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Strong security headers (adjust as needed)
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
add_header X-Content-Type-Options nosniff always;
add_header X-Frame-Options DENY always;
add_header Referrer-Policy "no-referrer" always;
add_header Permissions-Policy "geolocation=(), camera=()" always;
add_header X-XSS-Protection "1; mode=block" always;
# Basic Privacy-Respecting Logging
access_log off; #<-- set to syslog:server=unix:/dev/log; for logging
error_log syslog:server=unix:/dev/log crit; #<-- Currently set for only critical logs, remove crit for all logs
client_max_body_size xG; #<-- Change to what the max upload for PacCrypt Share
# Reverse proxy to Flask
location / {
proxy_pass http://127.0.0.1:5000;
proxy_set_header Host $host;
# Comment these out if you want complete anonymity between client and app
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# Optional privacy: strip identifying headers
proxy_hide_header X-Powered-By;
}
}
```
--- ---
## 🗂️ Project Structure ## 🗂️ Project Structure
static/img/PacCrypt.png
BIN
View File
Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 78 KiB

After

Width:  |  Height:  |  Size: 1.4 MiB