TySS-Dev/PacCrypt-Webapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
022a1e7aaf70771668219584e0d06c19006f94b9
PacCrypt-Webapp/ROADMAP.md
T
Tyler 022a1e7aaf Create ROADMAP.md
2025-08-06 12:27:53 -10:00

241 lines
8.1 KiB
Markdown
Raw Blame History

> Fully modular code for encryption libraries, ensure metadata is stored as encrypted hashs for PacShare, Revamp PacShares secure file send and pickup, and create a CLI and local application (Linux and Android).
### Draft tree for webapp
paccrypt-webapp/
├── static/
│ ├── audio/
│ │ └── chomp.mp3
│ ├── css/
│ │ └── styles.css
│ ├── fonts/
│ │ └── PressStart2P-Regular.ttf
│ ├── img/
│ │ ├── Github_logo.png
│ │ ├── PacCrypt.png
│ │ ├── PacCrypt_W-Background.png
│ │ ├── PacCrypt_W-Backgroud_Name.png
│ │ ├── PacCrypt_W-Name.png
│ │ └── sitemap.png <-- **Change img**
│ └── js/ <-- **Pending changes**
│ ├── encryption.js
│ ├── fileops.js
│ ├── main.js
│ ├── pacman.js
│ └── ui.js
├── templates/
│ ├── 403.html
│ ├── 404.html
│ ├── 500.html
│ ├── admin.html
│ ├── admin_login.html
│ ├── admin_settings.html
│ ├── admin_setup.html
│ ├── index.html
│ └── pickup.html
├── application_data/ <-- *New*
│ ├── scripts/ <-- *New*
│ │ ├── start_dev <-- *Moved*
│ │ ├── start_prod <-- *Moved*
│ │ ├── restart_dev <-- *New*
│ │ ├── restart_prod <-- *New*
│ │ └── stop <-- *New*
│ ├── settings.json <-- *Moved*
│ ├── requirements.txt <-- *Moved*
│ ├── admin_cred <-- **Generated once admin is setup** / *Moved*
│ └── admin_hash <-- **Generated once admin is setup** / *Moved*
├── paccrypt_algos/ <-- *New*
│ ├── aes_gcm.py <-- *New*
│ ├── aes_cbc.py <-- *New*
│ ├── xchacha.py <-- *New*
│ ├── rsa_hybrid.py <-- *New*
│ └── kyber_hybrid.py <-- *New*
├── pacshare/ <-- **Generated at time of first PacShare upload, location customizable** / *New*
│ ├── <file_id>pdf/jpeg/etc.paccrypt <-- **Encrypted binary file** / *Moved*
│ └── <file_id>meta.paccrypt <-- **Encrypted metadata** / *Moved*
├── README.md <-- **Needs Updated**
├── ROADMAP.md
├── LICENSE <-- *New*
└── app.py
---
### Phase 0
[] Remove docker files (Dropping official docker support)
[] Update README.md to be current.
[x] Add roadmap.md to repo
[] Create /application_data/ folder (for server settings, admin login and creds)
[] Create scripts folder in /application_data/
[] Create /paccrypt_algos/ folder
[] Builder better start, stop and restart scripts both prod and dev (Universal)
[] Add a button in the admin panel to switch to and from prod and dev modes
### Phase 1: app.py - Modular Python Web App
##### app.py Responsibilities
[] Flask app + routing
[] Handle:
⦁ /encrypt
⦁ /decrypt
⦁ /pickup/<file_id>
[] Receive:
⦁ File or text
⦁ pickup_password (required)
⦁ encryption_password (required)
⦁ encryption_mode
[] Encrypt metadata using pickup password
[] Encrypt file using encryption password
[] Dynamically load correct engine via decrypted metadata
[] Save .enc + .meta, return pickup link
[] Update PacMan like mini game logic revamp "(LOW PRIORITY)"
[] Update PacMan like mini game base revamp "(LOW PRIORITY)"
---
##### /paccrypt_algos/ - Modular Crypto Engines
[] Create folder + interface
[] Remove basic cypher
Implement engines:
[] aes_gcm.py
[] aes_cbc.py
[] xchacha.py
[] rsa_hybrid.py
[] kyber_hybrid.py (Testing)
[] Each must expose:
`def encrypt\_text(text, key, metadata): ...`
`def decrypt\_text(ciphertext, key, metadata): ...`
`def encrypt\_file(in\_path, out\_path, key, metadata): ...`
`def decrypt\_file(in\_path, out\_path, key, metadata): ...`
`def get\_name(): return "AES-GCM"`
---
### Phase 2: PacShare - Reimplementation
/encrypt Route Flow
[] JS submits (PacShare "Form"):
⦁ File
⦁ pickup_password (for metadata)
⦁ encryption_password (for file)
⦁ encryption_mode
⦁ 2FA token code / Yubi/Passkey set up
[] Python logic:
⦁ Encrypt file using selected algo + encryption_password
⦁ Generate metadata dict:
⦁ filename, enc_mode, pickup_hash, timestamp, optional 2FA
⦁ Encrypt metadata using AES-GCM derived from pickup_password
⦁ Save .enc and .meta files
⦁ Generate random file_id
⦁ Return /pickup/<file_id> link
> Both passwords are required. One reveals the mode + metadata, the other decrypts the file.
---
##### /pickup/<file_id> Route Flow
[] Prompt for pickup_password
[] Decrypt .meta and validate hash
[] Show original filename, prompt for encryption_password
[] Load correct module, decrypt file
[] Offer file download
---
##### Metadata Structure (Encrypted JSON)
`"filename": "report.pdf",`
`"enc\_mode": "aes\_gcm",`
`"pickup\_hash": "<argon2>",`
`"created\_at": "2025-08-05T18:00Z",`
`"2fa\_seed": "base32string", // optional`
`"yubi\_token\_hash": "sha256", // optional`
>Stored as .meta
>Encrypted with AES-GCM using key from pickup\_password
---
### Phase 3: External API Access (/api/*)
##### Endpoint Description
`POST /api/encrypt Local-only file/text encryption (returns file/meta)`
`POST /api/ps-send Upload + encrypt + return pickup link (JSON)`
`POST /api/ps-pickup Provide pickup ID + passwords, return decrypted file`
`POST /api/decrypt Decrypt local .enc + .meta bundle`
`GET /api/version Return current version tag`
> These endpoints must receive both passwords. Encryption password is never saved.
---
### Phase 4: CLI Tool (Offline and API Hybrid)
[] Create PacCrypt-CLI repo
[] paccrypt-cli command
[] Local encrypt/decrypt support
[] Support:
[] --share-api to change api address (in case user is self hosting PacCrypt-Webapp)
⦁ Default api from https://paccrypt.unnaturalll.dev/
[] --share to upload via /api/ps-send
[] --pickup <id> to download + decrypt via /api/ps-pickup
Always require (Send + Pickup)
[] --method (to define encryption type)
[] --pickup-password
[] --encryption-password
Optional (Send + Pickup)
[] 2FA Token
⦁ No Yubi or passkey support for API calls
[] --help (Shows command usage)
[] CLI PacMan like mini game "(LOW PRIORITY)"
---
### Phase 5: Local GUI Applications
##### Linux (First)
[] PyQt6 or GTK
[] Same features as the Webapp
[] Support for PacShare through API calls
⦁ Default https://paccrypt.unnaturalll.dev/
⦁ User changeable if the webapp is self hosted
[] Text Encryption / Decryption mode
[] Text Password
[] Text input / output
[] PS Mode selector
[] PS File Uploader
[] PS Pickup Password
[] PS Encryption / Decryption password
[] PS 2FA Token support
⦁ No Yubi/Passkey support for API calls
[] PS error message if devices is offline or server can't be reached
[] KDE Dolphin context integration (right-click → encrypt | decrypt | share - share opens the paccrypt gui with the file already staged)
##### Android
[] Kivy or BeeWare
[] Same features as the Webapp
[] Support for PacShare through API calls
⦁ Default https://paccrypt.unnaturalll.dev/
⦁ User changeable if the webapp is self hosted
[] Text Encryption / Decryption mode
[] Text Password
[] Text input / output
[] PS Mode selector
[] PS File Uploader
[] PS Pickup Password
[] PS Encryption / Decryption password
[] PS 2FA Token support
⦁ No Yubi/Passkey support for API calls
[] PS error message if devices is offline or server can't be reached
> No Windows support for a application, only webapp, and maybe CLI support.
> Linux master race
---
### PacShare File Format
pacshare/
├── <file_id>pdf/jpeg/etc.paccrypt # Encrypted binary file
└── <file_id>meta.paccrypt # Encrypted metadata
---
### Development Order
0. [] Phase 0 Tasks
1. [] paccrypt_algos/ + aes_gcm.py
2. [] app.py routes: /encrypt, /pickup/<id>
3. [] Add /decrypt route
4. [] Build metadata encryption helpers
5. [] Finish other engine modules
6. [] Build /api/* equivalents
7. [] Update README.md with all changed to the webapp.
8. [] Create a new installation guide.
9. [] Build CLI
10. [] Test CLI with --pickup + --share
12. [] Build GUI app on Linux
13. [] Test GUI app on Linux
14. [] Build GUI app on Android
15. [] Test GUI app on Android
16. [] Finilize all releases and push to main.
17. [] Create Wiki
Reference in New Issue View Git Blame Copy Permalink