diff --git a/README.md b/README.md index 3277627..618a4ed 100644 --- a/README.md +++ b/README.md @@ -15,10 +15,11 @@ Self-Destruction: The server deletes the encrypted file from the disk the moment Node.js (v16.0.0 or higher recommended) No package manager (npm/yarn) is required. +For TLS put nginx or haproxy in front. ## Installation & Running -Clone or copy the three files (server.js, index.html, auth.json) into a directory. +Clone or copy the two files (server.js and index.html) into a directory. Start the server: @@ -37,25 +38,6 @@ DATA_DIR: Where encrypted blobs are stored (default: ./data). MAX_SIZE_BYTES: Maximum secret size (default: 10MB). -# 📡 API Usage -You can create burn codes programmatically without using the web UI. - -Create a Secret - -Endpoint: POST /api/secret - -Body: Raw binary data (the encrypted payload). - -Example using curl: - -```Bash -curl -X POST --data-binary "@encrypted_file.bin" http://localhost:3000/api/secret -Response: - -JSON -{ "id": "550e8400-e29b-41d4-a716-446655440000" } -``` - # 📋 Features Zero Dependencies: Uses only native Node.js modules (http, fs, crypto, path). @@ -65,7 +47,7 @@ One-Click Copy: Generated links are automatically copied to the clipboard. Mobile Friendly: Clean, responsive "Chat-style" UI. -Secure Erasure: Uses fs.unlink to ensure the file is removed from the filesystem after one read. +Immediate Erasure: Uses fs.unlink to ensure the encrypted file is removed from the filesystem after one read. # ⚠️ Important Notes Persistence: Since it uses the file system, secrets will survive a server restart until they are burned. @@ -74,7 +56,8 @@ HTTPS: To use the Web Crypto API (window.crypto), this app must be served over H # Todo -- tested only on macos using safari (not sure if works on other platforms) -- example of how to use the api ( i think we need another script to alse generate the jwt as well ) +- example of how to use the api, including script to generate the encrypted file - add some method to delete secrets that have not been accessed within a certain time frame. - add some method to expiry secrets (e.g. when creating, maybe define how long they should be valid for) +- add progress indicator to UI +- add rate limited to make abuse harder?