Skip to content

Commit

Permalink
set remember checkbox as default behavior, add --noremember flag
Browse files Browse the repository at this point in the history
  • Loading branch information
@robinmoisson
robinmoisson committed Feb 10, 2022
1 parent 645d7e1 commit 5c9bb04
Show file tree
Hide file tree
Showing 4 changed files with 77 additions and 95 deletions.
58 changes: 33 additions & 25 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,32 +25,36 @@ Staticrypt is available through npm as a CLI, install with `npm install -g stati
Usage: staticrypt <filename> <passphrase> [options]

Options:
--help Show help [boolean]
--version Show version number [boolean]
-e, --embed Whether or not to embed crypto-js in the page (or use
an external CDN)
--help Show help [boolean]
--version Show version number [boolean]
-e, --embed Whether or not to embed crypto-js in the page
(or use an external CDN).
[boolean] [default: true]
-o, --output File name / path for generated encrypted file
-o, --output File name / path for generated encrypted file.
[string] [default: null]
-t, --title Title for output HTML page
-t, --title Title for output HTML page.
[string] [default: "Protected Page"]
-i, --instructions Special instructions to display to the user.
[string] [default: null]
-f, --file-template Path to custom HTML template with password prompt.
[string] [default: "[...]/cli/password_template.html"]
-r, --remember Show a "Remember me" checkbox that will save the
(salted + hashed) passphrase in localStorage when
entered by the user.
You can set the expiration in days as value (no
value means "0", no expiration). [number]
--remember-label Label to use for the "Remember me" checkbox.
Default: "Remember me".
[string] [default: "Remember me"]
--passphrase-placeholder Placeholder to use for the passphrase input.
Default: "Passphrase".
[string] [default: "Passphrase"]
--decrypt-button Label to use for the decrypt button. Default:
"DECRYPT". [string] [default: "DECRYPT"]
-i, --instructions Special instructions to display to the user.
[string] [default: ""]
-f, --file-template Path to custom HTML template with passphrase
prompt.
[string] [default: "/geek/staticrypt/cli/password_template.html"]
-r, --remember Show a "Remember me" checkbox that will save the
(salted + hashed) passphrase in localStorage
when entered by the user.
You can set the expiration in days as value (no
value means "0", no expiration).
[number] [default: 0]
--noremember Set this flag to remove the "Remember me"
checkbox. [boolean] [default: false]
--remember-label Label to use for the "Remember me" checkbox.
Default: "Remember me".
[string] [default: "Remember me"]
--passphrase-placeholder Placeholder to use for the passphrase input.
Default: "Passphrase".
[string] [default: "Passphrase"]
--decrypt-button Label to use for the decrypt button. Default:
"DECRYPT". [string] [default: "DECRYPT"]

Example usages:

Expand All @@ -59,16 +63,20 @@ Example usages:

You can use a custom template for the password prompt - just copy `cli/password_template.html` and modify it to suit your presentation style and point to your template file with the `-f` flag. Be careful to not break the encrypting javascript part, the variables replaced by staticrypt are between curly brackets: `{instructions}`.

### `--remember`
### "Remember me" checkbox

This will add a "Remember me" checkbox. If checked, when the user enters their passphrase its salted hashed value will be stored in localStorage. In case this value becomes compromised an attacker can decrypt the page, but this should hopefully protect against password reuse attack (of course please use a unique passphrase nonetheless).
By default, the CLI will add a "Remember me" checkbox on the password prompt. If checked, when the user enters their passphrase its salted hashed value will be stored in localStorage. In case this value becomes compromised an attacker can decrypt the page, but this should hopefully protect against password reuse attack (of course please use a unique passphrase nonetheless).

This allows encrypting multiple page on a single domain with the same password: if you check "Remember me", you'll have to enter you password once then all the pages on that domain will automatically decrypt their content.

If no value is provided the stored passphrase doesn't expire, you can also give it a value in days for how long should the store value be kept. If the user reconnects to the page after the expiration date the store value will be cleared.

You can clear the values in localStorage (effectively "login out") at any time by appending `staticrypt_logout` to the URL query paramets (`mysite.com?staticrypt_logout`).

#### `--noremember`

If you don't want the checkbox to be included, you can add the `--noremember` flag to disable it.

### `--embed` and crypto-js

If you do not embed crypto-js and serve it from a CDN, some adblockers see the `crypto-js.min.js`, think that's a crypto miner and block it.
Expand Down
58 changes: 33 additions & 25 deletions cli/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,32 +25,36 @@ Staticrypt is available through npm as a CLI, install with `npm install -g stati
Usage: staticrypt <filename> <passphrase> [options]

Options:
--help Show help [boolean]
--version Show version number [boolean]
-e, --embed Whether or not to embed crypto-js in the page (or use
an external CDN)
--help Show help [boolean]
--version Show version number [boolean]
-e, --embed Whether or not to embed crypto-js in the page
(or use an external CDN).
[boolean] [default: true]
-o, --output File name / path for generated encrypted file
-o, --output File name / path for generated encrypted file.
[string] [default: null]
-t, --title Title for output HTML page
-t, --title Title for output HTML page.
[string] [default: "Protected Page"]
-i, --instructions Special instructions to display to the user.
[string] [default: null]
-f, --file-template Path to custom HTML template with password prompt.
[string] [default: "[...]/cli/password_template.html"]
-r, --remember Show a "Remember me" checkbox that will save the
(salted + hashed) passphrase in localStorage when
entered by the user.
You can set the expiration in days as value (no
value means "0", no expiration). [number]
--remember-label Label to use for the "Remember me" checkbox.
Default: "Remember me".
[string] [default: "Remember me"]
--passphrase-placeholder Placeholder to use for the passphrase input.
Default: "Passphrase".
[string] [default: "Passphrase"]
--decrypt-button Label to use for the decrypt button. Default:
"DECRYPT". [string] [default: "DECRYPT"]
-i, --instructions Special instructions to display to the user.
[string] [default: ""]
-f, --file-template Path to custom HTML template with passphrase
prompt.
[string] [default: "/geek/staticrypt/cli/password_template.html"]
-r, --remember Show a "Remember me" checkbox that will save the
(salted + hashed) passphrase in localStorage
when entered by the user.
You can set the expiration in days as value (no
value means "0", no expiration).
[number] [default: 0]
--noremember Set this flag to remove the "Remember me"
checkbox. [boolean] [default: false]
--remember-label Label to use for the "Remember me" checkbox.
Default: "Remember me".
[string] [default: "Remember me"]
--passphrase-placeholder Placeholder to use for the passphrase input.
Default: "Passphrase".
[string] [default: "Passphrase"]
--decrypt-button Label to use for the decrypt button. Default:
"DECRYPT". [string] [default: "DECRYPT"]

Example usages:

Expand All @@ -59,16 +63,20 @@ Example usages:

You can use a custom template for the password prompt - just copy `cli/password_template.html` and modify it to suit your presentation style and point to your template file with the `-f` flag. Be careful to not break the encrypting javascript part, the variables replaced by staticrypt are between curly brackets: `{instructions}`.

### `--remember`
### "Remember me" checkbox

This will add a "Remember me" checkbox. If checked, when the user enters their passphrase its salted hashed value will be stored in localStorage. In case this value becomes compromised an attacker can decrypt the page, but this should hopefully protect against password reuse attack (of course please use a unique passphrase nonetheless).
By default, the CLI will add a "Remember me" checkbox on the password prompt. If checked, when the user enters their passphrase its salted hashed value will be stored in localStorage. In case this value becomes compromised an attacker can decrypt the page, but this should hopefully protect against password reuse attack (of course please use a unique passphrase nonetheless).

This allows encrypting multiple page on a single domain with the same password: if you check "Remember me", you'll have to enter you password once then all the pages on that domain will automatically decrypt their content.

If no value is provided the stored passphrase doesn't expire, you can also give it a value in days for how long should the store value be kept. If the user reconnects to the page after the expiration date the store value will be cleared.

You can clear the values in localStorage (effectively "login out") at any time by appending `staticrypt_logout` to the URL query paramets (`mysite.com?staticrypt_logout`).

#### `--noremember`

If you don't want the checkbox to be included, you can add the `--noremember` flag to disable it.

### `--embed` and crypto-js

If you do not embed crypto-js and serve it from a CDN, some adblockers see the `crypto-js.min.js`, think that's a crypto miner and block it.
Expand Down
54 changes: 10 additions & 44 deletions cli/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,38 +10,6 @@ const Yargs = require('yargs');
const SCRIPT_URL = 'https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/crypto-js.min.js';
const SCRIPT_TAG = '<script src="' + SCRIPT_URL + '" integrity="sha384-lp4k1VRKPU9eBnPePjnJ9M2RF3i7PC30gXs70+elCVfgwLwx1tv5+ctxdtwxqZa7" crossorigin="anonymous"></script>';

/**
* Check if a particular option has been set by the user. Use case:
*
* // The "--remember" flag has a specific behavior: if the flag is included without value (like '-r'), the key is set with
* // the value 'undefined'. If it is included with a value, ('-r 100'), the key is set with that value. Both means
* // remember is enabled. If the flag is omitted by the user the key isn't set, meaning remember is disabled.
*
* From https://github.com/yargs/yargs/issues/513#issuecomment-221412008
*
* @param option
* @returns {boolean}
*/
function userSetOption(option) {
function searchForOption(option) {
return process.argv.indexOf(option) > -1;
}

if (searchForOption(`-${option}`) || searchForOption(`--${option}`)) {
return true;
}

// Handle aliases for same option
for (let aliasIndex in yargs.parsed.aliases[option]) {
const alias = yargs.parsed.aliases[option][aliasIndex];

if (searchForOption(`-${alias}`) || searchForOption(`--${alias}`))
return true;
}

return false;
}

/**
* Salt and encrypt a msg with a password.
* Inspired by https://github.com/adonespitogo
Expand Down Expand Up @@ -80,7 +48,7 @@ function hashPassphrase(passphrase) {
};
}

const yargs = Yargs
const namedArgs = Yargs
.usage('Usage: staticrypt <filename> <passphrase> [options]')
.demandCommand(2)
.option('e', {
Expand Down Expand Up @@ -113,12 +81,16 @@ const yargs = Yargs
describe: 'Path to custom HTML template with passphrase prompt.',
default: path.join(__dirname, 'password_template.html')
})
// do not give a default option to this 'remember' parameter - we want to see when the flag is included with no
// value and when it's not included at all
.option('r', {
alias: 'remember',
type: 'number',
describe: 'Show a "Remember me" checkbox that will save the (salted + hashed) passphrase in localStorage when entered by the user.\nYou can set the expiration in days as value (no value means "0", no expiration).',
default: 0,
})
.option('noremember', {
type: 'boolean',
describe: 'Set this flag to remove the "Remember me" checkbox.',
default: false,
})
.option('remember-label', {
type: 'string',
Expand All @@ -134,8 +106,7 @@ const yargs = Yargs
type: 'string',
describe: 'Label to use for the decrypt button. Default: "DECRYPT".',
default: 'DECRYPT'
});
const namedArgs = yargs.argv;
}).argv;

if (namedArgs._.length !== 2) {
Yargs.showHelp();
Expand Down Expand Up @@ -178,21 +149,16 @@ if (namedArgs.embed) {
}
}

const isRememberEnabled = userSetOption('r');
// give a default value here instead of in the yargs config, so we can distinguish when the flag is included with no
// value from when the flag isn't included
const rememberDurationInDays = namedArgs.remember ? namedArgs.remember : 0;

const data = {
crypto_tag: cryptoTag,
decrypt_button: namedArgs.decryptButton,
embed: namedArgs.embed,
encrypted: encryptedMessage,
instructions: namedArgs.instructions,
is_remember_enabled: isRememberEnabled ? 'true' : 'false',
is_remember_enabled: namedArgs.noremember ? 'false' : 'true',
output_file_path: namedArgs.output !== null ? namedArgs.output : input.replace(/\.html$/, '') + "_encrypted.html",
passphrase_placeholder: namedArgs.passphrasePlaceholder,
remember_duration_in_days: rememberDurationInDays,
remember_duration_in_days: namedArgs.remember,
remember_me: namedArgs.rememberLabel,
salt: salt,
title: namedArgs.title,
Expand Down
2 changes: 1 addition & 1 deletion cli/package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "staticrypt",
"version": "2.0.0",
"version": "2.0.1",
"description": "Based on the [crypto-js](https://github.com/brix/crypto-js) library, StatiCrypt uses AES-256 to encrypt your input with your passphrase and put it in a HTML file with a password prompt that can decrypted in-browser (client side).",
"main": "index.js",
"bin": {
Expand Down

0 comments on commit 5c9bb04

Please sign in to comment.