mystiatech/GreenCoast
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added panic mode protections to make the server more secure

Browse Source
This commit is contained in:
Dani
2025-08-22 18:54:10 -04:00
parent 5067913c21
commit 5dfc710ae9
7 changed files with 430 additions and 247 deletions
Download Patch File Download Diff File Expand all files Collapse all files

402
client/app.js
View File

@@ -1,10 +1,13 @@
import { encryptString, decryptToString, toBlob } from "./crypto.js";
// ---------- DOM ----------
const els = {
shardUrl: document.getElementById("shardUrl"),
bearer: document.getElementById("bearer"),
passphrase: document.getElementById("passphrase"),
saveConn: document.getElementById("saveConn"),
keySignIn: document.getElementById("keySignIn"),
panicWipe: document.getElementById("panicWipe"),
health: document.getElementById("health"),
visibility: document.getElementById("visibility"),
title: document.getElementById("title"),
@@ -13,170 +16,258 @@ const els = {
publishStatus: document.getElementById("publishStatus"),
posts: document.getElementById("posts"),
discordStart: document.getElementById("discordStart"),
signinDevice: document.getElementById("signinDevice"),
};
// ---------- Config (no bearer in localStorage) ----------
const LS_KEY = "gc_client_config_v1";
const POSTS_KEY = "gc_posts_index_v1";
const DEVKEY_KEY = "gc_device_key_v1"; // pkcs8/spki (p256) base64url
function defaultApiBase() {
try { const qs = new URLSearchParams(window.location.search); const qApi = qs.get("api"); if (qApi) return qApi.replace(/\/+$/,""); } catch {}
const m = document.querySelector('meta[name="gc-api-base"]'); if (m && m.content) return m.content.replace(/\/+$/,"");
try {
const u = new URL(window.location.href);
const proto = u.protocol; const host = u.hostname; const portStr = u.port;
const bracketHost = host.includes(":") ? `[${host}]` : host;
const port = portStr ? parseInt(portStr,10) : null;
let apiPort = port;
if (port === 8082) apiPort = 8080; else if (port === 9082) apiPort = 9080; else if (port) apiPort = Math.max(1, port - 2);
return apiPort ? `${proto}//${bracketHost}:${apiPort}` : `${proto}//${bracketHost}`;
} catch { return window.location.origin.replace(/\/+$/,""); }
}
function loadConfig(){ try { return JSON.parse(localStorage.getItem(LS_KEY)) ?? {}; } catch { return {}; } }
function saveConfig(c){ localStorage.setItem(LS_KEY, JSON.stringify(c)); Object.assign(cfg, c); }
function saveConfig(c){ localStorage.setItem(LS_KEY, JSON.stringify({ url: c.url, passphrase: c.passphrase })); Object.assign(cfg, c); }
function getPosts(){ try { return JSON.parse(localStorage.getItem(POSTS_KEY)) ?? []; } catch { return []; } }
function setPosts(v){ localStorage.setItem(POSTS_KEY, JSON.stringify(v)); renderPosts(); }
function norm(u){ return (u||"").replace(/\/+$/,""); }
function applyConfig(){ els.shardUrl.value = cfg.url ?? defaultApiBase(); els.bearer.value = cfg.bearer ?? ""; els.passphrase.value = cfg.passphrase ?? ""; }
function msg(t, err=false){ els.publishStatus.textContent=t; els.publishStatus.style.color = err ? "#ff6b6b" : "#8b949e"; }
function getBearer(){ return sessionStorage.getItem("gc_bearer") || cfg.bearer || ""; }
function getBearer(){ return sessionStorage.getItem("gc_bearer") || ""; }
function setBearer(tok){ if (!tok) sessionStorage.removeItem("gc_bearer"); else sessionStorage.setItem("gc_bearer", tok); els.bearer.value = tok ? "••• (session)" : ""; }
const cfg = loadConfig();
const cfg = loadConfig(); applyConfig();
// ---------- Security helpers ----------
const enc = new TextEncoder();
const dec = new TextDecoder();
const b64 = (u) => { let s=""; u=new Uint8Array(u); for (let i=0;i<u.length;i++) s+=String.fromCharCode(u[i]); return btoa(s).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,""); };
const ub64 = (s) => { s=s.replace(/-/g,"+").replace(/_/g,"/"); while(s.length%4) s+="="; const bin=atob(s); const b=new Uint8Array(bin.length); for(let i=0;i<bin.length;i++) b[i]=bin.charCodeAt(i); return b.buffer; };
async function sha256Hex(buf){ const h = await crypto.subtle.digest("SHA-256", buf); return [...new Uint8Array(h)].map(x=>x.toString(16).padStart(2,"0")).join(""); }
// ---- Device key management (P-256) ----
async function ensureDeviceKey() {
const stored = JSON.parse(localStorage.getItem(DEVKEY_KEY) || "null");
if (stored && stored.priv && stored.pub) return;
const kp = await crypto.subtle.generateKey({ name:"ECDSA", namedCurve:"P-256" }, true, ["sign","verify"]);
const pkcs8 = await crypto.subtle.exportKey("pkcs8", kp.privateKey);
const rawPub = await crypto.subtle.exportKey("raw", kp.publicKey); // 65B uncompressed
localStorage.setItem(DEVKEY_KEY, JSON.stringify({ alg:"p256", priv: b64(rawPub ? pkcs8 : pkcs8), pub: b64(rawPub) }));
}
async function getDevicePriv(){
const s = JSON.parse(localStorage.getItem(DEVKEY_KEY) || "{}");
if (s.alg !== "p256") throw new Error("unsupported alg");
return crypto.subtle.importKey("pkcs8", ub64(s.priv), { name:"ECDSA", namedCurve:"P-256" }, false, ["sign"]);
}
function getDevicePubHdr(){
const s = JSON.parse(localStorage.getItem(DEVKEY_KEY) || "{}");
return s && s.pub ? "p256:" + s.pub : "";
// Device key (P-256), stored locally (not a bearer)
async function getDevice() {
let dev = JSON.parse(localStorage.getItem('gc_device_key_v1')||'null');
if (!dev) {
const kp = await crypto.subtle.generateKey({name:"ECDSA", namedCurve:"P-256"}, true, ["sign","verify"]);
const pkcs8 = await crypto.subtle.exportKey("pkcs8", kp.privateKey);
const rawPub = await crypto.subtle.exportKey("raw", kp.publicKey); // 65B 0x04||X||Y
dev = { alg:"p256", priv: b64(pkcs8), pub: b64(rawPub) };
localStorage.setItem('gc_device_key_v1', JSON.stringify(dev));
}
return dev;
}
// ---- DPoP-style proof headers (sign path, not absolute URL) ----
async function popHeaders(method, pathOnly, bodyBytes){
// Proof-of-Possession headers for this request
async function popHeaders(method, pathOnly, bodyBuf){
const dev = await getDevice();
const ts = Math.floor(Date.now()/1000).toString();
const pub = getDevicePubHdr();
const digest = await sha256Hex(bodyBytes || new Uint8Array());
const msg = (method.toUpperCase()+"\n"+pathOnly+"\n"+ts+"\n"+digest);
const priv = await getDevicePriv();
const sig = await crypto.subtle.sign({ name:"ECDSA", hash:"SHA-256" }, priv, new TextEncoder().encode(msg));
return { "X-GC-Key": pub, "X-GC-TS": ts, "X-GC-Proof": b64(new Uint8Array(sig)) };
const hashHex = await sha256Hex(bodyBuf || new Uint8Array());
const msg = enc.encode(method.toUpperCase()+"\n"+pathOnly+"\n"+ts+"\n"+hashHex);
const priv = await crypto.subtle.importKey("pkcs8", ub64(dev.priv), { name:"ECDSA", namedCurve:"P-256" }, false, ["sign"]);
const sig = await crypto.subtle.sign({ name:"ECDSA", hash:"SHA-256" }, priv, msg);
return {
"X-GC-Key": "p256:"+dev.pub,
"X-GC-TS": ts,
"X-GC-Proof": b64(sig),
};
}
async function fetchAPI(path, opts = {}, bodyBytes){
if (!cfg.url) throw new Error("Set shard URL first.");
const method = (opts.method || "GET").toUpperCase();
const headers = Object.assign({}, opts.headers || {});
const bearer = getBearer(); if (bearer) headers["Authorization"] = "Bearer " + bearer;
const pop = await popHeaders(method, path, bodyBytes);
Object.assign(headers, pop);
const r = await fetch(cfg.url + path, Object.assign({}, opts, { method, headers }));
return r;
// Idle timeout → clear bearer
(function idleGuard(){
let idle;
const bump=()=>{ clearTimeout(idle); idle=setTimeout(()=>setBearer(""), 30*60*1000); }; // 30 min
["click","keydown","mousemove","touchstart","focus","visibilitychange"].forEach(ev=>addEventListener(ev,bump,{passive:true}));
bump();
})();
// ---------- API base detection ----------
function defaultApiBase() {
try {
const qs = new URLSearchParams(window.location.search);
const qApi = qs.get("api"); if (qApi) return qApi.replace(/\/+$/, "");
} catch {}
const m = document.querySelector('meta[name="gc-api-base"]');
if (m && m.content) return m.content.replace(/\/+$/, "");
try {
const u = new URL(window.location.href);
const proto = u.protocol, host = u.hostname, portStr = u.port;
const bracketHost = host.includes(":") ? `[${host}]` : host;
const port = portStr ? parseInt(portStr, 10) : null;
let apiPort = port;
if (port === 8082) apiPort = 8080;
else if (port === 9082) apiPort = 9080;
else if (port) apiPort = Math.max(1, port - 2);
return apiPort ? `${proto}//${bracketHost}:${apiPort}` : `${proto}//${bracketHost}`;
} catch {
return window.location.origin.replace(/\/+$/, "");
}
}
// ---- Health / Index / SSE ----
// ---------- App init ----------
function applyConfig(){
els.shardUrl.value = cfg.url ?? defaultApiBase();
els.passphrase.value = cfg.passphrase ?? "";
els.bearer.value = getBearer() ? "••• (session)" : "";
}
applyConfig(); checkHealth(); syncIndex(); sse();
// ---------- UI wiring ----------
els.saveConn.onclick = async () => {
const c = { url: norm(els.shardUrl.value), passphrase: els.passphrase.value };
saveConfig(c); await checkHealth(); await syncIndex(); sse(true);
};
els.publish.onclick = publish;
els.discordStart.onclick = discordStart;
els.keySignIn.onclick = keySignIn;
els.panicWipe.onclick = panicWipe;
// Panic wipe hotkey (double-tap ESC)
let escT=0;
addEventListener("keydown", (e) => {
if (e.key === "Escape") {
const now = Date.now();
if (now - escT < 600) panicWipe();
escT = now;
}
});
// ---------- Health / Index / SSE ----------
async function checkHealth() {
if (!cfg.url) return; els.health.textContent = "Checking…";
try {
const r = await fetch(cfg.url + "/healthz");
els.health.textContent = r.ok ? "Connected ✔" : `Error: ${r.status}`;
} catch { els.health.textContent = "Not reachable"; }
try { const r = await fetch(cfg.url + "/healthz"); els.health.textContent = r.ok ? "Connected ✔" : `Error: ${r.status}`; }
catch { els.health.textContent = "Not reachable"; }
}
async function syncIndex() {
if (!cfg.url) return;
try {
const r = await fetchAPI("/v1/index");
const hdrs = {};
const b = getBearer();
if (b) Object.assign(hdrs, await popHeaders("GET", "/v1/index", new Uint8Array()));
const r = await fetch(cfg.url + "/v1/index", { headers: Object.assign(hdrs, b?{Authorization:"Bearer "+b}:{}) });
if (!r.ok) throw new Error("index fetch failed");
const entries = await r.json();
setPosts(entries.map(e => ({ hash:e.hash, title:"(title unknown — fetch)", bytes:e.bytes, ts:e.stored_at, enc:e.private, tz:e.creator_tz })));
setPosts(entries.map(e => ({ hash:e.hash, title:"(title unknown — fetch)", bytes:e.bytes, ts:e.stored_at, enc:e.private, tz:e.creator_tz||"" })));
} catch(e){ console.warn("index sync failed", e); }
}
let sseCtrl;
async function sse(){
function sse(reset){
if (!cfg.url) return;
if (sseCtrl) { sseCtrl.abort(); sseCtrl = undefined; }
sseCtrl = new AbortController();
const path = "/v1/index/stream";
const headers = {};
const b = getBearer(); if (b) headers["Authorization"] = "Bearer " + b;
Object.assign(headers, await popHeaders("GET", path, new Uint8Array()));
fetch(cfg.url + path, { headers, signal: sseCtrl.signal }).then(async resp => {
if (!resp.ok) return;
const reader = resp.body.getReader(); const decoder = new TextDecoder();
let buf = "";
while (true) {
const { value, done } = await reader.read(); if (done) break;
buf += decoder.decode(value, { stream:true });
let idx;
while ((idx = buf.indexOf("\n\n")) >= 0) {
const chunk = buf.slice(0, idx); buf = buf.slice(idx+2);
if (chunk.startsWith("data: ")) {
try {
const ev = JSON.parse(chunk.slice(6));
if (ev.event === "put") {
const e = ev.data;
const posts = getPosts();
if (!posts.find(p => p.hash === e.hash)) {
posts.unshift({ hash:e.hash, title:"(title unknown — fetch)", bytes:e.bytes, ts:e.stored_at, enc:e.private, tz:e.creator_tz });
setPosts(posts);
const url = cfg.url + "/v1/index/stream";
const b = getBearer();
const start = async () => {
const hdrs = {};
if (b) Object.assign(hdrs, await popHeaders("GET", "/v1/index/stream", new Uint8Array()), { Authorization: "Bearer "+b });
fetch(url, { headers: hdrs, signal: sseCtrl.signal }).then(async resp => {
if (!resp.ok) return;
const reader = resp.body.getReader(); const decoder = new TextDecoder();
let buf = "";
while (true) {
const { value, done } = await reader.read(); if (done) break;
buf += decoder.decode(value, { stream:true });
let idx; while ((idx = buf.indexOf("\n\n")) >= 0) {
const chunk = buf.slice(0, idx); buf = buf.slice(idx+2);
if (chunk.startsWith("data: ")) {
try {
const ev = JSON.parse(chunk.slice(6));
if (ev.event === "put") {
const e = ev.data;
const posts = getPosts();
if (!posts.find(p => p.hash === e.hash)) {
posts.unshift({ hash:e.hash, title:"(title unknown — fetch)", bytes:e.bytes, ts:e.stored_at, enc:e.private, tz:e.creator_tz||"" });
setPosts(posts);
}
} else if (ev.event === "delete") {
const h = ev.data.hash; setPosts(getPosts().filter(p => p.hash !== h));
}
} else if (ev.event === "delete") {
const h = ev.data.hash; setPosts(getPosts().filter(p => p.hash !== h));
}
} catch {}
} catch {}
}
}
}
}
}).catch(()=>{});
}).catch(()=>{});
};
start();
}
// ---- Actions ----
// ---------- Auth ----------
async function keySignIn(){
try {
if (!cfg.url) { alert("Set shard URL first."); return; }
// 1) challenge
const cResp = await fetch(cfg.url + "/v1/auth/key/challenge", { method:"POST" });
const cTxt = await cResp.text();
if (!cResp.ok) { alert("Challenge failed: " + cTxt); return; }
const c = JSON.parse(cTxt);
// 2) sign and verify
const dev = await getDevice();
const priv = await crypto.subtle.importKey("pkcs8", ub64(dev.priv), { name:"ECDSA", namedCurve:"P-256" }, false, ["sign"]);
const msg = enc.encode("key-verify\n" + c.nonce);
const sig = await crypto.subtle.sign({ name:"ECDSA", hash:"SHA-256" }, priv, msg);
const vResp = await fetch(cfg.url + "/v1/auth/key/verify", {
method:"POST",
headers: { "Content-Type":"application/json" },
body: JSON.stringify({ nonce:c.nonce, alg:"p256", pub: dev.pub, sig: b64(sig) })
});
const vTxt = await vResp.text();
if (!vResp.ok) { alert("Verify failed: " + vTxt); return; }
const j = JSON.parse(vTxt);
setBearer(j.bearer);
alert("Signed in ✔ (session)");
await syncIndex();
} catch (e) {
alert("Key sign-in exception: " + (e?.message || e));
}
}
async function panicWipe(){
try {
if (cfg.url) await fetch(cfg.url + "/v1/session/clear", { method:"POST" });
} catch {}
sessionStorage.clear();
localStorage.clear();
caches && caches.keys().then(keys => keys.forEach(k => caches.delete(k)));
location.replace("about:blank");
}
// ---------- Publishing / Viewing ----------
function msg(t, err=false){ els.publishStatus.textContent=t; els.publishStatus.style.color = err ? "#ff6b6b" : "inherit"; }
async function publish() {
if (!cfg.url) return msg("Set shard URL first.", true);
const title = els.title.value.trim(); const body = els.body.value; const vis = els.visibility.value;
const b = getBearer(); if (!b) return msg("Sign in first (device key).", true);
const title = els.title.value.trim();
const body = els.body.value;
const vis = els.visibility.value;
try {
let blob, enc=false;
let blob, encp=false;
if (vis === "private") {
if (!cfg.passphrase) return msg("Set a passphrase (community key) for encrypted posts.", true);
if (!cfg.passphrase) return msg("Set a passphrase for private posts.", true);
const payload = await encryptString(JSON.stringify({ title, body }), cfg.passphrase);
blob = toBlob(payload); enc=true;
blob = toBlob(payload); encp=true;
} else {
blob = toBlob(JSON.stringify({ title, body }));
}
const tz = Intl.DateTimeFormat().resolvedOptions().timeZone || "";
const headers = { "Content-Type":"application/octet-stream", "X-GC-TZ": tz };
const bearer = getBearer(); if (bearer) headers["Authorization"] = "Bearer " + bearer;
if (enc) headers["X-GC-Private"] = "1";
const bodyBytes = new Uint8Array(await blob.arrayBuffer());
Object.assign(headers, await popHeaders("PUT", "/v1/object", bodyBytes));
const r = await fetch(cfg.url + "/v1/object", { method:"PUT", headers, body: blob });
const buf = new Uint8Array(await blob.arrayBuffer());
const path = "/v1/object";
const headers = { "Content-Type":"application/octet-stream", Authorization: "Bearer "+b };
if (encp) headers["X-GC-Private"] = "1";
const pop = await popHeaders("PUT", path, buf);
Object.assign(headers, pop);
const r = await fetch(cfg.url + path, { method:"PUT", headers, body: buf });
if (!r.ok) throw new Error(await r.text());
const j = await r.json();
const posts = getPosts();
posts.unshift({ hash:j.hash, title: title || "(untitled)", bytes:j.bytes, ts:j.stored_at, enc:j.private, tz:j.creator_tz });
posts.unshift({ hash:j.hash, title: title || "(untitled)", bytes:j.bytes, ts:j.stored_at, enc:j.private, tz:j.creator_tz||"" });
setPosts(posts);
els.body.value = ""; msg(`Published ${enc?"encrypted":"plaintext"} post. Hash: ${j.hash}`);
els.body.value = ""; msg(`Published ${encp?"private":"public"} post. Hash: ${j.hash}`);
} catch(e){ msg("Publish failed: " + (e?.message||e), true); }
}
async function viewPost(p, pre) {
pre.textContent = "Loading…";
try {
const r = await fetchAPI("/v1/object/" + p.hash);
const path = "/v1/object/" + p.hash;
const headers = {};
const b = getBearer();
if (b) Object.assign(headers, await popHeaders("GET", path, new Uint8Array()), { Authorization: "Bearer "+b });
const r = await fetch(cfg.url + path, { headers });
if (!r.ok) throw new Error("fetch failed " + r.status);
const buf = new Uint8Array(await r.arrayBuffer());
let text;
@@ -192,91 +283,52 @@ async function viewPost(p, pre) {
}
async function saveBlob(p) {
const r = await fetchAPI("/v1/object/" + p.hash);
const path = "/v1/object/" + p.hash;
const headers = {};
const b = getBearer();
if (b) Object.assign(headers, await popHeaders("GET", path, new Uint8Array()), { Authorization: "Bearer "+b });
const r = await fetch(cfg.url + path, { headers });
if (!r.ok) return alert("download failed " + r.status);
const b = await r.blob();
const a = document.createElement("a"); a.href = URL.createObjectURL(b);
const bl = await r.blob();
const a = document.createElement("a"); a.href = URL.createObjectURL(bl);
a.download = p.hash + (p.enc ? ".gcenc" : ".json"); a.click(); URL.revokeObjectURL(a.href);
}
async function delServer(p) {
const path = "/v1/object/" + p.hash;
const b = getBearer(); if (!b) return alert("Sign in first.");
const headers = { Authorization: "Bearer "+b };
Object.assign(headers, await popHeaders("DELETE", path, new Uint8Array()));
if (!confirm("Delete blob from server by hash?")) return;
const r = await fetchAPI("/v1/object/" + p.hash, { method:"DELETE" });
const r = await fetch(cfg.url + path, { method:"DELETE", headers });
if (!r.ok) return alert("delete failed " + r.status);
setPosts(getPosts().filter(x=>x.hash!==p.hash));
}
// ---------- Discord SSO ----------
async function discordStart() {
if (!cfg.url) { alert("Set shard URL first."); return; }
const headers = { "X-GC-3P-Assent":"1", "X-GC-Key": getDevicePubHdr() };
const r = await fetch(cfg.url + "/v1/auth/discord/start", { headers });
const r = await fetch(cfg.url + "/v1/auth/discord/start", { headers: { "X-GC-3P-Assent":"1" }});
if (!r.ok) { alert("Discord SSO not available"); return; }
const j = await r.json();
location.href = j.url;
}
async function signInWithDeviceKey(){
try {
if (!cfg.url) { alert("Set shard URL first."); return; }
// 1) challenge
const cResp = await fetch(cfg.url + "/v1/auth/key/challenge", { method:"POST" });
const cTxt = await cResp.text();
if (!cResp.ok) { alert("Challenge failed: " + cTxt); return; }
const c = JSON.parse(cTxt);
if (!c.nonce) { alert("Challenge bad JSON: " + cTxt); return; }
// 2) sign "key-verify\n<nonce>"
const msg = "key-verify\n" + c.nonce;
const priv = await getDevicePriv();
const sig = await crypto.subtle.sign({ name:"ECDSA", hash:"SHA-256" }, priv, new TextEncoder().encode(msg));
// 3) send verify
const body = JSON.stringify({
nonce: c.nonce,
alg: "p256",
pub: (getDevicePubHdr()||"").slice("p256:".length),
sig: b64(new Uint8Array(sig))
});
const vResp = await fetch(cfg.url + "/v1/auth/key/verify", {
method:"POST",
headers:{ "Content-Type":"application/json" },
body
});
const vTxt = await vResp.text();
if (!vResp.ok) { alert("Verify failed: " + vTxt); return; }
const j = JSON.parse(vTxt);
if (!j.bearer) { alert("Verify returned no bearer: " + vTxt); return; }
sessionStorage.setItem("gc_bearer", j.bearer);
const k = "gc_client_config_v1"; const cfg0 = JSON.parse(localStorage.getItem(k) || "{}"); cfg0.bearer = j.bearer; localStorage.setItem(k, JSON.stringify(cfg0));
els.bearer.value = j.bearer;
alert("Signed in ✔");
} catch (e) {
alert("Key sign-in exception: " + (e?.message || e));
}
}
// ---- Render ----
// ---------- Render ----------
function renderPosts() {
const posts = getPosts(); els.posts.innerHTML = "";
for (const p of posts) {
const div = document.createElement("div"); div.className = "post";
const badge = p.enc ? `<span class="badge">encrypted</span>` : `<span class="badge">plaintext</span>`;
const tsLocal = new Date(p.ts).toLocaleString();
const tz = p.tz ? ` · author TZ: ${p.tz}` : "";
const badge = p.enc ? `<span class="badge">private</span>` : `<span class="badge">public</span>`;
div.innerHTML = `
<div class="meta"><code>${p.hash.slice(0,10)}…</code> · ${p.bytes} bytes · ${tsLocal}${tz} ${badge}</div>
<div class="meta"><code>${p.hash.slice(0,10)}…</code> · ${p.bytes} bytes · ${p.ts} ${badge}</div>
<div class="actions">
<button data-act="view">View</button>
<button data-act="save">Save blob</button>
<button data-act="delete">Delete (server)</button>
<button data-act="remove">Remove (local)</button>
</div>
<pre class="content" style="white-space:pre-wrap;margin-top:.5rem;"></pre>`;
<pre class="content"></pre>`;
const pre = div.querySelector(".content");
div.querySelector('[data-act="view"]').onclick = () => viewPost(p, pre);
div.querySelector('[data-act="save"]').onclick = () => saveBlob(p);
@@ -285,23 +337,3 @@ function renderPosts() {
els.posts.appendChild(div);
}
}
// ---- Boot ----
(async () => {
await ensureDeviceKey();
await checkHealth(); await syncIndex(); await sse();
})();
els.saveConn.onclick = async () => {
const c = { url: norm(els.shardUrl.value), bearer: els.bearer.value.trim(), passphrase: els.passphrase.value };
saveConfig(c);
await checkHealth(); await syncIndex(); await sse();
};
els.publish.onclick = publish;
els.discordStart.onclick = discordStart;
els.signinDevice.onclick = signInWithDeviceKey;
// ---- utils ----
function b64(buf){ const b = buf instanceof Uint8Array ? buf : new Uint8Array(buf); let s=""; for (let i=0;i<b.length;i++) s+=String.fromCharCode(b[i]); return btoa(s).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,""); }
function ub64(s){ s=s.replace(/-/g,"+").replace(/_/g,"/"); while (s.length%4) s+="="; const bin=atob(s); const b=new Uint8Array(bin.length); for (let i=0;i<bin.length;i++) b[i]=bin.charCodeAt(i); return b.buffer; }
async function sha256Hex(bytes){ const d = await crypto.subtle.digest("SHA-256", bytes); return Array.from(new Uint8Array(d)).map(b=>b.toString(16).padStart(2,"0")).join(""); }

33
client/index.html
View File

@@ -5,7 +5,7 @@
<title>GreenCoast — Client</title>
<meta name="viewport" content="width=device-width,initial-scale=1"/>
<link rel="stylesheet" href="./styles.css"/>
<!-- Optional: set API base explicitly -->
<!-- Optional: explicit API base -->
<meta name="gc-api-base" content="https://api-gc.fullmooncyberworks.com">
</head>
<body>
@@ -16,29 +16,30 @@
<h2>Connect</h2>
<div class="row">
<label>Shard URL</label>
<input id="shardUrl" placeholder="http://localhost:9080" />
<input id="shardUrl" placeholder="https://api-gc.fullmooncyberworks.com" />
</div>
<div class="row">
<label>Bearer (auto after sign-in)</label>
<input id="bearer" placeholder="(auto)" />
<label>Bearer (session)</label>
<input id="bearer" placeholder="(auto after sign-in)" disabled />
</div>
<div class="row">
<label>Passphrase (community key)</label>
<label>Passphrase (private posts)</label>
<input id="passphrase" type="password" placeholder="••••••••" />
</div>
<div class="row">
<label>Auth</label>
<label>3rd-party SSO</label>
<div>
<button id="signinDevice">Sign in (device key)</button>
<button id="discordStart">Sign in with Discord</button>
<div class="muted" style="margin-top:.4rem;">
Using third-party SSO is optional; we cannot vouch for their security.
<div class="muted" id="ssoNote">
We use external providers only if you choose to. We cannot vouch for their security.
</div>
</div>
</div>
<button id="saveConn">Save</button>
<div class="actions">
<button id="saveConn">Save</button>
<button id="keySignIn">Sign in (device key)</button>
<button id="panicWipe" class="danger">Panic wipe</button>
</div>
<div id="health" class="muted"></div>
</section>
@@ -47,8 +48,8 @@
<div class="row">
<label>Visibility</label>
<select id="visibility">
<option value="private">Community-encrypted (recommended)</option>
<option value="public">Plaintext (discouraged; may be disabled by server)</option>
<option value="private">Private (E2EE via passphrase)</option>
<option value="public">Public (plaintext)</option>
</select>
</div>
<div class="row">
@@ -59,7 +60,9 @@
<label>Body</label>
<textarea id="body" rows="6" placeholder="Write your post..."></textarea>
</div>
<button id="publish">Publish</button>
<div class="actions">
<button id="publish">Publish</button>
</div>
<div id="publishStatus" class="muted"></div>
</section>

33
client/styles.css
View File

@@ -1,18 +1,15 @@
:root { --bg:#0b1117; --card:#0f1621; --fg:#e6edf3; --muted:#8b949e; --accent:#2ea043; }
* { box-sizing: border-box; }
body { margin:0; font-family: ui-sans-serif, system-ui, -apple-system, Segoe UI, Roboto, Arial; background:var(--bg); color:var(--fg); }
.container { max-width: 900px; margin: 2rem auto; padding: 0 1rem; }
h1 { font-size: 1.5rem; margin-bottom: 1rem; }
.card { background: var(--card); border-radius: 14px; padding: 1rem; margin-bottom: 1rem; box-shadow: 0 8px 24px rgba(0,0,0,.3); }
h2 { margin-top: 0; font-size: 1.1rem; }
.row { display: grid; grid-template-columns: 160px 1fr; gap: .75rem; align-items: center; margin: .5rem 0; }
label { color: var(--muted); }
input, select, textarea { width: 100%; padding: .6rem .7rem; border-radius: 10px; border: 1px solid #233; background: #0b1520; color: var(--fg); }
button { background: var(--accent); color: #08130b; border: none; padding: .6rem .9rem; border-radius: 10px; cursor: pointer; font-weight: 700; }
button:hover { filter: brightness(1.05); }
.muted { color: var(--muted); margin-top: .5rem; font-size: .9rem; }
.post { border: 1px solid #1d2734; border-radius: 12px; padding: .75rem; margin: .5rem 0; background: #0c1824; }
.post .meta { font-size: .85rem; color: var(--muted); margin-bottom: .4rem; }
.post .actions { margin-top: .5rem; display:flex; gap:.5rem; }
code { background:#0a1320; padding:.15rem .35rem; border-radius:6px; }
.badge { font-size:.75rem; padding:.1rem .4rem; border-radius: 999px; background:#132235; color:#9fb7d0; margin-left:.5rem; }
:root { color-scheme: light dark; }
body { font-family: system-ui, -apple-system, Segoe UI, Roboto, Ubuntu, Cantarell, "Noto Sans", sans-serif; margin: 0; padding: 2rem; }
.container { max-width: 860px; margin: 0 auto; }
h1 { margin: 0 0 1rem 0; }
.card { border: 1px solid #30363d; border-radius: 16px; padding: 1rem; margin: 1rem 0; box-shadow: 0 2px 6px rgba(0,0,0,.1); }
.row { display: grid; grid-template-columns: 160px 1fr; gap: .8rem; align-items: center; margin: .6rem 0; }
label { opacity: .8; }
input, textarea, select, button { font: inherit; padding: .6rem .7rem; border-radius: 10px; border: 1px solid #30363d; background: transparent; color: inherit; }
button { cursor: pointer; }
button.danger { border-color: #a4002a; color: #a4002a; }
.actions { display: flex; gap: .6rem; flex-wrap: wrap; margin-top: .4rem; }
.muted { opacity: .7; font-size: .9rem; }
.badge { display: inline-block; padding: .1rem .4rem; border-radius: 8px; border: 1px solid #30363d; font-size: .75rem; margin-left: .4rem; }
.post { border-top: 1px dashed #30363d; padding: .6rem 0; }
pre.content { white-space: pre-wrap; margin-top: .5rem; }

36
cmd/shard/main.go
View File

@@ -1,4 +1,3 @@
// cmd/shard/main.go
package main
import (
@@ -26,8 +25,9 @@ func getenvBool(key string, def bool) bool {
}
func staticHeaders(next http.Handler) http.Handler {
onion := os.Getenv("GC_ONION_LOCATION") // optional: e.g., http://xxxxxxxx.onion/
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Security headers
// Security headers + strict CSP (no inline) + COEP
w.Header().Set("Referrer-Policy", "no-referrer")
w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
w.Header().Set("Cross-Origin-Resource-Policy", "same-site")
@@ -35,6 +35,19 @@ func staticHeaders(next http.Handler) http.Handler {
w.Header().Set("X-Frame-Options", "DENY")
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("Strict-Transport-Security", "max-age=15552000; includeSubDomains; preload")
w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp")
// Allow only self + HTTPS for fetch/SSE; no inline styles/scripts
w.Header().Set("Content-Security-Policy",
"default-src 'self'; "+
"script-src 'self'; "+
"style-src 'self'; "+
"img-src 'self' data:; "+
"connect-src 'self' https:; "+
"frame-ancestors 'none'; object-src 'none'; base-uri 'none'; form-action 'self'; "+
"require-trusted-types-for 'script'")
if onion != "" {
w.Header().Set("Onion-Location", onion)
}
// Basic CORS for static (GET only effectively)
w.Header().Set("Access-Control-Allow-Origin", "*")
@@ -72,12 +85,17 @@ func main() {
dataDir = "/var/lib/greencoast"
}
coarseTS := getenvBool("GC_COARSE_TS", false)
coarseTS := getenvBool("GC_COARSE_TS", true) // safer default (less precise metadata)
zeroTrust := getenvBool("GC_ZERO_TRUST", true)
encRequired := getenvBool("GC_ENCRYPTION_REQUIRED", true) // operator-blind by default
requirePOP := getenvBool("GC_REQUIRE_POP", true) // for logging only; API defaults to true internally
requirePOP := getenvBool("GC_REQUIRE_POP", true) // logged only here
signingSecretHex := os.Getenv("GC_SIGNING_SECRET_HEX")
if len(signingSecretHex) < 64 {
log.Printf("WARN: GC_SIGNING_SECRET_HEX length=%d (need >=64 hex chars)", len(signingSecretHex))
} else {
log.Printf("GC_SIGNING_SECRET_HEX OK (len=%d)", len(signingSecretHex))
}
discID := os.Getenv("GC_DISCORD_CLIENT_ID")
discSecret := os.Getenv("GC_DISCORD_CLIENT_SECRET")
@@ -90,13 +108,17 @@ func main() {
}
ix := index.New()
// Reindex on boot from whatever files exist on disk
// Reindex on boot from existing files (coarse time if enabled)
if err := store.Walk(func(hash string, size int64, mod time.Time) error {
when := mod.UTC()
if coarseTS {
when = when.Truncate(time.Minute)
}
return ix.Put(index.Entry{
Hash: hash,
Bytes: size,
StoredAt: mod.UTC().Format(time.RFC3339Nano),
Private: false, // unknown here; safe default
StoredAt: when.Format(time.RFC3339Nano),
Private: false, // unknown here
})
}); err != nil {
log.Printf("reindex on boot: %v", err)

94
internal/api/http.go
View File

@@ -15,6 +15,7 @@ import (
"log"
"math/big"
"net/http"
"os"
"sort"
"strconv"
"strings"
@@ -55,6 +56,9 @@ type Server struct {
signingKey []byte
discord DiscordProvider
// rate limiter
rl *rateLimiter
// device-key challenge cache
chMu sync.Mutex
chal map[string]time.Time // nonce -> expires
@@ -70,7 +74,7 @@ type Server struct {
func New(store BlobStore, idx *index.Index, coarseTS, zeroTrust bool, providers AuthProviders, encRequired bool) *Server {
key, _ := hex.DecodeString(strings.TrimSpace(providers.SigningSecretHex))
return &Server{
s := &Server{
store: store,
idx: idx,
zeroTrust: zeroTrust,
@@ -83,6 +87,9 @@ func New(store BlobStore, idx *index.Index, coarseTS, zeroTrust bool, providers
replay: make(map[string]time.Time),
sseSub: make(map[chan string]struct{}),
}
// Default limiter: ~2 req/sec, burst 20, 10 min idle eviction
s.rl = newRateLimiter(2.0, 20, 10*time.Minute)
return s
}
func (s *Server) ListenHTTP(addr string) error {
@@ -108,19 +115,22 @@ func (s *Server) routes() *http.ServeMux {
mux.HandleFunc("/v1/auth/key/verify", s.handleAuthKeyVerify)
// Objects
mux.HandleFunc("/v1/object", s.handlePutObject) // PUT
mux.HandleFunc("/v1/object/", s.handleObjectByHash) // GET/DELETE
mux.HandleFunc("/v1/object", s.handlePutObject) // PUT (requires bearer+PoP)
mux.HandleFunc("/v1/object/", s.handleObjectByHash) // GET/DELETE (DELETE requires bearer+PoP)
// Index
mux.HandleFunc("/v1/index", s.handleIndexList)
mux.HandleFunc("/v1/index/stream", s.handleIndexStream)
// Admin
// Admin (requires admin device sub)
mux.HandleFunc("/v1/admin/reindex", s.handleAdminReindex)
// GDPR
mux.HandleFunc("/v1/gdpr/policy", s.handleGDPRPolicy)
// Session panic wipe (no auth; clears browser caches)
mux.HandleFunc("/v1/session/clear", s.handleSessionClear)
return mux
}
@@ -138,14 +148,42 @@ func (s *Server) cors(next http.Handler) http.Handler {
w.Header().Set("X-Frame-Options", "DENY")
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("Strict-Transport-Security", "max-age=15552000; includeSubDomains; preload")
// Preflight is free (dont rate-limit OPTIONS)
if r.Method == http.MethodOptions {
w.WriteHeader(http.StatusNoContent)
return
}
// Rate limit (by device key CNF when available; else IP)
key := ""
if b := strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer "); b != "" {
if ac, err := s.parseBearer(b); err == nil && ac.CNF != "" {
key = ac.CNF
}
}
if key == "" {
key = "ip:" + clientIP(r)
}
if !s.rl.allow(key) {
w.Header().Set("Retry-After", "5")
http.Error(w, "rate limited", http.StatusTooManyRequests)
return
}
next.ServeHTTP(w, r)
})
}
func (s *Server) handleSessionClear(w http.ResponseWriter, r *http.Request) {
if r.Method != http.MethodPost {
http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
return
}
w.Header().Set("Clear-Site-Data", `"cache","storage"`)
w.WriteHeader(http.StatusNoContent)
}
// ---------- Helpers ----------
func b64u(b []byte) string {
@@ -159,6 +197,21 @@ func b64ud(s string) ([]byte, error) {
}
func nowUTC() time.Time { return time.Now().UTC() }
// Admin allow-list: env GC_ADMIN_SUBS="sub1,sub2"
func (s *Server) isAdmin(ac authContext) bool {
raw := strings.TrimSpace(os.Getenv("GC_ADMIN_SUBS"))
if raw == "" || ac.CNF == "" {
return false
}
sub := thumbprintFromCNF(ac.CNF)
for _, x := range strings.Split(raw, ",") {
if sub == strings.TrimSpace(x) {
return true
}
}
return false
}
// ---------- Health ----------
func (s *Server) handleHealth(w http.ResponseWriter, r *http.Request) {
@@ -202,7 +255,7 @@ type keyVerifyReq struct {
Nonce string `json:"nonce"`
Alg string `json:"alg"` // "p256"
Pub string `json:"pub"` // base64url raw (uncompressed point, 65 bytes)
Sig string `json:"sig"` // base64url DER(ECDSA)
Sig string `json:"sig"` // base64url DER(ECDSA) or raw r||s (64B)
}
func (s *Server) handleAuthKeyVerify(w http.ResponseWriter, r *http.Request) {
@@ -246,7 +299,7 @@ func (s *Server) handleAuthKeyVerify(w http.ResponseWriter, r *http.Request) {
writeErr(http.StatusBadRequest, "bad pub")
return
}
sigDER, err := b64ud(req.Sig)
sig, err := b64ud(req.Sig)
if err != nil {
writeErr(http.StatusBadRequest, "bad sig")
return
@@ -256,8 +309,8 @@ func (s *Server) handleAuthKeyVerify(w http.ResponseWriter, r *http.Request) {
x := new(big.Int).SetBytes(pubRaw[1:33])
y := new(big.Int).SetBytes(pubRaw[33:])
ek := &ecdsa.PublicKey{Curve: elliptic.P256(), X: x, Y: y}
if !ecdsaVerify(ek, msg, sigDER) {
http.Error(w, "verify failed", http.StatusUnauthorized)
if !ecdsaVerify(ek, msg, sig) {
writeErr(http.StatusUnauthorized, "verify failed")
return
}
// mint token
@@ -293,13 +346,13 @@ func ecdsaVerify(pub *ecdsa.PublicKey, msg []byte, sig []byte) bool {
return false
}
// Minimal DER parser that tolerates long-form lengths and leading 0x00 in INTEGERs.
// Minimal DER parser tolerant to long-form lengths and leading 0x00.
func parseECDSADER(der []byte) (*big.Int, *big.Int, bool) {
if len(der) < 8 || der[0] != 0x30 {
return nil, nil, false
}
i := 1
// Read SEQUENCE length (short or long form)
// sequence len
if i >= len(der) {
return nil, nil, false
}
@@ -318,12 +371,10 @@ func parseECDSADER(der []byte) (*big.Int, *big.Int, bool) {
seqLen = int(der[i])
i++
}
if i >= len(der) {
return nil, nil, false
}
_ = seqLen // not strictly needed
// INTEGER R
if der[i] != 0x02 {
if i >= len(der) || der[i] != 0x02 {
return nil, nil, false
}
i++
@@ -337,6 +388,7 @@ func parseECDSADER(der []byte) (*big.Int, *big.Int, bool) {
}
rb := der[i : i+rLen]
i += rLen
// INTEGER S
if i >= len(der) || der[i] != 0x02 {
return nil, nil, false
@@ -418,7 +470,6 @@ func (s *Server) gc2Mint(cnf string, exp time.Time) (string, error) {
}
hdr := map[string]string{"alg": "HS256", "typ": "GC2"}
iat := nowUTC().Unix()
// Fix: assign the sum before slicing to avoid "unaddressable value"
sum := sha256.Sum256([]byte(fmt.Sprintf("%d", time.Now().UnixNano())))
jti := b64u(sum[:16])
@@ -480,7 +531,8 @@ func (s *Server) verifyPoP(w http.ResponseWriter, r *http.Request, ac authContex
return false
}
now := nowUTC().Unix()
if ts < now-600 || ts > now+600 {
// Tight window: ±120s
if ts < now-120 || ts > now+120 {
http.Error(w, "ts window", http.StatusUnauthorized)
return false
}
@@ -496,7 +548,7 @@ func (s *Server) verifyPoP(w http.ResponseWriter, r *http.Request, ac authContex
http.Error(w, "replay", http.StatusUnauthorized)
return false
}
s.replay[proof] = nowUTC().Add(10 * time.Minute)
s.replay[proof] = nowUTC().Add(2 * time.Minute)
s.rpMu.Unlock()
// Verify signature over METHOD \n PATH \n TS \n SHA256(bodyHex)
@@ -513,7 +565,7 @@ func (s *Server) verifyPoP(w http.ResponseWriter, r *http.Request, ac authContex
http.Error(w, "bad key", http.StatusUnauthorized)
return false
}
sigDER, err := b64ud(proof)
sig, err := b64ud(proof)
if err != nil {
http.Error(w, "bad proof", http.StatusUnauthorized)
return false
@@ -521,7 +573,7 @@ func (s *Server) verifyPoP(w http.ResponseWriter, r *http.Request, ac authContex
x := new(big.Int).SetBytes(pubRaw[1:33])
y := new(big.Int).SetBytes(pubRaw[33:])
ek := &ecdsa.PublicKey{Curve: elliptic.P256(), X: x, Y: y}
if !ecdsaVerify(ek, msg, sigDER) {
if !ecdsaVerify(ek, msg, sig) {
http.Error(w, "pop verify", http.StatusUnauthorized)
return false
}
@@ -706,7 +758,6 @@ func (s *Server) sseBroadcastJSON(v any) {
select {
case ch <- string(b):
default:
// drop if slow
}
}
s.sseMu.Unlock()
@@ -720,7 +771,8 @@ func (s *Server) handleAdminReindex(w http.ResponseWriter, r *http.Request) {
return
}
ac, _ := s.parseBearer(strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer "))
if s.requirePOP && !s.verifyPoP(w, r, ac, nil) {
if !s.verifyPoP(w, r, ac, nil) || !s.isAdmin(ac) {
http.Error(w, "forbidden", http.StatusForbidden)
return
}
var walked, indexed int64

78
internal/api/ratelimit.go Normal file
View File

@@ -0,0 +1,78 @@
package api
import (
"net"
"net/http"
"sync"
"time"
)
type rateLimiter struct {
mu sync.Mutex
bk map[string]*bucket
rate float64 // tokens per second
burst float64
window time.Duration
}
type bucket struct {
tokens float64
last time.Time
}
func newRateLimiter(rps float64, burst int, window time.Duration) *rateLimiter {
return &rateLimiter{
bk: make(map[string]*bucket),
rate: rps,
burst: float64(burst),
window: window,
}
}
func (rl *rateLimiter) allow(key string) bool {
now := time.Now()
rl.mu.Lock()
defer rl.mu.Unlock()
b := rl.bk[key]
if b == nil {
b = &bucket{tokens: rl.burst, last: now}
rl.bk[key] = b
}
// refill
elapsed := now.Sub(b.last).Seconds()
b.tokens = min(rl.burst, b.tokens+elapsed*rl.rate)
b.last = now
if b.tokens < 1.0 {
return false
}
b.tokens -= 1.0
// occasional cleanup
for k, v := range rl.bk {
if now.Sub(v.last) > rl.window {
delete(rl.bk, k)
}
}
return true
}
func min(a, b float64) float64 {
if a < b {
return a
}
return b
}
func clientIP(r *http.Request) string {
// Prefer Cloudflares header if present; fall back to RemoteAddr.
if ip := r.Header.Get("CF-Connecting-IP"); ip != "" {
return ip
}
host, _, err := net.SplitHostPort(r.RemoteAddr)
if err != nil {
return r.RemoteAddr
}
return host
}

1
testdata/objects/5dcfd2e73a6c3a17b0efb103f1a3b891fc06b0189a0c5d5916435d9e5d74e963 vendored
View File

@@ -1 +0,0 @@
{"title":"Timezone Publish","body":"You can now include your timezone on all of your posts. This is completely optional but lets others see when you posted"}