add file password security notice
This commit is contained in:
parent
506b309cbc
commit
73739b5bc4
|
@ -31,6 +31,13 @@ pub struct Uploaded {
|
|||
pub env: Env
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[template( path = "passworded-files.html" )]
|
||||
#[allow(dead_code)]
|
||||
pub struct PasswordedFilesHelpPage {
|
||||
pub env: Env
|
||||
}
|
||||
|
||||
|
||||
pub async fn uploaded(query: HashMap<String, String>, state: SharedState) -> Result<Html<String>, Rejection> {
|
||||
|
||||
|
@ -67,7 +74,22 @@ pub fn index_f(state: SharedState) -> impl Filter<Extract = impl Reply, Error =
|
|||
.and_then(index)
|
||||
}
|
||||
|
||||
pub async fn passworded(state: SharedState) -> Result<Html<String>, Rejection> {
|
||||
let rendered = PasswordedFilesHelpPage {
|
||||
env: state.env.clone()
|
||||
};
|
||||
Ok(warp::reply::html(rendered.render().map_err(|err| warp::reject::custom(HttpReject::AskamaError(err)))?))
|
||||
}
|
||||
|
||||
pub fn passworded_f(state: SharedState) -> impl Filter<Extract = impl Reply, Error = Rejection> + Clone {
|
||||
warp::path!("password-files")
|
||||
.and(warp::path::end())
|
||||
.map(move || state.clone())
|
||||
.and_then(passworded)
|
||||
}
|
||||
|
||||
pub fn get_routes(state: SharedState) -> impl Filter<Extract = impl Reply, Error = Rejection> + Clone {
|
||||
index_f(state.clone())
|
||||
.or(uploaded_f(state.clone()))
|
||||
.or(passworded_f(state))
|
||||
}
|
|
@ -42,15 +42,30 @@
|
|||
<input style="max-width:100px" id='bfile-formupload-file-name' type="text" name="filename" placeholder="file.txt"></input>
|
||||
</span>
|
||||
</p>
|
||||
<p>
|
||||
<label>
|
||||
<input type="checkbox" name="passworded">
|
||||
</label>
|
||||
<label>
|
||||
I want to add a password to the file:
|
||||
<input type="password" name="password" style="max-width:90px">
|
||||
</label>
|
||||
</p>
|
||||
<table>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td>
|
||||
<label>
|
||||
<input type="checkbox" name="passworded">
|
||||
I want to add a password to the file:
|
||||
|
||||
<span style="font-size:80%;display:block;padding:2px 0 0 24px">
|
||||
Warning: the file WILL NOT be encrypted.<br/>
|
||||
<a href="/passworded-files">
|
||||
Learn more
|
||||
</a>
|
||||
</span>
|
||||
</label>
|
||||
</td>
|
||||
<td style="padding-left:4px">
|
||||
<label>
|
||||
<input type="password" name="password" style="max-width:90px">
|
||||
</label>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<p>
|
||||
<input type="file" name="file" id="bfile-formupload-file" style="display: none" />
|
||||
<label for="bfile-formupload-file">
|
||||
|
|
|
@ -0,0 +1,59 @@
|
|||
{% extends "base.html" %}
|
||||
|
||||
{% block body %}
|
||||
|
||||
|
||||
<div style="max-width:95vw;width:900px;margin:0 auto;line-height:16pt">
|
||||
<h1 style="text-align:center">Password-protected file uploads</h1>
|
||||
|
||||
<p>
|
||||
When uploading a file to blek! File, you may add a password to it, if it has confidential data.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
However, be aware that even though the file won't be sent unless the user provides a password,
|
||||
|
||||
<b>the instance owner will still be able to see the file contents without a password.</b>
|
||||
</p>
|
||||
|
||||
<h2>Why can't the site encrypt it for me?</h2>
|
||||
<p>
|
||||
There is a number of reasons why that is a stupid idea.
|
||||
</p>
|
||||
<ol style="list-style:decimal;padding-left:12px;">
|
||||
<li>
|
||||
This site's only purpose is to store files for short periods of time.
|
||||
It doesnt include "storing the files securely", or encrypting them.
|
||||
</li>
|
||||
<li>
|
||||
When the encryption happens server-side, there is a risk that the password could be logged.
|
||||
</li>
|
||||
</ol>
|
||||
|
||||
<h2>How do I encrypt a file, then?</h2>
|
||||
<p>
|
||||
Its dead simple: download a program for encrypting files on your computer and use it to handle
|
||||
all encryption operations.
|
||||
</p>
|
||||
<p>
|
||||
As for the encryption program, it is recommended to use
|
||||
<a href='https://gnupg.org'>GnuPG</a>
|
||||
(
|
||||
<a href="https://gpg4win.org">Windows</a>
|
||||
<a href="https://openkeychain.org">Android</a>
|
||||
).
|
||||
|
||||
<a href="https://www.openpgp.org/software/kleopatra">
|
||||
Kleopatra
|
||||
</a>
|
||||
is a cross-platform easy to use GUI for GPG.
|
||||
</p>
|
||||
|
||||
<p style="margin-top:40px">
|
||||
<a role='button' href="/" class="btn" style="display:block">
|
||||
Go back to upload
|
||||
</a>
|
||||
</p>
|
||||
</div>
|
||||
|
||||
{% endblock %}
|
Loading…
Reference in New Issue