add file password security notice

This commit is contained in:
blek 2023-10-09 20:13:07 +10:00
parent 506b309cbc
commit 73739b5bc4
Signed by: blek
GPG Key ID: 14546221E3595D0C
3 changed files with 105 additions and 9 deletions

View File

@ -31,6 +31,13 @@ pub struct Uploaded {
pub env: Env
}
#[derive(Template)]
#[template( path = "passworded-files.html" )]
#[allow(dead_code)]
pub struct PasswordedFilesHelpPage {
pub env: Env
}
pub async fn uploaded(query: HashMap<String, String>, state: SharedState) -> Result<Html<String>, Rejection> {
@ -67,7 +74,22 @@ pub fn index_f(state: SharedState) -> impl Filter<Extract = impl Reply, Error =
.and_then(index)
}
pub async fn passworded(state: SharedState) -> Result<Html<String>, Rejection> {
let rendered = PasswordedFilesHelpPage {
env: state.env.clone()
};
Ok(warp::reply::html(rendered.render().map_err(|err| warp::reject::custom(HttpReject::AskamaError(err)))?))
}
pub fn passworded_f(state: SharedState) -> impl Filter<Extract = impl Reply, Error = Rejection> + Clone {
warp::path!("password-files")
.and(warp::path::end())
.map(move || state.clone())
.and_then(passworded)
}
pub fn get_routes(state: SharedState) -> impl Filter<Extract = impl Reply, Error = Rejection> + Clone {
index_f(state.clone())
.or(uploaded_f(state.clone()))
.or(passworded_f(state))
}

View File

@ -42,15 +42,30 @@
<input style="max-width:100px" id='bfile-formupload-file-name' type="text" name="filename" placeholder="file.txt"></input>
</span>
</p>
<p>
<label>
<input type="checkbox" name="passworded">
</label>
<label>
I want to add a password to the file:
<input type="password" name="password" style="max-width:90px">
</label>
</p>
<table>
<tbody>
<tr>
<td>
<label>
<input type="checkbox" name="passworded">
I want to add a password to the file:
<span style="font-size:80%;display:block;padding:2px 0 0 24px">
Warning: the file WILL NOT be encrypted.<br/>
<a href="/passworded-files">
Learn more
</a>
</span>
</label>
</td>
<td style="padding-left:4px">
<label>
<input type="password" name="password" style="max-width:90px">
</label>
</td>
</tr>
</tbody>
</table>
<p>
<input type="file" name="file" id="bfile-formupload-file" style="display: none" />
<label for="bfile-formupload-file">

View File

@ -0,0 +1,59 @@
{% extends "base.html" %}
{% block body %}
<div style="max-width:95vw;width:900px;margin:0 auto;line-height:16pt">
<h1 style="text-align:center">Password-protected file uploads</h1>
<p>
When uploading a file to blek! File, you may add a password to it, if it has confidential data.
</p>
<p>
However, be aware that even though the file won't be sent unless the user provides a password,
<b>the instance owner will still be able to see the file contents without a password.</b>
</p>
<h2>Why can't the site encrypt it for me?</h2>
<p>
There is a number of reasons why that is a stupid idea.
</p>
<ol style="list-style:decimal;padding-left:12px;">
<li>
This site's only purpose is to store files for short periods of time.
It doesnt include "storing the files securely", or encrypting them.
</li>
<li>
When the encryption happens server-side, there is a risk that the password could be logged.
</li>
</ol>
<h2>How do I encrypt a file, then?</h2>
<p>
Its dead simple: download a program for encrypting files on your computer and use it to handle
all encryption operations.
</p>
<p>
As for the encryption program, it is recommended to use
<a href='https://gnupg.org'>GnuPG</a>
(
<a href="https://gpg4win.org">Windows</a>
<a href="https://openkeychain.org">Android</a>
).
<a href="https://www.openpgp.org/software/kleopatra">
Kleopatra
</a>
is a cross-platform easy to use GUI for GPG.
</p>
<p style="margin-top:40px">
<a role='button' href="/" class="btn" style="display:block">
Go back to upload
</a>
</p>
</div>
{% endblock %}