add file password security notice
This commit is contained in:
parent
506b309cbc
commit
73739b5bc4
|
@ -31,6 +31,13 @@ pub struct Uploaded {
|
||||||
pub env: Env
|
pub env: Env
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[derive(Template)]
|
||||||
|
#[template( path = "passworded-files.html" )]
|
||||||
|
#[allow(dead_code)]
|
||||||
|
pub struct PasswordedFilesHelpPage {
|
||||||
|
pub env: Env
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
pub async fn uploaded(query: HashMap<String, String>, state: SharedState) -> Result<Html<String>, Rejection> {
|
pub async fn uploaded(query: HashMap<String, String>, state: SharedState) -> Result<Html<String>, Rejection> {
|
||||||
|
|
||||||
|
@ -67,7 +74,22 @@ pub fn index_f(state: SharedState) -> impl Filter<Extract = impl Reply, Error =
|
||||||
.and_then(index)
|
.and_then(index)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub async fn passworded(state: SharedState) -> Result<Html<String>, Rejection> {
|
||||||
|
let rendered = PasswordedFilesHelpPage {
|
||||||
|
env: state.env.clone()
|
||||||
|
};
|
||||||
|
Ok(warp::reply::html(rendered.render().map_err(|err| warp::reject::custom(HttpReject::AskamaError(err)))?))
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn passworded_f(state: SharedState) -> impl Filter<Extract = impl Reply, Error = Rejection> + Clone {
|
||||||
|
warp::path!("password-files")
|
||||||
|
.and(warp::path::end())
|
||||||
|
.map(move || state.clone())
|
||||||
|
.and_then(passworded)
|
||||||
|
}
|
||||||
|
|
||||||
pub fn get_routes(state: SharedState) -> impl Filter<Extract = impl Reply, Error = Rejection> + Clone {
|
pub fn get_routes(state: SharedState) -> impl Filter<Extract = impl Reply, Error = Rejection> + Clone {
|
||||||
index_f(state.clone())
|
index_f(state.clone())
|
||||||
.or(uploaded_f(state.clone()))
|
.or(uploaded_f(state.clone()))
|
||||||
|
.or(passworded_f(state))
|
||||||
}
|
}
|
|
@ -42,15 +42,30 @@
|
||||||
<input style="max-width:100px" id='bfile-formupload-file-name' type="text" name="filename" placeholder="file.txt"></input>
|
<input style="max-width:100px" id='bfile-formupload-file-name' type="text" name="filename" placeholder="file.txt"></input>
|
||||||
</span>
|
</span>
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<table>
|
||||||
<label>
|
<tbody>
|
||||||
<input type="checkbox" name="passworded">
|
<tr>
|
||||||
</label>
|
<td>
|
||||||
<label>
|
<label>
|
||||||
I want to add a password to the file:
|
<input type="checkbox" name="passworded">
|
||||||
<input type="password" name="password" style="max-width:90px">
|
I want to add a password to the file:
|
||||||
</label>
|
|
||||||
</p>
|
<span style="font-size:80%;display:block;padding:2px 0 0 24px">
|
||||||
|
Warning: the file WILL NOT be encrypted.<br/>
|
||||||
|
<a href="/passworded-files">
|
||||||
|
Learn more
|
||||||
|
</a>
|
||||||
|
</span>
|
||||||
|
</label>
|
||||||
|
</td>
|
||||||
|
<td style="padding-left:4px">
|
||||||
|
<label>
|
||||||
|
<input type="password" name="password" style="max-width:90px">
|
||||||
|
</label>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
<p>
|
<p>
|
||||||
<input type="file" name="file" id="bfile-formupload-file" style="display: none" />
|
<input type="file" name="file" id="bfile-formupload-file" style="display: none" />
|
||||||
<label for="bfile-formupload-file">
|
<label for="bfile-formupload-file">
|
||||||
|
|
|
@ -0,0 +1,59 @@
|
||||||
|
{% extends "base.html" %}
|
||||||
|
|
||||||
|
{% block body %}
|
||||||
|
|
||||||
|
|
||||||
|
<div style="max-width:95vw;width:900px;margin:0 auto;line-height:16pt">
|
||||||
|
<h1 style="text-align:center">Password-protected file uploads</h1>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
When uploading a file to blek! File, you may add a password to it, if it has confidential data.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
However, be aware that even though the file won't be sent unless the user provides a password,
|
||||||
|
|
||||||
|
<b>the instance owner will still be able to see the file contents without a password.</b>
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h2>Why can't the site encrypt it for me?</h2>
|
||||||
|
<p>
|
||||||
|
There is a number of reasons why that is a stupid idea.
|
||||||
|
</p>
|
||||||
|
<ol style="list-style:decimal;padding-left:12px;">
|
||||||
|
<li>
|
||||||
|
This site's only purpose is to store files for short periods of time.
|
||||||
|
It doesnt include "storing the files securely", or encrypting them.
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
When the encryption happens server-side, there is a risk that the password could be logged.
|
||||||
|
</li>
|
||||||
|
</ol>
|
||||||
|
|
||||||
|
<h2>How do I encrypt a file, then?</h2>
|
||||||
|
<p>
|
||||||
|
Its dead simple: download a program for encrypting files on your computer and use it to handle
|
||||||
|
all encryption operations.
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
As for the encryption program, it is recommended to use
|
||||||
|
<a href='https://gnupg.org'>GnuPG</a>
|
||||||
|
(
|
||||||
|
<a href="https://gpg4win.org">Windows</a>
|
||||||
|
<a href="https://openkeychain.org">Android</a>
|
||||||
|
).
|
||||||
|
|
||||||
|
<a href="https://www.openpgp.org/software/kleopatra">
|
||||||
|
Kleopatra
|
||||||
|
</a>
|
||||||
|
is a cross-platform easy to use GUI for GPG.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p style="margin-top:40px">
|
||||||
|
<a role='button' href="/" class="btn" style="display:block">
|
||||||
|
Go back to upload
|
||||||
|
</a>
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
{% endblock %}
|
Loading…
Reference in New Issue