8 |
500
9 |
10 |
Something went wrong.
11 |
12 |
8 |
404
9 |
10 |
The page you requested was not found.
11 |
12 |
8 |
422
9 |
10 |
The change you have requested was rejected.
11 |
12 |
2 |
5 |
6 |
Important
7 |
Every secret will be encrypted before being saved.
8 |
If you supply a password, that password will be used to encrypt the secret.
9 |
This password must be supplied to decrypt and unlock the saved secret.
10 |
A secret can only be viewed once. Once viewed it is deleted.
11 | <%= link_to 'New Secret', new_secret_path, class: "btn btn-primary" %>
12 |
13 |
14 |
15 | <%= render 'layouts/header' %>
16 |
17 |
18 | <% flash.each do |name, msg| %>
19 | <%= content_tag(:div, msg, class: "alert alert-info") %>
20 | <% end %>
21 |
24 |
25 |
26 |
--------------------------------------------------------------------------------
/app/assets/stylesheets/application.scss:
--------------------------------------------------------------------------------
1 | /*
2 | * This is a manifest file that'll be compiled into application.css, which will include all the files
3 | * listed below.
4 | *
5 | * Any CSS and SCSS file within this directory, lib/assets/stylesheets, or any plugin's
6 | * vendor/assets/stylesheets directory can be referenced here using a relative path.
7 | *
8 | * You're free to add application-wide styles to this file and they'll appear at the bottom of the
9 | * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
10 | * files in this directory. Styles in this file should be added after the last require_* statement.
11 | * It is generally better to create a new file per style scope.
12 | *
13 | */
14 | @import "bootstrap";
15 | @import "rails_bootstrap_forms";
16 |
--------------------------------------------------------------------------------
/app/views/secrets/_form.html.erb:
--------------------------------------------------------------------------------
1 | <%= bootstrap_form_with(model: secret, local: true) do |form| %>
2 | <% if secret.errors.any? %>
3 |
4 |
<%= pluralize(secret.errors.count, "error") %> prohibited this secret from being saved:
5 |
6 |
7 | <% secret.errors.full_messages.each do |message| %>
8 | <%= message %>
9 | <% end %>
10 |
11 |
12 | <% end %>
13 |
14 | <%= form.text_area :body, max: 20000, size: "82x20" %>
15 | <%= form.text_field :password, options = {min: 14, max: 255} %>
16 | <%= form.number_field :expiration, options = {placeholder: "in hours...", min: 1, max: 72} %>
17 |
18 |
19 | <%= form.submit %>
20 | <%= link_to 'Back', secrets_path, class: "btn btn-primary" %>
21 |
22 | <% end %>
23 |
--------------------------------------------------------------------------------
/app/assets/javascripts/application.js:
--------------------------------------------------------------------------------
1 | // This is a manifest file that'll be compiled into application.js, which will include all the files
2 | // listed below.
3 | //
4 | // Any JavaScript/Coffee file within this directory, lib/assets/javascripts, or any plugin's
5 | // vendor/assets/javascripts directory can be referenced here using a relative path.
6 | //
7 | // It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
8 | // compiled file. JavaScript code in this file should be added after the last require_* statement.
9 | //
10 | // Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
11 | // about supported directives.
12 | //
13 | //= require rails-ujs
14 | //= require activestorage
15 | //= require turbolinks
16 | //= require jquery3
17 | //= require popper
18 | //= require bootstrap-sprockets
19 | //= require_tree .
20 |
--------------------------------------------------------------------------------
/bin/update:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env ruby
2 | require 'fileutils'
3 | include FileUtils
4 |
5 | # path to your application root.
6 | APP_ROOT = File.expand_path('..', __dir__)
7 |
8 | def system!(*args)
9 | system(*args) || abort("\n== Command #{args} failed ==")
10 | end
11 |
12 | chdir APP_ROOT do
13 | # This script is a way to update your development environment automatically.
14 | # Add necessary update steps to this file.
15 |
16 | puts '== Installing dependencies =='
17 | system! 'gem install bundler --conservative'
18 | system('bundle check') || system!('bundle install')
19 |
20 | # Install JavaScript dependencies if using Yarn
21 | # system('bin/yarn')
22 |
23 | puts "\n== Updating database =="
24 | system! 'bin/rails db:migrate'
25 |
26 | puts "\n== Removing old logs and tempfiles =="
27 | system! 'bin/rails log:clear tmp:clear'
28 |
29 | puts "\n== Restarting application server =="
30 | system! 'bin/rails restart'
31 | end
32 |
--------------------------------------------------------------------------------
/config/locales/en.yml:
--------------------------------------------------------------------------------
1 | # Files in the config/locales directory are used for internationalization
2 | # and are automatically loaded by Rails. If you want to use locales other
3 | # than English, add the necessary files in this directory.
4 | #
5 | # To use the locales, use `I18n.t`:
6 | #
7 | # I18n.t 'hello'
8 | #
9 | # In views, this is aliased to just `t`:
10 | #
11 | # <%= t('hello') %>
12 | #
13 | # To use a different locale, set it with `I18n.locale`:
14 | #
15 | # I18n.locale = :es
16 | #
17 | # This would use the information in config/locales/es.yml.
18 | #
19 | # The following keys must be escaped otherwise they will not be retrieved by
20 | # the default I18n backend:
21 | #
22 | # true, false, on, off, yes, no
23 | #
24 | # Instead, surround them with single quotes.
25 | #
26 | # en:
27 | # 'true': 'foo'
28 | #
29 | # To learn more, please read the Rails Internationalization guide
30 | # available at http://guides.rubyonrails.org/i18n.html.
31 |
32 | en:
33 | hello: "Hello world"
34 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Copyright (c) 2019 Patrick O'Brien
2 |
3 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
4 |
5 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
6 |
7 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
8 |
--------------------------------------------------------------------------------
/bin/setup:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env ruby
2 | require 'fileutils'
3 | include FileUtils
4 |
5 | # path to your application root.
6 | APP_ROOT = File.expand_path('..', __dir__)
7 |
8 | def system!(*args)
9 | system(*args) || abort("\n== Command #{args} failed ==")
10 | end
11 |
12 | chdir APP_ROOT do
13 | # This script is a starting point to setup your application.
14 | # Add necessary setup steps to this file.
15 |
16 | puts '== Installing dependencies =='
17 | system! 'gem install bundler --conservative'
18 | system('bundle check') || system!('bundle install')
19 |
20 | # Install JavaScript dependencies if using Yarn
21 | # system('bin/yarn')
22 |
23 | # puts "\n== Copying sample files =="
24 | # unless File.exist?('config/database.yml')
25 | # cp 'config/database.yml.sample', 'config/database.yml'
26 | # end
27 |
28 | puts "\n== Preparing database =="
29 | system! 'bin/rails db:setup'
30 |
31 | puts "\n== Removing old logs and tempfiles =="
32 | system! 'bin/rails log:clear tmp:clear'
33 |
34 | puts "\n== Restarting application server =="
35 | system! 'bin/rails restart'
36 | end
37 |
--------------------------------------------------------------------------------
/app/models/secret.rb:
--------------------------------------------------------------------------------
1 | require 'bcrypt'
2 |
3 | class Secret < ApplicationRecord
4 | attr_accessor :body
5 |
6 | validates :body, presence: true, length: { maximum: 20000, too_long: "%{count} characters is the maximum allowed" }
7 | validates :password, presence: true, length: {
8 | maximum: 255, too_long: "%{count} characters is the maximum allowed",
9 | minimum: 14, too_short: "%{count} characters is the minimum allowed"
10 | }
11 | validates :expiration, presence: true
12 |
13 |
14 | before_save :encrypt_body
15 |
16 | # hash the password before we save it. we will later compare the hashes to
17 | # make sure the passwords match.
18 | before_save do |secret|
19 | unless self.password.empty?
20 | secret.password = BCrypt::Password.create(self.password, cost: 19)
21 | end
22 | end
23 |
24 | private
25 |
26 | def encrypt_body
27 | salt = SecureRandom.hex(32)
28 | pass = self.password
29 | key = ActiveSupport::KeyGenerator.new(pass).generate_key(salt, 32)
30 | crypt = ActiveSupport::MessageEncryptor.new(key)
31 | data = crypt.encrypt_and_sign(self.body)
32 |
33 | self.encrypted_body_salt = salt
34 | self.encrypted_body = data
35 | end
36 | end
37 |
--------------------------------------------------------------------------------
/config/initializers/content_security_policy.rb:
--------------------------------------------------------------------------------
1 | # Be sure to restart your server when you modify this file.
2 |
3 | # Define an application-wide content security policy
4 | # For further information see the following documentation
5 | # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
6 |
7 | # Rails.application.config.content_security_policy do |policy|
8 | # policy.default_src :self, :https
9 | # policy.font_src :self, :https, :data
10 | # policy.img_src :self, :https, :data
11 | # policy.object_src :none
12 | # policy.script_src :self, :https
13 | # policy.style_src :self, :https
14 |
15 | # # Specify URI for violation reports
16 | # # policy.report_uri "/csp-violation-report-endpoint"
17 | # end
18 |
19 | # If you are using UJS then enable automatic nonce generation
20 | # Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) }
21 |
22 | # Report CSP violations to a specified URI
23 | # For further information see the following documentation:
24 | # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
25 | # Rails.application.config.content_security_policy_report_only = true
26 |
--------------------------------------------------------------------------------
/config/storage.yml:
--------------------------------------------------------------------------------
1 | test:
2 | service: Disk
3 | root: <%= Rails.root.join("tmp/storage") %>
4 |
5 | local:
6 | service: Disk
7 | root: <%= Rails.root.join("storage") %>
8 |
9 | # Use rails credentials:edit to set the AWS secrets (as aws:access_key_id|secret_access_key)
10 | # amazon:
11 | # service: S3
12 | # access_key_id: <%= Rails.application.credentials.dig(:aws, :access_key_id) %>
13 | # secret_access_key: <%= Rails.application.credentials.dig(:aws, :secret_access_key) %>
14 | # region: us-east-1
15 | # bucket: your_own_bucket
16 |
17 | # Remember not to checkin your GCS keyfile to a repository
18 | # google:
19 | # service: GCS
20 | # project: your_project
21 | # credentials: <%= Rails.root.join("path/to/gcs.keyfile") %>
22 | # bucket: your_own_bucket
23 |
24 | # Use rails credentials:edit to set the Azure Storage secret (as azure_storage:storage_access_key)
25 | # microsoft:
26 | # service: AzureStorage
27 | # storage_account_name: your_account_name
28 | # storage_access_key: <%= Rails.application.credentials.dig(:azure_storage, :storage_access_key) %>
29 | # container: your_container_name
30 |
31 | # mirror:
32 | # service: Mirror
33 | # primary: local
34 | # mirrors: [ amazon, google, microsoft ]
35 |
--------------------------------------------------------------------------------
/db/schema.rb:
--------------------------------------------------------------------------------
1 | # This file is auto-generated from the current state of the database. Instead
2 | # of editing this file, please use the migrations feature of Active Record to
3 | # incrementally modify your database, and then regenerate this schema definition.
4 | #
5 | # This file is the source Rails uses to define your schema when running `bin/rails
6 | # db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to
7 | # be faster and is potentially less error prone than running all of your
8 | # migrations from scratch. Old migrations may fail to apply correctly if those
9 | # migrations use external dependencies or application code.
10 | #
11 | # It's strongly recommended that you check this file into your version control system.
12 |
13 | ActiveRecord::Schema[7.1].define(version: 2019_05_23_033055) do
14 | # These are extensions that must be enabled in order to support this database
15 | enable_extension "pgcrypto"
16 | enable_extension "plpgsql"
17 |
18 | create_table "secrets", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
19 | t.string "password"
20 | t.text "encrypted_body"
21 | t.text "encrypted_body_salt"
22 | t.datetime "expiration", precision: nil
23 | t.datetime "created_at", precision: nil, null: false
24 | t.datetime "updated_at", precision: nil, null: false
25 | end
26 |
27 | end
28 |
--------------------------------------------------------------------------------
/config/application.rb:
--------------------------------------------------------------------------------
1 | require_relative 'boot'
2 |
3 | require 'rails/all'
4 |
5 | # Require the gems listed in Gemfile, including any gems
6 | # you've limited to :test, :development, or :production.
7 | Bundler.require(*Rails.groups)
8 |
9 | if ['development', 'test'].include?(ENV['RAILS_ENV'])
10 | # Load up Dotenv as soon as possible
11 | Dotenv::Railtie.load
12 | end
13 |
14 | module BurnAfterClicking
15 | class Application < Rails::Application
16 | # Initialize configuration defaults for originally generated Rails version.
17 | config.load_defaults 5.2
18 |
19 | config.action_controller.forgery_protection_origin_check = false
20 |
21 | # Settings in config/environments/* take precedence over those specified here.
22 | # Application configuration can go into files in config/initializers
23 | # -- all .rb files in that directory are automatically loaded after loading
24 | # the framework and any gems in your application.
25 |
26 | # enable longer uuids for the primary key (postgres only)
27 | config.generators do |g|
28 | g.orm :active_record, primary_key_type: :uuid
29 | end
30 |
31 | # filter out the password and body from being logged
32 | config.filter_parameters += [
33 | :password,
34 | :body
35 | ]
36 |
37 | # Rack attack to slow down clients
38 | config.middleware.use Rack::Attack
39 | end
40 | end
41 |
--------------------------------------------------------------------------------
/test/system/secrets_test.rb:
--------------------------------------------------------------------------------
1 | require "application_system_test_case"
2 |
3 | class SecretsTest < ApplicationSystemTestCase
4 | setup do
5 | @secret = secrets(:one)
6 | end
7 |
8 | test "visiting the index" do
9 | visit secrets_url
10 | assert_selector "h1", text: "Secrets"
11 | end
12 |
13 | test "creating a Secret" do
14 | visit secrets_url
15 | click_on "New Secret"
16 |
17 | fill_in "Encrypted body", with: @secret.encrypted_body
18 | fill_in "Encrypted body iv", with: @secret.encrypted_body_iv
19 | fill_in "Expiration", with: @secret.expiration
20 | fill_in "Password", with: @secret.password
21 | click_on "Create Secret"
22 |
23 | assert_text "Secret was successfully created"
24 | click_on "Back"
25 | end
26 |
27 | test "updating a Secret" do
28 | visit secrets_url
29 | click_on "Edit", match: :first
30 |
31 | fill_in "Encrypted body", with: @secret.encrypted_body
32 | fill_in "Encrypted body iv", with: @secret.encrypted_body_iv
33 | fill_in "Expiration", with: @secret.expiration
34 | fill_in "Password", with: @secret.password
35 | click_on "Update Secret"
36 |
37 | assert_text "Secret was successfully updated"
38 | click_on "Back"
39 | end
40 |
41 | test "destroying a Secret" do
42 | visit secrets_url
43 | page.accept_confirm do
44 | click_on "Destroy", match: :first
45 | end
46 |
47 | assert_text "Secret was successfully destroyed"
48 | end
49 | end
50 |
--------------------------------------------------------------------------------
/app/views/layouts/_header.html.erb:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 | <%= ENV['CUSTOM_TITLE'] || "BurnAfterClicking" %>
9 |
10 |
12 |
13 |
19 |
20 |
--------------------------------------------------------------------------------
/app/assets/stylesheets/scaffolds.scss:
--------------------------------------------------------------------------------
1 | body {
2 | background-color: #fff;
3 | color: #333;
4 | margin: 33px;
5 | font-family: verdana, arial, helvetica, sans-serif;
6 | font-size: 13px;
7 | line-height: 18px;
8 | }
9 |
10 | p, ol, ul, td {
11 | font-family: verdana, arial, helvetica, sans-serif;
12 | font-size: 13px;
13 | line-height: 18px;
14 | }
15 |
16 | pre {
17 | background-color: #eee;
18 | padding: 10px;
19 | font-size: 11px;
20 | }
21 |
22 | a {
23 | color: #000;
24 |
25 | &:visited {
26 | color: #666;
27 | }
28 |
29 | &:hover {
30 | color: #fff;
31 | background-color: #000;
32 | }
33 | }
34 |
35 | th {
36 | padding-bottom: 5px;
37 | }
38 |
39 | td {
40 | padding: 0 5px 7px;
41 | }
42 |
43 | div {
44 | &.field, &.actions {
45 | margin-bottom: 10px;
46 | }
47 | }
48 |
49 | #notice {
50 | color: green;
51 | }
52 |
53 | .field_with_errors {
54 | padding: 2px;
55 | background-color: red;
56 | display: table;
57 | }
58 |
59 | #error_explanation {
60 | width: 450px;
61 | border: 2px solid red;
62 | padding: 7px 7px 0;
63 | margin-bottom: 20px;
64 | background-color: #f0f0f0;
65 |
66 | h2 {
67 | text-align: left;
68 | font-weight: bold;
69 | padding: 5px 5px 5px 15px;
70 | font-size: 12px;
71 | margin: -7px -7px 0;
72 | background-color: #c00;
73 | color: #fff;
74 | }
75 |
76 | ul li {
77 | font-size: 12px;
78 | list-style: square;
79 | }
80 | }
81 |
82 | label {
83 | display: block;
84 | }
85 |
--------------------------------------------------------------------------------
/test/controllers/secrets_controller_test.rb:
--------------------------------------------------------------------------------
1 | require 'test_helper'
2 |
3 | class SecretsControllerTest < ActionDispatch::IntegrationTest
4 | setup do
5 | @secret = secrets(:one)
6 | end
7 |
8 | test "should get index" do
9 | get secrets_url
10 | assert_response :success
11 | end
12 |
13 | test "should get new" do
14 | get new_secret_url
15 | assert_response :success
16 | end
17 |
18 | test "should create secret" do
19 | assert_difference('Secret.count') do
20 | post secrets_url, params: { secret: { encrypted_body: @secret.encrypted_body, encrypted_body_iv: @secret.encrypted_body_iv, expiration: @secret.expiration, password: @secret.password } }
21 | end
22 |
23 | assert_redirected_to secret_url(Secret.last)
24 | end
25 |
26 | test "should show secret" do
27 | get secret_url(@secret)
28 | assert_response :success
29 | end
30 |
31 | test "should get edit" do
32 | get edit_secret_url(@secret)
33 | assert_response :success
34 | end
35 |
36 | test "should update secret" do
37 | patch secret_url(@secret), params: { secret: { encrypted_body: @secret.encrypted_body, encrypted_body_iv: @secret.encrypted_body_iv, expiration: @secret.expiration, password: @secret.password } }
38 | assert_redirected_to secret_url(@secret)
39 | end
40 |
41 | test "should destroy secret" do
42 | assert_difference('Secret.count', -1) do
43 | delete secret_url(@secret)
44 | end
45 |
46 | assert_redirected_to secrets_url
47 | end
48 | end
49 |
--------------------------------------------------------------------------------
/app/views/secrets/_unlock.html.erb:
--------------------------------------------------------------------------------
1 | <%= bootstrap_form_with(model: secret, local: true) do |form| %>
2 | <% if secret.errors.any? %>
3 |
4 |
Error:
5 |
6 |
7 | <% secret.errors.full_messages.each do |message| %>
8 | <%= message %>
9 | <% end %>
10 |
11 |
12 | <% end %>
13 |
14 | <% if @secret[:password].empty? %>
15 |
16 |
19 |
20 |
Are you sure?
21 | <%= hidden_field_tag 'no_password' %>
22 |
Clicking the "Show Secret" button will reveal and destroy the secret.
23 | <%= form.submit "Show Secret" %>
24 | <%= link_to 'Back', secrets_path, class: "btn btn-primary" %>
25 |
26 |
27 | <% else %>
28 |
29 |
32 |
33 | <%= form.text_field :unlock_password, label: "This Secret is Locked. Please Enter the Password." %>
34 |
Clicking the "Unlock Secret" button will reveal and destroy the secret.
35 | <%= form.submit "Unlock Secret" %>
36 | <%= link_to 'Back', secrets_path, class: "btn btn-primary" %>
37 |
38 |
39 |