├── .gitignore
├── CONTRIBUTING.md
├── LICENSE.md
├── README.md
├── documentation
    ├── additional_storage.yaml
    ├── decrypt-form.tpl.html
    ├── docs
    │   ├── explanations.md
    │   ├── features
    │   │   ├── index.md
    │   │   ├── jsext.md
    │   │   ├── modifypages.md
    │   │   ├── search.md
    │   │   └── security.md
    │   ├── img
    │   │   ├── howitworks.svg
    │   │   ├── logo.ico
    │   │   └── logo.svg
    │   ├── index.md
    │   ├── installation.md
    │   ├── testbench
    │   │   ├── anchor.md
    │   │   ├── hashfilenames.md
    │   │   ├── index.de.md
    │   │   ├── index.md
    │   │   ├── jstest.md
    │   │   ├── obfuscate.de.md
    │   │   ├── obfuscate.md
    │   │   ├── onlypasswords1.de.md
    │   │   ├── onlypasswords1.md
    │   │   ├── onlypasswords2.de.md
    │   │   ├── onlypasswords2.md
    │   │   ├── onlypasswords3.de.md
    │   │   ├── onlypasswords3.md
    │   │   ├── search.md
    │   │   ├── share.de.md
    │   │   ├── share.md
    │   │   ├── test1.md
    │   │   ├── test2.md
    │   │   ├── test3.md
    │   │   ├── test4.md
    │   │   ├── test5.md
    │   │   ├── userpass1.de.md
    │   │   ├── userpass1.md
    │   │   ├── userpass2.de.md
    │   │   └── userpass2.md
    │   └── usage.md
    ├── encryptcontent.cache
    ├── extra_css
    │   ├── stackoverflow-dark.min.css
    │   └── stackoverflow-light.min.css
    ├── hooks.py
    ├── img
    │   └── howitworks.odg
    ├── mkdocs.yml
    ├── mkdocs_material.yml
    ├── mkdocs_mkdocs.yml
    ├── passwords.yml
    ├── sharelinks.txt
    └── theme_override
    │   └── main.html
├── encryptcontent
    ├── __init__.py
    ├── canary.tpl.py
    ├── contrib
    │   └── templates
    │   │   └── search
    │   │       ├── lunr.js
    │   │       ├── main.js
    │   │       └── worker.js
    ├── decrypt-contents.tpl.js
    ├── decrypt-form.tpl.html
    └── plugin.py
├── patches
    ├── material_browser_request9.patch
    ├── material_browser_request9_4p.patch
    └── material_search_worker8.patch
└── setup.py


/.gitignore:
--------------------------------------------------------------------------------
 1 | dist/
 2 | build/
 3 | mkdocs_encryptcontent_plugin.egg-info/
 4 | install.cmd
 5 | *.bak
 6 | documentation/site/
 7 | deploy.cmd
 8 | documentation/encryptcontent.key
 9 | documentation/canary.py
10 | documentation/theme_override/assets/
11 | documentation/__pycache__/


--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
 1 | # Contribution Guidelines
 2 | 
 3 | Thank you for considering to contribute to this project. These guidelines will help you get going with development and outline the most important rules to follow when submitting pull requests for this project.
 4 | 
 5 | <br/>
 6 | 
 7 | ## Development
 8 | 
 9 | #### Setup
10 | 
11 | ##### Prerequisites
12 | 
13 | - [Python]
14 | - [virtualenv]
15 | 
16 | ##### Steps
17 | 
18 | 1. Clone the (forked) repository
19 | 1. Create a virtualenv with `virtualenv env`
20 | 1. Activate virtualenv `source env/bin/activate` or `env/Scripts/activate` on Windows
21 | 1. Run `pip install -r requirements.txt` in the project directory
22 | 
23 | #### Running Tests
24 | 
25 | ```bash
26 | pytest
27 | ```
28 | 
29 | <br/>
30 | 
31 | 
32 | ## Submitting Changes
33 | 
34 | To get changes merged, create a pull request. Here are a few things to pay attention to when doing so: 
35 | 
36 | #### Commit Messages
37 | 
38 | The summary of a commit should be concise and worded in an imperative mood.  
39 | ...a *what* mood? This should clear things up: *[How to Write a Git Commit Message][git-commit-message]*
40 | 
41 | #### Code Style
42 | 
43 | Make sure your code follows [PEP-8](https://www.python.org/dev/peps/pep-0008/) and keeps things consistent with the rest of the code. 
44 | 
45 | #### Tests
46 | 
47 | If it makes sense, writing tests for your PRs is always appreciated and will help get them merged.
48 | 
49 | [Python]: https://www.python.org/
50 | [virtualenv]: https://virtualenv.pypa.io/
51 | [git-commit-message]: https://chris.beams.io/posts/git-commit/


--------------------------------------------------------------------------------
/LICENSE.md:
--------------------------------------------------------------------------------
 1 | # MIT License
 2 | 
 3 | Copyright (c) 2018 Lukas Geiter  
 4 | Copyright (c) 2019 CoinK0in  
 5 | Copyright (c) 2022 René Rüthlein
 6 | 
 7 | Permission is hereby granted, free of charge, to any person obtaining a copy
 8 | of this software and associated documentation files (the "Software"), to deal
 9 | in the Software without restriction, including without limitation the rights
10 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 | copies of the Software, and to permit persons to whom the Software is
12 | furnished to do so, subject to the following conditions:
13 | 
14 | The above copyright notice and this permission notice shall be included in all
15 | copies or substantial portions of the Software.
16 | 
17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 | SOFTWARE.


--------------------------------------------------------------------------------
/documentation/additional_storage.yaml:
--------------------------------------------------------------------------------
 1 | userpass:
 2 |   alice:
 3 |     username: Alice McAliceface
 4 |     userid: 1
 5 |     token: uCZDqa2vzuSPFX-o9TebinUAnD9sePJqpPYhavMkCH7gGo7lhjWRS17-HgBys9UKnFR37zXO4Q_f1_ywZJqBlA==
 6 |   bob:
 7 |     username: Bob McBobface
 8 |     userid: 2
 9 |     token: uCZDqa2vzuSPFX-o9TebinUAnD9sePJqpPYhavMkCH7gGo7lhjWRS17-HgBys9UKnFR37zXO4Q_f1_ywZJqBlA==
10 |   carlos:
11 |     username: Carlos McCarlosface
12 |     userid: 3
13 |     token: uCZDqa2vzuSPFX-o9TebinUAnD9sePJqpPYhavMkCH7gGo7lhjWRS17-HgBys9UKnFR37zXO4Q_f1_ywZJqBlA==
14 |   carol:
15 |     username: Carol McCarolface
16 |   charlie:
17 |     username: Charlie McCharlieface
18 |   dan:
19 |     username: Dan McDanface
20 |     token: uCZDqa2vzuSPFX-o9TebinUAnD9sePJqpPYhavMkCH7gGo7lhjWRS17-HgBys9UKnFR37zXO4Q_f1_ywZJqBlA==
21 |   dave:
22 |     username: Dave McDaveface
23 |     token: uCZDqa2vzuSPFX-o9TebinUAnD9sePJqpPYhavMkCH7gGo7lhjWRS17-HgBys9UKnFR37zXO4Q_f1_ywZJqBlA==
24 |   david:
25 |     username: David McDavidface
26 |     token: uCZDqa2vzuSPFX-o9TebinUAnD9sePJqpPYhavMkCH7gGo7lhjWRS17-HgBys9UKnFR37zXO4Q_f1_ywZJqBlA==
27 | 
28 | password:
29 |   C4bbage Profile blinking:
30 |     username: Cabbage McPassword
31 |     userid: 90
32 |     token: NM-pdQyiJnLXSzY1e3d13GuekqLkClfWDLHtWQIu0l-geAkrygFvjJa3eux6ZJVAiSMtM8jphQCSSl9ru7TvRA==
33 |   Clique.Shampoo.Ve55el:
34 |     username: Clique McPassword
35 |     userid: 91
36 |     token: NM-pdQyiJnLXSzY1e3d13GuekqLkClfWDLHtWQIu0l-geAkrygFvjJa3eux6ZJVAiSMtM8jphQCSSl9ru7TvRA==
37 |   Hatless,hertz,C4lzone:
38 |     username: Hatless McPassword
39 |     userid: 92
40 |   Head32_Sculpture_bovine_:
41 |     username: Head McPassword
42 |   Negotiator-leftover-567:
43 |     username: Negotiator McPassword
44 |     token: NM-pdQyiJnLXSzY1e3d13GuekqLkClfWDLHtWQIu0l-geAkrygFvjJa3eux6ZJVAiSMtM8jphQCSSl9ru7TvRA==
45 |   SpotChestOilCycle22:
46 |     username: Spot McPassword
47 |     token: NM-pdQyiJnLXSzY1e3d13GuekqLkClfWDLHtWQIu0l-geAkrygFvjJa3eux6ZJVAiSMtM8jphQCSSl9ru7TvRA==
48 |   m00dy#augmented#Arsonist:
49 |     username: Moody McPassword
50 |     token: NM-pdQyiJnLXSzY1e3d13GuekqLkClfWDLHtWQIu0l-geAkrygFvjJa3eux6ZJVAiSMtM8jphQCSSl9ru7TvRA==
51 |   moist:W00l:kept:royal:
52 |     username: Moist McPassword
53 |     token: NM-pdQyiJnLXSzY1e3d13GuekqLkClfWDLHtWQIu0l-geAkrygFvjJa3eux6ZJVAiSMtM8jphQCSSl9ru7TvRA==
54 | 


--------------------------------------------------------------------------------
/documentation/decrypt-form.tpl.html:
--------------------------------------------------------------------------------
 1 | <div id="mkdocs-encrypted-content" style="display:none">{{ ciphertext_bundle }}</div>
 2 | <div id="mkdocs-decrypted-content">
 3 |     <form id="mkdocs-decrypt-form"{% if form_class %} class="{{ form_class }}"{% endif %}>
 4 |         <h1>{{ summary }}</h1>
 5 |         {% if encryption_info_message %}<p>{{ encryption_info_message }}</p>{% endif %}
 6 |         <div class="w3-row-padding" style="padding-left: 0px;">
 7 |         {%- if obfuscate %}
 8 |         <input type="hidden" id="mkdocs-content-password" value="{{ obfuscate_password }}">
 9 |         {%- else %}
10 |             {%- if uname %}
11 |           <div class="w3-third">
12 |             <input{% if input_class %} class="{{ input_class }}"{% endif %} type="text" id="mkdocs-content-user" placeholder="{{ placeholder_user }}">
13 |           </div>
14 |             {%- endif %}
15 |           <div class="w3-third">
16 |             <input{% if input_class %} class="{{ input_class }}"{% endif %} type="password" id="mkdocs-content-password" placeholder="{{ placeholder }}">
17 |           </div>
18 |         {%- endif %}
19 |         {%- if password_button %}
20 |           <div class="w3-third">
21 |             <button{% if button_class %} class="{{ button_class }}"{% endif %} id="mkdocs-decrypt-button">{{ password_button_text }}</button>
22 |           </div>
23 |         {% endif -%}
24 |         </div>
25 |         <p id="mkdocs-decrypt-msg"></p>
26 |     </form>
27 | </div>
28 | <div id="encryptcontent-info"></div>
29 | <script type="text/javascript">
30 | var encryptcontent_id = "{{ encryptcontent_id }}";
31 | var encryptcontent_path = "{{ encryptcontent_path }}";
32 | var decryption_failure_message = {{ decryption_failure_message }};
33 | var encryptcontent_keystore = {{ encryptcontent_keystore }};
34 | var encryptcontent_obfuscate = {{ obfuscate }};
35 | {% if inject_something %}var inject_something = {{ inject_something }};{% endif -%}
36 | {% if delete_something %}var delete_something = "{{ delete_something }}";{%- endif %}
37 | </script>
38 | {%- if esm %}
39 | <script type="module">
40 | if (!window.hasOwnProperty("init_decryptor")) {
41 |     {%- if not webcrypto %}
42 |     import("{{ js_libraries[0] }}").then((module) => {
43 |         window["CryptoJS"] = module.default;
44 |     {%- endif %}
45 |     import("{{ base_path }}assets/javascripts/decrypt-contents.js");
46 |     {%- if not webcrypto %}
47 |     });
48 |     {%- endif %}
49 | } else {
50 |     init_decryptor();
51 | }
52 | </script>
53 | {%- else %}
54 |     {%- for library in js_libraries %}
55 | <script type="text/javascript" src="{{ library }}"></script>
56 |     {%- endfor %}
57 | <script type="text/javascript" src="{{ base_path }}assets/javascripts/decrypt-contents.js" defer></script>
58 | {%- endif %}
59 | <script>
60 | var encryptcontent_info = document.getElementById('encryptcontent-info');
61 | encryptcontent_info.innerHTML = '<b>keystore length:</b> '+ encryptcontent_keystore.length + '<br>encryptcontent id:<b>:</b> ' + encryptcontent_id;
62 | </script>
63 | 


--------------------------------------------------------------------------------
/documentation/docs/explanations.md:
--------------------------------------------------------------------------------
 1 | # How does this work?
 2 | 
 3 | For every `password` and for every `level` we generate a random 256 bit key.
 4 | This key will be used for AES-256 encryption on every page with the same `password` or same `level`.
 5 | Optionally search entries and [encrypt something](#encrypt-something)<!--todo--> on that page are also encrypted with the same key.
 6 | 
 7 | This random secret key (needed for deciphering the pages content) is then encrypted to a keystore with another key that is derived from
 8 | the defined credentials (a password or a username/password pair).
 9 | If the credential is reused on another `level`, then its random key is also encrypted in the same keystore.
10 | The function to derive the key to the keystore (PBKDF2) can be adjusted in calculation cycles
11 | to hopefully throttle the number of passwords a brute force attacker is able to try per second.
12 | 
13 | ![](img/howitworks.svg)
14 | 
15 | #### AES
16 | 
17 | Is a symmetric encryption algorithm. Symmetric means it uses the same secret key for encryption and decryption.
18 | The size of the secret keys used in this plugin is 256 Bit (or 32 Bytes).\
19 | Additionally a random (16 Bytes) initialization vector (called IV) is used (and added to the cyphertext)
20 | to make sure the same plaintext will always result in a different cyphertext even if the same secret key is used
21 | for encryption.
22 | 
23 | #### KDF
24 | 
25 | A **K**ey **D**erivation **F**unction a one-way key generation algorithm,
26 | so it is not possible to reverse the function to retrieve a lost password.\
27 | The password is salted, meaning if two people used the same password it would lead to different keys (similar to IV in AES).\
28 | It is equipped with adjustable difficulty `kdf_pow`. The difficulty has significant weight on the build time and also
29 | the time needed to decrypt a page, so it shouldn't be increased to any value.\
30 | The algorithm used (PBKDF2) is not really state-of-the-art, meaning compared to better alternatives like bcrypt, scrypt or argon2
31 | it is easier to crack with hardware acceleration, however it is supported in both crypto-js and webcrypto and
32 | is significantly better than MD5 (which was used on all versions prior to 3.x) for key derivation.\
33 | The secret key derived from PBKDF2 is used to decrypt the keystore containing different keys to decrypt the content.
34 | 
35 | # A word on password strength
36 | 
37 | The strength of a password can be measured in entropy or "possibilities to try" (for a brute force attacker).
38 | 
39 | \[
40 | S = C^{L} * T
41 | \]
42 | 
43 | **S** is the time it takes to try all possibilities (on average a password is found after trying half the possibilities),
44 | **C** being the number of different characters the password is made of, **L** being the length of the password
45 | and **T** the time it takes to try one password.
46 | 
47 | For example take a tree character password with just lower case letters like "abc".  
48 | The number of lower case letters is 26, so a three character password leads to 26 * 26 * 26 = 17 576 possibilities to try.
49 | 
50 | Now take a three character password which also includes upper case letters like "aBc".  
51 | The number of possibilities per character doubles to 52, so the three character password leads to 52 * 52 * 52 = 140 608 possibilities.
52 | So compared to "abc" we got **eight times** more entropy in this case.
53 | 
54 | So what happens if we add one character and still only use lower case letters, like "abcd"?  
55 | It's 26^4 = 456 976 with a four character password, that's **26 times** more entropy compared to only using three lower case characters.
56 | 
57 | It's easier to get higher entropy by increasing password size, than with adding more different characters or symbols.
58 | An attacker could also have watched (or heard) you type the password (paying attention to the use of the shift key,
59 | space bar or numeric keypad) and this way cross out character that you couldn't possibly have used.
60 | 
61 | So, to put it mildly: Every web page that forces you to use at least lower/upper case AND a number AND a symbol,
62 | BUT only forces you to use eight characters of password size is not steering you to the right measures to gain entropy.
63 | 
64 | But, to be fair: A web page can take measures to seriously throttle the passwords try-able per second on the server side
65 | or f.ex. use captchas after the third failed try. Although there were and most likely will be bad or failed examples of those measures.
66 | 
67 | This MkDocs plugin can currently only take additional counter-measures to brute force attacks in form of PBKDF2.
68 | PBKDF2 itself is more or less obsolete, because it got no defense against being run in parallel, so we should
69 | consider it to not having a big effect on **T**.
70 | Other options like bcrypt, scrypt od argon2 exist, but pbkdf2 is the only option
71 | currently available in crypto-js and webcrypto. However there may be limitations that render the other option impractical,
72 | like longer build times and high computing or memory requirements on mobile devices.
73 | So you should really be interested in choosing a **long** password or pass phrases
74 | (read the [Diceware article on Wikipedia](https://en.wikipedia.org/wiki/Diceware), [xkcd webcomic on password strength](https://xkcd.com/936/)
75 | and [this blogpost](https://blog.benpri.me/blog/2019/01/13/why-you-shouldnt-be-using-bcrypt-and-scrypt/)).
76 | 
77 | 
78 | 


--------------------------------------------------------------------------------
/documentation/docs/features/index.md:
--------------------------------------------------------------------------------
  1 | # Features
  2 | 
  3 | ## Override default templates
  4 | 
  5 | Related to [issue #32](https://github.com/unverbuggt/mkdocs-encryptcontent-plugin/issues/32)
  6 | 
  7 | You can override the default templates with your own templates by providing an actual replacement
  8 | path in the `html_template_path` *(HTML)* and `js_template_path` *(JS)* directives. 
  9 | Overridden templates **completely** replace the default templates. You **must** therefore copy the
 10 | default templates as a starting point to keep this plugin working.
 11 | 
 12 | ```yaml
 13 | plugins:
 14 |     - encryptcontent:
 15 |         html_template_path: "/root/real/path/mkdocs_poc/my_html_template.html"
 16 |         js_template_path: "/root/real/path/mkdocs_poc/my_js_template.js"
 17 |         form_class: 'md-content__inner md-typeset'
 18 |         input_class: 'md-input'
 19 |         button_class: 'md-button md-button--primary'
 20 | ```
 21 | 
 22 | Use `form_class`, `input_class` and `button_class` to optionally set a CSS class for the password input field and the button.
 23 | 
 24 | When overriding the default templates, you can add and use your own Jinja variables
 25 | and enrich your template, by defining `html_extra_vars` and `js_extra_vars` directives in key/value format.
 26 | Added values can be used in your Jinja templates via the variable `extra`.
 27 | 
 28 | ```yaml
 29 | plugins:
 30 |     - encryptcontent:
 31 |         html_extra_vars:
 32 |             my_extra: "extra value"
 33 |             <key>: <value>
 34 |         js_extra_vars:
 35 |             my_extra: "extra value"
 36 |             <key>: <value>
 37 | ```
 38 | 
 39 | For example, you can modify your HTML template, to add a new title with your own text variable.
 40 | 
 41 | ```jinja
 42 | [ ... ] 
 43 | <h2>{{ extra.my_extra }}</h2>
 44 | [ ... ]
 45 | ```
 46 | 
 47 | > **NOTE** Issues related to template override will not be addressed.
 48 | 
 49 | ## Add button
 50 | 
 51 | Add `password_button: True` in plugin configuration variable, to add a button to the right of the password field.
 52 | 
 53 | When enabled, it allows to decrypt the content just like the classic keypress ENTER.
 54 | 
 55 | Optionally, you can add `password_button_text: 'custom_text_button'` to customize the button text.
 56 |  
 57 | ```yaml
 58 | plugins:
 59 |     - encryptcontent:
 60 |         password_button: True
 61 |         password_button_text: 'custom_text_button'
 62 | ```
 63 | 
 64 | ## Tag encrypted page
 65 | 
 66 | > **Enable by default**
 67 | 
 68 | Related to [issue #7](https://github.com/unverbuggt/mkdocs-encryptcontent-plugin/issues/7)
 69 | 
 70 | This feature adds an additional attribute `encrypted` with value `True` to the mkdocs type `mkdocs.nav.page` object.
 71 | 
 72 | You can add `tag_encrypted_page: False` in plugin configuration, to disable tagging of encrypted pages. 
 73 | 
 74 | When enabled, it is possible to use the `encrypted` attribute in the jinja template of your theme, as a condition to perform custom modification.
 75 | 
 76 | ```jinja
 77 | {%- for nav_item in nav %}
 78 |     {% if nav_item.encrypted %}
 79 |         <!-- Do something --> 
 80 |     {% endif %}
 81 | {%- endfor %}
 82 | ```
 83 | 
 84 | For example, you can use conditional check to add a custom class:
 85 | 
 86 | ```jinja
 87 | <a {% if nav_item.encrypted %}class="mkdocs-encrypted-class"{% endif %}href="{{ nav_item.url|url }}">{{ nav_item.title }}</a>
 88 | ```
 89 | 
 90 | ## Remember password
 91 | 
 92 | Related to [issue #6](https://github.com/unverbuggt/mkdocs-encryptcontent-plugin/issues/6)
 93 | 
 94 | By default the plugin will save the decrypted AES keys to session storage of the browser (can be disabled by setting `remember_keys: False`).
 95 | This is enabled for convenience, so you are able to browse between multiple encrypted pages without having to re-enter the password.
 96 | 
 97 | Additionally it is possible to save the entered user/password in session storage (setting `remember_password: True`). Use this for
 98 | additional convenience during `mkdocs serve`, because the AES key are regenerated every time MkDocs starts
 99 | (rendering the old ones invalid and requiring to re-enter a valid credential again).
100 | 
101 | To avoid problems when multiple sites are hosted within the same domain, it is possible to customize the name of
102 | the keys saved to storage with `remember_prefix`.
103 | 
104 | > **This feature is not really secure !** decryption keys are store in clear text inside session storage.
105 | >
106 | > Instead of using these features, I recommend to use a password manager with its browser plugin.
107 | > For example **KeepassXC** allows you to detect the password field
108 | > `mkdocs-content-password` and fill it automatically in a much more secure way.
109 | 
110 | It is also possible to save the used credentials permanently to local storage (setting `session_storage: False`), but
111 | this should only be done for testing purposes. The local storage of a browser is most likely readable
112 | for every other process that can access the file system. 
113 | 
114 | The session storage however should only be located in memory and be forgotten after the browser tab is closed.
115 | 
116 | ```yaml
117 | plugins:
118 |     - encryptcontent:
119 |         remember_keys : True
120 |         remember_password: False
121 |         remember_prefix: secretsite_
122 | ```
123 | 
124 | ## Share link generation
125 | 
126 | It is possible to share valid credentials by adding them to the hash part of the URL.
127 | The plugin can also generate share links for certain pages if the meta tag `sharelink: true`
128 | is defined in markdown.
129 | It will use the first credential for the pages level or the pages password.
130 | The credentials for auto-generated links are base64url encoded.
131 | 
132 | ```yaml
133 | plugins:
134 |     - encryptcontent:
135 |         sharelinks: True
136 |         sharelinks_output: 'sharelinks.txt' # generated share links are saved here
137 | ```
138 | > One condition applies: The user name must not contain the ":" character (Passwords may use that character).
139 | 
140 | However if `sharelinks: True` is enabled in the plugin configuration you can generate share links yourself:\
141 | `https://your-domain.com/your-site/protected-page/#!username:password` for user/password or\
142 | `https://your-domain.com/your-site/protected-page/#!password` for only password.
143 | 
144 | > Then another condition applies: If non-aphanumeric characters are used in user/password,
145 | > they need to be URLencoded (f.ex. %20 = space character). Some browsers may do that automatically (Do a copy/paste from the browsers address bar then).
146 | 
147 | ### Incomplete Share links
148 | 
149 | Since version 3.0.3 it is possible to leave out one part of the password when share links are generated via meta tag.
150 | To do this use the ":" character in a password to divide the part that is incorporated to the share link and the part that remains secret,
151 | like "PartThatIsEncodedToTheShareLink:PartThatRemainsSecret". 
152 | The feature is enabled by setting the option `sharelinks_incomplete: true`.
153 | If the password that is read from the share link ends with the ":" character, then an additional password input field is displayed for entering the secret part.
154 | 
155 | > If the feature is used, then passwords must not end with the ":" character.
156 | 
157 | 
158 | ## Storage of additional variables in keystore
159 | 
160 | Since version 3.0.3 it is possible to set arbitrary session store variables after decryption.
161 | These can be used by javascript functions f. ex. to read API tokens or show the user name or set visibility of menu entries.
162 | The variables are encrypted together with the content keys in the keystore.
163 | 
164 | ```yaml
165 | plugins:
166 |     - encryptcontent:
167 |         additional_storage_file: 'additional_storage.yaml'
168 | ```
169 | 
170 | The file may contain a `userpass:` dictionary, wich refers to user names
171 | and/or a `password:` dictionary, that refers to password-only credentials.
172 | It may contain a arbitrary number of key/value pairs,
173 | but keep in mind to check if the key name is reasonable and not already used by other parts of the page
174 | (as it will be overwritten after decryption).
175 | 
176 | ```yaml
177 | userpass:
178 |   alice:
179 |     username: Alice McAliceface
180 |     userid: 1
181 |     token: uCZDqa2vzuSPFX-o9TebinUAnD9sePJqpPYhavMkCH7gGo7lhjWRS17-HgBys9UKnFR37zXO4Q_f1_ywZJqBlA==
182 | 
183 | password:
184 |   Head32_Sculpture_bovine_:
185 |     username: Head McPassword
186 | ```


--------------------------------------------------------------------------------
/documentation/docs/features/jsext.md:
--------------------------------------------------------------------------------
  1 | ## Javascript extensions
  2 | 
  3 | ### Reload user-defined scripts
  4 | 
  5 | Related to [issue #14](https://github.com/unverbuggt/mkdocs-encryptcontent-plugin/issues/14)
  6 | 
  7 | You can set `reload_scripts:` in your `mkdocs.yml` with list of script sources
  8 | or script ids, to reload and execute some js lib after decryption process.
  9 | 
 10 | ```yaml
 11 | plugins:
 12 |     - encryptcontent:
 13 |         reload_scripts:
 14 |             - 'js/example.js'
 15 |             - '#autoexec'
 16 | ```
 17 | 
 18 | It is also possible to reload a script id like `<script id="autoexec">console.log('test');</script>`
 19 | that was encrypted within the page
 20 | (related to [issue #30](https://github.com/unverbuggt/mkdocs-encryptcontent-plugin/issues/30)).
 21 | 
 22 | 
 23 | ### HighlightJS support
 24 | 
 25 | > **Enable by default**
 26 | 
 27 | If HighlightJS module is detected in your theme to improve code color rendering, reload renderer after
 28 | decryption process.
 29 | If HighlightJS module is not correctly detected, you can force the detection by adding `hljs: True`
 30 | on the plugin configuration
 31 | or set `hljs: False` to disable this feature.
 32 | 
 33 | When enabled the following part of the template is added to force reloading decrypted content.
 34 | 
 35 | ```jinja
 36 | {% if hljs %}
 37 | document.getElementById("mkdocs-decrypted-content").querySelectorAll('pre code').forEach((block) => {
 38 |     hljs.highlightElement(block);
 39 | });
 40 | {% endif %}
 41 | ```
 42 | 
 43 | 
 44 | ### Arithmatex support
 45 | 
 46 | > **Enable by default**
 47 | 
 48 | Related to [issue #12](https://github.com/unverbuggt/mkdocs-encryptcontent-plugin/issues/12)
 49 | 
 50 | If Arithmatex markdown extension is detected in your markdown extensions to improve math equations rendering,
 51 | reload renderer after decryption process.
 52 | If the Arithmatex markdown extension is not correctly detected, you can force the detection by adding
 53 | `arithmatex: True` on the plugin configuration
 54 | or set `arithmatex: False` to disable this feature.
 55 |  
 56 | When enabled, the following part of the template is added to force math equations rendering on decrypted content.
 57 | 
 58 | ```jinja
 59 | {% if arithmatex %}
 60 | MathJax.typesetPromise()
 61 | {% endif %}
 62 | ```
 63 | 
 64 | > **NOTE** It has been tested in Arithmatex `generic` mode only. 
 65 | 
 66 | 
 67 | ### Mermaid.js support
 68 | 
 69 | #### mkdocs-mermaid2-plugin
 70 | 
 71 | > **Enable by default**
 72 | 
 73 | Related to [issue #22](https://github.com/unverbuggt/mkdocs-encryptcontent-plugin/issues/22).
 74 | 
 75 | If mermaid2 plugin is detected in your configuration to generate graph from text, reload renderer after
 76 | decryption process.
 77 | If the Mermaid2 plugin is not correctly detected, you can force the detection by adding `mermaid2: True`
 78 | on the plugin configuration
 79 | or set `mermaid2: False` to disable this feature.
 80 |  
 81 | When enabled, the following part of the template is added to force graph rendering on decrypted content.
 82 | 
 83 | ```jinja
 84 | {% if mermaid2 %}
 85 | mermaid.contentLoaded();
 86 | {% endif %}
 87 | ```
 88 | 
 89 | > **NOTE** it currently only works with mermaid version < 10. Also encryptcontent needs to be injected,
 90 | > because the mermaid2 plugin otherwise won't detect the page content correctly.
 91 | 
 92 | activate the plugin like this:
 93 | 
 94 | ```yaml
 95 | plugins:
 96 |     - mermaid2:
 97 |         version: 9.4.3
 98 | 
 99 | markdown_extensions:
100 |     - pymdownx.blocks.html
101 | ```
102 | 
103 | Example usage:
104 | 
105 | ````
106 | password: 1234
107 | inject_id: inject
108 | 
109 | 
110 | /// html | div#inject
111 | 
112 | ```mermaid
113 | graph LR
114 |     hello --> world
115 |     world --> again
116 |     again --> hello
117 | ```
118 | 
119 | ///
120 | ````
121 | 
122 | #### mkdocs-material
123 | 
124 | > **Enable by default**
125 | 
126 | Add support for mermaid graphs by adding the `pymdownx.superfences` to `markdown_extensions` as 
127 | described [here]( https://squidfunk.github.io/mkdocs-material/reference/diagrams/).
128 | 
129 | After successful decryption all subscriptions of the document are recalled to render the marmaid graph,
130 | see [here](https://github.com/unverbuggt/mkdocs-encryptcontent-plugin/pull/81).
131 | 
132 | ```jinja
133 | {%- if material %}
134 | document$.next(document);
135 | {%- endif %}
136 | ```
137 | 
138 | 
139 | ### mkdocs-glightbox
140 | 
141 | Related to [issue #62](https://github.com/unverbuggt/mkdocs-encryptcontent-plugin/issues/62).
142 | 
143 | The plugin would add click events to all image of a page, but it can't do that if the page was encrypted.
144 | That's why we need to add it to `reload_scripts` section to call it after successful decryption.
145 | 
146 | ```yaml
147 | plugins:
148 |   - glightbox:
149 |       zoomable: true
150 |       draggable: true
151 |       skip_classes:
152 |         - skip-lightbox
153 |   - encryptcontent:
154 |       reload_scripts:
155 |       - '#init-glightbox'
156 | ```


--------------------------------------------------------------------------------
/documentation/docs/features/modifypages.md:
--------------------------------------------------------------------------------
  1 | ## Modify generated pages
  2 | 
  3 | ### Encrypt something
  4 | 
  5 | Related to [issue #9](https://github.com/unverbuggt/mkdocs-encryptcontent-plugin/issues/9)
  6 | 
  7 | Add `encrypted_something: {}` in the plugin configuration variable, to encrypt something else on the page.
  8 | 
  9 | The syntax of this new variable **MUST** follow the yaml format of a dictionary. 
 10 | Child elements of `encrypted_something` are build with a key `<unique name>` in string format and a list as value.
 11 | The list has to be constructed with the name of an HTML tag `<html tag>` as first item
 12 | and `id` or `class` as the second item.
 13 | 
 14 | ```yaml
 15 | plugins:
 16 |     - encryptcontent:
 17 |         encrypted_something:
 18 |             <uniqe name>: [<html tag>, <'class' or 'id'>]
 19 | ```
 20 | 
 21 | The `<unique name>` key identifies the name of a specific element of the page that will be
 22 | searched by Beautiful Soup.
 23 | The first value of the list (`<html tag>`) identifies the type of HTML tag in which the name is present.
 24 | The second value of the list (`'id'` or `'class'`) specifies the type of the attribute which contains
 25 | the unique name in the html tag.
 26 | 
 27 | Prefer to use an `'id'`, however depending on the template of your theme, it is not always possible to use the id.
 28 | So we can use the class attribute to define your unique name inside the html tag. 
 29 | Beautiful Soup will encrypt all HTML elements discovered with the class.
 30 | 
 31 | When the feature is enabled every element is decrypted upon successfull content decryption on the page.
 32 | 
 33 | > Use this to hide the table of contents on the page or sub pages in the menu
 34 | 
 35 | By default **every child item** are encrypted and the encrypted elements have set
 36 | `style="display:none;"` to hide their content.
 37 | 
 38 | #### How to use it?! Examples
 39 | 
 40 | You can use the `page.encrypted` tag to add attributes to html tags in the HTML templates of your theme
 41 | or identify usable tag ids or classes that are already in the theme.
 42 | 
 43 | Then add these elements in the format of a yaml dictionary under the variable `encrypted_something`.
 44 | 
 45 | 1. For example, encrypt ToC in a theme where ToC is under 'div' element like this :
 46 | 
 47 | ```jinja
 48 | <div class=".." {% if page.encrypted %}id="mkdocs-encrypted-toc"{% endif %}>
 49 |     <ul class="..">
 50 |         <li class=".."><a href="{{ toc_item.url }}">{{ toc_item.title }}</a></li>
 51 |         <li><a href="{{ toc_item.url }}">{{ toc_item.title }}</a></li>
 52 |     </ul>
 53 | </div>
 54 | ```
 55 | 
 56 | Set your configuration like this : 
 57 | 
 58 | ```yaml
 59 | plugins:
 60 |     - encryptcontent:
 61 |         encrypted_something:
 62 |             mkdocs-encrypted-toc: [div, id]
 63 | ```
 64 | 
 65 | 2. Other example, with multiple targets. You are using a custom version of Material theme and
 66 | want to encrypt ToC content and Footer.
 67 | 
 68 | Material generates 2 `<nav>` structures with the same template `toc.html`, so you need to use a `class`
 69 | instead of an id for this part.
 70 | The footer part, is generated by the `footer.html` template in a classic div so an `id` is sufficient
 71 | 
 72 | After modification, your template looks like this :
 73 | 
 74 | toc.html:
 75 | ```jinja
 76 | <nav class="md-nav md-nav--secondary {% if page.encrypted %}mkdocs-encrypted-toc{% endif %}" aria-label="{{ lang.t('toc.title') }}">
 77 |     <label class="md-nav__title" for="__toc"> ... </label>
 78 |     <ul class="md-nav__list" data-md-scrollfix> ... </ul>
 79 | </nav>
 80 | ```
 81 | footer.html:
 82 | ```jinja
 83 | <footer class="md-footer">
 84 |     <div class="md-footer-nav" {% if page.encrypted %}id="mkdocs-encrypted-footer"{% endif %}> ... </div>
 85 |     <div class="md-footer-meta md-typeset" {% if page.encrypted %}id="mkdocs-encrypted-footer-meta"{% endif %}>
 86 | </footer>
 87 | ```
 88 | 
 89 | Your configuration would look like this :
 90 | ```yaml
 91 | plugins:
 92 |     - encryptcontent:
 93 |         encrypted_something:
 94 |             mkdocs-encrypted-toc: [nav, class]
 95 |             mkdocs-encrypted-footer: [div, id]
 96 |             mkdocs-encrypted-footer-meta: [div, id]
 97 | ```
 98 | 
 99 | 3. If you are using unmodified mkdocs-material, then this example will encrypt menu, toc and footer
100 | But you'd need the Navigation pruning feature to hide the title of encrypted pages from navigation (or see 2.).
101 | 
102 | ```yaml
103 | plugins:
104 |     - encryptcontent:
105 |         encrypted_something:
106 |             md-footer__inner: [nav, class]
107 |             md-nav: [nav, class]
108 | ```
109 | 
110 | ### Inject decrypt-form.tpl to theme
111 | 
112 | Some themes or plugins might interfere with the way this plugin encrypts the content of a page.
113 | In this case this feature will find and encrypt a unique tag in the same way as `encrypted_something`
114 | does and additionally inject its `decrypt-form.tpl.html` in front of it.
115 | 
116 | ```yaml
117 | plugins:
118 |     - encryptcontent:
119 |         inject:
120 |             <uniq name>: [<html tag>, <'class' or 'id'>]
121 | ```
122 | 
123 | This is an example for mkdocs-material:
124 | ```yaml
125 | plugins:
126 |   - blog
127 |   - encryptcontent:
128 |         encrypted_something:
129 |             md-footer__inner: [nav, class] #Footer
130 |             md-nav: [nav, class] #Menu and toc
131 |         inject:
132 |             md-content: [div, class]
133 | ```
134 | 
135 | > This feature overrides the normal practice of replacing the rendered content of a page.
136 | 
137 | ### Mix encrypted and normal content
138 | 
139 | It is possible to only encrypt parts of the page and also to remove parts on successful decryption.
140 | 
141 | First install PyMdown Extensions by entering `pip install --upgrade pymdown-extensions`,
142 | then enable them in your `mkdocs.yml`:
143 | ```yaml
144 | markdown_extensions:
145 |     - pymdownx.blocks.html
146 | ```
147 | 
148 | This is an example of a mixed markdown page:
149 | 
150 | ```
151 | title: This page mixes encrypted and normal content
152 | level: secret
153 | inject_id: protected
154 | delete_id: teaser
155 | 
156 | /// html | div#teaser
157 | ## Teaser
158 | 
159 | You won't believe which secrets this page will unveil.
160 | Find out more after you enter the correct password...
161 | ///
162 | 
163 | /// html | div#protected
164 | ## Secret
165 | 
166 | Well, the princess is another castle.
167 | ///
168 | ```
169 | 
170 | The markdown extension enables us to wrap a div tag around content by `/// html | div#some-id`.
171 | It ends with `///`. The meta tag `inject_id` defines which div id we would like to encrypt
172 | (it also injects the decryption form here). And the div id found at `delete_id` will be deleted
173 | on successful decryption.
174 | 


--------------------------------------------------------------------------------
/documentation/docs/features/search.md:
--------------------------------------------------------------------------------
 1 | ## Search encryption
 2 | 
 3 | ### Search index encryption
 4 | 
 5 | > **Default value is "encrypted"**
 6 | 
 7 | Related to [issue #13](https://github.com/CoinK0in/mkdocs-encryptcontent-plugin/issues/13)
 8 | 
 9 | > :warning: **The configuration mode "clear" of this functionality can cause DATA LEAK**
10 | >
11 | > The unencrypted content of each page is accessible through the search index.
12 | > Not encrypting the search index means completely removing the protection provided by this plugin.
13 | > You have been warned 
14 | 
15 | This feature allows you to control the behavior of the encryption plugin with the search index. 
16 | Three configuration modes are possible:
17 | 
18 |  * **clear** : Search index is not encrypted. Search is possible even on protected pages.
19 |  * **dynamically** : Search index is encrypted on build. Search is possible once the pages have been decrypted.
20 |  * **encrypted** : Search index of encrypted pages is removed on build. Search is not possible on encrypted pages.
21 | 
22 | You can set `search_index: '<mode_name>'` in your `mkdocs.yml` to change the search index encryption mode. Possible values are `clear`, `dynamically`, `encrypted`. The default mode is "**encrypted**".
23 | 
24 | ```yaml
25 | plugins:
26 |     - encryptcontent:
27 |         search_index: 'dynamically'
28 | ```
29 | 
30 | This functionality modifies the search index created by the “search” plug-in.
31 | Some themes might override the default search plug-in provided by mkdocs, 
32 | but so far the structure of the `search/search_index.json` file is consistent.
33 | 
34 | > The modification of the search index is carried out last (if `encryptcontent` is also last in `plugins`).
35 | > But always double-check the generated index after `mkdocs build` to see if your information is protected.
36 | 
37 | When the configuration mode is set to "**dynamically**", the 
38 | [javascripts contribution files](https://github.com/unverbuggt/mkdocs-encryptcontent-plugin/tree/master/encryptcontent/contrib/templates/search)
39 | are used to override the default search plugin files provided by MkDocs. 
40 | They include a process of decrypting and keeping the search index in a SessionStorage.
41 | 
42 | ### Search index encryption for mkdocs-material
43 | 
44 | [Material for MkDocs](https://squidfunk.github.io/mkdocs-material/) uses a different search plugin that
45 | cannot "easily" be overridden like the default search plugin.
46 | However this Plugin will still remove encrypted pages (`encrypted`) or encrypt the search entries (`dynamically`)
47 | for `mkdocs-material`.
48 | 
49 | In order to be able to decrypt the search index (`dynamically`) `mkdocs-material` needs to be customized (patched).
50 | 
51 | Patches for different versions can be found [here](https://github.com/unverbuggt/mkdocs-encryptcontent-plugin/tree/version3/patches).
52 | 
53 | #### Material 8.x
54 | 
55 | You'll need some [prerequisites](https://squidfunk.github.io/mkdocs-material/customization/#environment-setup)
56 | and also execute these commands:
57 | 
58 | ```bash
59 | git clone https://github.com/squidfunk/mkdocs-material
60 | cd mkdocs-material
61 | pip install mkdocs-minify-plugin
62 | pip install mkdocs-redirects
63 | npm install
64 | 
65 | #copy material_search_worker.patch to mkdocs-material
66 | patch -p 0 < material_search_worker8.patch
67 | 
68 | pip install --force-reinstall .
69 | #pip install --force-reinstall --no-deps . #faster if mkdocs-material was already installed
70 | ```
71 | 
72 | #### Material 9.x
73 | 
74 | Follow the instructions for [Theme development](https://squidfunk.github.io/mkdocs-material/customization/#theme-development) carefully.
75 | 
76 | Apply the patch before [Building the theme](https://squidfunk.github.io/mkdocs-material/customization/#building-the-theme):
77 | 
78 | ```bash
79 | patch -p 0 < material_browser_request9.patch # until Material 9.3
80 | patch -p 0 < material_browser_request9_4p.patch # Material 9.4+
81 | ```
82 | 
83 | 


--------------------------------------------------------------------------------
/documentation/docs/features/security.md:
--------------------------------------------------------------------------------
  1 | ## Security
  2 | 
  3 | ### Crypto-js or crypto-es or webcrypto?
  4 | 
  5 | By default the plugin uses the crypto-js library for page decryption, but using
  6 | the browser's built-in webcrypto engine is also possible (set `webcrypto: true`).
  7 | 
  8 | The main advantage of webcrypto over crypto-js is that it is much faster, allowing higher
  9 | calculation difficulty for key derivation (`kdf_pow`). Also it may be easier to implement
 10 | key derivation functions other than PBKDF2 with webcrypto in the future.
 11 | 
 12 | On the other hand crypto-js is implemented in pure Javascript without any dependencies and well
 13 | tested (but it probably won't receive any updates as development stalled in 2021, see [here](https://github.com/brix/crypto-js/#discontinued))
 14 | and we know nothing about how good or bad webcrypto is implemented in different browsers.
 15 | 
 16 | There is a new variation of [crypto-js](https://github.com/brix/crypto-js), called [crypto-es](https://github.com/entronad/crypto-es).
 17 | It provides the same functions, but is implemented in modern javascript and can be activated by setting `esm: true`.  
 18 | If `webcrypto: true` and `esm: true` is set, then webcrypto will be loaded as a
 19 | javascript module (speeding up material theme with instant loading feature).
 20 | 
 21 | > Crypto-js causes a bug when browsing through encrypted pages,
 22 | > if used in `mkdocs-material` together with the `navigation.instant` feature.
 23 | > It is advised to use `webcrypto: true` or crypto-es with `esm: true` in this case.
 24 | 
 25 | #### Self-host Crypto-js or Crypto-es
 26 | 
 27 | If you enable `selfhost` then you'll choose to upload crypto-js to your web server rather than using cloudflare CDN.
 28 | The self-host location is "SITE_URL/assets/javascripts/cryptojs/".
 29 | 
 30 | Additionally if you set `selfhost_download` then the required files will be automatically downloaded if needed.
 31 | The files are checked for their MD5 hash and saved to `docs_dir` or `selfhost_dir` (relative to `mkdocs.yml`).
 32 | 
 33 | ```yaml
 34 | plugins:
 35 |     - encryptcontent:
 36 |         selfhost: True
 37 |         selfhost_download: False
 38 |         selfhost_dir: 'theme_overrides'
 39 | ```
 40 | 
 41 | #### KDF key generation caching
 42 | 
 43 | Either way (webcrypto or crypto-js) the [KDF](https://en.wikipedia.org/wiki/Key_derivation_function)
 44 | key generation needs to be done for each credential.
 45 | This may take some additional time when building the site, especially when there are many different ones.
 46 | That's why these keys and salt are cached by default to a yaml file named "encryptcontent.cache".
 47 | 
 48 | ```yaml
 49 | plugins:
 50 |     - encryptcontent:
 51 |         cache_file: 'encryptcontent.cache' # change file name if needed
 52 | ```
 53 | 
 54 | Caching can be disabled by setting `cache_file: ''`.
 55 | 
 56 | 
 57 | ### File name obfuscation
 58 | 
 59 | Imagine your pages contain many images and you labeled them "1.jpg", "2.jpg" and so on for some reason.
 60 | If you'd like to encrypt one of these pages, an attacker could try guessing the image file names
 61 | and would be able to download them despite not having the password to the page.
 62 | 
 63 | This feature should make it impossible or at least way harder for an external attacker to guess the file names.
 64 | Please also check and disable directory listing for that matter.
 65 | Keep in mind that your hosting provider is still able to see all your images and files.
 66 | 
 67 | To counter file name guessing you could activate the feature like this:
 68 | 
 69 | ```yaml
 70 | plugins:
 71 |     - encryptcontent:
 72 |         selfhost: true
 73 |         selfhost_download: false
 74 |         hash_filenames:
 75 |           extensions:
 76 |             - 'png'
 77 |             - 'jpg'
 78 |             - 'jpeg'
 79 |             - 'svg'
 80 |           except:
 81 |             - 'lilien.svg'
 82 | ```
 83 | 
 84 | At `extensions` we define which file name extensions to obfuscate
 85 | (extension is taken from the part after the last ".",
 86 | so the extension of "image.jpg" is "jpg" and of "archive.tar.gz" is "gz").
 87 | 
 88 | You can define multiple exceptions at the `except` list.
 89 | The file names that end with these strings will be skipped.
 90 | You should use this if some images are used by themes or other plugins.
 91 | Otherwise, you'd need to change these file names to the obfuscated ones.
 92 | 
 93 | The file names are obfuscated in a way that the corresponding file is hashed with MD5
 94 | and the hash is added to the file name
 95 | (If the file content is not changed the file name remains the same), like this:
 96 | 
 97 | some_image_1_bb80db433751833b8f8b4ad23767c0fc.jpg
 98 | ("bb80db433751833b8f8b4ad23767c0fc" being the MD5 hash of said image.)
 99 | 
100 | > The file name obfuscation is currently applied to the whole site - not just the encrypted pages...
101 | 
102 | ### Signing of generated files
103 | 
104 | An attacker would most likely have a hard time brute forcing your encrypted content, given a good
105 | password entropy. It would be much easier for him to fish for passwords by modifying the
106 | generated pages, if he is able to hack your web space.
107 | 
108 | This feature will sign all encrypted pages and used javascript files with Ed25519. It will also generate
109 | an example [canary script](https://en.wikipedia.org/wiki/Domestic_canary#Miner's_canary), which can be
110 | customized to alert if files were modified.
111 | 
112 | > **NOTE** If Mkdocs is running with `mkdocs serve`, then signature verification of encrypted pages
113 | > will fail, because the files are modified by Mkdocs to enable live reload.
114 | 
115 | ```yaml
116 |       sign_files: 'signatures.json'
117 |       sign_key: 'encryptcontent.key' #optional
118 |       canary_template_path: '/path/to/canary.tpl.py' #optional
119 | ```
120 | 
121 | First an Ed25519 private key is generated at "encryptcontent.key" (besides `mkdocs.yml`), however you can supply an
122 | existing private key as long as it's in PEM format.
123 | 
124 | After generation the signatures are saved to "signatures.json" in `site_dir`, so this file also needs to be uploaded
125 | to the web space. The canary script will download this file and compare the URLs to its own list and then download
126 | all files and verify the signatures.
127 | 
128 | As long as the private key used for signing remains secret, the canary script will be able to determine
129 | if someone tampered with the files on the server. But you should run the canary script from another machine
130 | that is not related to the server, otherwise the attacker could also modify the canary script and sign with his
131 | private key instead.
132 | 


--------------------------------------------------------------------------------
/documentation/docs/img/logo.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/unverbuggt/mkdocs-encryptcontent-plugin/3a99d7158cbf7522e83b5811b678732dbaf85cee/documentation/docs/img/logo.ico


--------------------------------------------------------------------------------
/documentation/docs/img/logo.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 2 | <svg
 3 |    width="10mm"
 4 |    height="10mm"
 5 |    version="1.1"
 6 |    viewBox="0 0 10 10"
 7 |    id="svg12"
 8 |    sodipodi:docname="logo.svg"
 9 |    inkscape:version="1.1.1 (3bf5ae0d25, 2021-09-20)"
10 |    xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
11 |    xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
12 |    xmlns="http://www.w3.org/2000/svg"
13 |    xmlns:svg="http://www.w3.org/2000/svg"
14 |    xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
15 |    xmlns:cc="http://creativecommons.org/ns#"
16 |    xmlns:dc="http://purl.org/dc/elements/1.1/">
17 |   <defs
18 |      id="defs16" />
19 |   <sodipodi:namedview
20 |      id="namedview14"
21 |      pagecolor="#ffffff"
22 |      bordercolor="#666666"
23 |      borderopacity="1.0"
24 |      inkscape:pageshadow="2"
25 |      inkscape:pageopacity="0.0"
26 |      inkscape:pagecheckerboard="0"
27 |      inkscape:document-units="mm"
28 |      showgrid="false"
29 |      inkscape:zoom="7.6094167"
30 |      inkscape:cx="46.784138"
31 |      inkscape:cy="24.114858"
32 |      inkscape:window-width="2560"
33 |      inkscape:window-height="1361"
34 |      inkscape:window-x="2091"
35 |      inkscape:window-y="-9"
36 |      inkscape:window-maximized="1"
37 |      inkscape:current-layer="svg12" />
38 |   <metadata
39 |      id="metadata2">
40 |     <rdf:RDF>
41 |       <cc:Work
42 |          rdf:about="">
43 |         <dc:format>image/svg+xml</dc:format>
44 |         <dc:type
45 |            rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
46 |       </cc:Work>
47 |     </rdf:RDF>
48 |   </metadata>
49 |   <path
50 |      id="rect930"
51 |      style="fill:#bc8742;stroke:none;stroke-width:4.10022;fill-opacity:1"
52 |      d="M 5.6692914,15.117188 V 37.794922 H 32.125985 V 15.117188 Z m 13.2291466,4.27539 c 2.866181,6.63e-4 5.189291,1.883108 5.189453,4.205078 -6.29e-4,1.852361 -1.4973,3.486247 -3.685547,4.023438 l 2.046875,6.537109 h -7.101563 l 2.046875,-6.537109 c -2.18902,-0.53662 -3.68661,-2.170643 -3.6875,-4.023438 1.62e-4,-2.322588 2.324463,-4.205289 5.191407,-4.205078 z"
53 |      transform="scale(0.26458333)"
54 |      sodipodi:nodetypes="ccccccccccccc" />
55 |   <path
56 |      id="path1090"
57 |      style="fill:none;stroke:#bc8742;stroke-width:0.947658;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
58 |      d="M 5.000256,0.87360703 C 3.604863,0.87344643 2.473634,2.0046755 2.473795,3.4000678 c 3.17e-4,0.1793174 0.01971,0.8872585 0.05788,1.0624675 h 4.93665 C 7.506495,4.2873263 7.525895,3.5793852 7.526205,3.4000678 7.526366,2.0048775 6.395452,0.87373213 5.000262,0.87360703 Z"
59 |      sodipodi:nodetypes="ccccccc" />
60 | </svg>
61 | 


--------------------------------------------------------------------------------
/documentation/docs/index.md:
--------------------------------------------------------------------------------
 1 | # mkdocs-encryptcontent-plugin
 2 | 
 3 | This plugin allows you to have password protected articles and pages in MKdocs.
 4 | 
 5 | The content is encrypted with AES-256 in Python using PyCryptodome and decrypted in the browser with Crypto-JS or Webcrypto.
 6 | 
 7 | *It has been tested in Python Python 3.8+*
 8 | 
 9 | **Usecase**
10 | 
11 | > I want to be able to protect the content of the page with a password.
12 | >
13 | > Define a password to protect each page independently or a global password to protect them all.
14 | >
15 | > If a global password exists, all articles and pages are protected with this password.
16 | >
17 | > If a password is defined in an article or a page, it is always used even if there is a global password.
18 | >
19 | > If a password is defined as an empty character string, content encryption is disabled.
20 | >
21 | > Additionally password levels can be defined in mkdocs.yml or external yaml file with user/password credentials.
22 | 
23 | ## New features (compared to version 2.5.x)
24 | 
25 | * Stronger cryptography (PBKDF2 for key derivation)
26 | * Faster cryptography (Webcrypto as alternative to crypto-js)
27 | * Allow password inventory or levels in mkdocs.yml or external file for credential handling
28 | * Allow user name + password as credentials
29 | * If credential is reused in different levels it also decrypts all of their content
30 | * Optional adding of credentials to URLs for sharing
31 | * Optional tamper check by signing generated files with Ed25519
32 | * New [Documentation](https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/) and [Test bench](https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/testbench/)
33 | 
34 | ## Upgrading from version 2.5.x
35 | 
36 | The `use_secret` functionality was discontinued in the plugin configuration and as a meta tag.
37 | 
38 | In order to use environment variables in user names or passwords, use the 
39 | [special yaml tag](https://www.mkdocs.org/user-guide/configuration/#special-yaml-tags) `!ENV`.
40 | 
41 | ## Todos for 3.1.x
42 | * outsource some functionality to separate plugins, like:
43 |     * Filename obfuscation
44 |     * Signing of generated files
45 | * find a better way for search decryption
46 | * add better alternative to PBKDF2
47 | * optional server side keystore (allows throtteling)
48 |     * still no waterproof solution...
49 | * ...to be defined
50 | 


--------------------------------------------------------------------------------
/documentation/docs/installation.md:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | # Installation
 4 | 
 5 | Install the package with pip:
 6 | 
 7 | ```bash
 8 | pip install mkdocs-encryptcontent-plugin
 9 | ```
10 | 
11 | Install the package from source with pip:
12 | 
13 | ```bash
14 | cd mkdocs-encryptcontent-plugin/
15 | python setup.py sdist bdist_wheel
16 | pip install --force-reinstall --no-deps dist/mkdocs_encryptcontent_plugin-3.0.4-py3-none-any.whl
17 | ```
18 | 
19 | Enable the plugin in your `mkdocs.yml`:
20 | 
21 | ```yaml
22 | plugins:
23 |     - search: {}
24 |     - encryptcontent: {}
25 | ```
26 | > **NOTE:** If you have no `plugins` entry in your configuration file yet, you'll likely also want to add the `search` plugin.
27 | > MkDocs enables it by default if there is no `plugins` entry set, but now you have to enable it explicitly.
28 | 


--------------------------------------------------------------------------------
/documentation/docs/testbench/anchor.md:
--------------------------------------------------------------------------------
 1 | title: Anchor test
 2 | level: user_and_passwords1
 3 | 
 4 | <script id="autostart">
 5 | const ctheme = 'css/w3-theme-44bb4f-mono';
 6 | document.getElementById('theme-auto').href = base_url + '/' + ctheme + '.css';
 7 | document.getElementById('theme-light').href = base_url + '/' + ctheme + '-light.css';
 8 | document.getElementById('theme-dark').href = base_url + '/' + ctheme + '-dark.css';
 9 | </script>
10 | 
11 | # Anchor 1
12 | 
13 | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim. Donec pede justo, fringilla vel, aliquet nec, vulputate eget, arcu. In enim justo, rhoncus ut, imperdiet a, venenatis vitae, justo. Nullam dictum felis eu pede mollis pretium. Integer tincidunt. Cras dapibus. Vivamus elementum semper nisi. Aenean vulputate eleifend tellus. Aenean leo ligula, porttitor eu, consequat vitae, eleifend ac, enim. Aliquam lorem ante, dapibus in, viverra quis, feugiat a, tellus. Phasellus viverra nulla ut metus varius laoreet. Quisque rutrum. Aenean imperdiet. Etiam ultricies nisi vel augue. Curabitur ullamcorper ultricies nisi. Nam eget dui. Etiam rhoncus. Maecenas tempus, tellus eget condimentum rhoncus, sem quam semper libero, sit amet adipiscing sem neque sed ipsum. Nam quam nunc, blandit vel, luctus pulvinar, hendrerit id, lorem. Maecenas nec odio et ante tincidunt tempus. Donec vitae sapien ut libero venenatis faucibus. Nullam quis ante. Etiam sit amet orci eget eros faucibus tincidunt. Duis leo. Sed fringilla mauris sit amet nibh. Donec sodales sagittis magna. Sed consequat, leo eget bibendum sodales, augue velit cursus nunc,
14 | 
15 | # Anchor 2
16 | 
17 | Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt. Neque porro quisquam est, qui dolorem ipsum quia dolor sit amet, consectetur, adipisci velit, sed quia non numquam eius modi tempora incidunt ut labore et dolore magnam aliquam quaerat voluptatem. Ut enim ad minima veniam, quis nostrum exercitationem ullam corporis suscipit laboriosam, nisi ut aliquid ex ea commodi consequatur? Quis autem vel eum iure reprehenderit qui in ea voluptate velit esse quam nihil molestiae consequatur, vel illum qui dolorem eum fugiat quo voluptas nulla pariatur? At vero eos et accusamus et iusto odio dignissimos ducimus qui blanditiis praesentium voluptatum deleniti atque corrupti quos dolores et quas molestias excepturi sint occaecati cupiditate non provident, similique sunt in culpa qui officia deserunt mollitia animi, id est laborum et dolorum fuga. Et harum quidem rerum facilis est et expedita distinctio. Nam libero tempore, cum soluta nobis est eligendi optio cumque nihil impedit quo minus id quod maxime placeat facere
18 | 
19 | # Anchor 3
20 | 
21 | But I must explain to you how all this mistaken idea of denouncing pleasure and praising pain was born and I will give you a complete account of the system, and expound the actual teachings of the great explorer of the truth, the master-builder of human happiness. No one rejects, dislikes, or avoids pleasure itself, because it is pleasure, but because those who do not know how to pursue pleasure rationally encounter consequences that are extremely painful. Nor again is there anyone who loves or pursues or desires to obtain pain of itself, because it is pain, but because occasionally circumstances occur in which toil and pain can procure him some great pleasure. To take a trivial example, which of us ever undertakes laborious physical exercise, except to obtain some advantage from it? But who has any right to find fault with a man who chooses to enjoy a pleasure that has no annoying consequences, or one who avoids a pain that produces no resultant pleasure? On the other hand, we denounce with righteous indignation and dislike men who are so beguiled and demoralized by the charms of pleasure of the moment, so blinded by desire, that they cannot foresee
22 | 
23 | # Anchor 4
24 | 
25 | Li Europan lingues es membres del sam familie. Lor separat existentie es un myth. Por scientie, musica, sport etc, litot Europa usa li sam vocabular. Li lingues differe solmen in li grammatica, li pronunciation e li plu commun vocabules. Omnicos directe al desirabilite de un nov lingua franca: On refusa continuar payar custosi traductores. At solmen va esser necessi far uniform grammatica, pronunciation e plu sommun paroles. Ma quande lingues coalesce, li grammatica del resultant lingue es plu simplic e regulari quam ti del coalescent lingues. Li nov lingua franca va esser plu simplic e regulari quam li existent Europan lingues. It va esser tam simplic quam Occidental in fact, it va esser Occidental. A un Angleso it va semblar un simplificat Angles, quam un skeptic Cambridge amico dit me que Occidental es.Li Europan lingues es membres del sam familie. Lor separat existentie es un myth. Por scientie, musica, sport etc, litot Europa usa li sam vocabular. Li lingues differe solmen in li grammatica, li pronunciation e li plu commun vocabules. Omnicos directe al desirabilite de un nov lingua franca: On refusa continuar payar custosi traductores. At solmen va esser necessi far uniform grammatica, pronunciation e plu sommun paroles.
26 | 
27 | # Anchor 5
28 | 
29 | The European languages are members of the same family. Their separate existence is a myth. For science, music, sport, etc, Europe uses the same vocabulary. The languages only differ in their grammar, their pronunciation and their most common words. Everyone realizes why a new common language would be desirable: one could refuse to pay expensive translators. To achieve this, it would be necessary to have uniform grammar, pronunciation and more common words. If several languages coalesce, the grammar of the resulting language is more simple and regular than that of the individual languages. The new common language will be more simple and regular than the existing European languages. It will be as simple as Occidental; in fact, it will be Occidental. To an English person, it will seem like simplified English, as a skeptical Cambridge friend of mine told me what Occidental is.The European languages are members of the same family. Their separate existence is a myth. For science, music, sport, etc, Europe uses the same vocabulary. The languages only differ in their grammar, their pronunciation and their most common words. Everyone realizes why a new common language would be desirable: one could refuse to pay expensive translators. To
30 | 
31 | # Anchor 6
32 | 
33 | Far far away, behind the word mountains, far from the countries Vokalia and Consonantia, there live the blind texts. Separated they live in Bookmarksgrove right at the coast of the Semantics, a large language ocean. A small river named Duden flows by their place and supplies it with the necessary regelialia. It is a paradisematic country, in which roasted parts of sentences fly into your mouth. Even the all-powerful Pointing has no control about the blind texts it is an almost unorthographic life One day however a small line of blind text by the name of Lorem Ipsum decided to leave for the far World of Grammar. The Big Oxmox advised her not to do so, because there were thousands of bad Commas, wild Question Marks and devious Semikoli, but the Little Blind Text didn’t listen. She packed her seven versalia, put her initial into the belt and made herself on the way. When she reached the first hills of the Italic Mountains, she had a last view back on the skyline of her hometown Bookmarksgrove, the headline of Alphabet Village and the subline of her own road, the Line Lane. Pityful a rethoric question ran over her cheek, then
34 | 
35 | # Anchor 7
36 | 
37 | A wonderful serenity has taken possession of my entire soul, like these sweet mornings of spring which I enjoy with my whole heart. I am alone, and feel the charm of existence in this spot, which was created for the bliss of souls like mine. I am so happy, my dear friend, so absorbed in the exquisite sense of mere tranquil existence, that I neglect my talents. I should be incapable of drawing a single stroke at the present moment; and yet I feel that I never was a greater artist than now. When, while the lovely valley teems with vapour around me, and the meridian sun strikes the upper surface of the impenetrable foliage of my trees, and but a few stray gleams steal into the inner sanctuary, I throw myself down among the tall grass by the trickling stream; and, as I lie close to the earth, a thousand unknown plants are noticed by me: when I hear the buzz of the little world among the stalks, and grow familiar with the countless indescribable forms of the insects and flies, then I feel the presence of the Almighty, who formed us in his own image, and the breath
38 | 
39 | # Anchor 8
40 | 
41 | One morning, when Gregor Samsa woke from troubled dreams, he found himself transformed in his bed into a horrible vermin. He lay on his armour-like back, and if he lifted his head a little he could see his brown belly, slightly domed and divided by arches into stiff sections. The bedding was hardly able to cover it and seemed ready to slide off any moment. His many legs, pitifully thin compared with the size of the rest of him, waved about helplessly as he looked. "What's happened to me?" he thought. It wasn't a dream. His room, a proper human room although a little too small, lay peacefully between its four familiar walls. A collection of textile samples lay spread out on the table - Samsa was a travelling salesman - and above it there hung a picture that he had recently cut out of an illustrated magazine and housed in a nice, gilded frame. It showed a lady fitted out with a fur hat and fur boa who sat upright, raising a heavy fur muff that covered the whole of her lower arm towards the viewer. Gregor then turned to look out the window at the dull weather. Drops
42 | 
43 | # Anchor 9
44 | 
45 | The quick, brown fox jumps over a lazy dog. DJs flock by when MTV ax quiz prog. Junk MTV quiz graced by fox whelps. Bawds jog, flick quartz, vex nymphs. Waltz, bad nymph, for quick jigs vex! Fox nymphs grab quick-jived waltz. Brick quiz whangs jumpy veldt fox. Bright vixens jump; dozy fowl quack. Quick wafting zephyrs vex bold Jim. Quick zephyrs blow, vexing daft Jim. Sex-charged fop blew my junk TV quiz. How quickly daft jumping zebras vex. Two driven jocks help fax my big quiz. Quick, Baz, get my woven flax jodhpurs! "Now fax quiz Jack!" my brave ghost pled. Five quacking zephyrs jolt my wax bed. Flummoxed by job, kvetching W. zaps Iraq. Cozy sphinx waves quart jug of bad milk. A very bad quack might jinx zippy fowls. Few quips galvanized the mock jury box. Quick brown dogs jump over the lazy fox. The jay, pig, fox, zebra, and my wolves quack! Blowzy red vixens fight for a quick jump. Joaquin Phoenix was gazed by MTV for luck. A wizard’s job is to vex chumps quickly in fog. Watch "Jeopardy!", Alex Trebek's fun TV quiz game. Woven silk pyjamas exchanged for blue quartz. Brawny gods just


--------------------------------------------------------------------------------
/documentation/docs/testbench/hashfilenames.md:
--------------------------------------------------------------------------------
 1 | title: Hash file names
 2 | 
 3 | This test checks whether MD5 hashes are added to the filenames...
 4 | 
 5 | /// html | div#testimg-output
 6 | 
 7 | ///
 8 | 
 9 | ![](../img/howitworks.svg){ #testimg}
10 | 
11 | 
12 | <script>
13 | var testimg = document.getElementById('testimg');
14 | var testimg_output = document.getElementById('testimg-output');
15 | 
16 | testimg_output.innerHTML = testimg.src;
17 | 
18 | </script>


--------------------------------------------------------------------------------
/documentation/docs/testbench/index.de.md:
--------------------------------------------------------------------------------
1 | title: Testaufbau
2 | 
3 | Dies ist ein Testaufbau für das MKdocs Encryptcontent Plugin.
4 | 


--------------------------------------------------------------------------------
/documentation/docs/testbench/index.md:
--------------------------------------------------------------------------------
1 | title: Test bench
2 | 
3 | This is a generic test bench for the MKdocs encryptcontent plugin.
4 | 


--------------------------------------------------------------------------------
/documentation/docs/testbench/jstest.md:
--------------------------------------------------------------------------------
 1 | title: Javascript test
 2 | obfuscate: Crawler be gone!
 3 | encryption_summary: Humans are allowed to press ENTER
 4 | encryption_info_message: This page is just obfuscated to counter web crawlers.
 5 | inject_id: inject
 6 | 
 7 | These tests demonstate the correct execution of [Javascript extensions](../features/jsext.md)
 8 | 
 9 | //// html | div#inject
10 | 
11 | ## highlight.js
12 | 
13 | ```bash
14 | #!/bin/bash
15 | echo "Hello World"
16 | ```
17 | 
18 | ## arithmatex
19 | 
20 | \[
21 | v_{e} = \sqrt{\frac{2GM}{d}} = \sqrt{2gd}
22 | \]
23 | 
24 | ## mermaid2
25 | 
26 | ```mermaid
27 | graph LR
28 |     hello --> world
29 |     world --> again
30 |     again --> hello
31 | ```
32 | 
33 | ## encrypted javascript
34 | 
35 | <script id="autostart">
36 | 
37 | const ctheme = 'css/w3-theme-44bb4f-mono';
38 | document.getElementById('theme-auto').href = base_url + '/' + ctheme + '.css';
39 | document.getElementById('theme-light').href = base_url + '/' + ctheme + '-light.css';
40 | document.getElementById('theme-dark').href = base_url + '/' + ctheme + '-dark.css';
41 | 
42 | //https://stackoverflow.com/questions/30747235/javascript-pi-%CF%80-calculator
43 | function * generateDigitsOfPi() {
44 |     let q = 1n;
45 |     let r = 180n;
46 |     let t = 60n;
47 |     let i = 2n;
48 |     while (true) {
49 |         let digit = ((i * 27n - 12n) * q + r * 5n) / (t * 5n);
50 |         yield Number(digit);
51 |         let u = i * 3n;
52 |         u = (u + 1n) * 3n * (u + 2n);
53 |         r = u * 10n * (q * (i * 5n - 2n) + r - t * digit);
54 |         q *= 10n * i * (i++ * 2n - 1n);
55 |         t *= u;
56 |     }
57 | }
58 | 
59 | // Demo
60 | let iter = generateDigitsOfPi();
61 | 
62 | let output = document.getElementById("pioutput");
63 | let cnt = 200;
64 | 
65 | (function displayTenNextDigits() {
66 |     let digits = "";
67 |     for (let i = 0; i < 10; i++) digits += iter.next().value;
68 |     output.insertAdjacentHTML("beforeend", digits);
69 |     scrollTo(0, document.body.scrollHeight);
70 |     if (cnt > 0) {
71 |         cnt--;
72 |         requestAnimationFrame(displayTenNextDigits);
73 |     }
74 | })();
75 | </script>
76 | 
77 | 
78 | /// html | div#pioutput
79 |     attrs: {style: 'word-wrap:break-word; font-family: monospace'}
80 | 
81 | ///
82 | 
83 | ////


--------------------------------------------------------------------------------
/documentation/docs/testbench/obfuscate.de.md:
--------------------------------------------------------------------------------
 1 | title: Verschleiern
 2 | obfuscate: Kriechtier hau ab!
 3 | encryption_summary: Menschen dürfen ENTER klicken
 4 | encryption_info_message: Diese Seite ist nur für Webcrawler unkenntlich gemacht.
 5 | 
 6 | <script id="autostart">
 7 | const ctheme = 'css/w3-theme-44bb4f-mono';
 8 | document.getElementById('theme-auto').href = base_url + '/' + ctheme + '.css';
 9 | document.getElementById('theme-light').href = base_url + '/' + ctheme + '-light.css';
10 | document.getElementById('theme-dark').href = base_url + '/' + ctheme + '-dark.css';
11 | </script>
12 | <h1>Seite entschlüsselt</h1>


--------------------------------------------------------------------------------
/documentation/docs/testbench/obfuscate.md:
--------------------------------------------------------------------------------
 1 | title: Obfuscate
 2 | obfuscate: Crawler be gone!
 3 | encryption_summary: Humans are allowed to press ENTER
 4 | encryption_info_message: This page is just obfuscated to counter web crawlers.
 5 | sharelink: true
 6 | 
 7 | <script id="autostart">
 8 | const ctheme = 'css/w3-theme-44bb4f-mono';
 9 | document.getElementById('theme-auto').href = base_url + '/' + ctheme + '.css';
10 | document.getElementById('theme-light').href = base_url + '/' + ctheme + '-light.css';
11 | document.getElementById('theme-dark').href = base_url + '/' + ctheme + '-dark.css';
12 | </script>
13 | <h1>Page decrypted</h1>


--------------------------------------------------------------------------------
/documentation/docs/testbench/onlypasswords1.de.md:
--------------------------------------------------------------------------------
 1 | title: Nur Passwörter 1
 2 | level: onlypasswords1
 3 | inject_id: protected
 4 | delete_id: teaser
 5 | 
 6 | /// html | div#teaser
 7 | 
 8 | Es ist möglich diese Seite mit einem der folgenden Passwörter zu entschlüsseln:
 9 | 
10 |   - Clique.Shampoo.Ve55el
11 |   - C4bbage Profile blinking
12 |   - Head32_Sculpture_bovine_
13 |   - Negotiator-leftover-567
14 |   - moist:W00l:kept:royal
15 |   - SpotChestOilCycle22
16 |   - m00dy#augmented#Arsonist
17 |   - **Hatless,hertz,C4lzone**
18 | 
19 | Wenn die unteren vier Passwörter eingegeben wird, dann ist auch [Nur Passwörter 2](onlypasswords2.md) entschlüsselt.  
20 | Falls das Passwort "Hatless,hertz,C4lzone" verwendet wird, dann ist auch [Nur Passwörter 3](onlypasswords3.md) entschlüsselt.
21 | 
22 | > **Hinweis:** Es wird länger dauern wenn das Passwort "Hatless,hertz,C4lzone" gewählt wird,
23 | > weil es siebenmal an den anderen Proben scheitern wird.
24 | 
25 | ///
26 | /// html | div#protected
27 | 
28 | <h1>Seite entschlüsselt</h1>
29 | 
30 | Eines dieser Passwörter **wurde** verwendet um diese Seite zu entschlüsseln:
31 | 
32 |   - Clique.Shampoo.Ve55el
33 |   - C4bbage Profile blinking
34 |   - Head32_Sculpture_bovine_
35 |   - Negotiator-leftover-567
36 |   - moist:W00l:kept:royal
37 |   - SpotChestOilCycle22
38 |   - m00dy#augmented#Arsonist
39 |   - Hatless,hertz,C4lzone
40 | 
41 | Wenn eines der untersten vier Passwörter eingegeben wurden, dann kann auch [Nur Passwörter 2](onlypasswords2.md)
42 | entschlüsselt werden.  
43 | Falls das Passwort "Hatless.hertz.pounce smile c4lzone" verwendet wurde, dann ist auch [Nur Passwörter 3](onlypasswords3.md) entschlüsselt.
44 | 
45 | 
46 | > **Hinweis:** Es hat mit dem Passwort "Hatless,hertz,C4lzone" länger gedauert,
47 | > weil es vorher siebenmal an den anderen Proben gescheitert ist.
48 | 
49 | <script id="autostart">
50 | const ctheme = 'css/w3-theme-44bb4f-mono';
51 | document.getElementById('theme-auto').href = base_url + '/' + ctheme + '.css';
52 | document.getElementById('theme-light').href = base_url + '/' + ctheme + '-light.css';
53 | document.getElementById('theme-dark').href = base_url + '/' + ctheme + '-dark.css';
54 | </script>
55 | ///


--------------------------------------------------------------------------------
/documentation/docs/testbench/onlypasswords1.md:
--------------------------------------------------------------------------------
 1 | title: Only passwords 1
 2 | level: onlypasswords1
 3 | inject_id: protected
 4 | delete_id: teaser
 5 | sharelink: true
 6 | 
 7 | /// html | div#teaser
 8 | 
 9 | The following passwords are valid to decrypt this page:
10 | 
11 |   - Clique.Shampoo.Ve55el
12 |   - C4bbage Profile blinking
13 |   - Head32_Sculpture_bovine_
14 |   - Negotiator-leftover-567
15 |   - moist:W00l:kept:royal
16 |   - SpotChestOilCycle22
17 |   - m00dy#augmented#Arsonist
18 |   - **Hatless,hertz,C4lzone**
19 | 
20 | If you use one of the last four passwords, you'd also be able to decrypt [only passwords 2](onlypasswords2.md).  
21 | If you use the password "Hatless.hertz.pounce smile c4lzone", you'd also be able to decrypt [only passwords 3](onlypasswords3.md).
22 | 
23 | > **Note:** It will take some time if you use the password "Hatless.hertz.pounce smile c4lzone"
24 | > because it has to be tried on seven challenges before it works.
25 | 
26 | 
27 | ///
28 | /// html | div#protected
29 | 
30 | <h1>Page decrypted</h1>
31 | 
32 | One of the following passwords **were** used to decrypt this page:
33 | 
34 |   - Clique.Shampoo.Ve55el
35 |   - C4bbage Profile blinking
36 |   - Head32_Sculpture_bovine_
37 |   - Negotiator-leftover-567
38 |   - moist:W00l:kept:royal
39 |   - SpotChestOilCycle22
40 |   - m00dy#augmented#Arsonist
41 |   - Hatless,hertz,C4lzone
42 | 
43 | If you used one of the last four passwords, you'd also be able to decrypt [only passwords 2](onlypasswords2.md).  
44 | If you used the password "Hatless.hertz.pounce smile c4lzone", you'd also be able to decrypt [only passwords 3](onlypasswords3.md).
45 | 
46 | > **Note:** It took some time if you used the password "Hatless.hertz.pounce smile c4lzone"
47 | > because it had to be tried on seven challenges before it worked.
48 | 
49 | <script id="autostart">
50 | const ctheme = 'css/w3-theme-44bb4f-mono';
51 | document.getElementById('theme-auto').href = base_url + '/' + ctheme + '.css';
52 | document.getElementById('theme-light').href = base_url + '/' + ctheme + '-light.css';
53 | document.getElementById('theme-dark').href = base_url + '/' + ctheme + '-dark.css';
54 | </script>
55 | ///


--------------------------------------------------------------------------------
/documentation/docs/testbench/onlypasswords2.de.md:
--------------------------------------------------------------------------------
 1 | title: Nur Passwörter 2
 2 | level: onlypasswords2
 3 | inject_id: protected
 4 | delete_id: teaser
 5 | 
 6 | /// html | div#teaser
 7 | 
 8 | Es ist möglich diese Seite mit einem der folgenden Passwörter zu entschlüsseln:
 9 | 
10 |   - moist:W00l:kept:royal
11 |   - SpotChestOilCycle22
12 |   - m00dy#augmented#Arsonist
13 |   - **Hatless,hertz,C4lzone**
14 | 
15 | Wenn eines dieser Passwörter eingegeben wird, dann ist auch [Nur Passwörter 1](onlypasswords1.md) entschlüsselt.  
16 | Falls das Passwort "Hatless,hertz,C4lzone" verwendet wird, dann ist auch [Nur Passwörter 3](onlypasswords3.md) entschlüsselt.
17 | 
18 | > **Hinweis:** Es wird länger dauern wenn das Passwort "Hatless,hertz,C4lzone" gewählt wird,
19 | > weil es siebenmal an den anderen Proben scheitern wird.
20 | 
21 | ///
22 | /// html | div#protected
23 | 
24 | <h1>Seite entschlüsselt</h1>
25 | 
26 | Eines dieser Passwörter **wurde** verwendet um diese Seite zu entschlüsseln:
27 | 
28 |   - moist:W00l:kept:royal
29 |   - SpotChestOilCycle22
30 |   - m00dy#augmented#Arsonist
31 |   - Hatless,hertz,C4lzone
32 | 
33 | Nun kann auch [Nur Passwörter 1](onlypasswords1.md) entschlüsselt werden.  
34 | Falls das Passwort "Hatless,hertz,C4lzone" verwendet wurde, dann ist auch [Nur Passwörter 3](onlypasswords3.md) entschlüsselt.
35 | 
36 | > **Hinweis:** Es hat mit dem Passwort "Hatless,hertz,C4lzone" länger gedauert,
37 | > weil es vorher siebenmal an den anderen Proben gescheitert ist.
38 | 
39 | <script id="autostart">
40 | const ctheme = 'css/w3-theme-44bb4f-mono';
41 | document.getElementById('theme-auto').href = base_url + '/' + ctheme + '.css';
42 | document.getElementById('theme-light').href = base_url + '/' + ctheme + '-light.css';
43 | document.getElementById('theme-dark').href = base_url + '/' + ctheme + '-dark.css';
44 | </script>
45 | ///


--------------------------------------------------------------------------------
/documentation/docs/testbench/onlypasswords2.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: Only passwords 2
 3 | level: onlypasswords2
 4 | inject_id: protected
 5 | delete_id: teaser
 6 | ---
 7 | 
 8 | /// html | div#teaser
 9 | 
10 | The following passwords are valid to decrypt this page:
11 | 
12 |   - moist:W00l:kept:royal
13 |   - SpotChestOilCycle22
14 |   - m00dy#augmented#Arsonist
15 |   - **Hatless,hertz,C4lzone**
16 | 
17 | If you use one of these passwords, you'd also be able to decrypt [only passwords 1](onlypasswords1.md).  
18 | If you use the password "Hatless,hertz,C4lzone", you'd also be able to decrypt [only passwords 3](onlypasswords3.md).
19 | 
20 | > **Note:** It will take some time if you use the password "Hatless,hertz,C4lzone"
21 | > because it has to be tried on seven challenges before it works.
22 | 
23 | ///
24 | /// html | div#protected
25 | 
26 | <h1>Page decrypted</h1>
27 | 
28 | One of the following passwords **were** used to decrypt this page:
29 | 
30 |   - moist:W00l:kept:royal
31 |   - SpotChestOilCycle22
32 |   - m00dy#augmented#Arsonist
33 |   - Hatless,hertz,C4lzone
34 | 
35 | You're also able to decrypt [only passwords 1](onlypasswords1.md).  
36 | If you used the password "Hatless,hertz,C4lzone", you'd also be able to decrypt [only passwords 3](onlypasswords3.md).
37 | 
38 | > **Note:** It took some time if you used the password "Hatless,hertz,C4lzone"
39 | > because it had to be tried on seven challenges before it worked.
40 | 
41 | <script id="autostart">
42 | const ctheme = 'css/w3-theme-44bb4f-mono';
43 | document.getElementById('theme-auto').href = base_url + '/' + ctheme + '.css';
44 | document.getElementById('theme-light').href = base_url + '/' + ctheme + '-light.css';
45 | document.getElementById('theme-dark').href = base_url + '/' + ctheme + '-dark.css';
46 | </script>
47 | ///


--------------------------------------------------------------------------------
/documentation/docs/testbench/onlypasswords3.de.md:
--------------------------------------------------------------------------------
 1 | title: Nur Passwörter 2
 2 | password: Hatless,hertz,C4lzone
 3 | inject_id: protected
 4 | delete_id: teaser
 5 | 
 6 | /// html | div#teaser
 7 | 
 8 | Es ist möglich diese Seite mit einem der folgenden Passwörter zu entschlüsseln:
 9 | 
10 |   - Hatless,hertz,C4lzone
11 | 
12 | Wenn eines dieser Passwörter eingegeben wird, dann ist auch [Nur Passwörter 1](onlypasswords1.md) und [Nur Passwörter 2](onlypasswords2.md) entschlüsselt.
13 | 
14 | > **Hinweis:** Es wird länger dauern wenn das Passwort "Hatless,hertz,C4lzone" gewählt wird,
15 | > weil es siebenmal an den anderen Proben scheitern wird.
16 | 
17 | ///
18 | /// html | div#protected
19 | 
20 | <h1>Seite entschlüsselt</h1>
21 | 
22 | Folgendes Passwort **wurde** verwendet um diese Seite zu entschlüsseln:
23 | 
24 |   - Hatless,hertz,C4lzone
25 | 
26 | Nun kann auch [Nur Passwörter 1](onlypasswords1.md) und [Nur Passwörter 2](onlypasswords2.md) entschlüsselt werden.
27 | 
28 | > **Hinweis:** Es hat mit dem Passwort "Hatless,hertz,C4lzone" länger gedauert,
29 | > weil es vorher siebenmal an den anderen Proben gescheitert ist.
30 | 
31 | <script id="autostart">
32 | const ctheme = 'css/w3-theme-44bb4f-mono';
33 | document.getElementById('theme-auto').href = base_url + '/' + ctheme + '.css';
34 | document.getElementById('theme-light').href = base_url + '/' + ctheme + '-light.css';
35 | document.getElementById('theme-dark').href = base_url + '/' + ctheme + '-dark.css';
36 | </script>
37 | ///


--------------------------------------------------------------------------------
/documentation/docs/testbench/onlypasswords3.md:
--------------------------------------------------------------------------------
 1 | title: Only passwords 3
 2 | password: Hatless,hertz,C4lzone
 3 | inject_id: protected
 4 | delete_id: teaser
 5 | 
 6 | /// html | div#teaser
 7 | 
 8 | The following passwords are valid to decrypt this page:
 9 | 
10 |   - Hatless,hertz,C4lzone
11 | 
12 | If you use one of these passwords, you'd also be able to decrypt [only passwords 1](onlypasswords1.md) and [only passwords 2](onlypasswords2.md).
13 | 
14 | > **Note:** It will take some time if you use the password "Hatless,hertz,C4lzone"
15 | > because it has to be tried on seven challenges before it works.
16 | 
17 | ///
18 | /// html | div#protected
19 | 
20 | <h1>Page decrypted</h1>
21 | 
22 | The following password **was** used to decrypt this page:
23 | 
24 |   - Hatless,hertz,C4lzone
25 | 
26 | You're also able to decrypt [only passwords 1](onlypasswords1.md) and [only passwords 2](onlypasswords2.md).
27 | 
28 | > **Note:** It took some time if you used the password "Hatless,hertz,C4lzone"
29 | > because it had to be tried on seven challenges before it worked.
30 | 
31 | <script id="autostart">
32 | const ctheme = 'css/w3-theme-44bb4f-mono';
33 | document.getElementById('theme-auto').href = base_url + '/' + ctheme + '.css';
34 | document.getElementById('theme-light').href = base_url + '/' + ctheme + '-light.css';
35 | document.getElementById('theme-dark').href = base_url + '/' + ctheme + '-dark.css';
36 | </script>
37 | ///


--------------------------------------------------------------------------------
/documentation/docs/testbench/search.md:
--------------------------------------------------------------------------------
 1 | title: Search encryption
 2 | 
 3 | This test checks whether there exist encrypted search entries...
 4 | 
 5 | First line is an entry in the search_index.json and second is the encryptcontent-index from sessionStorage.
 6 | 
 7 | If nothing was decrypted, yet, they must match (otherwise open a new tab).
 8 | 
 9 | Now decrypt pages and check if the search_index decrypted the entries.
10 | 
11 | /// html | div#searchtest-output
12 |     attrs: {class: 'w3-responsive'}
13 | 
14 | empty
15 | 
16 | ///
17 | 
18 | <script>
19 | var searchtest_output = document.getElementById('searchtest-output');
20 | 
21 | fetch(base_url + '/search/search_index.json')
22 | .then(
23 |   function(response) {
24 |     if (response.status !== 200) {
25 |       searchtest_output.innerHTML = "error fetching search_index.json: "+response.status;
26 |       return;
27 |     }
28 |     response.json().then(
29 |       function(data) {
30 |         let sessionIndex = sessionStorage.getItem('encryptcontent-index')
31 |         if (sessionIndex) {
32 |             sessionIndex = JSON.parse(sessionIndex);
33 |         } else {
34 |             searchtest_output.innerHTML = "Please hit refresh.";
35 |             return;
36 |         }
37 |         let output='';
38 |         for (let i = 0; i < data.docs.length; i++) {
39 |           if (data.docs[i].location.startsWith('encryptcontent_plugin_')) {
40 |             output = output + '<p>' + data.docs[i].location + ' <br>' + sessionIndex.docs[i].location + '</p>';
41 |           }
42 |         }
43 |       searchtest_output.innerHTML = output;
44 |       }
45 |     );
46 |   }
47 | )
48 | .catch(
49 |   function(err) {
50 |     searchtest_output.innerHTML = "error fetching search_index.json: "+err;
51 |   }
52 | );
53 | </script>


--------------------------------------------------------------------------------
/documentation/docs/testbench/share.de.md:
--------------------------------------------------------------------------------
  1 | title: Encode share link
  2 | 
  3 | # Various tests
  4 | 
  5 | [Test1a (user: dave)](userpass1.md#IWRhdmU6bnVDbGVhcl9sdWxsYWJ5X3VudmVpbGVkX2c0cmxpYw)\
  6 | [Test1b (user: dave)](userpass1.md#!dave:nuClear_lullaby_unveiled_g4rlic)
  7 | 
  8 | [Test2a (user: dave, go to anchor-6)](anchor.md#IWRhdmU6bnVDbGVhcl9sdWxsYWJ5X3VudmVpbGVkX2c0cmxpYw#anchor-6)\
  9 | [Test2b (user: dave, go to anchor-6)](anchor.md#!dave:nuClear_lullaby_unveiled_g4rlic#anchor-6)
 10 | 
 11 | [Test3a (password: m00dy#augmented#Arsonist)](onlypasswords2.md#ITptMDBkeSNhdWdtZW50ZWQjQXJzb25pc3Q)\
 12 | [Test3b (password: SpotChestOilCycle22)](onlypasswords2.md#!SpotChestOilCycle22)
 13 | 
 14 | [Test4a (obfuscate: Kriechtier hau ab!)](obfuscate.md#ITpLcmllY2h0aWVyIGhhdSBhYiE)\
 15 | [Test4b (obfuscate: Kriechtier hau ab!)](obfuscate.md#!Kriechtier%20hau%20ab!)
 16 | 
 17 | # Create share link
 18 | 
 19 | <div class="w3-row-padding" style="padding-left: 0px;">
 20 |   <div class="w3-third">
 21 |     <label for="share-user">username</label>
 22 |     <input class="w3-input w3-border w3-hover-theme w3-theme-l1" name="share-user" id="share-user" type="text" value="dave" onchange="genB64Url();">
 23 |   </div>
 24 |   <div class="w3-third">
 25 |     <label for="share-pass">password</label>
 26 |     <input class="w3-input w3-border w3-hover-theme w3-theme-l1" name="share-pass" id="share-pass" type="text" value="nuClear_lullaby_unveiled_g4rlic" onchange="genB64Url();">
 27 |   </div>
 28 | </div>
 29 | 
 30 | <div class="w3-row-padding w3-margin-top" style="padding-left: 0px;">
 31 |   <div class="w3-twothird">
 32 |     <label for="share-output">output</label>
 33 |     <input class="w3-input w3-border w3-hover-theme w3-theme-l1" name="share-output" id="share-output" type="text" onchange="decB64Url();">
 34 |     <div id="output-length"></div>
 35 |   </div>
 36 | </div>
 37 | 
 38 | <div class="w3-row-padding w3-margin-top" style="padding-left: 0px;">
 39 |   <div class="w3-twothird">
 40 |     <label for="share-decode">decoded</label>
 41 |     <code name="share-decode" id="share-decode" type="text"></code>
 42 |     <div id="decode-length"></div>
 43 |   </div>
 44 | </div>
 45 | 
 46 | <script>
 47 | var share_user = document.getElementById('share-user');
 48 | var share_pass = document.getElementById('share-pass');
 49 | var share_output = document.getElementById('share-output');
 50 | var share_decode = document.getElementById('share-decode');
 51 | var share_url = document.getElementById('share-url');
 52 | var output_length = document.getElementById('output-length');
 53 | var decode_length = document.getElementById('decode-length');
 54 | var url_length = document.getElementById('url-length');
 55 | 
 56 | 
 57 | //https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
 58 | function base64ToBytes(base64) {
 59 |   const binString = atob(base64);
 60 |   return Uint8Array.from(binString, (m) => m.codePointAt(0));
 61 | }
 62 | 
 63 | function bytesToBase64(bytes) {
 64 |   const binString = Array.from(bytes, (x) => String.fromCodePoint(x)).join("");
 65 |   return btoa(binString);
 66 | }
 67 | 
 68 | function base64url_decode(input) {
 69 |     try {
 70 |         return new TextDecoder().decode(base64ToBytes(input.replace(/-/g, '+').replace(/_/g, '/')));
 71 |     }
 72 |     catch (err) {
 73 |         return "!ERROR!";
 74 |     }
 75 | }
 76 | function base64url_encode(input) {
 77 |     try {
 78 |         return bytesToBase64(new TextEncoder().encode(input)).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
 79 |     }
 80 |     catch (err) {
 81 |         return "!ERROR!";
 82 |     }
 83 | }
 84 | 
 85 | 
 86 | function genB64Url() {
 87 |     const str = "!" + share_user.value + ":" + share_pass.value;
 88 |     let encstr = base64url_encode(str);
 89 |     share_output.value = '#' + encstr;
 90 |     decB64Url()
 91 | }
 92 | 
 93 | function decB64Url() {
 94 |     let encstr = share_output.value.substr(1);
 95 |     output_length.innerHTML = "length: " + encstr.length;
 96 |     let decstr = base64url_decode(encstr)
 97 |     share_decode.textContent = decstr;
 98 |     decode_length.innerHTML = "length: " + decstr.length;
 99 | }
100 | genB64Url();
101 | 
102 | </script>
103 | 
104 | # Sharelinks output
105 | 
106 | sharelinks.txt
107 | 
108 | ```
109 | {% include "../../sharelinks.txt" %}
110 | ```
111 | 


--------------------------------------------------------------------------------
/documentation/docs/testbench/share.md:
--------------------------------------------------------------------------------
  1 | title: Encode share link
  2 | 
  3 | # Various tests
  4 | 
  5 | [Test1a (user: dave)](userpass1.md#IWRhdmU6bnVDbGVhcl9sdWxsYWJ5X3VudmVpbGVkX2c0cmxpYw)\
  6 | [Test1b (user: dave)](userpass1.md#!dave:nuClear_lullaby_unveiled_g4rlic)
  7 | 
  8 | [Test2a (user: dave, go to anchor-6)](anchor.md#IWRhdmU6bnVDbGVhcl9sdWxsYWJ5X3VudmVpbGVkX2c0cmxpYw#anchor-6)\
  9 | [Test2b (user: dave, go to anchor-6)](anchor.md#!dave:nuClear_lullaby_unveiled_g4rlic#anchor-6)
 10 | 
 11 | [Test3a (password: m00dy#augmented#Arsonist)](onlypasswords2.md#ITptMDBkeSNhdWdtZW50ZWQjQXJzb25pc3Q)\
 12 | [Test3b (password: SpotChestOilCycle22)](onlypasswords2.md#!SpotChestOilCycle22)
 13 | 
 14 | [Test4a (obfuscate: Crawler be gone!)](obfuscate.md#ITpDcmF3bGVyIGJlIGdvbmUh)\
 15 | [Test4b (obfuscate: Crawler be gone!)](obfuscate.md#!Crawler%20be%20gone!)
 16 | 
 17 | # Create share link
 18 | 
 19 | <div class="w3-row-padding" style="padding-left: 0px;">
 20 |   <div class="w3-third">
 21 |     <label for="share-user">username</label>
 22 |     <input class="w3-input w3-border w3-hover-theme w3-theme-l1" name="share-user" id="share-user" type="text" value="dave" onchange="genB64Url();">
 23 |   </div>
 24 |   <div class="w3-third">
 25 |     <label for="share-pass">password</label>
 26 |     <input class="w3-input w3-border w3-hover-theme w3-theme-l1" name="share-pass" id="share-pass" type="text" value="nuClear_lullaby_unveiled_g4rlic" onchange="genB64Url();">
 27 |   </div>
 28 | </div>
 29 | 
 30 | <div class="w3-row-padding w3-margin-top" style="padding-left: 0px;">
 31 |   <div class="w3-twothird">
 32 |     <label for="share-output">output</label>
 33 |     <input class="w3-input w3-border w3-hover-theme w3-theme-l1" name="share-output" id="share-output" type="text" onchange="decB64Url();">
 34 |     <div id="output-length"></div>
 35 |   </div>
 36 | </div>
 37 | 
 38 | <div class="w3-row-padding w3-margin-top" style="padding-left: 0px;">
 39 |   <div class="w3-twothird">
 40 |     <label for="share-decode">decoded</label>
 41 |     <code name="share-decode" id="share-decode" type="text"></code>
 42 |     <div id="decode-length"></div>
 43 |   </div>
 44 | </div>
 45 | 
 46 | <script>
 47 | var share_user = document.getElementById('share-user');
 48 | var share_pass = document.getElementById('share-pass');
 49 | var share_output = document.getElementById('share-output');
 50 | var share_decode = document.getElementById('share-decode');
 51 | var share_url = document.getElementById('share-url');
 52 | var output_length = document.getElementById('output-length');
 53 | var decode_length = document.getElementById('decode-length');
 54 | var url_length = document.getElementById('url-length');
 55 | 
 56 | 
 57 | //https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
 58 | function base64ToBytes(base64) {
 59 |   const binString = atob(base64);
 60 |   return Uint8Array.from(binString, (m) => m.codePointAt(0));
 61 | }
 62 | 
 63 | function bytesToBase64(bytes) {
 64 |   const binString = Array.from(bytes, (x) => String.fromCodePoint(x)).join("");
 65 |   return btoa(binString);
 66 | }
 67 | 
 68 | function base64url_decode(input) {
 69 |     try {
 70 |         return new TextDecoder().decode(base64ToBytes(input.replace(/-/g, '+').replace(/_/g, '/')));
 71 |     }
 72 |     catch (err) {
 73 |         return "!ERROR!";
 74 |     }
 75 | }
 76 | function base64url_encode(input) {
 77 |     try {
 78 |         return bytesToBase64(new TextEncoder().encode(input)).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
 79 |     }
 80 |     catch (err) {
 81 |         return "!ERROR!";
 82 |     }
 83 | }
 84 | 
 85 | 
 86 | function genB64Url() {
 87 |     const str = "!" + share_user.value + ":" + share_pass.value;
 88 |     let encstr = base64url_encode(str);
 89 |     share_output.value = '#' + encstr;
 90 |     decB64Url()
 91 | }
 92 | 
 93 | function decB64Url() {
 94 |     let encstr = share_output.value.substr(1);
 95 |     output_length.innerHTML = "length: " + encstr.length;
 96 |     let decstr = base64url_decode(encstr)
 97 |     share_decode.textContent = decstr;
 98 |     decode_length.innerHTML = "length: " + decstr.length;
 99 | }
100 | genB64Url();
101 | 
102 | </script>
103 | 
104 | # Sharelinks output
105 | 
106 | sharelinks.txt
107 | 
108 | ```
109 | {% include "../../sharelinks.txt" %}
110 | ```
111 | 


--------------------------------------------------------------------------------
/documentation/docs/testbench/test1.md:
--------------------------------------------------------------------------------
 1 | title: Test1
 2 | level: test1
 3 | sharelink: true
 4 | 
 5 | <script id="autostart">
 6 | const ctheme = 'css/w3-theme-44bb4f-mono';
 7 | document.getElementById('theme-auto').href = base_url + '/' + ctheme + '.css';
 8 | document.getElementById('theme-light').href = base_url + '/' + ctheme + '-light.css';
 9 | document.getElementById('theme-dark').href = base_url + '/' + ctheme + '-dark.css';
10 | </script>
11 | <h1>Page decrypted</h1>


--------------------------------------------------------------------------------
/documentation/docs/testbench/test2.md:
--------------------------------------------------------------------------------
 1 | title: Test2
 2 | level: test2
 3 | sharelink: true
 4 | 
 5 | <script id="autostart">
 6 | const ctheme = 'css/w3-theme-44bb4f-mono';
 7 | document.getElementById('theme-auto').href = base_url + '/' + ctheme + '.css';
 8 | document.getElementById('theme-light').href = base_url + '/' + ctheme + '-light.css';
 9 | document.getElementById('theme-dark').href = base_url + '/' + ctheme + '-dark.css';
10 | </script>
11 | <h1>Page decrypted</h1>


--------------------------------------------------------------------------------
/documentation/docs/testbench/test3.md:
--------------------------------------------------------------------------------
 1 | title: Test3
 2 | level: test3
 3 | sharelink: true
 4 | 
 5 | <script id="autostart">
 6 | const ctheme = 'css/w3-theme-44bb4f-mono';
 7 | document.getElementById('theme-auto').href = base_url + '/' + ctheme + '.css';
 8 | document.getElementById('theme-light').href = base_url + '/' + ctheme + '-light.css';
 9 | document.getElementById('theme-dark').href = base_url + '/' + ctheme + '-dark.css';
10 | </script>
11 | <h1>Page decrypted</h1>


--------------------------------------------------------------------------------
/documentation/docs/testbench/test4.md:
--------------------------------------------------------------------------------
 1 | title: Test4
 2 | level: test4
 3 | sharelink: true
 4 | 
 5 | <script id="autostart">
 6 | const ctheme = 'css/w3-theme-44bb4f-mono';
 7 | document.getElementById('theme-auto').href = base_url + '/' + ctheme + '.css';
 8 | document.getElementById('theme-light').href = base_url + '/' + ctheme + '-light.css';
 9 | document.getElementById('theme-dark').href = base_url + '/' + ctheme + '-dark.css';
10 | </script>
11 | <h1>Page decrypted</h1>


--------------------------------------------------------------------------------
/documentation/docs/testbench/test5.md:
--------------------------------------------------------------------------------
 1 | title: Test5
 2 | level: test5
 3 | sharelink: true
 4 | 
 5 | <script id="autostart">
 6 | const ctheme = 'css/w3-theme-44bb4f-mono';
 7 | document.getElementById('theme-auto').href = base_url + '/' + ctheme + '.css';
 8 | document.getElementById('theme-light').href = base_url + '/' + ctheme + '-light.css';
 9 | document.getElementById('theme-dark').href = base_url + '/' + ctheme + '-dark.css';
10 | </script>
11 | <h1>Page decrypted</h1>


--------------------------------------------------------------------------------
/documentation/docs/testbench/userpass1.de.md:
--------------------------------------------------------------------------------
 1 | title: Benutzername / Passwort 1
 2 | level: user_and_passwords1
 3 | inject_id: protected
 4 | delete_id: teaser
 5 | sharelink: true
 6 | 
 7 | /// html | div#teaser
 8 | 
 9 | Es ist möglich diese Seite mit einem der folgenden Benutzername/Passwort Kombinationen zu entschlüsseln:
10 | 
11 |   - alice: Racoon Superstore obnoxious23
12 |   - bob: AbidingScooterRuinedCC:Cactus
13 |   - carol: Worry-Bony-Glide-Mace!
14 |   - carlos: Arre5tConfused Pentagon
15 |   - charlie: gear.code.blonde.at0ll
16 |   - dan: oxidize,croissant,ClubHouse5
17 |   - dave: nuClear_lullaby_unveiled_g4rlic
18 |   - david: establishRelishBlushV3nus
19 | 
20 | Wenn einer der unteren vier Benutzer eingegeben wird, dann wird auch [Benutzername/Passwort 2](userpass2.md) entschlüsselt.
21 | 
22 | ///
23 | /// html | div#protected
24 | 
25 | <h1>Seite entschlüsselt</h1>
26 | 
27 | Eines dieser Benutzername/Passwort Kombinationen **wurde** verwendet um diese Seite zu entschlüsseln:
28 | 
29 |   - alice: Racoon Superstore obnoxious23
30 |   - bob: AbidingScooterRuinedCC:Cactus
31 |   - carol: Worry-Bony-Glide-Mace!
32 |   - carlos: Arre5tConfused Pentagon
33 |   - charlie: gear.code.blonde.at0ll
34 |   - dan: oxidize,croissant,ClubHouse5
35 |   - dave: nuClear_lullaby_unveiled_g4rlic
36 |   - david: establishRelishBlushV3nus
37 | 
38 | Wenn einer der untersten vier Benutzer eingegeben wurde, dann kann auch [Benutzername/Passwort 2](userpass2.md)
39 | entschlüsselt werden.
40 | 
41 | <script id="autostart">
42 | const ctheme = 'css/w3-theme-44bb4f-mono';
43 | document.getElementById('theme-auto').href = base_url + '/' + ctheme + '.css';
44 | document.getElementById('theme-light').href = base_url + '/' + ctheme + '-light.css';
45 | document.getElementById('theme-dark').href = base_url + '/' + ctheme + '-dark.css';
46 | </script>
47 | ///


--------------------------------------------------------------------------------
/documentation/docs/testbench/userpass1.md:
--------------------------------------------------------------------------------
 1 | title: User / Password 1
 2 | level: user_and_passwords1
 3 | inject_id: protected
 4 | delete_id: teaser
 5 | 
 6 | /// html | div#teaser
 7 | 
 8 | The following user/passwords are valid to decrypt this page:
 9 | 
10 |   - alice: Racoon Superstore obnoxious23
11 |   - bob: AbidingScooterRuinedCC:Cactus
12 |   - carol: Worry-Bony-Glide-Mace!
13 |   - carlos: Arre5tConfused Pentagon
14 |   - charlie: gear.code.blonde.at0ll
15 |   - dan: oxidize,croissant,ClubHouse5
16 |   - dave: nuClear_lullaby_unveiled_g4rlic
17 |   - david: establishRelishBlushV3nus
18 | 
19 | If you use one of the last four users, you'd also be able to decrypt [User/Password 2](userpass2.md).
20 | 
21 | ///
22 | /// html | div#protected
23 | 
24 | <h1>Page decrypted</h1>
25 | 
26 | One of the following user/passwords **were** used to decrypt this page:
27 | 
28 |   - alice: Racoon Superstore obnoxious23
29 |   - bob: AbidingScooterRuinedCC:Cactus
30 |   - carol: Worry-Bony-Glide-Mace!
31 |   - carlos: Arre5tConfused Pentagon
32 |   - charlie: gear.code.blonde.at0ll
33 |   - dan: oxidize,croissant,ClubHouse5
34 |   - dave: nuClear_lullaby_unveiled_g4rlic
35 |   - david: establishRelishBlushV3nus
36 | 
37 | If you used one of the last four users, you'd also be able to decrypt [User/Password 2](userpass2.md).
38 | 
39 | <script id="autostart">
40 | const ctheme = 'css/w3-theme-44bb4f-mono';
41 | document.getElementById('theme-auto').href = base_url + '/' + ctheme + '.css';
42 | document.getElementById('theme-light').href = base_url + '/' + ctheme + '-light.css';
43 | document.getElementById('theme-dark').href = base_url + '/' + ctheme + '-dark.css';
44 | </script>
45 | ///


--------------------------------------------------------------------------------
/documentation/docs/testbench/userpass2.de.md:
--------------------------------------------------------------------------------
 1 | title: Benutzername / Passwort 2
 2 | level: user_and_passwords2
 3 | inject_id: protected
 4 | delete_id: teaser
 5 | 
 6 | /// html | div#teaser
 7 | 
 8 | Es ist möglich diese Seite mit einem der folgenden Benutzername/Passwort Kombinationen zu entschlüsseln:
 9 | 
10 |   - charlie: gear.code.blonde.at0ll
11 |   - dan: oxidize,croissant,ClubHouse5
12 |   - dave: nuClear_lullaby_unveiled_g4rlic
13 |   - david: establishRelishBlushV3nus
14 | 
15 | Wenn einer dieser Benutzer eingegeben wurde, dann wird auch [Benutzername/Passwort 1](userpass1.md) entschlüsselt.
16 | 
17 | ///
18 | /// html | div#protected
19 | 
20 | <h1>Seite entschlüsselt</h1>
21 | 
22 | Eines dieser Benutzername/Passwort Kombinationen **wurde** verwendet um diese Seite zu entschlüsseln:
23 | 
24 |   - charlie: gear.code.blonde.at0ll
25 |   - dan: oxidize,croissant,ClubHouse5
26 |   - dave: nuClear_lullaby_unveiled_g4rlic
27 |   - david: establishRelishBlushV3nus
28 | 
29 | Nun kann auch [Benutzername/Passwort 1](userpass1.md) entschlüsselt werden.
30 | 
31 | <script id="autostart">
32 | const ctheme = 'css/w3-theme-44bb4f-mono';
33 | document.getElementById('theme-auto').href = base_url + '/' + ctheme + '.css';
34 | document.getElementById('theme-light').href = base_url + '/' + ctheme + '-light.css';
35 | document.getElementById('theme-dark').href = base_url + '/' + ctheme + '-dark.css';
36 | </script>
37 | ///


--------------------------------------------------------------------------------
/documentation/docs/testbench/userpass2.md:
--------------------------------------------------------------------------------
 1 | title: User / Password 2
 2 | level: user_and_passwords2
 3 | inject_id: protected
 4 | delete_id: teaser
 5 | 
 6 | /// html | div#teaser
 7 | 
 8 | The following user/passwords are valid to decrypt this page:
 9 | 
10 |   - charlie: gear.code.blonde.at0ll
11 |   - dan: oxidize,croissant,ClubHouse5
12 |   - dave: nuClear_lullaby_unveiled_g4rlic
13 |   - david: establishRelishBlushV3nus
14 | 
15 | If you use one of these users, you'd also be able to decrypt [User/Password 1](userpass1.md).
16 | 
17 | ///
18 | /// html | div#protected
19 | 
20 | <h1>Page decrypted</h1>
21 | 
22 | One of the following passwords **were** used to decrypt this page:
23 | 
24 |   - charlie: gear.code.blonde.at0ll
25 |   - dan: oxidize,croissant,ClubHouse5
26 |   - dave: nuClear_lullaby_unveiled_g4rlic
27 |   - david: establishRelishBlushV3nus
28 | 
29 | You're also able to decrypt [User/Password 1](userpass1.md).
30 | 
31 | <script id="autostart">
32 | const ctheme = 'css/w3-theme-44bb4f-mono';
33 | document.getElementById('theme-auto').href = base_url + '/' + ctheme + '.css';
34 | document.getElementById('theme-light').href = base_url + '/' + ctheme + '-light.css';
35 | document.getElementById('theme-dark').href = base_url + '/' + ctheme + '-dark.css';
36 | </script>
37 | ///


--------------------------------------------------------------------------------
/documentation/docs/usage.md:
--------------------------------------------------------------------------------
  1 | # Usage
  2 | 
  3 | Add a tag like `password: secret password` to your pages [Meta-Data](https://www.mkdocs.org/user-guide/writing-your-docs/#yaml-style-meta-data) to protect them.
  4 | 
  5 | Alternatively add a meta tag like `level: secret` to use one or more secrets defined at the
  6 | plugin's `password_inventory` or `password_file` in your "mkdocs.yml" (see below).
  7 | 
  8 | 
  9 | ## Password inventory
 10 | 
 11 | With the `password_inventory` you can define protection levels (assigned with the meta tag `level` in markdown files).
 12 | 
 13 | ```yaml
 14 | plugins:
 15 |     - encryptcontent:
 16 |         password_inventory:
 17 |           classified: 'password1'
 18 |           confidential:
 19 |             - 'password2'
 20 |             - 'password3'
 21 |           secret:
 22 |             user4: 'password4'
 23 |             user5: 'password5'
 24 | ```
 25 | 
 26 | These levels may be only one password (f.ex. classified), a list of multiple passwords (f.ex. confidential)
 27 | or multiple username/password pairs (f.ex. secret).
 28 | It is possible to reuse credentials at different levels.
 29 | 
 30 | >Note that a "list of multiple passwords" comes with a downside: All entries may be tested because unlike "user/password pairs"
 31 | >there is no hint to determine the distinct entry to try
 32 | >(At least I found no hint that wouldn't make it easier for a brute force attacker).
 33 | >This means, that a high `kdf_pow` could cause long waiting time even if the right password was entered.
 34 | 
 35 | The plugin will generate one secret key for each level, which is then used to encrypt the assigned sites.
 36 | 
 37 | To indicate that your Markdown file should be encrypted for level "secret", add the following metadata at the beginning of the file:
 38 | 
 39 | ```markdown
 40 | ---
 41 | level: secret
 42 | ---
 43 | This is the first paragraph of the document.
 44 | ```
 45 | 
 46 | 
 47 | ### Password inventory in external file
 48 | 
 49 | You can define password levels in an external yaml file and link it with `password_file`.
 50 | The intention is to separate sensitive information from configuration options.
 51 | 
 52 | ```yaml
 53 | plugins:
 54 |     - encryptcontent:
 55 |         password_file: 'passwords.yml'
 56 | ```
 57 | 
 58 | passwords.yml:
 59 | ```yaml
 60 | classified: 'password1'
 61 | confidential:
 62 |     - 'password2'
 63 |     - 'password3'
 64 | secret:
 65 |     user4: 'password4'
 66 |     user5: 'password5'
 67 | ```
 68 | 
 69 | ## Global password protection
 70 | 
 71 | Add `global_password: your_password` in plugin configuration variable, to protect all pages with this password by default
 72 | 
 73 | ```yaml
 74 | plugins:
 75 |     - encryptcontent:
 76 |         global_password: 'your_password'
 77 | ```
 78 | 
 79 | If the password meta tag is defined in a markdown file, it will **ALWAYS** override the global password.
 80 | 
 81 | > **NOTE** Keep in mind that if the `password:` tag exists without value in a page, it will **not be protected** !
 82 | > Use this to **disable** `global_password` on specific pages.
 83 | 
 84 | ### Global passwords in inventory
 85 | 
 86 | You can add the special level `_global`, which will be applied globally on all sites like this:
 87 | 
 88 | ```yaml
 89 | plugins:
 90 |     - encryptcontent:
 91 |         password_inventory:
 92 |             _global: 'either define one password'
 93 |             _global:
 94 |                 - 'or define'
 95 |                 - 'multiple passwords'
 96 |             _global:
 97 |                 user1: 'or use user'
 98 |                 user2: 'and password pairs'
 99 | ```
100 | 
101 | > **NOTE** Add the meta tag `level:` (without a value) to pages which should be excluded from global password level.
102 | > Also note that it is always possible to set the page to a different level than the global one with the `level` meta tag.
103 | 
104 | ## Secret from environment
105 | 
106 | It is possible to read values from environment variable
107 | (as discribed [here](https://www.mkdocs.org/user-guide/configuration/#environment-variables)).
108 | This replaces the deprecated `use_secret` option from previous versions.
109 | 
110 | ```yaml
111 | plugins:
112 |     - encryptcontent:
113 |         password_inventory:
114 |             secret:
115 |                 user1: !ENV PASSWORD1_FROM_ENV
116 |                 user2: !ENV [PASSWORD2_FROM_ENV, 'Password if PASSWORD2_FROM_ENV undefined or empty']
117 |                 user3: !ENV [PASSWORD3_FROM_ENV, FALLBACK_PASSWORD3_FROM_ENV, 'Password if neither PASSWORD3_FROM_ENV nor FALLBACK_PASSWORD3_FROM_ENV defined']
118 | ```
119 | 
120 | ## Default vars customization
121 | 
122 | Optionally you can use some extra variables in plugin configuration to customize default strings.
123 | 
124 | ```yaml
125 | plugins:
126 |     - encryptcontent:
127 |         title_prefix: '[LOCK]'
128 |         summary: 'another informational message to encrypted content'
129 |         placeholder: 'another password placeholder'
130 |         decryption_failure_message: 'another informational message when decryption fails'
131 |         encryption_info_message: "another information message when you don't have access !"
132 |         input_class: 'md-search__form md-search__input'
133 |         button_class: 'md-search__icon'
134 | ```
135 | 
136 | Default prefix title is `[Protected]`.
137 | 
138 | Default summary message is `This content is protected with AES encryption.`.
139 | 
140 | Default password palceholder is `Provide password and press ENTER`.
141 | 
142 | Default decryption failure message is `Invalid password.`.
143 | 
144 | Defaut encryption information message is `Contact your administrator for access to this page.`.
145 | 
146 | > **NOTE** Adding a prefix to the title does not change the default navigation path !
147 | 
148 | ## Translations
149 | 
150 | If the plugin is used in conjunction with the [static-i18n](https://ultrabug.github.io/mkdocs-static-i18n/)
151 | plugin you can provide `translations` for the used `i18n_page_locale`.
152 | 
153 | ```yaml
154 |     - encryptcontent:
155 |         #...
156 |         translations:
157 |           de:
158 |             title_prefix: '[Verschlüsselt] '
159 |             summary: 'Der Inhalt dieser Seite ist mit AES verschlüsselt. '
160 |             placeholder: 'Mit Strg+Enter wird das Passwort global gesetzt'
161 |             password_button_text: 'Entschlüsseln'
162 |             decryption_failure_message: 'Falsches passwort.'
163 |             encryption_info_message: 'Bitte wenden Sie sich an den Systemadministrator um auf diese Seite zuzugreifen.'
164 | ```
165 | 
166 | ### Custom per-page strings
167 | 
168 | You can set the  meta tag `encryption_summary` to customize `summary` and `encryption_info_message` on every page.
169 | 
170 | ## Obfuscate pages
171 | 
172 | If you want to make it harder for search engines to scrape you pages content,
173 | you can set `obfuscate: SomeNotSoSecretPassword` meta tag in markdown.
174 | 
175 | The page then will display `summary` and `encryption_info_message` together with a button labeled with
176 | `password_button_text`. In order to view the pages content one hast to press the button first.
177 | 
178 | If a `password` or `level` is set, then the `obfuscate` feature will be disabled.
179 | If you want to use `obfuscate` in a configuration where `global_password` or `_global` level is defined,
180 | you'll need to set the `password:` or rather `level:` meta tag (with no password/level defined) to undefine the password on this page.
181 | 
182 | The keys to all obfuscated pages are also saved in every keystore, so they are decrypted if someone entered
183 | correct credentials.
184 | 
185 | 
186 | ## Example plugin configuration
187 | 
188 | ```yaml
189 | plugins:
190 |     - encryptcontent:
191 |         title_prefix: ''
192 |         summary: ''
193 |         placeholder: 'Password'
194 |         placeholder_user: User
195 |         password_button_text: 'ENTER'
196 |         decryption_failure_message: 'Wrong user name or password.'
197 |         encryption_info_message: 'Legitimation required.'
198 |         translations:
199 |           de:
200 |             title_prefix: ''
201 |             summary: ''
202 |             placeholder: 'Passwort'
203 |             placeholder_user: Benutzer
204 |             password_button_text: 'ENTER'
205 |             decryption_failure_message: 'Falscher Benutzer oder Passwort.'
206 |             encryption_info_message: 'Legitimation erforderlich.'
207 |         html_template_path: "decrypt-form.tpl.html" # override default html template
208 |         password_button: True
209 |         input_class: 'w3-input' # CSS class used for input username and password
210 |         button_class: 'w3-button w3-theme-l1 w3-hover-theme' # CSS class for password_button
211 |         hljs: False
212 |         arithmatex: False
213 |         mermaid2: False
214 |         remember_keys: true # keys from keystore will temporarily saved to sessionStorage
215 |         remember_password: false # the entered credentials are not saved
216 |         remember_prefix: encryptcontent_plugin_ # use different prefixes if other sites are running on the same domain
217 |         encrypted_something: # additionally encrypt some html elements
218 |           #myNav: [div, id]
219 |           myToc: [div, id]
220 |           myTocButton: [div, id]
221 |         search_index: 'dynamically' # dynamically encrypt mkdocs search index
222 |         webcrypto: true # use browsers webcrypto support
223 |         #selfhost: true # use self-hosted crypto-js
224 |         #selfhost_download: true # download crypt-js for self-hosting
225 |         #selfhost_dir: 'theme_override' # where to download crypto-js
226 |         #reload_scripts:
227 |         #  - '#theme'
228 |         password_file: 'passwords.yml' # file with password inventory
229 |         threshold_warning_min_entropy: 100 # warn if password entropy is below this value
230 |         #kdf_pow: 4 # default for crypto-js: 4, default for webcrypto: 5
231 |         sign_files: 'encryptcontent-plugin.json' # save ed25519 signatures here
232 |         #hash_filenames: # add hash to file names of assets (to make them impossible to guess
233 |         #  extensions:
234 |         #    - 'png'
235 |         #    - 'jpg'
236 |         #    - 'jpeg'
237 |         #    - 'svg'
238 |         #  except:
239 |         #    - 'logo.svg'
240 | ```
241 | 


--------------------------------------------------------------------------------
/documentation/encryptcontent.cache:
--------------------------------------------------------------------------------
 1 | kdf_iterations: 100000
 2 | obfuscate:
 3 |   Crawler be gone!: 0f55b28d6b4c41b39ab02050244006b6935cae92f202aebf9ef7087bfeec8817;ac4e84ab4d80c19ab10fa1c8ffa91d48;1d33d92c9a0575adc758448318661831aca40e21d6a2df25289dd7ec6c8eaff9
 4 |   Kriechtier hau ab!: 530113ac1dfb0546568a826dd154cc0cb32614f81e9be57d7da2023e4c7c564b;514751d957e2dcd6d823c4eac76277ee;742046b038ee3ac691c570072da792e27c2cd4e4559cd12e6fc789062b55f5ba
 5 | password:
 6 |   C4bbage Profile blinking: e44c04c01fbaa072b8e894d618d05db73f724eabd367904ea4c1848057563aa6;a126c0c006a7e2630967cb760a5abd32;94f412a70a4d3b4706ba1430bde980bb64d181547ff74c9d42f4520d807c0cdb
 7 |   Clique.Shampoo.Ve55el: b14e82fac7d5e71a688b8ee693441092b1f986090816b50825942da75000704e;91075dcb83380e9eb57735b253d0e602;71f79f20ed1ff827531bb581334583168f3cb66f6afec2ac5a329b88d396aae9
 8 |   Hatless,hertz,C4lzone: 4f867fda2a55bdcea4c9282a0f9500c8d242a7e546dced53fcaa01f6ea88d478;b5bba1e47841d4c1f92d48b1c7a568cc;f0aabe443c278b157d7c6e34eb67a9273e33acd4d9324dcf14a5fcdd32af2883
 9 |   Head32_Sculpture_bovine_: c91429da7625f5bbadfdde1a04355dc487ac4493042e795f3deb5f1ba14554be;4c13f011fffd76c221a97b11a37adf1d;41e11778e2f2d5c1551392aba6f96dbd580426b109a3cea1f2b62cc323d43563
10 |   Negotiator-leftover-567: 4fdc5a958d58b91dffaf6b1afef75906d7e6d63fd4cef79f92970042a768db0d;5a262dd04653138f921e4c795a27433d;a774c2d2cbba8e60ed37cc32846a18b8149698e2c5a3a2ec55f722b5b5385947
11 |   Password if PASSWORD2_FROM_ENV undefined or empty: afc8dfdd42daff85b4366b8565115158fa8f34e24eca87e93d14a2e4e13effbf;f0d7ce859b19e2ae581619c92e8f6bbb;25beb0c687ad6c69c82f76951ba4e4f739465a55944ce66d903788e44ed3af27
12 |   SpotChestOilCycle22: f024872a4c3269d9ee6bb0431bf2f84f45a47c1cb0c0a6809a03e65ad82c833e;a166b70a2586223ec774c83840f570fb;6f166999fdb5968851efd563c9231546c349da41281db994ec67cc1eeef05c5e
13 |   "TeGhD9aq\xDFQnHujmLdsa": 8ced5f4c26a9caaeb64859a16ec30dd08c79671bf3b9a4b3fdc49d0e52a66ef4;f07bfe75cae510567e6e2f24de6ae5d6;46ac08a4fdc9e7dcfd21bc4645e036d42bcf8c7c497a13d5e95f38aa67e29e1a
14 |   "WOgh0\xDCwyKHoc*I_das": 1dfe7d872b9513006d38ce247b210adecab11f80e4fbee41841a3a348dc2cfd5;1aa18d82558e29e1b3d925aacf572644;2a9afc1fa2f32b7eb75c9052cc0c9978c4808763118afdb6e1baa2e1f365f04d
15 |   "gncku\xE4shfliglkffhbvrG:Wurst": e4ad279aaf87fe509700885c2ada1712dffbf2820d270488b4e12cb3628ccf5c;da1c57514adbe32cf97f55f4ec95a061;ccda65e51e9b4643dc381fae28c25dc882989da4fdcbdeb0807479a7b7b25231
16 |   m00dy#augmented#Arsonist: 1d0f4bc6e0522616f994e809c46a88de67137e2d8a6fc37d87d909931a1f2000;e616e156db08731855be61ae2e357f9b;afe95398efc93acd6e37c1bb185e6b07d7ab944aea5a60c6187c717db8673bd5
17 |   moist:W00l:kept:royal: 969f2196c178a40693bb76372a9d5ab44f231f68e88e62eb28eb605be9ade5b1;e25064beb6674d563e6a2bfc29a0cdeb;4bb6ed11fa82cb2f1c9b3ad5dd092e740adfa356fb49102793979fdb7181d1ac
18 |   "yDAHKmYjmCsA\xE9kUChasd": 887dd96ab192b6d83acf853b75ca50a8997bd808f0dbf999c2b552ce5f3a05a5;2e062e42b03f6885fdd20302cfb802c6;0859304b34a323dd4388e6a7ff248f51dd8ca88d49804cb05dca84d92d2383dd
19 | userpass:
20 |   alice: d934e4ffff5ba9153fb2132e0612e712115222de4f5a0ea442189e1e6165d9ec;3318753822f08e506977bce9ba45f390;b9dda5ae9d522ebb921baeb5fc18bf42f12434142dd804cb51e413f4d77d84af
21 |   bob: 2cb3b98f0c0b262ba69b965d1fc5e5ab20f3b13a31d8cca7b863f52ae1a4f6cc;50af439e7b290e1a87da35ff89d11d15;464aff500cbc51a343d40df2149e129977ca1f0ee720dd8398afc29e5b8add38
22 |   carlos: b981c3831e7084fabe33490f905ea3f9f5f67c7b28e02c05810c4e49167255c5;19c354bccce0cf18d9b7897912833cb2;71b18753ecb8bf45fe26216dab5a42c7354248c4e104f1bedfaac0cb7aa6ce7d
23 |   carol: b71e9d5a770523349868e086f64e85ca455463170cb8cb8a6f42fa6e8e48d024;05205ff527bbcf6652c82be90182fc5a;d0f332a563327a57ef77b27e2124d9b11498236bd44e294319aefe7340d3008c
24 |   charlie: 8824950905311b88794df61725a67c96bba87f0dde6b5f17be5fd18d07d262e9;071fd5779282a6d4fa24f93a0d65ca2b;e388b4f36f17490de9024db442ce3e5fb8519d04f9f58823daeeac4d78fe66d9
25 |   dan: 226e4489b942f11aa38c9588b08a7cfe11d3dd1df05ad4b73d26af7d81c4ffda;2fd34f0ca35e7fe3ef1b61b524e44342;4e33dad99f63fb404b605fbab332fc7509f552485bc529a7a828d7701f009d86
26 |   dave: 115cd1e4cdd11d8151980275cb16bbbd6b10edbb8dd917740842cc192ce97644;0e30d05a90516da78bf21ec555beb442;c572a4ecf47faa2ee942580faf9f50d8ac73b0e91752967c874cbf92d3e3f27d
27 |   david: 03cfb3b44b73ecffbb225d7c4faa71cdd6bb0d3f255d43b9d5bba6f0296a5613;7b24d77abf9a4e890c92d3e2fd9e47dc;03018e5dd1050f072a9295c874f8b5f55ce559f1518541320768941f30d90ec9
28 | 


--------------------------------------------------------------------------------
/documentation/extra_css/stackoverflow-dark.min.css:
--------------------------------------------------------------------------------
 1 | pre code.hljs{display:block;overflow-x:auto;padding:1em}code.hljs{padding:3px 5px}/*!
 2 |   Theme: StackOverflow Dark
 3 |   Description: Dark theme as used on stackoverflow.com
 4 |   Author: stackoverflow.com
 5 |   Maintainer: @Hirse
 6 |   Website: https://github.com/StackExchange/Stacks
 7 |   License: MIT
 8 |   Updated: 2021-05-15
 9 | 
10 |   Updated for @stackoverflow/stacks v0.64.0
11 |   Code Blocks: /blob/v0.64.0/lib/css/components/_stacks-code-blocks.less
12 |   Colors: /blob/v0.64.0/lib/css/exports/_stacks-constants-colors.less
13 | */.hljs{color:#fff}.hljs-subst{color:#fff}.hljs-comment{color:#999}.hljs-attr,.hljs-doctag,.hljs-keyword,.hljs-meta .hljs-keyword,.hljs-section,.hljs-selector-tag{color:#88aece}.hljs-attribute{color:#c59bc1}.hljs-name,.hljs-number,.hljs-quote,.hljs-selector-id,.hljs-template-tag,.hljs-type{color:#f08d49}.hljs-selector-class{color:#88aece}.hljs-link,.hljs-regexp,.hljs-selector-attr,.hljs-string,.hljs-symbol,.hljs-template-variable,.hljs-variable{color:#b5bd68}.hljs-meta,.hljs-selector-pseudo{color:#88aece}.hljs-built_in,.hljs-literal,.hljs-title{color:#f08d49}.hljs-bullet,.hljs-code{color:#ccc}.hljs-meta .hljs-string{color:#b5bd68}.hljs-deletion{color:#de7176}.hljs-addition{color:#76c490}.hljs-emphasis{font-style:italic}.hljs-strong{font-weight:700}


--------------------------------------------------------------------------------
/documentation/extra_css/stackoverflow-light.min.css:
--------------------------------------------------------------------------------
 1 | pre code.hljs{display:block;overflow-x:auto;padding:1em}code.hljs{padding:3px 5px}/*!
 2 |   Theme: StackOverflow Light
 3 |   Description: Light theme as used on stackoverflow.com
 4 |   Author: stackoverflow.com
 5 |   Maintainer: @Hirse
 6 |   Website: https://github.com/StackExchange/Stacks
 7 |   License: MIT
 8 |   Updated: 2021-05-15
 9 | 
10 |   Updated for @stackoverflow/stacks v0.64.0
11 |   Code Blocks: /blob/v0.64.0/lib/css/components/_stacks-code-blocks.less
12 |   Colors: /blob/v0.64.0/lib/css/exports/_stacks-constants-colors.less
13 | */.hljs{color:#2f3337}.hljs-subst{color:#2f3337}.hljs-comment{color:#656e77}.hljs-attr,.hljs-doctag,.hljs-keyword,.hljs-meta .hljs-keyword,.hljs-section,.hljs-selector-tag{color:#015692}.hljs-attribute{color:#803378}.hljs-name,.hljs-number,.hljs-quote,.hljs-selector-id,.hljs-template-tag,.hljs-type{color:#b75501}.hljs-selector-class{color:#015692}.hljs-link,.hljs-regexp,.hljs-selector-attr,.hljs-string,.hljs-symbol,.hljs-template-variable,.hljs-variable{color:#54790d}.hljs-meta,.hljs-selector-pseudo{color:#015692}.hljs-built_in,.hljs-literal,.hljs-title{color:#b75501}.hljs-bullet,.hljs-code{color:#535a60}.hljs-meta .hljs-string{color:#54790d}.hljs-deletion{color:#c02d2e}.hljs-addition{color:#2f6f44}.hljs-emphasis{font-style:italic}.hljs-strong{font-weight:700}


--------------------------------------------------------------------------------
/documentation/hooks.py:
--------------------------------------------------------------------------------
  1 | import os
  2 | import logging
  3 | import hashlib
  4 | import sys
  5 | from urllib.request import urlopen
  6 | from os.path import exists
  7 | from pathlib import Path
  8 | 
  9 | from unittest.mock import patch
 10 | 
 11 | def md5(fname):
 12 |     hash_md5 = hashlib.md5()
 13 |     with open(fname, "rb") as f:
 14 |         for chunk in iter(lambda: f.read(4096), b""):
 15 |             hash_md5.update(chunk)
 16 |     return hash_md5.hexdigest()
 17 | 
 18 | def download_and_check(filename, url, hash):
 19 |     hash_md5 = hashlib.md5()
 20 |     logger = logging.getLogger("mkdocs.download_and_check")
 21 |     cur_dir = os.path.dirname(os.path.realpath(__file__))
 22 |     if not exists(filename):
 23 |         Path(cur_dir + '/' + filename.rsplit('/',1)[0]).mkdir(parents=True, exist_ok=True)
 24 |         with urlopen(url) as response:
 25 |             filecontent = response.read()
 26 |             hash_md5.update(filecontent)
 27 |             hash_check = hash_md5.hexdigest()
 28 |             if hash == hash_check:
 29 |                 with open(Path(cur_dir + '/' + filename), 'wb') as file:
 30 |                     file.write(filecontent)
 31 |                     logger.info('downloaded external asset "' + filename + '"')
 32 |             else:
 33 |                 logger.error('error downloading asset "' + filename + '" hash mismatch!')
 34 |                 os._exit(1)
 35 | 
 36 | def get_external_assets(config, **kwargs):
 37 |     download_and_check('theme_override/assets/javascripts/highlight.min.js',
 38 |         'https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.8.0/highlight.min.js',
 39 |         '02d5118842743b5d6d73bba11e8dd63a')
 40 |     download_and_check('theme_override/assets/javascripts/languages/django.min.js',
 41 |         'https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.8.0/languages/django.min.js',
 42 |         '09fe95df12981e92e1cf678a0029a0f7')
 43 |     download_and_check('theme_override/assets/javascripts/tex-chtml.js',
 44 |         'https://cdn.jsdelivr.net/npm/mathjax@3.2.2/es5/tex-chtml.js',
 45 |         '1d4e370eb01c3768d4304e3245b0afa6')
 46 |     download_and_check('theme_override/assets/javascripts/output/svg.js',
 47 |         'https://cdn.jsdelivr.net/npm/mathjax@3.2.2/es5/output/svg.js',
 48 |         '4f55967d16197ebb01b86356d8ab179a')
 49 |     download_and_check('theme_override/assets/javascripts/output/svg/fonts/tex.js',
 50 |         'https://cdn.jsdelivr.net/npm/mathjax@3.2.2/es5/output/svg/fonts/tex.js',
 51 |         '6eab785a3788ea805bd2b552d1f0aab8')
 52 |     download_and_check('theme_override/assets/javascripts/output/chtml/fonts/woff-v2/MathJax_Zero.woff',
 53 |         'https://cdn.jsdelivr.net/npm/mathjax@3.2.2/es5/output/chtml/fonts/woff-v2/MathJax_Zero.woff',
 54 |         'b26f96047d1cb466c83e9b27bf353c1f')
 55 |     download_and_check('theme_override/assets/javascripts/output/chtml/fonts/woff-v2/MathJax_Math-Italic.woff',
 56 |         'https://cdn.jsdelivr.net/npm/mathjax@3.2.2/es5/output/chtml/fonts/woff-v2/MathJax_Math-Italic.woff',
 57 |         '5589d1a8fc62be6613020ef2fa13e410')
 58 |     download_and_check('theme_override/assets/javascripts/output/chtml/fonts/woff-v2/MathJax_Main-Regular.woff',
 59 |         'https://cdn.jsdelivr.net/npm/mathjax@3.2.2/es5/output/chtml/fonts/woff-v2/MathJax_Main-Regular.woff',
 60 |         '9995de4787f908d8237dba7007f6c3fe')
 61 |     download_and_check('theme_override/assets/javascripts/output/chtml/fonts/woff-v2/MathJax_Size3-Regular.woff',
 62 |         'https://cdn.jsdelivr.net/npm/mathjax@3.2.2/es5/output/chtml/fonts/woff-v2/MathJax_Size3-Regular.woff',
 63 |         'a7860eaf63c39f2603165893ce61a878')
 64 |     download_and_check('theme_override/assets/javascripts/output/chtml/fonts/woff-v2/MathJax_Size1-Regular.woff',
 65 |         'https://cdn.jsdelivr.net/npm/mathjax@3.2.2/es5/output/chtml/fonts/woff-v2/MathJax_Size1-Regular.woff',
 66 |         '7ee67b5348ee634dd16b968d281cb882')
 67 | 
 68 |     download_and_check('theme_override/assets/javascripts/mermaid.min.js',
 69 |         'https://cdnjs.cloudflare.com/ajax/libs/mermaid/9.4.3/mermaid.min.js',
 70 |         'e1bdcac49c3a6464a9aa3c6082b1833e')
 71 | 
 72 | def create_readme(config, **kwargs):
 73 |     logger = logging.getLogger("mkdocs.create_readme")
 74 |     cur_dir = Path(os.path.dirname(os.path.realpath(__file__)))
 75 |     pypi_md = """[![PyPI Version](https://img.shields.io/pypi/v/mkdocs-encryptcontent-plugin.svg)](https://pypi.org/project/mkdocs-encryptcontent-plugin/)
 76 | [![PyPI downloads](https://img.shields.io/pypi/dm/mkdocs-encryptcontent-plugin.svg)](https://pypi.org/project/mkdocs-encryptcontent-plugin/)
 77 | [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 78 | 
 79 | """
 80 |     readme_file = cur_dir / Path('../README.md')
 81 | 
 82 |     with open(cur_dir / Path('docs/index.md'), "r") as f:
 83 |         index_md = f.read()
 84 |     readme_md = ''
 85 |     with open(cur_dir / Path('docs/installation.md'), "r") as f:
 86 |         readme_md = readme_md + f.read() + '\n'
 87 |     with open(cur_dir / Path('docs/usage.md'), "r") as f:
 88 |         readme_md = readme_md + f.read() + '\n'
 89 |     with open(cur_dir / Path('docs/features/index.md'), "r") as f:
 90 |         readme_md = readme_md + f.read() + '\n'
 91 |     with open(cur_dir / Path('docs/features/modifypages.md'), "r") as f:
 92 |         readme_md = readme_md + f.read() + '\n'
 93 |     with open(cur_dir / Path('docs/features/search.md'), "r") as f:
 94 |         readme_md = readme_md + f.read() + '\n'
 95 |     with open(cur_dir / Path('docs/features/jsext.md'), "r") as f:
 96 |         readme_md = readme_md + f.read() + '\n'
 97 |     with open(cur_dir / Path('docs/features/security.md'), "r") as f:
 98 |         readme_md = readme_md + f.read() + '\n'
 99 | 
100 |     with open(readme_file, "w") as f:
101 |         f.write(readme_md)
102 |     logger.info('wrote README.md')
103 |     try:
104 |         with patch('sys.argv', ['','../README.md']):
105 |             import markdowntoc
106 |             markdowntoc.main()
107 |     except:
108 |         logger.error('Please run "pip install markdown-toc"')
109 | 
110 |     with open(readme_file, "r") as f:
111 |         readme_md = f.read()
112 |     with open(readme_file, "w") as f:
113 |         f.write(pypi_md + index_md + readme_md)
114 | 


--------------------------------------------------------------------------------
/documentation/img/howitworks.odg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/unverbuggt/mkdocs-encryptcontent-plugin/3a99d7158cbf7522e83b5811b678732dbaf85cee/documentation/img/howitworks.odg


--------------------------------------------------------------------------------
/documentation/mkdocs.yml:
--------------------------------------------------------------------------------
  1 | site_name: MkDocs encryptcontent plugin V3
  2 | site_url: https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/
  3 | site_author: René Rüthlein
  4 | 
  5 | theme:
  6 |     name: risonia
  7 |     custom_dir: theme_override
  8 |     logo: img/logo.svg
  9 |     favicon: img/logo.ico
 10 |     extlink: True
 11 |     extblank: True
 12 |     zoom_img: True
 13 |     no_imprint: True
 14 | 
 15 | extra_javascript:
 16 |   - 'assets/javascripts/highlight.min.js'
 17 |   - 'assets/javascripts/languages/django.min.js'
 18 |   - 'assets/javascripts/tex-chtml.js'
 19 |   - 'assets/javascripts/mermaid.min.js'
 20 |   
 21 | nav:
 22 |     - Encryptcontent plugin V3: 'index.md'
 23 |     - 'installation.md'
 24 |     - 'usage.md'
 25 |     - Features:
 26 |       - 'features/index.md'
 27 |       - Modify pages: 'features/modifypages.md'
 28 |       - Search encryption: 'features/search.md'
 29 |       - Javascript extensions: 'features/jsext.md'
 30 |       - Security: 'features/security.md'
 31 |     - How does it work?: 'explanations.md'
 32 |     - Test bench: 
 33 |       - 'testbench/index.md'
 34 |       - Passwords:
 35 |         - Test1: 'testbench/onlypasswords1.md'
 36 |         - Test2: 'testbench/onlypasswords2.md'
 37 |         - Test3: 'testbench/onlypasswords3.md'
 38 |       - User/Password:
 39 |         - Test1: 'testbench/userpass1.md'
 40 |         - Test2: 'testbench/userpass2.md'
 41 |         - Anchors: 'testbench/anchor.md'
 42 |       - Obfuscate: 'testbench/obfuscate.md'
 43 |       - JS test: 'testbench/jstest.md'
 44 |       - Search encryption: 'testbench/search.md'
 45 |       - Share Link: 'testbench/share.md'
 46 |       - Hash files: 'testbench/hashfilenames.md'
 47 | 
 48 | plugins:
 49 |     - mkdocs-simple-hooks:
 50 |         hooks:
 51 |           on_pre_build: "hooks:get_external_assets"
 52 |           on_post_build: "hooks:create_readme"
 53 | 
 54 |     - include-markdown: {}
 55 | 
 56 |     - search:
 57 |         lang: en
 58 | 
 59 |     - mermaid2:
 60 |         version: 9.4.3
 61 | 
 62 |     - i18n:
 63 |         docs_structure: suffix
 64 |         fallback_to_default: true
 65 |         languages:
 66 |           - build: true
 67 |             default: true
 68 |             locale: en
 69 |             name: English
 70 |           - build: true
 71 |             default: false
 72 |             locale: de
 73 |             name: Deutsch
 74 |             nav_translations:
 75 |               Obfuscate: Verschleiern
 76 |               Passwords: Passwörter
 77 |               Test bench: Testaufbau
 78 |               User/Password: Benutzername/Passwort
 79 |               Encryptcontent plugin V3: Encryptcontent Plugin V3
 80 |             site_name: MkDocs Encryptcontent Plugin V3
 81 |         reconfigure_material: false
 82 |         reconfigure_search: true
 83 | 
 84 |     - color-theme:
 85 |         theme_color: '#bb4447'
 86 |         secondary_color: 'complementary'
 87 |         extra_css_light: 
 88 |           - 'extra_css/stackoverflow-light.min.css'
 89 |         extra_css_dark: 
 90 |           - 'extra_css/stackoverflow-dark.min.css'
 91 |         additional:
 92 |           - theme_color: '#44bb4f'
 93 |             secondary_color: 'mono'
 94 | 
 95 |     - w3css-classes: {}
 96 | 
 97 |     - encryptcontent:
 98 |         html_template_path: "decrypt-form.tpl.html"
 99 |         title_prefix: ''
100 |         summary: ''
101 |         placeholder: 'Password'
102 |         placeholder_user: User
103 |         password_button_text: 'ENTER'
104 |         decryption_failure_message: 'Wrong user name or password.'
105 |         encryption_info_message: 'Legitimation required.'
106 |         translations:
107 |           de:
108 |             title_prefix: ''
109 |             summary: ''
110 |             placeholder: 'Passwort'
111 |             placeholder_user: Benutzer
112 |             password_button_text: 'ENTER'
113 |             decryption_failure_message: 'Falscher Benutzer oder Passwort.'
114 |             encryption_info_message: 'Legitimation erforderlich.'
115 | 
116 |         input_class: 'w3-input'
117 |         button_class: 'w3-button w3-theme-l1 w3-hover-theme'
118 |         hljs: true
119 |         arithmatex: true
120 |         mermaid2: true
121 |         remember_keys: true
122 |         remember_password: true
123 |         remember_prefix: encryptcontent_plugin_
124 |         #local_storage: true
125 |         encrypted_something:
126 |           #myNav: [div, id]
127 |           myToc: [div, id]
128 |           myTocButton: [div, id]
129 |         search_index: 'dynamically' #dynamically
130 |         password_button: true
131 |         selfhost: true
132 |         selfhost_download: true
133 |         selfhost_dir: 'theme_override'
134 |         reload_scripts:
135 |           - '#theme'
136 |           - '#autostart'
137 |         password_file: 'passwords.yml'
138 |         additional_storage_file: 'additional_storage.yaml'
139 |         sharelinks: true
140 |         sharelinks_incomplete: true
141 |         #kdf_pow: 4
142 |         webcrypto: true
143 |         esm: true
144 |         sign_files: 'encryptcontent-plugin.json'
145 |         cache_file: 'encryptcontent.cache'
146 |         sharelinks_output: 'sharelinks.txt'
147 |         hash_filenames:
148 |           extensions:
149 |             - 'png'
150 |             - 'jpg'
151 |             - 'jpeg'
152 |             - 'svg'
153 |           except:
154 |             - 'logo.svg'
155 |         insecure_test: !ENV [MKDOCS_ENCRYPTCONTENT_INSECURE_TEST, false]
156 | 
157 | repo_url: https://github.com/unverbuggt/mkdocs-encryptcontent-plugin
158 | 
159 | markdown_extensions:
160 |     - attr_list
161 |     - pymdownx.escapeall:
162 |         hardbreak: true
163 |     - pymdownx.blocks.html
164 |     - pymdownx.tilde
165 |     - pymdownx.arithmatex:
166 |         generic: true
167 | 


--------------------------------------------------------------------------------
/documentation/mkdocs_material.yml:
--------------------------------------------------------------------------------
  1 | site_name: MkDocs encryptcontent plugin V3
  2 | site_url: https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/
  3 | site_author: René Rüthlein
  4 | 
  5 | theme:
  6 |   name: material
  7 |   language: en
  8 |   logo: img/logo.svg
  9 |   favicon: img/logo.ico
 10 |   font: false
 11 |   palette:
 12 |     # Palette toggle for dark mode
 13 |     - media: "(prefers-color-scheme: dark)"
 14 |       scheme: slate
 15 |       primary: blue grey
 16 |       accent: indigo
 17 |       toggle:
 18 |         icon: material/brightness-4
 19 |         name: Hell
 20 | 
 21 |     # Palette toggle for light mode
 22 |     - media: "(prefers-color-scheme: light)"
 23 |       scheme: default
 24 |       primary: blue grey
 25 |       accent: indigo
 26 |       toggle:
 27 |         icon: material/brightness-7 
 28 |         name: Dunkel
 29 |   features:
 30 |     - navigation.indexes
 31 |     - navigation.tracking
 32 |     #- navigation.sections
 33 |     #- navigation.expand
 34 |     - navigation.top
 35 |     #- navigation.prune
 36 |     - content.code.copy
 37 | 
 38 | #extra_javascript:
 39 | #  - 'assets/javascripts/highlight.min.js'
 40 | #  - 'assets/javascripts/tex-mml-chtml.js'
 41 | #  - 'assets/javascripts/mermaid.min.js'
 42 |   
 43 | nav:
 44 |     - 'index.md'
 45 |     - 'installation.md'
 46 |     - 'usage.md'
 47 |     - Features:
 48 |       - 'features/index.md'
 49 |       - 'features/modifypages.md'
 50 |       - 'features/search.md'
 51 |       - 'features/jsext.md'
 52 |       - 'features/security.md'
 53 |     - How does it work?: 'explanations.md'
 54 |     - Test bench: 
 55 |       - 'testbench/index.md'
 56 |       - Passwords:
 57 |         - Test1: 'testbench/onlypasswords1.md'
 58 |         - Test2: 'testbench/onlypasswords2.md'
 59 |         - Test3: 'testbench/onlypasswords3.md'
 60 |       - User/Password:
 61 |         - Test1: 'testbench/userpass1.md'
 62 |         - Test2: 'testbench/userpass2.md'
 63 |         - Anchors: 'testbench/anchor.md'
 64 |       - Obfuscate: 'testbench/obfuscate.md'
 65 |       - JS test: 'testbench/jstest.md'
 66 |       - Search encryption: 'testbench/search.md'
 67 |       - Share Link: 'testbench/share.md'
 68 |       - Hash files: 'testbench/hashfilenames.md'
 69 | 
 70 | plugins:
 71 |     - include-markdown: {}
 72 | 
 73 |     - search:
 74 |         lang: en
 75 | 
 76 |     - mermaid2:
 77 |         version: 9.4.3
 78 | 
 79 |     - i18n:
 80 |         docs_structure: suffix
 81 |         fallback_to_default: true
 82 |         languages:
 83 |           - build: true
 84 |             default: true
 85 |             locale: en
 86 |             name: English
 87 |           - build: true
 88 |             default: false
 89 |             locale: de
 90 |             name: Deutsch
 91 |             nav_translations:
 92 |               Obfuscate: Verschleiern
 93 |               Passwords: Passwörter
 94 |               Test bench: Testaufbau
 95 |               User/Password: Benutzername/Passwort
 96 |             site_name: MkDocs Encryptcontent Plugin V3
 97 |         reconfigure_material: true
 98 |         reconfigure_search: true
 99 | 
100 |     - encryptcontent:
101 |         #html_template_path: "decrypt-form.tpl.html"
102 |         title_prefix: ''
103 |         summary: ''
104 |         placeholder: 'Password'
105 |         placeholder_user: User
106 |         password_button_text: 'ENTER'
107 |         decryption_failure_message: 'Wrong user name or password.'
108 |         encryption_info_message: 'Legitimation required.'
109 |         translations:
110 |           de:
111 |             title_prefix: ''
112 |             summary: ''
113 |             placeholder: 'Passwort'
114 |             placeholder_user: Benutzer
115 |             password_button_text: 'ENTER'
116 |             decryption_failure_message: 'Falscher Benutzer oder Passwort.'
117 |             encryption_info_message: 'Legitimation erforderlich.'
118 | 
119 |         #input_class: 'w3-input'
120 |         #button_class: 'w3-button w3-theme-l1 w3-hover-theme'
121 |         #hljs: true
122 |         #arithmatex: true
123 |         #mermaid2: true
124 |         remember_keys: true
125 |         remember_password: true
126 |         remember_prefix: encryptcontent_plugin_
127 |         encrypted_something:
128 |           md-footer__inner: [nav, class] #Footer
129 |           #md-nav: [nav, class] #Menu and toc
130 |         inject:
131 |           md-content: [div, class]
132 |         search_index: 'dynamically' #dynamically
133 |         password_button: True
134 |         selfhost: true
135 |         selfhost_download: true
136 |         selfhost_dir: 'theme_override'
137 |         reload_scripts:
138 |           - '#autostart'
139 |         password_file: 'passwords.yml'
140 |         sharelinks: true
141 |         #kdf_pow: 4
142 |         webcrypto: true
143 |         sign_files: 'encryptcontent-plugin.json'
144 |         hash_filenames:
145 |           extensions:
146 |             - 'png'
147 |             - 'jpg'
148 |             - 'jpeg'
149 |             - 'svg'
150 |           except:
151 |             - 'logo.svg'
152 | 
153 | repo_url: https://github.com/unverbuggt/mkdocs-encryptcontent-plugin
154 | 
155 | markdown_extensions:
156 |     - attr_list
157 |     - pymdownx.escapeall:
158 |         hardbreak: true
159 |     - pymdownx.blocks.html
160 |     - pymdownx.tilde
161 |     - pymdownx.arithmatex:
162 |         generic: true
163 |     - pymdownx.highlight:
164 |         anchor_linenums: true
165 |         line_spans: __span
166 |         pygments_lang_class: true
167 |     - pymdownx.inlinehilite
168 |     - pymdownx.snippets
169 |     - pymdownx.superfences


--------------------------------------------------------------------------------
/documentation/mkdocs_mkdocs.yml:
--------------------------------------------------------------------------------
  1 | site_name: MkDocs encryptcontent plugin V3
  2 | site_url: https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/
  3 | site_author: René Rüthlein
  4 | 
  5 | theme:
  6 |     name: mkdocs
  7 |     #custom_dir: theme_override/
  8 |     logo: img/logo.svg
  9 |     favicon: img/logo.ico
 10 |     highlightjs: True
 11 |     hljs_languages:
 12 |       - bash
 13 |       - django
 14 |       - yaml
 15 |     nav_style: dark
 16 |     locale: en
 17 | 
 18 | #extra_javascript:
 19 | #  - 'assets/javascripts/highlight.min.js'
 20 | #  - 'assets/javascripts/tex-mml-chtml.js'
 21 | #  - 'assets/javascripts/mermaid.min.js'
 22 |   
 23 | nav:
 24 |     - 'index.md'
 25 |     - 'installation.md'
 26 |     - 'usage.md'
 27 |     - Features:
 28 |       - 'features/index.md'
 29 |       - 'features/modifypages.md'
 30 |       - 'features/search.md'
 31 |       - 'features/jsext.md'
 32 |       - 'features/security.md'
 33 |     - How does it work?: 'explanations.md'
 34 |     - Test bench: 
 35 |       - 'testbench/index.md'
 36 |       - Passwords:
 37 |         - Test1: 'testbench/onlypasswords1.md'
 38 |         - Test2: 'testbench/onlypasswords2.md'
 39 |         - Test3: 'testbench/onlypasswords3.md'
 40 |       - User/Password:
 41 |         - Test1: 'testbench/userpass1.md'
 42 |         - Test2: 'testbench/userpass2.md'
 43 |         - Anchors: 'testbench/anchor.md'
 44 |       - Obfuscate: 'testbench/obfuscate.md'
 45 |       - JS test: 'testbench/jstest.md'
 46 |       - Search encryption: 'testbench/search.md'
 47 |       - Share Link: 'testbench/share.md'
 48 |       - Hash files: 'testbench/hashfilenames.md'
 49 | 
 50 | plugins:
 51 |     - include-markdown: {}
 52 | 
 53 |     - search:
 54 |         lang: en
 55 | 
 56 |     - mermaid2:
 57 |         version: 9.4.3
 58 | 
 59 |     - i18n:
 60 |         docs_structure: suffix
 61 |         fallback_to_default: true
 62 |         languages:
 63 |           - build: true
 64 |             default: true
 65 |             locale: en
 66 |             name: English
 67 |           - build: true
 68 |             default: false
 69 |             locale: de
 70 |             name: Deutsch
 71 |             nav_translations:
 72 |               Obfuscate: Verschleiern
 73 |               Passwords: Passwörter
 74 |               Test bench: Testaufbau
 75 |               User/Password: Benutzername/Passwort
 76 |             site_name: MkDocs Encryptcontent Plugin V3
 77 |         reconfigure_material: false
 78 |         reconfigure_search: true
 79 | 
 80 |     - encryptcontent:
 81 |         #html_template_path: "decrypt-form.tpl.html"
 82 |         title_prefix: ''
 83 |         summary: ''
 84 |         placeholder: 'Password'
 85 |         placeholder_user: User
 86 |         password_button_text: 'ENTER'
 87 |         decryption_failure_message: 'Wrong user name or password.'
 88 |         encryption_info_message: 'Legitimation required.'
 89 |         translations:
 90 |           de:
 91 |             title_prefix: ''
 92 |             summary: ''
 93 |             placeholder: 'Passwort'
 94 |             placeholder_user: Benutzer
 95 |             password_button_text: 'ENTER'
 96 |             decryption_failure_message: 'Falscher Benutzer oder Passwort.'
 97 |             encryption_info_message: 'Legitimation erforderlich.'
 98 | 
 99 |         #input_class: 'w3-input'
100 |         #button_class: 'w3-button w3-theme-l1 w3-hover-theme'
101 |         #hljs: true
102 |         #arithmatex: true
103 |         #mermaid2: true
104 |         remember_keys: true
105 |         remember_password: true
106 |         remember_prefix: encryptcontent_plugin_
107 |         #local_storage: true
108 |         encrypted_something:
109 |           navbar-light: [div, class]
110 |           #myNav: [div, id]
111 |           #myToc: [div, id]
112 |           #myTocButton: [div, id]
113 |         search_index: 'dynamically' #dynamically
114 |         password_button: True
115 |         selfhost: true
116 |         selfhost_download: true
117 |         selfhost_dir: 'theme_override'
118 |         reload_scripts:
119 |           - '#autostart'
120 |         password_file: 'passwords.yml'
121 |         sharelinks: true
122 |         #kdf_pow: 4
123 |         webcrypto: true
124 |         sign_files: 'encryptcontent-plugin.json'
125 |         hash_filenames:
126 |           extensions:
127 |             - 'png'
128 |             - 'jpg'
129 |             - 'jpeg'
130 |             - 'svg'
131 |           except:
132 |             - 'logo.svg'
133 | 
134 | repo_url: https://github.com/unverbuggt/mkdocs-encryptcontent-plugin
135 | 
136 | markdown_extensions:
137 |     - attr_list
138 |     - pymdownx.escapeall:
139 |         hardbreak: true
140 |     - pymdownx.blocks.html
141 |     - pymdownx.tilde
142 |     - pymdownx.arithmatex:
143 |         generic: true
144 | 


--------------------------------------------------------------------------------
/documentation/passwords.yml:
--------------------------------------------------------------------------------
 1 | onlypasswords1: 
 2 |   - 'Clique.Shampoo.Ve55el'
 3 |   - 'C4bbage Profile blinking'
 4 |   - 'Head32_Sculpture_bovine_'
 5 |   - 'Negotiator-leftover-567'
 6 |   - 'moist:W00l:kept:royal'
 7 |   - 'SpotChestOilCycle22'
 8 |   - 'm00dy#augmented#Arsonist'
 9 |   - 'Hatless,hertz,C4lzone'
10 |   - !ENV [PASSWORD2_FROM_ENV, 'Password if PASSWORD2_FROM_ENV undefined or empty']
11 | 
12 | onlypasswords2: 
13 |   - 'moist:W00l:kept:royal'
14 |   - 'SpotChestOilCycle22'
15 |   - 'm00dy#augmented#Arsonist'
16 |   - 'Hatless,hertz,C4lzone'
17 | 
18 | user_and_passwords1:
19 |   alice: 'Racoon Superstore obnoxious23'
20 |   bob: 'AbidingScooterRuinedCC:Cactus'
21 |   carol: 'Worry-Bony-Glide-Mace!'
22 |   carlos: 'Arre5tConfused Pentagon'
23 |   charlie: 'gear.code.blonde.at0ll'
24 |   dan: 'oxidize,croissant,ClubHouse5'
25 |   dave: 'nuClear_lullaby_unveiled_g4rlic'
26 |   david: 'establishRelishBlushV3nus'
27 | 
28 | user_and_passwords2:
29 |   charlie: 'gear.code.blonde.at0ll'
30 |   dan: 'oxidize,croissant,ClubHouse5'
31 |   dave: 'nuClear_lullaby_unveiled_g4rlic'
32 |   david: 'establishRelishBlushV3nus'
33 | 
34 | test1:
35 |   bob: 'AbidingScooterRuinedCC:Cactus'
36 | test2: 'gnckuäshfliglkffhbvrG:Wurst'
37 | test3: 'yDAHKmYjmCsAékUChasd'
38 | test4: 'TeGhD9aqßQnHujmLdsa'
39 | test5: 'WOgh0ÜwyKHoc*I_das'


--------------------------------------------------------------------------------
/documentation/sharelinks.txt:
--------------------------------------------------------------------------------
 1 | https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/testbench/obfuscate/#ITpDcmF3bGVyIGJlIGdvbmUh
 2 | https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/testbench/onlypasswords1/#ITpDbGlxdWUuU2hhbXBvby5WZTU1ZWw
 3 | https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/testbench/test1/#IWJvYjpBYmlkaW5nU2Nvb3RlclJ1aW5lZENDOg
 4 | https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/testbench/test2/#ITpnbmNrdcOkc2hmbGlnbGtmZmhidnJHOg
 5 | https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/testbench/test3/#ITp5REFIS21Zam1Dc0HDqWtVQ2hhc2Q
 6 | https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/testbench/test4/#ITpUZUdoRDlhccOfUW5IdWptTGRzYQ
 7 | https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/testbench/test5/#ITpXT2doMMOcd3lLSG9jKklfZGFz
 8 | https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/de/testbench/test1/#IWJvYjpBYmlkaW5nU2Nvb3RlclJ1aW5lZENDOg
 9 | https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/de/testbench/test2/#ITpnbmNrdcOkc2hmbGlnbGtmZmhidnJHOg
10 | https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/de/testbench/test3/#ITp5REFIS21Zam1Dc0HDqWtVQ2hhc2Q
11 | https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/de/testbench/test4/#ITpUZUdoRDlhccOfUW5IdWptTGRzYQ
12 | https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/de/testbench/test5/#ITpXT2doMMOcd3lLSG9jKklfZGFz
13 | https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/de/testbench/userpass1/#IWFsaWNlOlJhY29vbiBTdXBlcnN0b3JlIG9ibm94aW91czIz


--------------------------------------------------------------------------------
/documentation/theme_override/main.html:
--------------------------------------------------------------------------------
 1 | {% extends "base.html" %}
 2 | 
 3 | {% block exec_script %}
 4 | <script>
 5 |   var DOMContentLoaded_fired = false;
 6 | </script>
 7 | <script id="theme">
 8 | function runWhenDOMContentLoaded() {
 9 |   document.querySelectorAll('pre code').forEach((el) => {
10 |     hljs.highlightElement(el);
11 |   });
12 |   MathJax.typesetPromise();
13 |   //small test for "additional variables in keystore"
14 |   username = sessionStorage.getItem('username');
15 |   if (username) {
16 |     document.getElementById('show-user').textContent = username;
17 |   }
18 | }
19 | if (DOMContentLoaded_fired) {
20 |   runWhenDOMContentLoaded();
21 | }
22 | </script>
23 | <script>
24 | document.addEventListener('DOMContentLoaded',function(){
25 |   DOMContentLoaded_fired=true;
26 |   runWhenDOMContentLoaded();
27 | });
28 | </script>
29 | {% endblock %}
30 | 
31 | {%- block footer_ext %}
32 |   <p class="w3-right w3-tiny">
33 |     <span id="show-user"></span>
34 |   {%- if not config.theme.no_imprint %}
35 |   {%- if i18n_config and i18n_page_locale == "en" %}
36 |     <a href="{{ (i18n_page_locale + '/imprint/') | url }}">Imprint</a>
37 |   {%- else %}
38 |     <a href="{{ 'imprint/' | url }}">Impressum</a>
39 |   {%- endif %}
40 |   {%- endif %}
41 |   </p>
42 | {%- endblock %}
43 | 
44 | {%- block top_buttons %}
45 |     <a class="w3-button w3-theme-d1 w3-hover-theme w3-padding-small w3-right no-print" href="{{ config.repo_url }}" target="_blank">&lt;/&gt;</a> 
46 | {%- endblock %}
47 | 


--------------------------------------------------------------------------------
/encryptcontent/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/unverbuggt/mkdocs-encryptcontent-plugin/3a99d7158cbf7522e83b5811b678732dbaf85cee/encryptcontent/__init__.py


--------------------------------------------------------------------------------
/encryptcontent/canary.tpl.py:
--------------------------------------------------------------------------------
 1 | import json
 2 | import base64
 3 | from Crypto.Hash import SHA512
 4 | from Crypto.PublicKey import ECC
 5 | from Crypto.Signature import eddsa
 6 | from urllib.request import urlopen
 7 | 
 8 | publickey = """{{ public_key }}"""
 9 | 
10 | signature_url = '{{ signature_url }}'
11 | 
12 | urls_to_verify = {{ urls_to_verify }}
13 | 
14 | def __verify_url__(url, signature, verifier):
15 |     h = SHA512.new()
16 |     with urlopen(url) as response:
17 |         h.update(response.read())
18 |     try:
19 |         verifier.verify(h, signature)
20 |         return True
21 |     except ValueError:
22 |         return False
23 | 
24 | verifier = eddsa.new(ECC.import_key(publickey), 'rfc8032')
25 | 
26 | print("NOTE: Checking of generated pages while 'mkdocs serve' will fail, because they are modified with the livereload script")
27 | 
28 | try:
29 |     with urlopen(signature_url) as response:
30 |         signatures = json.loads(response.read())
31 |         for url in urls_to_verify:
32 |             if url not in signatures.keys():
33 |                 print(url + ": MISSING!") # signature_url modified or just need to recreate canary script?
34 |             else:
35 |                 if __verify_url__(url, base64.b64decode(signatures[url]), verifier):
36 |                     print(url + ": ok")
37 |                 else:
38 |                     print(url + ": FAILED!") # file modified!
39 | except:
40 |     print("Couldn't download signatures!")


--------------------------------------------------------------------------------
/encryptcontent/contrib/templates/search/main.js:
--------------------------------------------------------------------------------
  1 | /* encryptcontent/contrib/templates/search/main.js */
  2 | 
  3 | function getSearchTermFromLocation() {
  4 |   var sPageURL = window.location.search.substring(1);
  5 |   var sURLVariables = sPageURL.split('&');
  6 |   for (var i = 0; i < sURLVariables.length; i++) {
  7 |     var sParameterName = sURLVariables[i].split('=');
  8 |     if (sParameterName[0] == 'q') {
  9 |       return decodeURIComponent(sParameterName[1].replace(/\+/g, '%20'));
 10 |     }
 11 |   }
 12 | }
 13 | 
 14 | function joinUrl (base, path) {
 15 |   if (path.substring(0, 1) === "/") {
 16 |     // path starts with `/`. Thus it is absolute.
 17 |     return path;
 18 |   }
 19 |   if (base.substring(base.length-1) === "/") {
 20 |     // base ends with `/`
 21 |     return base + path;
 22 |   }
 23 |   return base + "/" + path;
 24 | }
 25 | 
 26 | function escapeHtml (value) {
 27 |   return value.replace(/&/g, '&amp;')
 28 |     .replace(/"/g, '&quot;')
 29 |     .replace(/</g, '&lt;')
 30 |     .replace(/>/g, '&gt;');
 31 | }
 32 | 
 33 | function formatResult (location, title, summary) {
 34 |   return '<article><h3><a href="' + joinUrl(base_url, location) + '">'+ escapeHtml(title) + '</a></h3><p>' + escapeHtml(summary) +'</p></article>';
 35 | }
 36 | 
 37 | function displayResults (results) {
 38 |   var search_results = document.getElementById("mkdocs-search-results");
 39 |   while (search_results.firstChild) {
 40 |     search_results.removeChild(search_results.firstChild);
 41 |   }
 42 |   if (results.length > 0){
 43 |     for (var i=0; i < results.length; i++){
 44 |       var result = results[i];
 45 |       var html = formatResult(result.location, result.title, result.summary);
 46 |       search_results.insertAdjacentHTML('beforeend', html);
 47 |     }
 48 |   } else {
 49 |     var noResultsText = search_results.getAttribute('data-no-results-text');
 50 |     if (!noResultsText) {
 51 |       noResultsText = "No results found";
 52 |     }
 53 |     search_results.insertAdjacentHTML('beforeend', '<p>' + noResultsText + '</p>');
 54 |   }
 55 | }
 56 | 
 57 | function doSearch () {
 58 |   var query = document.getElementById('mkdocs-search-query').value;
 59 |   if (query.length > min_search_length) {
 60 |     if (!window.Worker) {
 61 |       displayResults(search(query));
 62 |     } else {
 63 |       searchWorker.postMessage({query: query});
 64 |     }
 65 |   } else {
 66 |     // Clear results for short queries
 67 |     displayResults([]);
 68 |   }
 69 | }
 70 | 
 71 | function initSearch () {
 72 |   var search_input = document.getElementById('mkdocs-search-query');
 73 |   if (search_input) {
 74 |     search_input.addEventListener("keyup", doSearch);
 75 |   }
 76 |   var term = getSearchTermFromLocation();
 77 |   if (term) {
 78 |     search_input.value = term;
 79 |     doSearch();
 80 |   }
 81 | }
 82 | 
 83 | function onWorkerMessage (e) {
 84 |   if (e.data.allowSearch) {
 85 |     initSearch();
 86 |   } else if (e.data.results) {
 87 |     var results = e.data.results;
 88 |     displayResults(results);
 89 |   } else if (e.data.config) {
 90 |     min_search_length = e.data.config.min_search_length-1;
 91 |   } else if (e.data.saveIndex) {
 92 |     var saveIndex = e.data.saveIndex;
 93 |     sessionStorage.setItem('encryptcontent-index', saveIndex)
 94 |   }
 95 | }
 96 | 
 97 | if (!window.Worker) {
 98 |   console.log('Web Worker API not supported');
 99 |   // load index in main thread
100 |   $.getScript(joinUrl(base_url, "search/worker.js")).done(function () {
101 |     console.log('Loaded worker');
102 |     // reload index from session Storage if exist
103 |     var sessionIndex = sessionStorage.getItem('encryptcontent-index')
104 |     init(sessionIndex);
105 |     window.postMessage = function (msg) {
106 |       onWorkerMessage({data: msg});
107 |     };
108 |   }).fail(function (jqxhr, settings, exception) {
109 |     console.error('Could not load worker.js');
110 |   });
111 | } else {
112 |   // Wrap search in a web worker
113 |   var searchWorker = new Worker(joinUrl(base_url, "search/worker.js"));
114 |   // reload index from session Storage if exist
115 |   var sessionIndex = sessionStorage.getItem('encryptcontent-index')
116 |   searchWorker.postMessage({init: true, sessionIndex: sessionIndex});
117 |   searchWorker.onmessage = onWorkerMessage;
118 | }
119 | 


--------------------------------------------------------------------------------
/encryptcontent/contrib/templates/search/worker.js:
--------------------------------------------------------------------------------
  1 | /* encryptcontent/contrib/templates/search/worker.js */
  2 | 
  3 | var base_path = 'function' === typeof importScripts ? '.' : '/search/';
  4 | var allowSearch = false;
  5 | var index;
  6 | var documents = {};
  7 | var lang = ['en'];
  8 | var data;
  9 | var session = false;
 10 | 
 11 | function getScript(script, callback) {
 12 |   console.log('Loading script: ' + script);
 13 |   $.getScript(base_path + script).done(function () {
 14 |     callback();
 15 |   }).fail(function (jqxhr, settings, exception) {
 16 |     console.log('Error: ' + exception);
 17 |   });
 18 | }
 19 | 
 20 | function getScriptsInOrder(scripts, callback) {
 21 |   if (scripts.length === 0) {
 22 |     callback();
 23 |     return;
 24 |   }
 25 |   getScript(scripts[0], function() {
 26 |     getScriptsInOrder(scripts.slice(1), callback);
 27 |   });
 28 | }
 29 | 
 30 | function loadScripts(urls, callback) {
 31 |   if( 'function' === typeof importScripts ) {
 32 |     importScripts.apply(null, urls);
 33 |     callback();
 34 |   } else {
 35 |     getScriptsInOrder(urls, callback);
 36 |   }
 37 | }
 38 | 
 39 | function onJSONLoaded () {
 40 |   if (!data) {
 41 |     data = JSON.parse(this.responseText);
 42 |   }
 43 |   var scriptsToLoad = ['lunr.js'];
 44 |   if (data.config && data.config.lang && data.config.lang.length) {
 45 |     lang = data.config.lang;
 46 |   }
 47 |   if (lang.length > 1 || lang[0] !== "en") {
 48 |     scriptsToLoad.push('lunr.stemmer.support.js');
 49 |     if (lang.length > 1) {
 50 |       scriptsToLoad.push('lunr.multi.js');
 51 |     }
 52 |     if (lang.includes("ja") || lang.includes("jp")) {
 53 |       scriptsToLoad.push('tinyseg.js');
 54 |     }
 55 |     for (var i=0; i < lang.length; i++) {
 56 |       if (lang[i] != 'en') {
 57 |         scriptsToLoad.push(['lunr', lang[i], 'js'].join('.'));
 58 |       }
 59 |     }
 60 |   }
 61 |   loadScripts(scriptsToLoad, onScriptsLoaded);
 62 | }
 63 | 
 64 | function onScriptsLoaded () {
 65 |   console.log('All search scripts loaded, building Lunr index...');
 66 |   if (data.config && data.config.separator && data.config.separator.length) {
 67 |     lunr.tokenizer.separator = new RegExp(data.config.separator);
 68 |   }
 69 | 
 70 |   if (data.index) {
 71 |     index = lunr.Index.load(data.index);
 72 |     data.docs.forEach(function (doc) {
 73 |       documents[doc.location] = doc;
 74 |     });
 75 |     console.log('Lunr pre-built index loaded, search ready');
 76 |   } else {
 77 |     index = lunr(function () {
 78 |       if (lang.length === 1 && lang[0] !== "en" && lunr[lang[0]]) {
 79 |         this.use(lunr[lang[0]]);
 80 |       } else if (lang.length > 1) {
 81 |         this.use(lunr.multiLanguage.apply(null, lang));  // spread operator not supported in all browsers: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Spread_operator#Browser_compatibility
 82 |       }
 83 |       this.field('title');
 84 |       this.field('text');
 85 |       this.ref('location');
 86 | 
 87 |       for (var i=0; i < data.docs.length; i++) {
 88 |         var doc = data.docs[i];
 89 |         this.add(doc);
 90 |         documents[doc.location] = doc;
 91 |       }
 92 |     });
 93 |     console.log('Lunr index built, search ready');
 94 |   }
 95 |   allowSearch = true;
 96 |   postMessage({config: data.config});
 97 |   postMessage({allowSearch: allowSearch});
 98 |   // Skip data return if searchIndex exist on sessionStorage
 99 |   if (!session) {
100 |     postMessage({saveIndex: JSON.stringify(data)});
101 |   }
102 | }
103 | 
104 | function init (sessionIndex) {
105 |   if (!session) {
106 |     var oReq = new XMLHttpRequest();
107 |     oReq.addEventListener("load", onJSONLoaded);
108 |     var index_path = base_path + '/search_index.json';
109 |     if ( 'function' === typeof importScripts ) {
110 |         index_path = 'search_index.json';
111 |     }
112 |     oReq.open("GET", index_path);
113 |     oReq.send();
114 |   } else {
115 |     data = JSON.parse(sessionIndex);
116 |     onJSONLoaded();
117 |   }
118 | }
119 | 
120 | function search (query) {
121 |   if (!allowSearch) {
122 |     console.error('Assets for search still loading');
123 |     return;
124 |   }
125 | 
126 |   var resultDocuments = [];
127 |   var results = index.search(query);
128 |   for (var i=0; i < results.length; i++){
129 |     var result = results[i];
130 |     doc = documents[result.ref];
131 |     doc.summary = doc.text.substring(0, 200);
132 |     resultDocuments.push(doc);
133 |   }
134 |   return resultDocuments;
135 | }
136 | 
137 | if( 'function' === typeof importScripts ) {
138 |   onmessage = function (e) {
139 |     if (e.data.init) {
140 |       if (e.data.sessionIndex) {
141 |         session = true;
142 |         init(e.data.sessionIndex);
143 |       } else {
144 |         init();
145 |       }
146 |     } else if (e.data.query) {
147 |       postMessage({ results: search(e.data.query) });
148 |     } else {
149 |       console.error("Worker - Unrecognized message: " + e);
150 |     }
151 |   };
152 | }
153 | 


--------------------------------------------------------------------------------
/encryptcontent/decrypt-contents.tpl.js:
--------------------------------------------------------------------------------
  1 | /* encryptcontent/decrypt-contents.tpl.js */
  2 | {%- if webcrypto %}
  3 | // https://stackoverflow.com/a/50868276
  4 | function fromHex(hexString) {
  5 |     return new Uint8Array(hexString.match(/.{1,2}/g).map(byte => parseInt(byte, 16)));
  6 | }
  7 | // https://stackoverflow.com/a/41106346
  8 | function fromBase64(base64String) {
  9 |     return Uint8Array.from(atob(base64String), c => c.charCodeAt(0));
 10 | }
 11 | 
 12 | async function digestSHA256toBase64(message) {
 13 |   const data = new TextEncoder().encode(message);
 14 |   const hashBuffer = await crypto.subtle.digest("SHA-256", data);
 15 |   const hashArray = new Uint8Array(hashBuffer);
 16 |   const hashString = String.fromCharCode.apply(null, hashArray);
 17 |   return btoa(hashString);
 18 | };
 19 | {%- endif %}
 20 | 
 21 | function base64url_decode(input) {
 22 |     try {
 23 |         const binString = atob(input.replace(/-/g, '+').replace(/_/g, '/'));
 24 |         const binArray = Uint8Array.from(binString, (m) => m.codePointAt(0));
 25 |         return new TextDecoder().decode(binArray);
 26 |     }
 27 |     catch (err) {
 28 |         return false;
 29 |     }
 30 | }
 31 | 
 32 | /* Decrypts the key from the key bundle. */
 33 | {% if webcrypto %}async {% endif %}function decrypt_key(pass, iv_b64, ciphertext_b64, salt_b64) {
 34 |     {%- if webcrypto %}
 35 |     const salt = fromBase64(salt_b64);
 36 |     const encPassword = new TextEncoder().encode(pass);
 37 |     const kdfkey = await window.crypto.subtle.importKey(
 38 |         "raw",
 39 |         encPassword,
 40 |         "PBKDF2",
 41 |         false,
 42 |         ["deriveKey"],
 43 |     );
 44 |     const wckey = await window.crypto.subtle.deriveKey(
 45 |         {
 46 |           name: "PBKDF2",
 47 |           salt,
 48 |           iterations: encryptcontent_obfuscate ? 1 : {{ kdf_iterations }},
 49 |           hash: "SHA-256",
 50 |         },
 51 |         kdfkey,
 52 |         { name: "AES-CBC", length: 256 },
 53 |         true,
 54 |         ["decrypt"],
 55 |     );
 56 |     const ciphertext = fromBase64(ciphertext_b64);
 57 |     const iv = fromBase64(iv_b64);
 58 |     try {
 59 |         const decrypted = await window.crypto.subtle.decrypt(
 60 |             {
 61 |                 name: "AES-CBC",
 62 |                 iv: iv
 63 |             },
 64 |             wckey,
 65 |             ciphertext
 66 |         );
 67 |         const keystore = JSON.parse(new TextDecoder().decode(decrypted));
 68 |         if (encryptcontent_id in keystore) {
 69 |             return keystore;
 70 |         } else {
 71 |             //id not found in keystore
 72 |             return false;
 73 |         }
 74 |     }
 75 |     catch (err) {
 76 |         // encoding failed; wrong key
 77 |         return false;
 78 |     }
 79 |     {%- else %}
 80 |     let salt = CryptoJS.enc.Base64.parse(salt_b64),
 81 |         kdfcfg = {keySize: 256 / 32,hasher: CryptoJS.algo.SHA256,iterations: encryptcontent_obfuscate ? 1 : {{ kdf_iterations }}};
 82 |     let kdfkey = CryptoJS.PBKDF2(pass, salt,kdfcfg);
 83 |     let iv = CryptoJS.enc.Base64.parse(iv_b64),
 84 |         ciphertext = CryptoJS.enc.Base64.parse(ciphertext_b64);
 85 |     let encrypted = {ciphertext: ciphertext},
 86 |         cfg = {iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7};
 87 |     let key = CryptoJS.AES.decrypt(encrypted, kdfkey, cfg);
 88 | 
 89 |     try {
 90 |         let keystore = JSON.parse(key.toString(CryptoJS.enc.Utf8));
 91 |         if (encryptcontent_id in keystore) {
 92 |             return keystore;
 93 |         } else {
 94 |             //id not found in keystore
 95 |             return false;
 96 |         }
 97 |     } catch (err) {
 98 |         // encoding failed; wrong password
 99 |         return false;
100 |     }
101 |     {%- endif %}
102 | };
103 | 
104 | /* Split key bundle and try to decrypt it */
105 | {% if webcrypto %}async {% endif %}function decrypt_key_from_bundle(password, ciphertext_bundle, username) {
106 |     // grab the ciphertext bundle and try to decrypt it
107 |     let user, pass;
108 |     let parts, keys, userhash;
109 |     if (ciphertext_bundle) {
110 |         if (username) {
111 |             user = encodeURIComponent(username.toLowerCase());
112 |             {%- if webcrypto %}
113 |             userhash = await digestSHA256toBase64(user);
114 |             {%- else %}
115 |             userhash = CryptoJS.SHA256(user).toString(CryptoJS.enc.Base64);
116 |             {%- endif %}
117 |         }
118 |         for (let i = 0; i < ciphertext_bundle.length; i++) {
119 |             pass = encodeURIComponent(password);
120 |             parts = ciphertext_bundle[i].split(';');
121 |             if (parts.length == 3) {
122 |                 keys = {% if webcrypto %}await {% endif %}decrypt_key(pass, parts[0], parts[1], parts[2]);
123 |                 if (keys) {
124 |                     {% if remember_password %}setCredentials(null, pass);{% endif %}
125 |                     return keys;
126 |                 }
127 |             } else if (parts.length == 4 && username) {
128 |                 if (parts[3] == userhash) {
129 |                     keys = {% if webcrypto %}await {% endif %}decrypt_key(pass, parts[0], parts[1], parts[2]);
130 |                     if (keys) {
131 |                         {% if remember_password %}setCredentials(user, pass);{% endif %}
132 |                         return keys;
133 |                     }
134 |                 }
135 |             }
136 |         }
137 |     }
138 |     return false;
139 | };
140 | 
141 | /* Decrypts the content from the ciphertext bundle. */
142 | {% if webcrypto %}async {% endif %}function decrypt_content(key, iv_b64, ciphertext_b64) {
143 |     {%- if webcrypto %}
144 |     const rawKey = fromHex(key);
145 |     const iv = fromBase64(iv_b64);
146 |     const ciphertext = fromBase64(ciphertext_b64);
147 |     try {
148 |         const wckey = await window.crypto.subtle.importKey(           
149 |             "raw",
150 |             rawKey,                                                 
151 |             "AES-CBC",
152 |             true,
153 |             ["decrypt"]
154 |         );
155 |         const decrypted = await window.crypto.subtle.decrypt(
156 |             {
157 |                 name: "AES-CBC",
158 |                 iv: iv
159 |             },
160 |             wckey,
161 |             ciphertext
162 |         );
163 |         const decoder = new TextDecoder();
164 |         return decoder.decode(decrypted);
165 |     }
166 |     catch (err) {
167 |         // encoding failed; wrong key
168 |         return false;
169 |     }
170 |     {%- else %}
171 |     let iv = CryptoJS.enc.Base64.parse(iv_b64),
172 |         ciphertext = CryptoJS.enc.Base64.parse(ciphertext_b64);
173 |     let encrypted = {ciphertext: ciphertext},
174 |         cfg = {iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7};
175 |     let plaintext = CryptoJS.AES.decrypt(encrypted, CryptoJS.enc.Hex.parse(key), cfg);
176 |     if(plaintext.sigBytes >= 0) {
177 |         try {
178 |             return plaintext.toString(CryptoJS.enc.Utf8)
179 |         } catch (err) {
180 |             // encoding failed; wrong key
181 |             return false;
182 |         }
183 |     } else {
184 |         // negative sigBytes; wrong key
185 |         return false;
186 |     }
187 |     {%- endif %}
188 | };
189 | 
190 | /* Split cyphertext bundle and try to decrypt it */
191 | {% if webcrypto %}async {% endif %}function decrypt_content_from_bundle(key, ciphertext_bundle) {
192 |     // grab the ciphertext bundle and try to decrypt it
193 |     if (ciphertext_bundle) {
194 |         let parts = ciphertext_bundle.split(';');
195 |         if (parts.length == 2) {
196 |             return {% if webcrypto %}await {% endif %}decrypt_content(key, parts[0], parts[1]);
197 |         }
198 |     }
199 |     return false;
200 | };
201 | 
202 | {% if- remember_keys -%}
203 | /* Save decrypted keystore to sessionStorage */
204 | {% if webcrypto %}async {% endif %}function setKeys(keys_from_keystore) {
205 |     for (const id in keys_from_keystore) {
206 |         sessionStorage.setItem(id, keys_from_keystore[id]);
207 |     }
208 | };
209 | 
210 | /* Delete key with specific name in sessionStorage */
211 | {% if webcrypto %}async {% endif %}function delItemName(key) {
212 |     sessionStorage.removeItem(key);
213 | };
214 | 
215 | {% if webcrypto %}async {% endif %}function getItemName(key) {
216 |     return sessionStorage.getItem(key);
217 | };
218 | {%- endif %}
219 | {%- if remember_password %}
220 | /* save username/password to sessionStorage/localStorage */
221 | {% if webcrypto %}async {% endif %}function setCredentials(username, password) {
222 |     {%- if session_storage %}
223 |     sessionStorage.setItem('{{ remember_prefix }}credentials', JSON.stringify({'user': username, 'password': password}));
224 |     {%- else %}
225 |     localStorage.setItem('{{ remember_prefix }}credentials', JSON.stringify({'user': username, 'password': password}));
226 |     {%- endif %}
227 | }
228 | 
229 | /* try to get username/password from sessionStorage/localStorage */
230 | {% if webcrypto %}async {% endif %}function getCredentials(username_input, password_input) {
231 |     {%- if session_storage %}
232 |     const credentials = JSON.parse(sessionStorage.getItem('{{ remember_prefix }}credentials'));
233 |     {%- else %}
234 |     const credentials = JSON.parse(localStorage.getItem('{{ remember_prefix }}credentials'));
235 |     {%- endif %}
236 |     if (credentials && !encryptcontent_obfuscate) {
237 |         if (credentials['user'] && username_input) {
238 |             username_input.value = decodeURIComponent(credentials['user']);
239 |         }
240 |         if (credentials['password']) {
241 |             password_input.value = decodeURIComponent(credentials['password']);
242 |         }
243 |         return true;
244 |     } else {
245 |         return false;
246 |     }
247 | }
248 | 
249 | /*remove username/password from localStorage */
250 | {% if webcrypto %}async {% endif %}function delCredentials() {
251 |     {%- if session_storage %}
252 |     sessionStorage.removeItem('{{ remember_prefix }}credentials');
253 |     {%- else %}
254 |     localStorage.removeItem('{{ remember_prefix }}credentials');
255 |     {%- endif %}
256 | }
257 | {%- endif %}
258 | 
259 | /* Reload scripts src after decryption process */
260 | {% if webcrypto %}async {% endif %}function reload_js(src) {
261 |     let script_src, script_tag, new_script_tag;
262 |     let head = document.getElementsByTagName('head')[0];
263 | 
264 |     if (src.startsWith('#')) {
265 |         script_tag = document.getElementById(src.substr(1));
266 |         if (script_tag) {
267 |             script_tag.remove();
268 |             new_script_tag = document.createElement('script');
269 |             if (script_tag.innerHTML) {
270 |                 new_script_tag.innerHTML = script_tag.innerHTML;
271 |             }
272 |             if (script_tag.src) {
273 |                 new_script_tag.src = script_tag.src;
274 |             }
275 |             if (script_tag.type) {
276 |                 new_script_tag.type = script_tag.type;
277 |             }
278 |             head.appendChild(new_script_tag);
279 |         }
280 |     } else {
281 |         if (base_url == '.') {
282 |             script_src = src;
283 |         } else {
284 |             script_src = base_url + '/' + src;
285 |         }
286 | 
287 |         script_tag = document.querySelector('script[src="' + script_src + '"]');
288 |         if (script_tag) {
289 |             script_tag.remove();
290 |             new_script_tag = document.createElement('script');
291 |             new_script_tag.src = script_src;
292 |             head.appendChild(new_script_tag);
293 |         }
294 |     }
295 | };
296 | 
297 | {% if experimental -%}
298 | /* Decrypt part of the search index and refresh it for search engine */
299 | {% if webcrypto %}async {% endif %}function decrypt_search(keys, retry=true) {
300 |     let sessionIndex = sessionStorage.getItem('encryptcontent-index');
301 |     let could_decrypt = false;
302 |     if (sessionIndex) {
303 |         sessionIndex = JSON.parse(sessionIndex);
304 |         for (let i = 0; i < sessionIndex.docs.length; i++) {
305 |             let doc = sessionIndex.docs[i];
306 |             let location_sep = doc.location.indexOf(';');
307 |             if (location_sep !== -1) {
308 |                 let location_id = doc.location.substring(0,location_sep);
309 |                 let location_bundle = doc.location.substring(location_sep+1);
310 |                 if (location_id in keys) {
311 |                     let key = keys[location_id];
312 |                     let location_decrypted = {% if webcrypto %}await {% endif %}decrypt_content_from_bundle(key, location_bundle);
313 |                     if (location_decrypted) {
314 |                         doc.location = location_decrypted;
315 |                         doc.text = {% if webcrypto %}await {% endif %}decrypt_content_from_bundle(key, doc.text);
316 |                         doc.title = {% if webcrypto %}await {% endif %}decrypt_content_from_bundle(key, doc.title);
317 |                         could_decrypt = true;
318 |                     }
319 |                 }
320 |             }
321 |         }
322 |         if (could_decrypt) {
323 |             //save decrypted index
324 |             sessionIndex = JSON.stringify(sessionIndex);
325 |             sessionStorage.setItem('encryptcontent-index', sessionIndex);
326 |             // force search index reloading on Worker
327 |             if (typeof searchWorker !== 'undefined') {
328 |                 searchWorker.postMessage({init: true, sessionIndex: sessionIndex});
329 |             } else { //not default search plugin: reload whole page
330 |                 window.location.reload();
331 |             }
332 |         }
333 |     } else if (retry) {
334 |         setTimeout(() => { //retry after one second if 'encryptcontent-index' not available yet
335 |             decrypt_search(keys, false);
336 |         }, 1000);
337 |     }
338 | };
339 | {%- endif %}
340 | 
341 | /* Decrypt speficique html entry from mkdocs configuration */
342 | {% if webcrypto %}async {% endif %}function decrypt_somethings(key, encrypted_something) {
343 |     var html_item = '';
344 |     for (const [name, tag] of Object.entries(encrypted_something)) {
345 |         if (tag[1] == 'id') {
346 |             html_item = [document.getElementById(name)];
347 |         } else if (tag[1] == 'class') {
348 |             html_item = document.getElementsByClassName(name);
349 |         } else {
350 |             console.log('WARNING: Unknow tag html found, check "encrypted_something" configuration.');
351 |         }
352 |         if (html_item[0]) {
353 |             for (let i = 0; i < html_item.length; i++) {
354 |                 // grab the cipher bundle if something exist
355 |                 if (html_item[i].style.display == "none") {
356 |                     let content = {% if webcrypto %}await {% endif %}decrypt_content_from_bundle(key, html_item[i].innerHTML);
357 |                     if (content !== false) {
358 |                         // success; display the decrypted content
359 |                         html_item[i].innerHTML = content;
360 |                         html_item[i].style.display = null;
361 |                         // any post processing on the decrypted content should be done here
362 |                     }
363 |                 }
364 |             }
365 |         }
366 |     }
367 |     return html_item[0];
368 | };
369 | 
370 | /* Decrypt content of a page */
371 | {% if webcrypto %}async {% endif %}function decrypt_action(username_input, password_input, encrypted_content, decrypted_content, key_from_storage=false) {
372 |     let key=false;
373 |     let keys_from_keystore=false;
374 | 
375 |     let user=false;
376 |     if (username_input) {
377 |         user = username_input.value;
378 |     }
379 | 
380 |     if (key_from_storage !== false) {
381 |         key = key_from_storage;
382 |     } else {
383 |         keys_from_keystore = {% if webcrypto %}await {% endif %}decrypt_key_from_bundle(password_input.value, encryptcontent_keystore, user);
384 |         if (keys_from_keystore) {
385 |             key = keys_from_keystore[encryptcontent_id];
386 |         }
387 |     }
388 | 
389 |     let content = false;
390 |     if (key) {
391 |         content = {% if webcrypto %}await {% endif %}decrypt_content_from_bundle(key, encrypted_content.innerHTML);
392 |     }
393 |     if (content !== false) {
394 |         // success; display the decrypted content
395 |         decrypted_content.innerHTML = content;
396 |         encrypted_content.parentNode.removeChild(encrypted_content);
397 | 
398 |         if (keys_from_keystore !== false) {
399 |             return keys_from_keystore
400 |         } else {
401 |             return key
402 |         }
403 |     } else {
404 |         return false
405 |     }
406 | };
407 | 
408 | {% if webcrypto %}async {% endif %}function decryptor_reaction(key_or_keys, password_input, decrypted_content, fallback_used=false) {
409 |     if (key_or_keys) {
410 |         let key;
411 |         if (typeof key_or_keys === "object") {
412 |             key = key_or_keys[encryptcontent_id];
413 |             {% if remember_keys -%}
414 |             setKeys(key_or_keys);
415 |             {%- endif %}
416 |             {% if experimental -%}
417 |             decrypt_search(key_or_keys);
418 |             {%- endif %}
419 |         } else {
420 |             key = key_or_keys;
421 |         }
422 | 
423 |         // continue to decrypt others parts
424 |         {% if encrypted_something -%}
425 |         let encrypted_something = {{ encrypted_something }};
426 |         decrypt_somethings(key, encrypted_something);
427 |         {%- endif %}
428 |         if (typeof inject_something !== 'undefined') {
429 |             decrypted_content = {% if webcrypto %}await {% endif %}decrypt_somethings(key, inject_something);
430 |         }
431 |         if (typeof delete_something !== 'undefined') {
432 |             let el = document.getElementById(delete_something)
433 |             if (el) {
434 |                 el.remove();
435 |             }
436 |         }
437 |         // any post processing on the decrypted content should be done here
438 |     {%- if material %}
439 |         document$.next(document);
440 |     {%- else %}
441 |         {% if arithmatex -%}
442 |         if (typeof MathJax === 'object') { MathJax.typesetPromise();};
443 |         {%- endif %}
444 |         {% if mermaid2 -%}
445 |         if (typeof mermaid === 'object') { mermaid.contentLoaded();};
446 |         {%- endif %}
447 |         {% if hljs -%}
448 |         decrypted_content.querySelectorAll('pre code').forEach((block) => {
449 |             hljs.highlightElement(block);
450 |         });
451 |         {%- endif %}
452 |     {%- endif %}
453 |         {% if reload_scripts | length > 0 -%}
454 |         let reload_scripts = {{ reload_scripts }};
455 |         for (let i = 0; i < reload_scripts.length; i++) { 
456 |             {% if webcrypto %}await {% endif %}reload_js(reload_scripts[i]);
457 |         }
458 |         {%- endif %}
459 |         if (typeof theme_run_after_decryption !== 'undefined') {
460 |             theme_run_after_decryption();
461 |         }
462 |         if (window.location.hash) { //jump to anchor if hash given after decryption
463 |             window.location.href = window.location.hash;
464 |         }
465 |     } else {
466 |         // remove item on sessionStorage if decryption process fail (Invalid item)
467 |         if (!fallback_used) {
468 |             if (!encryptcontent_obfuscate) {
469 |                 // create HTML element for the inform message
470 |                 let mkdocs_decrypt_msg = document.getElementById('mkdocs-decrypt-msg');
471 |                 mkdocs_decrypt_msg.textContent = decryption_failure_message;
472 |                 password_input.value = '';
473 |                 password_input.focus();
474 |             }
475 |         }
476 |         {% if remember_keys -%}
477 |         delItemName(encryptcontent_id);
478 |         {%- endif %}
479 |     }
480 | }
481 | 
482 | /* Trigger decryption process */
483 | {% if webcrypto %}async {% endif %}function init_decryptor() {
484 |     let username_input = document.getElementById('mkdocs-content-user');
485 |     let password_input = document.getElementById('mkdocs-content-password');
486 |     // adjust password field width to placeholder length
487 |     //if (password_input.hasAttribute('placeholder')) {
488 |     //    password_input.setAttribute('size', password_input.getAttribute('placeholder').length);
489 |     //}
490 |     let encrypted_content = document.getElementById('mkdocs-encrypted-content');
491 |     let decrypted_content = document.getElementById('mkdocs-decrypted-content');
492 |     let content_decrypted;
493 |     {% if remember_keys -%}
494 |     /* If remember_keys is set, try to use sessionStorage item to decrypt content when page is loaded */
495 |     let key_from_storage = {% if webcrypto %}await {% endif %}getItemName(encryptcontent_id);
496 |     if (key_from_storage) {
497 |         content_decrypted = {% if webcrypto %}await {% endif %}decrypt_action(
498 |             username_input, password_input, encrypted_content, decrypted_content, key_from_storage
499 |         );
500 |         {% if remember_password -%}
501 |         /* try to get username/password from sessionStorage */
502 |         if (content_decrypted === false) {
503 |             let got_credentials = {% if webcrypto %}await {% endif %}getCredentials(username_input, password_input);
504 |             if (got_credentials) {
505 |                 content_decrypted = {% if webcrypto %}await {% endif %}decrypt_action(
506 |                     username_input, password_input, encrypted_content, decrypted_content
507 |                 );
508 |             }
509 |         }
510 |         {%- endif %}
511 |         decryptor_reaction(content_decrypted, password_input, decrypted_content, true);
512 |     }
513 |     {% if remember_password -%}
514 |     else {
515 |         let got_credentials = {% if webcrypto %}await {% endif %}getCredentials(username_input, password_input);
516 |         if (got_credentials) {
517 |             content_decrypted = {% if webcrypto %}await {% endif %}decrypt_action(
518 |                 username_input, password_input, encrypted_content, decrypted_content
519 |             );
520 |             decryptor_reaction(content_decrypted, password_input, decrypted_content, true);
521 |         }
522 |     }
523 |     {%- endif %}
524 |     {%- endif %}
525 |     {%- if sharelinks %}
526 |     if (window.location.hash) {
527 |         let location_hash = window.location.hash.substring(1)
528 |         let anchor_hash = location_hash.search('#')
529 |         if (anchor_hash  != -1) { //check additional anchor
530 |             window.location.hash = location_hash.substring(anchor_hash);
531 |             location_hash = location_hash.substring(0,anchor_hash);
532 |         }
533 |         if (!content_decrypted) {
534 |             let sharestring;
535 |             if (location_hash.startsWith('!')) {
536 |                 sharestring=decodeURIComponent(location_hash);
537 |             } else {
538 |                 let b64u_check = base64url_decode(location_hash);
539 |                 if (b64u_check !== false) {
540 |                     if (b64u_check.startsWith('!') && b64u_check.includes(":")) {
541 |                         sharestring=b64u_check;
542 |                     }
543 |                 }
544 |             }
545 |             if (sharestring) {
546 |                 sharestring = sharestring.substring(1);
547 |                 let pass_sep = sharestring.search(":");
548 |                 if (username_input) {
549 |                     username_input.value = sharestring.substring(0,pass_sep);
550 |                 }
551 |                 password_input.value = sharestring.substring(pass_sep+1);
552 |         {%- if sharelinks_incomplete %}
553 |                 if (password_input.value.endsWith(':')) {
554 |                     if (username_input) {
555 |                         username_input.style.display = "none";
556 |                     }
557 |                     let password_input_sharelink = password_input.cloneNode()
558 |                     password_input_sharelink.id = "mkdocs-content-password-sharelink";
559 |                     password_input_sharelink.style.display = "none";
560 |                     password_input_sharelink.value = password_input.value;
561 |                     password_input.value = "";
562 |                     password_input.insertAdjacentElement('beforebegin', password_input_sharelink);
563 |                 } else {
564 |                     content_decrypted = {% if webcrypto %}await {% endif %}decrypt_action(
565 |                         username_input, password_input, encrypted_content, decrypted_content
566 |                     );
567 |                     decryptor_reaction(content_decrypted, password_input, decrypted_content);
568 |                 }
569 |         {%- else %}
570 |                 content_decrypted = {% if webcrypto %}await {% endif %}decrypt_action(
571 |                     username_input, password_input, encrypted_content, decrypted_content
572 |                 );
573 |                 decryptor_reaction(content_decrypted, password_input, decrypted_content);
574 |         {%- endif %}
575 |             }
576 |         }
577 |     }
578 |     {%- endif %}
579 |     {% if password_button -%}
580 |     /* If password_button is set, try decrypt content when button is press */
581 |     let decrypt_button = document.getElementById("mkdocs-decrypt-button");
582 |     if (decrypt_button) {
583 |         decrypt_button.onclick = {% if webcrypto %}async {% endif %}function(event) {
584 |             event.preventDefault();
585 |     {%- if sharelinks_incomplete %}
586 |             let password_input_sharelink = document.getElementById('mkdocs-content-password-sharelink');
587 |             if (password_input_sharelink) {
588 |                 password_input.value = password_input_sharelink.value + password_input.value;
589 |             }
590 |     {%- endif %}
591 |             content_decrypted = {% if webcrypto %}await {% endif %}decrypt_action(
592 |                 username_input, password_input, encrypted_content, decrypted_content
593 |             );
594 |             decryptor_reaction(content_decrypted, password_input, decrypted_content);
595 |         };
596 |     }
597 |     {%- endif %}
598 |     /* Default, try decrypt content when key enter is press */
599 |     password_input.addEventListener('keypress', {% if webcrypto %}async {% endif %}function(event) {
600 |         if (event.key === "Enter") {
601 |             event.preventDefault();
602 |     {%- if sharelinks_incomplete %}
603 |             let password_input_sharelink = document.getElementById('mkdocs-content-password-sharelink');
604 |             if (password_input_sharelink) {
605 |                 password_input.value = password_input_sharelink.value + password_input.value;
606 |             }
607 |     {%- endif %}
608 |             content_decrypted = {% if webcrypto %}await {% endif %}decrypt_action(
609 |                 username_input, password_input, encrypted_content, decrypted_content
610 |             );
611 |             decryptor_reaction(content_decrypted, password_input, decrypted_content);
612 |         }
613 |     });
614 | }
615 | 
616 | {%- if material %}
617 | if (typeof base_url === 'undefined') {
618 |     var base_url = JSON.parse(document.getElementById('__config').textContent).base;
619 | }
620 | {%- endif %}
621 | if (document.readyState === "loading") {
622 |   // Loading hasn't finished yet
623 |   document.addEventListener("DOMContentLoaded", init_decryptor);
624 | } else {
625 |   // `DOMContentLoaded` has already fired
626 |   init_decryptor();
627 | }
628 | window["init_decryptor"] = init_decryptor;


--------------------------------------------------------------------------------
/encryptcontent/decrypt-form.tpl.html:
--------------------------------------------------------------------------------
 1 | <div id="mkdocs-encrypted-content" style="display:none">{{ ciphertext_bundle }}</div>
 2 | <div id="mkdocs-decrypted-content">
 3 |     <form id="mkdocs-decrypt-form"{% if form_class %} class="{{ form_class }}"{% endif %}>
 4 |         <h1>{{ summary }}</h1>
 5 |         {% if encryption_info_message %}<p>{{ encryption_info_message }}</p>{% endif %}
 6 |         {%- if obfuscate %}
 7 |         <input type="hidden" id="mkdocs-content-password" value="{{ obfuscate_password }}">
 8 |         {%- else %}
 9 |             {%- if uname %}
10 |         <input{% if input_class %} class="{{ input_class }}"{% endif %} type="text" id="mkdocs-content-user" placeholder="{{ placeholder_user }}">
11 |             {%- endif %}
12 |         <input{% if input_class %} class="{{ input_class }}"{% endif %} type="password" id="mkdocs-content-password" placeholder="{{ placeholder }}">
13 |         {%- endif %}
14 |         {% if password_button %}<button{% if button_class %} class="{{ button_class }}"{% endif %} id="mkdocs-decrypt-button">{{ password_button_text }}</button>{% endif %}
15 |         <p id="mkdocs-decrypt-msg"></p>
16 |     </form>
17 | </div>
18 | 
19 | <script type="text/javascript">
20 | var encryptcontent_id = "{{ encryptcontent_id }}";
21 | var encryptcontent_path = "{{ encryptcontent_path }}";
22 | var decryption_failure_message = {{ decryption_failure_message }};
23 | var encryptcontent_keystore = {{ encryptcontent_keystore }};
24 | var encryptcontent_obfuscate = {{ obfuscate }};
25 | {% if inject_something %}var inject_something = {{ inject_something }};{% endif -%}
26 | {% if delete_something %}var delete_something = "{{ delete_something }}";{%- endif %}
27 | </script>
28 | {%- if esm %}
29 | <script type="module">
30 | if (!window.hasOwnProperty("init_decryptor")) {
31 |     {%- if not webcrypto %}
32 |     import("{{ js_libraries[0] }}").then((module) => {
33 |         window["CryptoJS"] = module.default;
34 |     {%- endif %}
35 |     import("{{ base_path }}assets/javascripts/decrypt-contents.js");
36 |     {%- if not webcrypto %}
37 |     });
38 |     {%- endif %}
39 | } else {
40 |     init_decryptor();
41 | }
42 | </script>
43 | {%- else %}
44 |     {%- for library in js_libraries %}
45 | <script type="text/javascript" src="{{ library }}"></script>
46 |     {%- endfor %}
47 | <script type="text/javascript" src="{{ base_path }}assets/javascripts/decrypt-contents.js" defer></script>
48 | {%- endif %}
49 | 


--------------------------------------------------------------------------------
/patches/material_browser_request9.patch:
--------------------------------------------------------------------------------
 1 | --- src/assets/javascripts/browser/request/index.ts	Mon Sep 11 18:23:52 2023
 2 | +++ src/assets/javascripts/browser/request/index-encryptcontent.ts	Mon Sep 18 20:57:06 2023
 3 | @@ -26,6 +26,7 @@
 4 |    catchError,
 5 |    from,
 6 |    map,
 7 | +  tap,
 8 |    of,
 9 |    shareReplay,
10 |    switchMap,
11 | @@ -75,11 +76,38 @@
12 |  export function requestJSON<T>(
13 |    url: URL | string, options?: RequestInit
14 |  ): Observable<T> {
15 | -  return request(url, options)
16 | -    .pipe(
17 | -      switchMap(res => res.json()),
18 | -      shareReplay(1)
19 | -    )
20 | +  /* Hack to enable search Index decryption */
21 | +  if (url.href.endsWith('/search_index.json')) {
22 | +    const encryptcontentIndexKey = 'encryptcontent-index';
23 | +    const encryptcontentIndex = sessionStorage.getItem(encryptcontentIndexKey);
24 | +    
25 | +    if (encryptcontentIndex) {
26 | +      // if already available in sessionStorage return Observable JSON data
27 | +      try {
28 | +        const parsedData = JSON.parse(encryptcontentIndex) as T;
29 | +        return of(parsedData);
30 | +      } catch (error) {
31 | +        console.error('Error parsing encryptcontent-index:', error);
32 | +        return throwError(error);
33 | +      }
34 | +    } else {
35 | +      // if not yet available in sessionStorage request JSON data
36 | +      return request(url, options).pipe(
37 | +        switchMap((res) => res.json()),
38 | +        tap((jsonData) => {
39 | +          // and save them to sessionstorage
40 | +          sessionStorage.setItem(encryptcontentIndexKey, JSON.stringify(jsonData));
41 | +        }),
42 | +        shareReplay(1)
43 | +      );
44 | +    }
45 | +  } else {
46 | +    return request(url, options)
47 | +      .pipe(
48 | +        switchMap(res => res.json()),
49 | +        shareReplay(1)
50 | +      )
51 | +    }
52 |  }
53 |  
54 |  /**
55 | 


--------------------------------------------------------------------------------
/patches/material_browser_request9_4p.patch:
--------------------------------------------------------------------------------
 1 | --- src/templates/assets/javascripts/browser/request/index.ts
 2 | +++ src/templates/assets/javascripts/browser/request/index.ts
 3 | @@ -24,6 +24,9 @@ import {
 4 |    Observable,
 5 |    Subject,
 6 |    map,
 7 | +  tap,
 8 | +  of,
 9 | +  throwError,
10 |    shareReplay,
11 |    switchMap
12 |  } from "rxjs"
13 | @@ -117,12 +120,40 @@ export function request(
14 |  export function requestJSON<T>(
15 |    url: URL | string, options?: Options
16 |  ): Observable<T> {
17 | -  return request(url, options)
18 | -    .pipe(
19 | -      switchMap(res => res.text()),
20 | -      map(body => JSON.parse(body) as T),
21 | -      shareReplay(1)
22 | -    )
23 | +  /* Hack to enable search Index decryption */
24 | +  if (url.href.endsWith('/search_index.json')) {
25 | +    const encryptcontentIndexKey = 'encryptcontent-index';
26 | +    const encryptcontentIndex = sessionStorage.getItem(encryptcontentIndexKey);
27 | +
28 | +    if (encryptcontentIndex) {
29 | +      // if already available in sessionStorage return Observable JSON data
30 | +      try {
31 | +        const parsedData = JSON.parse(encryptcontentIndex) as T;
32 | +        return of(parsedData);
33 | +      } catch (error) {
34 | +        console.error('Error parsing encryptcontent-index:', error);
35 | +        return throwError(error);
36 | +      }
37 | +    } else {
38 | +      // if not yet available in sessionStorage request JSON data
39 | +      return request(url, options).pipe(
40 | +        switchMap(res => res.text()),
41 | +        map(body => JSON.parse(body) as T),
42 | +        tap((jsonData) => {
43 | +          // and save them to sessionstorage
44 | +          sessionStorage.setItem(encryptcontentIndexKey, JSON.stringify(jsonData));
45 | +        }),
46 | +        shareReplay(1)
47 | +      );
48 | +    }
49 | +  } else {
50 | +    return request(url, options)
51 | +      .pipe(
52 | +        switchMap(res => res.text()),
53 | +        map(body => JSON.parse(body) as T),
54 | +        shareReplay(1)
55 | +      )
56 | +  }
57 |  }
58 |  
59 |  /**
60 | 


--------------------------------------------------------------------------------
/patches/material_search_worker8.patch:
--------------------------------------------------------------------------------
 1 | --- src/assets/javascripts/integrations/search/worker/_/index.ts	2022-11-11 18:49:20.000000000 +0100
 2 | +++ "src/assets/javascripts/integrations/search/worker/_/index - encryptcontent.ts"	2022-11-13 20:24:57.313110700 +0100
 3 | @@ -86,6 +86,19 @@
 4 |      suggestions: feature("search.suggest")
 5 |    }
 6 |  
 7 | +  /* Hack to enable search Index decryption */
 8 | +  let sessionIndex = sessionStorage.getItem('encryptcontent-index')
 9 | +  let saveIndex = {}
10 | +  if (!sessionIndex) {
11 | +    saveIndex['config'] = config
12 | +    saveIndex['docs'] = docs
13 | +    sessionStorage.setItem('encryptcontent-index', JSON.stringify(saveIndex))
14 | +  } else {
15 | +    saveIndex = JSON.parse(sessionIndex)
16 | +    config = saveIndex['config']
17 | +    docs = saveIndex['docs']
18 | +  }
19 | +
20 |    /* Return search index after defaulting */
21 |    return { config, docs, options }
22 |  }
23 | 


--------------------------------------------------------------------------------
/setup.py:
--------------------------------------------------------------------------------
 1 | import os
 2 | from setuptools import setup, find_packages
 3 | 
 4 | 
 5 | def read(fname):
 6 |     file_path = os.path.join(os.path.dirname(__file__), fname)
 7 |     with open(file_path) as file:
 8 |         content = file.read()
 9 |     return content if content else 'no content read'
10 | 
11 | 
12 | setup(
13 |     name='mkdocs-encryptcontent-plugin',
14 |     version='3.0.4',
15 |     author='unverbuggt',
16 |     author_email='unverbuggt@xn--rthlein-n2a.de',
17 |     description='A MkDocs plugin that encrypt/decrypt markdown content with AES',
18 |     long_description=read('README.md'),
19 |     long_description_content_type='text/markdown',
20 |     keywords='mkdocs python markdown encrypt decrypt content',
21 |     url='https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/',
22 |     license='MIT',
23 |     python_requires='>=3.5',
24 |     install_requires=[
25 |         'mkdocs',
26 |         'pyyaml',
27 |         'pycryptodome',
28 |         'beautifulsoup4',
29 |     ],
30 |     classifiers=[
31 |         'Development Status :: 5 - Production/Stable',
32 |         'Intended Audience :: Developers',
33 |         'Intended Audience :: Information Technology',
34 |         'License :: OSI Approved :: MIT License',
35 |         'Programming Language :: Python',
36 |         'Programming Language :: Python :: 3.5',
37 |         'Programming Language :: Python :: 3.6',
38 |         'Programming Language :: Python :: 3.7',
39 |         'Programming Language :: Python :: 3.8',
40 |         'Programming Language :: Python :: 3.9',
41 |         'Programming Language :: Python :: 3.10'
42 |     ],
43 |     packages=find_packages(exclude=['*.tests']),
44 |     entry_points={
45 |         'mkdocs.plugins': [
46 |             'encryptcontent = encryptcontent.plugin:encryptContentPlugin'
47 |         ]
48 |     },
49 |     package_data={'encryptcontent': [
50 |         '*.tpl.js',
51 |         '*.tpl.html',
52 |         '*.tpl.py',
53 |         'contrib/templates/search/*.js'
54 |     ]},
55 |     include_package_data=True
56 | )
57 | 


--------------------------------------------------------------------------------