Skip to content

varppi/ConfiDoc

BranchesTags

Repository files navigation

Comp 1_00000

A document management service designed to enable strict access control, auditing and rapid identification of data breach sources.


Caution

This project is a work in progress and is yet to undergo rigorous security and general testing.

Roadmap

  • Base features like account, document and group creation.
  • Responsive pages.
  • Account deletion, password change
  • Digital signing with ECDSA.
  • AES-256 bit cold storage encryption.
  • Admin accounts
  • Access periods ("allow access for X days").
  • Read only PDF view.
  • Tracking information in read only mode, making each download linked to the IP and account of the user.
  • Event logs.
  • Captcha.
  • Customizable theme and front page.

Brief technical details

  • All changes are signed with the private key of the user who made them using ECDSA. In the future, this private key will be encrypted such that it is only decryptable with the user's password, which the server does not know directly.
  • If you enable document encryption, it means all the document's data is encrypted using AES-256 during rest and only briefly decrypted server side using the user's provided key, when a user modifies or tries to read the contents of the document.

Installation (requires .NET 10 or Docker)

git clone https://github.com/varppi/ConfiDoc
cd ConfiDoc/Confidoc.Server
dotnet ef database update
dotnet run .

or use the dockerfile included to fit your custom needs.

Configuration

Location: Confidoc.Server/.env

Sample .env (sample contains all currently configurable settings)

CONFIDOC_DATABASE="sqlite"
CONFIDOC_CONNECTION="Data Source=confidoc.db"
CONFIDOC_JWT_SECRET="testingtestingTesting1234!Teeeestinng!"
CONFIDOC_JWT_ISSUER="https://localhost:5173"
CONFIDOC_JWT_AUDIENCE="https://localhost:5173"
CONFIDOC_JWT_EXPIRES=60 # minutes
PASSWORD_REQUIRE_DIGITS=true
PASSWORD_REQUIRE_NONALPHA=true
PASSWORD_REQUIRE_UPPER=true
PASSWORD_REQUIRE_LOWER=true
LOG_TYPE=console
LOG_OUT=null # file/elasticsearch/other supported destiations for serilog to output logs
LOG_LEVEL=debug

Screenshot gallery

Front page

image

Event logs show 50 of the latest document related events (admin sees every document, normally you see only documents you own). Different actions have different colored text to make it easier to spot unusual activity.

image

Markdown editor

image

Downloaded PDF version of the document. The vertical gray lines contain the download event ID in binary format, which can be used to query who downloaded the PDF file.

image

About

A somewhat secure document management service

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages