feat: Pass encryption key in URL fragment

- Remove encryptionKey from URL - Use POST method to pass both password and encryption key - Parse URL fragment to extract the encryption key from the web (using javascript) and from the CLI Fixes #36. Signed-off-by: Julien Riou <julien@riou.xyz>
2025-10-01 12:40:46 +02:00 · 2025-10-01 12:40:46 +02:00 · ee7b5f0c6e
commit ee7b5f0c6e
parent 1fcde736a8
8 changed files with 103 additions and 316 deletions
--- a/src/server/templates/unprotectedNote.html
+++ b/src/server/templates/unprotectedNote.html
@ -7,12 +7,14 @@
 <body>
    {{block "header" .}}{{end}}

-    {{if ne .Err nil}}
+    {{if .Err}}
    {{block "error" .}}{{end}}
-    {{else}}
+    {{else if or (gt (len .Note.PasswordHash) 0) .Note.Encrypted}}
+    <script>var protected = false;</script>
    <div class="container mb-4">
-        {{if gt (len .Note.PasswordHash) 0}}
-        <form id="form" action="#" method="post" enctype="multipart/form-data">
+        <form id="form" method="post" enctype="multipart/form-data">
+            {{if gt (len .Note.PasswordHash) 0}}
+            <script>protected = true;</script>
            <div class="container mb-4 w-25">
                <div class="row text-center justify-content-center">
                    <label class="col-form-label" for="password">Password</label>
@ -23,9 +25,36 @@
                    <input type="password" class="form-control" id="password" name="password">
                </div>
            </div>
+            {{end}}
+            {{if .Note.Encrypted}}
+            <div id="encryption-container">
+                <div class="container mb-4 w-25">
+                    <div class="row text-center justify-content-center">
+                        <label class="col-form-label" for="password">Encryption key</label>
+                    </div>
+                </div>
+                <div class="container mb-4 w-25">
+                    <div class="row text-center justify-content-center">
+                        <input type="password" pattern="^[a-zA-Z0-9]{16,256}$"
+                            title="Letters and numbers with length from 16 to 256" class="form-control"
+                            id="encryption-key" name="encryption-key">
+                    </div>
+                </div>
+            </div>
+            <script>
+                var encryptionKey = window.location.hash.substr(1);
+                if (encryptionKey != "") {
+                    document.getElementById("encryption-container").style.display = "none";
+                    document.getElementById("encryption-key").value = encryptionKey;
+                    if (!protected) {
+                        document.getElementById("form").submit();
+                    }
+                }
+            </script>
+            {{end}}
            <div class="container mb-4 w-25">
                <div class="row text-center justify-content-center">
-                    <button type="submit" id="submit" class="btn btn-success">Submit</button>
+                    <button type="btn-submit" id="btn-submit" class="btn btn-success">Submit</button>
                </div>
            </div>
        </form>
@ -33,7 +62,6 @@
    {{else}}
    {{block "note" .}}{{end}}
    {{end}}
-    {{end}}

    {{block "footer" .}}{{end}}
 </body>