miki725/tno
Set of web tools following TNO cryptography principle
192
TNO which stands for Trust No One is a project which implements a set of web tools all following TNO cryptography principle. TNO principle is an application approach where no sensitive user information is stored on the server. Instead all information is encrypted in the "client" (e.g. web browser) and only the ciphertext is sent to the server for storage. As a result, since the server does not store the decryption key or any information to derive the decryption key, it is unable to read the stored data.
This repository contains source code for the https://tno.io site.
Currently TNO.io provides the following services:
APIs are awesome and should be public! TNO.io provides an open API which anybody can use to interact with various services we provide. In fact, we eat our own dog food and use the same APIs to power our site.
Currently the following endpoints are available.
For each information about each endpoint, you can make
OPTIONS
request to get tons more information.
/api/v1/entropy/:bytes/
/api/v1/one-time-secrets/
/api/v1/one-time-secrets/:uuid/
You can also query https://tno.io/api/v1/ to get all endpoints as well.
For the ease of deployment, TNO is packaged as a Docker container.
Docker allows to easily deploy the application with minimal setup.
The packaged Dockerfile
only runs the Django webapp by using
gunicorn web server and requires access
to a PostgreSQL database. Therefore it is recommended to run
TNO as part of a docker-compose
application. Example docker-compose application:
data:
image: busybox
volumes:
- /data
pgdata:
image: miki725/pgdata
postgres:
image: miki725/postgres
expose:
- 5432
volumes_from:
- pgdata
web:
image: miki725/tno
env_file: ./my.env
expose:
- 8888
ports:
- 8888:8888
links:
- postgres
volumes_from:
- data
Blank environment file will have a structure something like:
DJANGO_SETTINGS_MODULE=tno.settings.prod
ALLOWED_HOSTS=
SECRET_KEY=
DATABASE_HOST=postgres
DATABASE_PORT=5432
DATABASE_NAME=
DATABASE_USER=
DATABASE_PASSWORD=
EMAIL_HOST=
EMAIL_HOST_USER=
EMAIL_HOST_PASSWORD=
NEW_RELIC_ENABLED=true
NEW_RELIC_LICENSE_KEY=
NEW_RELIC_APP_NAME=TNO
OPBEAT_ENABLED=true
OPBEAT_ORGANIZATION_ID=
OPBEAT_APP_ID=
OPBEAT_SECRET_TOKEN=
To run the application, docker-compose
can be used:
$ docker-compose up -d
That however will simply run the application. When starting the application for the first time, some setup will be required.
$ docker run -it --rm --link=tno_postgres_1:postgres miki725/postgres psql --host=postgres
sql> CREATE ROLE tno WITH
NOSUPERUSER
NOCREATEDB
NOCREATEROLE
NOINHERIT
LOGIN
ENCRYPTED PASSWORD '';
sql> CREATE DATABASE tno WITH
OWNER="tnouser"
ENCODING='UTF8';
$ docker run -it --rm \
--env-file=my.env \
--link=tno_postgres_1:postgres \
tno_web ./manage.py migrate
$ docker run -it --rm \
--env-file=my.env \
--link=tno_postgres_1:postgres \
--volumes-from=tno_data_1 \
tnobuild_web ./manage.py collectstatic --noinput
docker pull miki725/tno