Public | Automated Build

Last pushed: 2 years ago
Short Description
Set of web tools following TNO cryptography principle
Full Description

Trust No One

TNO which stands for Trust No One is a project which implements
a set of web tools all following TNO cryptography principle.
TNO principle is an application approach where no sensitive
user information is stored on the server. Instead all information
is encrypted in the "client" (e.g. web browser) and only the
ciphertext is sent to the server for storage. As a result,
since the server does not store the decryption key or any
information to derive the decryption key, it is unable to
read the stored data.

This repository contains source code for the https://tno.io site.

Services

Currently TNO.io provides the following services:

  • One Time Secrets - A way to share secrets which
    self-destruct after they are viewed. This is perfect
    for sending passwords in emails instead of sending
    actual passwords via inherently insecure medium.

RESTful API

APIs are awesome and should be public! TNO.io provides an
open API which anybody can use to interact with various
services we provide. In fact, we eat our own dog food and
use the same APIs to power our site.

Currently the following endpoints are available.
For each information about each endpoint, you can make
OPTIONS request to get tons more information.

  • /api/v1/entropy/:bytes/
  • /api/v1/one-time-secrets/
  • /api/v1/one-time-secrets/:uuid/

You can also query https://tno.io/api/v1/ to get all endpoints
as well.

Deployment

For the ease of deployment, TNO is packaged as a Docker container.
Docker allows to easily deploy the application with minimal setup.
The packaged Dockerfile only runs the Django webapp by using
gunicorn web server and requires access
to a PostgreSQL database. Therefore it is recommended to run
TNO as part of a docker-compose
application. Example docker-compose application:

data:
  image: busybox
  volumes:
    - /data

pgdata:
  image: miki725/pgdata

postgres:
  image: miki725/postgres
  expose:
    - 5432
  volumes_from:
    - pgdata

web:
  image: miki725/tno
  env_file: ./my.env
  expose:
    - 8888
  ports:
    - 8888:8888
  links:
    - postgres
  volumes_from:
    - data

Blank environment file will have a structure something like:

DJANGO_SETTINGS_MODULE=tno.settings.prod
ALLOWED_HOSTS=
SECRET_KEY=

DATABASE_HOST=postgres
DATABASE_PORT=5432
DATABASE_NAME=
DATABASE_USER=
DATABASE_PASSWORD=

EMAIL_HOST=
EMAIL_HOST_USER=
EMAIL_HOST_PASSWORD=

NEW_RELIC_ENABLED=true
NEW_RELIC_LICENSE_KEY=
NEW_RELIC_APP_NAME=TNO

OPBEAT_ENABLED=true
OPBEAT_ORGANIZATION_ID=
OPBEAT_APP_ID=
OPBEAT_SECRET_TOKEN=

To run the application, docker-compose can be used:

$ docker-compose up -d

That however will simply run the application.
When starting the application for the first time, some setup will be required.

  1. Create database for TNO::
$ docker run -it --rm --link=tno_postgres_1:postgres miki725/postgres psql --host=postgres
sql> CREATE ROLE tno WITH
     NOSUPERUSER
     NOCREATEDB
     NOCREATEROLE
     NOINHERIT
     LOGIN
     ENCRYPTED PASSWORD '';
sql> CREATE DATABASE tno WITH
     OWNER="tnouser"
     ENCODING='UTF8';
  1. Migrate Django application database to bring the schema up to date with the code:
$ docker run -it --rm \
    --env-file=my.env \
    --link=tno_postgres_1:postgres \
    tno_web ./manage.py migrate
  1. Collect all the static files:
$ docker run -it --rm \
    --env-file=my.env \
    --link=tno_postgres_1:postgres \
    --volumes-from=tno_data_1 \
    tnobuild_web ./manage.py collectstatic --noinput

Credits

Docker Pull Command
Owner
miki725
Source Repository

Comments (0)