Words
Words is a platform to just write. It doesn't come in the way of you and your thoughts, with complete data privacy.
How it works
This repo contains a REST CRUD API for the backend of Words, a platform I made to write and share words with my significant other. You can make a nice frontend to make it all work, or use my repo vue-words for a headstart.
It uses the crypto library OpenSSL to securely encrypt every word you write, with token-based authentication using JWT.
It's database-free, since it uses a JSON file structure to store everything, so you can easily make file backups, import and export data, and manage it completely without any privacy breaches.
Structure
Words uses a single file, meta.json in the root for all your settings. This file contains the directory location to save and view all posts from, as well as your root password, OpenSSL key and initialization vector.
It looks something like this:
{
"files": "./words/",
"key": "example_secure_key",
"iv": "example_initialization_vector",
"password": "$2y$10$wc5FaC/hnNipOAMHLh4yxuaYFBm0wSa1mE07mH187JSDCumtujfk6",
"token_valid_for": "25 hours"
}
The password in this file is an output of password_hash("example_password", PASSWORD_DEFAULT). You should use the same function to generate a hash of your password and store it in this file.
An example post looks like then when saved:
{
"title": "TmZRWXZZVDNBM21LWWJ1WW9Fd1FzZz09",
"date": "2018-03-05 11:33:20",
"body": "R2d5SkkrTTJrVWlCWjZubkU4T3VvTElPRU1mdzNkM1cySFJGTmNJTTlGWT0="
}
So, only when you have the same meta.json parameters will you be able to decrypt the contents and view the post.
REST API
All requests (except when generating a new token) need to be authenticated with a token header.
POST / to get a new token
Request body:
{
"password": "example_password"
}
Response body:
{
"api": "words",
"version": "4.1",
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHBpcmVzIjoiMjAxOC0wMy0wNiAxMjoyOTo1MiJ9.Coe969vqWQDmd34G04Y5HxOhOaz5citBOr5yEjxI6j0",
"expires": "2018-03-06 12:29:52"
}
GET /posts to get a list of all posts
Response body:
{
"api": "words",
"version": "4.1",
"posts": [
{
"id": "20180305104246d5bfde2cdc.json",
"title": "Post title has been edited",
"date": "2018-03-05 11:26:44"
},
{
"id": "20180305113204b375272648.json",
"title": "Post title",
"date": "2018-03-05 11:32:04"
}
]
}
PUT /posts to create a new post
Request body:
{
"title": "Post title",
"body": "<p>This is an example post!</p>"
}
Response body:
{
"api": "words",
"version": "4.1",
"created": true
}
GET /post/{id} to get a specific post
Response body:
{
"api": "words",
"version": "4.1",
"post": {
"title": "Post title has been edited",
"date": "2018-03-05 11:26:44",
"body": "<p>This is an example post!</p>"
}
}
DELETE /post/{id} to delete a specific post
Response body:
{
"api": "words",
"version": "4.1",
"deleted": true
}
PUT /post/{id} to update a specific post
Request body:
{
"title": "Updated post title",
"body": "<p>This is an example post which has been updated!</p>"
}
Response body:
{
"api": "words",
"version": "4.1",
"updated": true
}
版权声明:
1、该文章(资料)来源于互联网公开信息,我方只是对该内容做点评,所分享的下载地址为原作者公开地址。2、网站不提供资料下载,如需下载请到原作者页面进行下载。
3、本站所有内容均由合作方或网友上传,本站不对文档的完整性、权威性及其观点立场正确性做任何保证或承诺!文档内容仅供研究参考学习用!
4、如文档内容存在违规,或者侵犯商业秘密、侵犯著作权等,请点击“违规举报”。
