Skip to content
/ Trackme Public

Test project of node/mongo easy to share crypted data

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

farfabet/Trackme

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits

.gitignore

.gitignore

 
 

README.md

README.md

 
 

app.js

app.js

 
 

cli.js

cli.js

 
 

nginx.conf

nginx.conf

 
 

node.Dockerfile

node.Dockerfile

 
 

node_motd

node_motd

 
 

package.json

package.json

 
 

setup_env.sh

setup_env.sh

 
 

Repository files navigation

Trackme

Test project of node/mongo easy to share crypted data

First project using NodeJS or MongoDB.

The idea is to be able to create a small data reposotiry quickly and easily and to be able to share the data with a simple ID and secret key to decrypt. Write message on an existing repository is only possible if the client has the private key to sign its messages.

Using Docker as playground.

CallFlow

POST

To create a new repository, setting initial data, data can be encrypted to avoid server or anyone to access data

POST / HTTP/1.1
Content-Type: application/json
Content-Length: 33
Host: nginx
Connection: close
  
{"data":"7c3640a0175fe0d5cf8307"}

HTTP/1.1 200 OK
Server: nginx/1.11.10
Date: Thu, 23 Feb 2017 09:02:48 GMT
Content-Type: application/json
Content-Length: 154
Connection: close
X-Powered-By: Express
  
{"sigkey":"dd9b16ea-6fc5-4912-8dbe-18ba6488c3d9","data":"7c3640a0175fe0d5cf8307","_id":"58aea5385d2f310001a592fd","created_at":"2017-02-23T09:02:48.702Z"}

Repository is created on MongoDB with a TTL, expiration is delay after each update

PUT

To update data, message must be sign using JWS and sigkey sent by server during repository creation with POST

PUT / HTTP/1.1
Content-Type: application/text
Content-Length: 157
Host: nginx
Connection: close
  
eyJhbGciOiJIUzI1NiJ9.eyJyZXBvIjoiNThhZWE1Mzg1ZDJmMzEwMDAxYTU5MmZkIiwiZGF0YSI6IjYyMjg0YmEyMDgxYWVmOWJkMjg1MWM0ZCJ9.e-QiHYQKw64UHxzN6ERZKMbBSBGq2NRNUCehiWlzsA0

decoded from Base64 (and decrypted data) signed message looks like :

{
  "header": {
    "alg": "HS256"
  },
  "payload": {
    "repo": "58aea90c8d3f66000110177a",
    "data": "updated repo"
  },
  "signature": "SjJQHDMJWzHTqVv4Ro7QA53rHwB83SIalYBc5GRS8O4"
}

HTTP/1.1 200 OK
Server: nginx/1.11.10
Date: Thu, 23 Feb 2017 09:02:49 GMT
Content-Length: 0
Connection: close
X-Powered-By: Express

GET

To retrieve data, anyone can GET data with a valid ObjectId hence the interest to encrypt data

GET /?id=58aea5385d2f310001a592fd HTTP/1.1
Content-Type: application/text
Content-Length: 0
Host: nginx
Connection: close

HTTP/1.1 200 OK
Server: nginx/1.11.10
Date: Thu, 23 Feb 2017 09:02:49 GMT
Content-Type: application/json
Content-Length: 66
Connection: close
X-Powered-By: Express
  
{"_id":"58aea5385d2f310001a592fd","data":"7c3640a0175fe0d5cf8307"}

DELETE

to delete repository before timeout

DELETE /?data=eyJhbGciOiJIUzI1NiJ9.NThhZWIxNzU2NTE1NTAwMDAxZmMzOTY4.S2JORPI7t3pDo9rN_WRqy8SpybIOXa8sPklzX3LVU18 HTTP/1.1
Content-Type: application/text
Content-Length: 0
Host: nginx
Connection: close

decoded from base64 data looks like, where payload is ObjectId to delete :

{ 
  "header": {
    "alg": "HS256"
  },
  "payload": "58aeb1756515500001fc3968",
  "signature":"S2JORPI7t3pDo9rN_WRqy8SpybIOXa8sPklzX3LVU18"
}  

HTTP/1.1 200 OK
Server: nginx/1.11.10
Date: Thu, 23 Feb 2017 09:55:01 GMT
Content-Length: 0
Connection: close
X-Powered-By: Express

About

Test project of node/mongo easy to share crypted data

Topics

nodejs jwt mongodb mongoose jws

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages