File size: 3,267 Bytes
8c01e05 5534454 8c01e05 5534454 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 |
---
title: Paper
emoji: π
colorFrom: purple
colorTo: pink
sdk: docker
pinned: false
---
# Paper β¨
A minimal, secure notepad for temporary notes. Zero tracking, zero accounts β just encrypted notes.
## Features
- π **Client-side encryption** β Your password never leaves your browser
- ποΈ **Auto-delete** β Notes removed after 2 days of inactivity
- π **Access anywhere** β Same password = same note, from any device
- π« **No tracking** β No cookies, no analytics, no accounts
## How It Works
```
βββββββββββββββββββ βββββββββββββββββββ
β Browser β β Server β
βββββββββββββββββββ€ βββββββββββββββββββ€
β β β β
β Password βββββββΌββΊ SHA-256 Hash (16 char) β
β β β β β β
β βΌ β β βΌ β
β PBKDF2 Key β β File ID β
β (250k rounds) β β (no password) β
β β β β β
β βΌ β β β
β AES-GCM β β β
β Encrypt/DecryptββββββββββΊβ Store/Load β
β β β Encrypted Blob β
βββββββββββββββββββ βββββββββββββββββββ
```
**Key points:**
- Password β PBKDF2 β AES-256-GCM key (client only)
- Password β SHA-256 β File identifier (sent to server)
- Server stores only: encrypted content + random salt
- Server never sees: password or decrypted content
## Architecture
```
Paper/
βββ index.html # Single-page app (HTML + CSS + JS)
βββ main.py # Flask backend
βββ Dockerfile # Container setup
βββ requirements.txt
```
### Frontend (`index.html`)
- Single HTML file with embedded CSS and JavaScript
- Crypto API for AES-GCM encryption and PBKDF2 key derivation
- Auto-save with debounce (1.5s after typing stops)
- Dark theme with colorful accents
### Backend (`main.py`)
- Flask server with CORS support
- Two endpoints: `/api/load` and `/api/save`
- File-based storage (configurable via `DATA_DIR`)
- Auto-cleanup: files older than 2 days or when storage exceeds limit
## Environment Variables
| Variable | Default | Description |
|----------|---------|-------------|
| `DATA_DIR` | `/tmp` | Storage directory |
| `AGE_LIMIT_DAYS` | `2` | Days before auto-delete |
| `MAX_TOTAL_SIZE_MB` | `100` | Max storage size |
| `MAX_CONTENT_SIZE_MB` | `10` | Max note size |
## Run Locally
```bash
# Install dependencies
pip -r requirements.txt
# Start server
python main.py
```
Open http://localhost:7860
## Deploy
### Docker
```bash
docker build -t paper .
docker run -p 7860:7860 paper
```
## Security Notes
- All encryption happens in your browser
- Password is never transmitted or stored
- Server cannot decrypt your notes
- Use a strong, memorable password
- No password recovery possible
## License
MIT
|