Hugging Face's logo

Spaces:
jebin2
/
Paper
Running

App Files Community
Paper / README.md
jebin2's picture
jebin2
readme
5534454
preview code
|
raw
history blame contribute delete
3.27 kB
metadata
title: Paper
emoji: πŸ“
colorFrom: purple
colorTo: pink
sdk: docker
pinned: false

Paper ✨

A minimal, secure notepad for temporary notes. Zero tracking, zero accounts β€” just encrypted notes.

Features

  • πŸ” Client-side encryption β€” Your password never leaves your browser
  • πŸ—‘οΈ Auto-delete β€” Notes removed after 2 days of inactivity
  • 🌐 Access anywhere β€” Same password = same note, from any device
  • 🚫 No tracking β€” No cookies, no analytics, no accounts

How It Works 

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”         β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚     Browser     β”‚         β”‚     Server      β”‚
β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€         β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
β”‚                 β”‚         β”‚                 β”‚
β”‚  Password ──────┼─► SHA-256 Hash (16 char)  β”‚
β”‚        β”‚        β”‚         β”‚        β”‚        β”‚
β”‚        β–Ό        β”‚         β”‚        β–Ό        β”‚
β”‚  PBKDF2 Key     β”‚         β”‚  File ID        β”‚
β”‚  (250k rounds)  β”‚         β”‚  (no password)  β”‚
β”‚        β”‚        β”‚         β”‚                 β”‚
β”‚        β–Ό        β”‚         β”‚                 β”‚
β”‚  AES-GCM        β”‚         β”‚                 β”‚
β”‚  Encrypt/Decrypt│◄───────►│  Store/Load     β”‚
β”‚                 β”‚         β”‚  Encrypted Blob β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜         β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Key points:

  • Password β†’ PBKDF2 β†’ AES-256-GCM key (client only)
  • Password β†’ SHA-256 β†’ File identifier (sent to server)
  • Server stores only: encrypted content + random salt
  • Server never sees: password or decrypted content

Architecture 

Paper/
β”œβ”€β”€ index.html      # Single-page app (HTML + CSS + JS)
β”œβ”€β”€ main.py         # Flask backend
β”œβ”€β”€ Dockerfile      # Container setup
└── requirements.txt

Frontend (index.html)

  • Single HTML file with embedded CSS and JavaScript
  • Crypto API for AES-GCM encryption and PBKDF2 key derivation
  • Auto-save with debounce (1.5s after typing stops)
  • Dark theme with colorful accents

Backend (main.py)

  • Flask server with CORS support
  • Two endpoints: /api/load and /api/save
  • File-based storage (configurable via DATA_DIR)
  • Auto-cleanup: files older than 2 days or when storage exceeds limit

Environment Variables

Variable Default Description
DATA_DIR /tmp Storage directory
AGE_LIMIT_DAYS 2 Days before auto-delete
MAX_TOTAL_SIZE_MB 100 Max storage size
MAX_CONTENT_SIZE_MB 10 Max note size

Run Locally 

# Install dependencies
pip -r requirements.txt

# Start server
python main.py

Open http://localhost:7860

Deploy

Docker 

docker build -t paper .
docker run -p 7860:7860 paper

Security Notes

  • All encryption happens in your browser
  • Password is never transmitted or stored
  • Server cannot decrypt your notes
  • Use a strong, memorable password
  • No password recovery possible

License

MIT