Encryptor 2.0 is a comprehensive password management solution designed to securely store and manage your login credentials, as well as generate complex, unique passwords with a single click.
This project is built using five key components:
- Native GUI Application: Developed with Avalonia, offering a user-friendly interface for managing your passwords.
- Chrome Extention: Provides seamless integration with your browser for easy access to your passwords.
- Flask Server: Handles API endpoints for communication between the client application and the database.
- MySQL Database: Securely stores user encrypted data.
- Ubuntu Server: Provides the deployment environment for the application.
For the more detailed description, please read Hight-Level Architecture section.
- Nginx Reverse Proxy Setup: Configured Nginx as a reverse proxy to manage and route incoming traffic.
- Utilized Docker and Docker-Compose for deploying the MySQL and Flask applications.
- Set up Cloudflare DNS to manage domain names and enhance security.
- Configured firewall rules to secure the server and control access.
- Managed SSL/TLS certificates to ensure secure communication
- Includes tables for users, tokens, and users data, with appropriate fields for storing encrypted data
- Sensitive data is encrypted using robust algorithms before storage.
- Encryption is used on 100% of user data except for primary keys.
- Frequently accessed data is cached on the server using (redis) to reduce database load.
- Database access is restricted to authorized users with limited permissions.
Example of the table responsible for storing passwords
- Endpoints for user authentication (login, registration, 2 factor authentication).
- Endpoints for password/user management (GET, POST, PATCH, DELETE).
- Image Retrieval: Provides endpoints to retrieve images of specific company or brand.
- Rate Limiting: Implements rate limiting to prevent scripting abuse and ensure fair usage
- Usage of various algorithms (e.g., bcrypt, scrypt, AES) for encryption and decryption.
- Data Validation and Error Handling: Ensures that data input is validated and errors are handled gracefully.
- Intuitive and simple UI for managing user's data.
- Secure Authentication: forms for login, registration, and 2FA.
- Caching system: frequently accessed data is cached on client side to improve response times
- Comprehensive Password Management: Easily view, add, edit, and delete password entries
- Robust API Integration: Communicate securely with the Flask API through efficient HTTPS requests for all operations
- Built using vanilla HTML and CSS, providing a clean and responsive design.
- Utilizes vanilla JavaScript to communicate with the Flask server.
- Ensures secure communication with the Flask server via HTTPS
- Supported by majority chromium based browsers.
Install docker and docker-compose on your local machine:
Important!!
When user creates a new credential, the server must fetch the specified service icon such as Netflix by using third party api. Therefore, you should get the api key for the icon functionality
Clone the project
git clone https://gitlab.com/DmitriyKim01/passwordmanager.gitGo to the project directory
cd ./passwordmanager/server/In the current directory, create the following Dockerfile
nano Dockerfile FROM python:latest
EXPOSE 5000
# Keeps Python from generating .pyc files in the container
ENV PYTHONDONTWRITEBYTECODE=1
# Turns off buffering for easier container logging
ENV PYTHONUNBUFFERED=1
WORKDIR /app
COPY . /app
# Install dependencies
RUN apt-get update && apt-get install -y build-essential
RUN pip install --upgrade pip
COPY requirements.txt .
RUN python -m pip install --no-cache-dir -r /app/requirements.txt
# Creates a non-root user with an explicit UID and adds permission to access the /app folder
RUN adduser -u 5678 --disabled-password --gecos "" appuser && chown -R appuser /app
USER appuser
# During debugging, this entry point will be overridden.
CMD ["gunicorn", "--bind", "0.0.0.0:5000", "app.__init__:create_app()"]After creating Dockerfile, create the following docker-compose file
nano docker-compose.yml version: "3.1"
services:
db:
image: mysql
container_name: db_password_manager
restart: always
environment:
MYSQL_ROOT_PASSWORD: 'changeme'
MYSQL_PASSWORD: 'changeme'
MYSQL_DATABASE: password_manager
MYSQL_USER: 'changeme'
ports:
- '3306:3306'
volumes:
- ./app/database/script.sql:/docker-entrypoint-initdb.d/init.sql
- ./mysql:/var/lib/mysql
web:
build:
context: .
dockerfile: Dockerfile
container_name: server_password_manager
restart: always
environment:
MYSQL_DB: password_manager
MYSQL_USER: 'changeme'
MYSQL_HOST: db
MYSQL_PASSWORD: 'changeme'
FLASK_SECRET: 'changeme'
LOGO_API_TOKEN: 'changeme'
SEPARATOR: 'changeme'
API_SALT: 'changeme'
ports:
- "5192:5000"
depends_on:
- db
links:
- dbRun the docker-compose file
docker-compose upVerify if docker process are running
docker psOpen ports specified in docker files
sudo ufw allow 5192/tcpCheck if the server is running.
P.s. The server should throw unauthorized error, which means it's working
https://password-manager.dmitriykim.ca -H "Authorization: Bearer <token>" POST /api/register| Json Parameter | Type | Description |
|---|---|---|
email |
string |
New user's email |
password |
string |
New user's password |
confirm_password |
string |
New user's confirm password (should match the password) |
POST /api/register/2fa| Json Parameter | Type | Description |
|---|---|---|
code |
string |
Totp 6 digits code |
POST /api/login/validate| Json Parameter | Type | Description |
|---|---|---|
email |
string |
Email you want to verify on database |
password |
string |
Password that should match with user's email |
POST /api/login/2fa| Json Parameter | Type | Description |
|---|---|---|
email |
string |
Email you want to verify on database |
password |
string |
Password that should match with user's email |
code |
string |
Totp 6 digits code |
POST /api/user/{email}| Json Parameter | Type | Description |
|---|---|---|
email |
string |
Email you want to verify on database |
GET /api/qrcode/{email}| Parameter | Type | Description |
|---|---|---|
email |
string |
Required. The email of a user that need to pass 2FA |
PATCH /api/user/email| Json Parameter | Type | Description |
|---|---|---|
email |
string |
Required. New user's email |
PATCH /api/user/password| Json Parameter | Type | Description |
|---|---|---|
password |
string |
Required. New user's password |
DELETE /api/logout DELETE /api/user GET /api/accounts| Filter Parameter | Type | Description |
|---|---|---|
?title |
string |
Filter user's passwords data based on the title |
?username |
string |
Filter user's passwords data based on the username |
?note |
string |
Filter user's passwords data based on the note |
?serviceName |
string |
Filter user's passwords data based on the service name |
?keyword |
string |
Filter user's passwords data based on the keyword |
POST /api/accounts | Json Parameter | Type | Description |
|---|---|---|
title |
string |
Required. Title of a password |
username |
string |
Username (e.g. [email protected]) |
password |
string |
Password (e.g. password12345%) |
note |
string |
Additional note attachment (e.g. My personal login) |
service_name |
string |
Service Name (e.g Google, Netflix, etc.) |
DELETE /api/accounts/{id}| Parameter | Type | Description |
|---|---|---|
id |
int |
Required. Id of item to delete |
PATCH /api/accounts/{id}| Json Parameter | Type | Description |
|---|---|---|
title |
string |
Update user's title |
username |
string |
Update user's username |
password |
string |
Update user's password |
note |
string |
Update user's note |
serviceName |
string |
Update user's service name |
GET /api/accounts/logo/{service_name}| Parameter | Type | Description |
|---|---|---|
service_name |
string |
Required. The service or company of the logo you want |
