From 6c2562dc58b300ce4e8fad0a4f7e71d7e7079e5f Mon Sep 17 00:00:00 2001 From: snowkidind Date: Sun, 5 Mar 2023 17:24:40 +0700 Subject: [PATCH 1/2] todos --- TODO.md | 10 ++++++++++ monitor.js | 4 ++-- 2 files changed, 12 insertions(+), 2 deletions(-) create mode 100644 TODO.md diff --git a/TODO.md b/TODO.md new file mode 100644 index 0000000..8bd1f42 --- /dev/null +++ b/TODO.md @@ -0,0 +1,10 @@ +Things to build: + +key regeneration ceremony + + The current software does not allow for a new encryption key to be issued. There should be a process to issuing this which includes migrating the existing data.enc file. It should also have a feature to remove all backups that use the previous encryption key. + +command to erase the key + + In Signal, you can set the encryption key, but you cannot erase the key. This would be a useful command to issue should you have to surrender your phone for repairs etc. + \ No newline at end of file diff --git a/monitor.js b/monitor.js index 371d7bd..e5c99f6 100644 --- a/monitor.js +++ b/monitor.js @@ -51,7 +51,7 @@ const { timeFmtDb, dateNowBKK } = dateutils // handle backups const backup = async () => { - setTimeout(backup, process.env.BACKUP_CRON * 60 * 60 * 1000) + setTimeout(backup, (Number(process.env.BACKUP_CRON) || 24) * 60 * 60 * 1000) await pwSkills.manualBackup() } backup() @@ -65,7 +65,7 @@ const { timeFmtDb, dateNowBKK } = dateutils // requests to detect server down condition const checkIn = async () => { if (typeof process.env.CHECK_IN_URL !== 'undefined') { - setTimeout(checkIn, process.env.CHECK_IN_MIN * 60 * 1000) + setTimeout(checkIn, Number(process.env.CHECK_IN_MIN) * 60 * 1000) await axios.get(process.env.CHECK_IN_URL) .catch((error) => { if (error.response) console.log(error.response.data) From 3a550e14267bffc0c5b47f15ccb7892628671dcf Mon Sep 17 00:00:00 2001 From: snowkidind Date: Sun, 5 Mar 2023 17:26:43 +0700 Subject: [PATCH 2/2] readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 457a713..1d135d0 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # Snowpass +## Self custodial password manager written in pure JS + If you are sick of using third parties for password management this may be a solution that is right for you. Signal messenger is an end to end strongly encrypted messenger application. Its been integrated by large platforms like whatsapp and telegram in order to give its users a secure experience. SnowPass leans on this technology to deliver user credentials to any device across platforms. The software can be installed on any personal device like a raspberry pi, an odroid or your laptop to create a safe zone for your passwords, free from dependence on third parties. After setting the system up, you interact with it directly on a chat message on the signal messenger app. You can make new entries, add notes to existing entries, change and update passwords and more. On the backend the password file is encrypted in a safe manner, using the latest strong encryption methods for safe storage. The disappearing message feature of signal messenger automatically removes password requests thereby eliminating any correspondence with the app after a set period of time.