# One-Time Secret Sharing Service A secure API backend for a one-time secret sharing service built with FastAPI and SQLite. ## Features - Create and share secrets securely - Secrets can only be viewed once - Automatic deletion after viewing or expiration - Customizable time-to-live (TTL) for secrets - Background cleanup of expired secrets - Encrypted storage of secrets ## API Endpoints ### Health Check ``` GET /health ``` Returns the health status of the API and database connection. ### Create a Secret ``` POST /api/v1/secrets ``` Create a new secret and get a token to access it. **Request Body:** ```json { "content": "Your secret message here", "ttl_hours": 24 // Optional, defaults to 24 hours } ``` **Response:** ```json { "token": "unique-token-id", "expires_at": "2023-07-28T10:00:00.000Z", "message": "Secret stored successfully" } ``` ### Retrieve a Secret ``` GET /api/v1/secrets/{token} ``` Retrieve a secret using its token. The secret is deleted immediately after retrieval. **Response:** ```json { "content": "Your secret message here", "message": "Secret retrieved successfully" } ``` **Error Responses:** - `404 Not Found` - Secret not found, already viewed, or expired ## Setup and Installation ### Prerequisites - Python 3.8+ - SQLite ### Environment Variables The application uses the following environment variables: - `SECRET_KEY`: Secret key for encryption (defaults to "development_secret_key" in development) ### Environment Detection The application automatically detects the environment it's running in: - In local development, it uses the project directory for database storage - In container deployment, it uses the `/app/storage/db` directory - Database permissions are automatically set to ensure write access ### Installation 1. Clone the repository 2. Create a virtual environment and activate it: ```bash python -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate ``` 3. Install dependencies: ```bash pip install -r requirements.txt ``` ### Database Setup Run Alembic migrations to set up the database: ```bash alembic upgrade head ``` The SQLite database will be created automatically in the `storage/db` directory with the proper permissions. The application will ensure that both the directory and the database file have appropriate write permissions. ### Running the Application Start the application with uvicorn: ```bash uvicorn main:app --host 0.0.0.0 --port 8000 --reload ``` The API will be available at `http://localhost:8000`. - API Documentation: `http://localhost:8000/docs` - ReDoc Documentation: `http://localhost:8000/redoc` - OpenAPI Specification: `http://localhost:8000/openapi.json` ## Security Considerations - Secrets are encrypted before storage - Secrets are automatically deleted after viewing - Expired secrets are cleaned up regularly - The service uses a TTL (time-to-live) mechanism to ensure secrets don't persist indefinitely ## Development ### Project Structure ``` . ├── alembic.ini # Alembic configuration ├── app/ # Application code │ ├── api/ # API endpoints │ │ └── routes/ # Route definitions │ ├── core/ # Core application code │ │ └── config.py # Application configuration │ ├── db/ # Database related code │ │ └── session.py # Database session setup │ ├── models/ # SQLAlchemy models │ │ ├── base.py # Base model │ │ └── secret.py # Secret model │ ├── schemas/ # Pydantic schemas │ │ └── secret.py # Secret schemas │ └── services/ # Business logic │ ├── encryption.py # Encryption service │ └── secret_service.py # Secret service ├── main.py # Application entry point ├── migrations/ # Alembic migrations │ └── versions/ # Migration scripts ├── README.md # This file └── requirements.txt # Python dependencies ```