150 lines
3.7 KiB
Markdown
150 lines
3.7 KiB
Markdown
# One-Time Secret Sharing Service
|
|
|
|
A secure API backend for a one-time secret sharing service built with FastAPI and SQLite.
|
|
|
|
## Features
|
|
|
|
- Create and share secrets securely
|
|
- Secrets can only be viewed once
|
|
- Automatic deletion after viewing or expiration
|
|
- Customizable time-to-live (TTL) for secrets
|
|
- Background cleanup of expired secrets
|
|
- Encrypted storage of secrets
|
|
|
|
## API Endpoints
|
|
|
|
### Health Check
|
|
|
|
```
|
|
GET /health
|
|
```
|
|
|
|
Returns the health status of the API and database connection.
|
|
|
|
### Create a Secret
|
|
|
|
```
|
|
POST /api/v1/secrets
|
|
```
|
|
|
|
Create a new secret and get a token to access it.
|
|
|
|
**Request Body:**
|
|
```json
|
|
{
|
|
"content": "Your secret message here",
|
|
"ttl_hours": 24 // Optional, defaults to 24 hours
|
|
}
|
|
```
|
|
|
|
**Response:**
|
|
```json
|
|
{
|
|
"token": "unique-token-id",
|
|
"expires_at": "2023-07-28T10:00:00.000Z",
|
|
"message": "Secret stored successfully"
|
|
}
|
|
```
|
|
|
|
### Retrieve a Secret
|
|
|
|
```
|
|
GET /api/v1/secrets/{token}
|
|
```
|
|
|
|
Retrieve a secret using its token. The secret is deleted immediately after retrieval.
|
|
|
|
**Response:**
|
|
```json
|
|
{
|
|
"content": "Your secret message here",
|
|
"message": "Secret retrieved successfully"
|
|
}
|
|
```
|
|
|
|
**Error Responses:**
|
|
- `404 Not Found` - Secret not found, already viewed, or expired
|
|
|
|
## Setup and Installation
|
|
|
|
### Prerequisites
|
|
|
|
- Python 3.8+
|
|
- SQLite
|
|
|
|
### Environment Variables
|
|
|
|
The application uses the following environment variables:
|
|
|
|
- `SECRET_KEY`: Secret key for encryption (defaults to "development_secret_key" in development)
|
|
|
|
### Installation
|
|
|
|
1. Clone the repository
|
|
2. Create a virtual environment and activate it:
|
|
```bash
|
|
python -m venv venv
|
|
source venv/bin/activate # On Windows: venv\Scripts\activate
|
|
```
|
|
3. Install dependencies:
|
|
```bash
|
|
pip install -r requirements.txt
|
|
```
|
|
|
|
### Database Setup
|
|
|
|
Run Alembic migrations to set up the database:
|
|
|
|
```bash
|
|
alembic upgrade head
|
|
```
|
|
|
|
### Running the Application
|
|
|
|
Start the application with uvicorn:
|
|
|
|
```bash
|
|
uvicorn main:app --host 0.0.0.0 --port 8000 --reload
|
|
```
|
|
|
|
The API will be available at `http://localhost:8000`.
|
|
|
|
- API Documentation: `http://localhost:8000/docs`
|
|
- ReDoc Documentation: `http://localhost:8000/redoc`
|
|
- OpenAPI Specification: `http://localhost:8000/openapi.json`
|
|
|
|
## Security Considerations
|
|
|
|
- Secrets are encrypted before storage
|
|
- Secrets are automatically deleted after viewing
|
|
- Expired secrets are cleaned up regularly
|
|
- The service uses a TTL (time-to-live) mechanism to ensure secrets don't persist indefinitely
|
|
|
|
## Development
|
|
|
|
### Project Structure
|
|
|
|
```
|
|
.
|
|
├── alembic.ini # Alembic configuration
|
|
├── app/ # Application code
|
|
│ ├── api/ # API endpoints
|
|
│ │ └── routes/ # Route definitions
|
|
│ ├── core/ # Core application code
|
|
│ │ └── config.py # Application configuration
|
|
│ ├── db/ # Database related code
|
|
│ │ └── session.py # Database session setup
|
|
│ ├── models/ # SQLAlchemy models
|
|
│ │ ├── base.py # Base model
|
|
│ │ └── secret.py # Secret model
|
|
│ ├── schemas/ # Pydantic schemas
|
|
│ │ └── secret.py # Secret schemas
|
|
│ └── services/ # Business logic
|
|
│ ├── encryption.py # Encryption service
|
|
│ └── secret_service.py # Secret service
|
|
├── main.py # Application entry point
|
|
├── migrations/ # Alembic migrations
|
|
│ └── versions/ # Migration scripts
|
|
├── README.md # This file
|
|
└── requirements.txt # Python dependencies
|
|
``` |