README
ΒΆ
SecureMessages π π π
A secure message sharing platform built with Go, Echo, GORM, AES encryption, ephemeral CSRF, and dynamic CSP! β¨
https://sms.smartservices.tech
Table of Contents π
- SecureMessages π π π
Introduction π
SecureMessages is an encrypted secret-sharing application. It leverages:
- Go | Echo for robust web serving
- GORM with SQLite for storing ephemeral messages
- AES encryption with optional password protection
- View Once messages that self-destruct after a single view
- CSRF ephemeral tokens & nonce-based CSP for advanced security
- Bootstrap for clean, responsive UI π
Use Cases:
- Share sensitive data (passwords, tokens) once and destroy
- Automate ephemeral secure messages behind a single-page form
Features β
- Ephemeral CSRF: Each instance auto-generates a CSRF secret
- Nonce-based CSP: Dynamically sets
Content-Security-Policywith script/style nonces - Encrypted Storage: Database only holds AES-encrypted message content
- One-Time View: Mark a message as βview onceβ to destroy upon first view
- Admin Panel: BasicAuth-protected interface to list/delete messages
- Automatic Cleanup: Cron-like goroutines that purge expired or viewed messages
- Bootstrapped UI: Responsive, includes copy-to-clipboard and optional password protection
- Dockerizable: Perfect for container deployments; works behind Traefik for SSL termination
Requirements β
- Go >= 1.18
- Docker (optional, for container builds)
- SQLite (built-in DB engine, no extra install needed)
- Traefik or another reverse proxy (for SSL termination, if desired)
Installation π§
Clone the Repo
git clone https://github.com/Smart-Offices-Inc/securemessages.git
cd SecureMessages
Build via Go
go build -o securemessages ./cmd/securemessages
./securemessages
Or Docker
docker build -t securemessages:latest .
docker run -d -p 9203:9203 --name securemessages securemessages:latest
Configuration β
Environment Variables / config.yml:
ENV:developmentorproductionPORT: The port to run on (default 9203)DB_PATH: Path to SQLite database fileAES_KEY: Base64-encoded 32-byte AES keyMASTER_KEY: Base64-encoded 32-byte master keyCSRF_AUTH_KEY: Base64-encoded 32-byte CSRF key (for ephemeral override)ADMIN_USERNAME,ADMIN_PASSWORD: BasicAuth credentials for/admin
By default, the app writes these keys into ./config/config.yml if they arenβt set as environment variables.
Usage π»
1. Create a Message
- Visit the root path
/in a browser to see the creation form - Fill out your message, set expiration, enable password (optional), and choose βview onceβ (optional)
- Submit to get a share link to the message
2. Share Link
- Copy the generated link and provide it to the recipient
- If password-protected, they must supply the correct password
- If marked βview once,β the message is deleted immediately after viewing
3. Admin Panel
- BasicAuth-protected under
/admin - View paginated messages (encrypted content shown as
[Encrypted]) - Delete single messages or delete all
- Regenerate AES or CSRF keys (re-encryption logic might also run here)
Log Rotation & Crash Recovery π
Log Rotation
Best handled by Dockerβs built-in logging driver or external solutions. For example, in your docker-compose.yml:
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
Crash Recovery
Use Docker restart policies (e.g. restart: unless-stopped) so the container auto-restarts if the app crashes.
Security Notes π
- Traefik handles SSL termination externally. Internally, the app sees HTTP on port 9203.
- CSRF ephemeral tokens + nonce-based CSP protect from XSS & CSRF attacks.
- AES encryption ensures messages are stored encrypted at rest in SQLite.
- Password Option: Additional layer if message content is sensitive; hashed via bcrypt.
- View Once messages are destroyed upon viewing, reinforcing ephemeral data handling.
Contributing π€
- Fork & clone the repo
- Create feature branches
- Submit PRs describing changes
- Ensure lint & tests pass
- If large changes, open an issue first
License π
This project is released under the GPL v3.0. See LICENSE file for details. π
Happy Sharing! π
Directories
Click to show internal directories.
Click to hide internal directories.