Updated to v8.1.0

Rabbit-Company · Jan 27, 2023 · 0632109 · 0632109
1 parent af7be8c
commit 0632109
Show file tree

Hide file tree

Showing 26 changed files with 249 additions and 127 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -1,4 +1,4 @@
-name: CI to Docker hub 
+name: CI to Docker hub
 
 on:
   push:
@@ -11,12 +11,12 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - name: Checkout 
+      - name: Checkout
         uses: actions/checkout@v3
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v2
-  
+
       - name: Set up Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@v2
@@ -33,4 +33,4 @@ jobs:
           context: .
           push: true
           platforms: linux/amd64,linux/arm64
-          tags: rabbitcompany/passky-web:latest
+          tags: rabbitcompany/passky-client:latest
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -9,16 +9,16 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - name: Checkout 
+      - name: Checkout
         uses: actions/checkout@v3
 
       - name: Get the version
-        id: vars
-        run: echo ::set-output name=tag::$(echo ${GITHUB_REF:10})
+        id: get_version
+        uses: battila7/get-version-action@v2
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v2
-  
+
       - name: Set up Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@v2
@@ -35,4 +35,6 @@ jobs:
           context: .
           push: true
           platforms: linux/amd64,linux/arm64
-          tags: rabbitcompany/passky-web:${{steps.vars.outputs.tag}}
+          tags: |
+            rabbitcompany/passky-client:${{steps.get_version.outputs.version-without-v}}
+            rabbitcompany/passky-client:${{steps.get_version.outputs.major}}
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,7 @@
-FROM nginx:latest
+FROM nginx:alpine
 
 # Copy all files in website folder to docker container
-COPY website/ /usr/share/nginx/html
+COPY website/ /usr/share/nginx/html
+
+# Copy nginx configuration
+COPY nginx.conf /etc/nginx/conf.d/default.conf
diff --git a/README.md b/README.md
@@ -1,4 +1,9 @@
-# Passky: The Ultimate Open-Source Password Manager
+<h1 align="center">🔒 Passky Website 🔒</h1>
+
+[![GitHub issues](https://img.shields.io/github/issues/Rabbit-Company/Passky-Website?color=blue&style=for-the-badge)](https://github.com/Rabbit-Company/Passky-Website/issues)
+[![GitHub stars](https://img.shields.io/github/stars/Rabbit-Company/Passky-Website?style=for-the-badge)](https://github.com/Rabbit-Company/Passky-Website/stargazers)
+[![GitHub forks](https://img.shields.io/github/forks/Rabbit-Company/Passky-Website?style=for-the-badge)](https://github.com/Rabbit-Company/Passky-Website/network)
+[![GitHub license](https://img.shields.io/github/license/Rabbit-Company/Passky-Website?color=blue&style=for-the-badge)](https://github.com/Rabbit-Company/Passky-Website/blob/main/LICENSE)
 
 ### [Download from Rabbit Store](https://rabbitstore.org/?app=com.rabbit-company.passky)
 
@@ -11,70 +16,70 @@
 
 ## What is Passky?
 
-Passky is simple, modern, lightweight, open source and secure password manager.
+Passky is a simple, modern, lightweight, open source and secure password manager.
 
 [![Passky - Password manager](https://img.youtube.com/vi/yrk6cHkgVA8/0.jpg)](https://www.youtube.com/watch?v=yrk6cHkgVA8 "Click to watch!")
 
 ## How Much Does it Cost?
 
-Passky is open-source. This means that anyone can download it, dig into its code, and customize it to their liking. Using Passky doesn’t require an upfront cost or monthly subscription. It’s completely free to download and can be hosted by anyone who has the space to do so.
-
-When we launched Passky, we setup two servers, each holding up to 1,000 passwords for 100 users apiece. These servers are currently open for new users. But only the first two-hundred people to sign up will get access. Possible future servers are contingent upon a number of factors. So, if you want access to the best, open-source password manager on the market, now is the time to join.
+Passky is a free, open-source password manager that simplifies your digital life. Both the free and premium plans include advanced security features such as two-factor authentication to ensure the safety and security of your sensitive data.
 
-## How Does Passky Work?
+While the free plan allows you to store up to 100 passwords, the premium plan offers additional benefits such as the ability to store an unlimited number of passwords. [Upgrade to the premium plan](https://passky.org/pricing) to gain access to all of Passky's features and take your password security to the next level.
 
-Some people are hesitant to use a password manager because they fear that it could leave them vulnerable to hackers and other malicious actors. But once you understand the way Passky works, you’ll quickly realize that using a password manager like Passky is far more secure than opting for a single password across all your accounts.
+At Passky, we take your security seriously, and we don't compromise on safety when it comes to password management. [Sign up now](https://vault.passky.org/register) and experience the peace of mind that comes with using Passky.
 
-When you save your account information to Passky, all sensitive data is fully encrypted. This means that your sensitive data cannot be accessed by anyone at Passky or by any potential hackers. If someone did access your passwords, they’d only be able to see an encrypted version of it that’s useless without your master key.
+## How it Works?
 
-So, what is your master key? It’s your own personal password – the one password you need to unlock all other passwords. When you try to access your e-mail or another password protected site, Passky will pull your encrypted password from our server. Then, you’ll input your master password, and it will decrypt the password. So, you’ll only ever need to remember your master password. It will effortlessly unlock every other password you could want.
+Passky uses a combination of advanced encryption methods to ensure the security of your data.
 
-## How Secure is Passky?
+Passky is based on a **zero trust architecture** and uses advanced encryption methods such as **XChaCha20** and **Argon2id** to ensure the security of your sensitive data.
 
-Passky simplifies your digital life and solves your password problem. All you’ll ever need to do is remember a single, ultra-secure password that includes uppercase letters, lowercase letters, numbers, and special characters. Once you’ve got that written down in your wallet or purse (or buried in your memory), you’ll get the benefit of secure passwords across your online accounts without having to memorize dozens of codewords. This makes it one of the most secure ways to protect your online identity.
+For sensitive data encryption, Passky uses **XChaCha20**, a state-of-the-art encryption algorithm that provides a **high level of security and performance**. This encryption method is designed to be **resistant to known-plaintext attacks and other forms of cryptanalysis**.
 
-But Passky takes security a step further. We’ve implemented a brute force mitigation system that locks out any user who inputs the wrong password too many times. By stopping login attempts for a set time and warning you about an attempted breach, you’ll have time to secure your account by creating a new password or taking other measures.
+For master password hashing, Passky uses **Argon2id**, a password-hashing algorithm that has been recognized as the winner of multiple password-hashing competitions, such as the **[Password Hashing Competition (PHC)](https://www.password-hashing.net)** held by the community. It is designed to be **resistant to brute-force attacks**. This algorithm uses a combination of memory-hard and data-dependent techniques to make it difficult for attackers to guess your master password.
 
-## But is Passky Easy to Use?
+When you save your account information to Passky, **all sensitive data is fully encrypted** using **XChaCha20**. The encrypted data is then stored on Passky's servers.
 
-Passky has been designed with modern users in mind. That’s why we’ve strived to provide an interface that’s streamlined and easy to use. Unlike some of the competition, Passky can be easily used by anyone, including techies and computer novices. And since it’s built for performance, you won’t need to overtax your CPU or waste a lot of storage space to keep it running.
+When you try to access your account, Passky will prompt you to input your master password. The master password is then hashed using **Argon2id** algorithm to ensure its security. The hashed master password is then used to decrypt the sensitive data, allowing you to access your account.
 
-[Downloading and installing Passky](https://www.youtube.com/watch?v=efi1GXv52iI) to your browser is a simple process that takes less than two-minutes to complete. Once it’s up and running, you can immediately begin managing your passwords with it. [Creating, editing, and deleting passwords](https://www.youtube.com/watch?v=8YCkCDm5NkQ) takes mere seconds. And once you’ve got everything setup, you’ll be able to quickly access all of your password-protected websites and accounts.
+In summary, **Passky uses advanced encryption methods such as XChaCha20 and Argon2id** to ensure the security of your sensitive data and master password, making it difficult for anyone to access your information without your permission.
 
 ## How Does Passky Compare to the Competition?
 
-Bitwarden is one of Passky’s biggest competitors. It’s also a free, open-source password manager. But unlike Passky, Bitwarden offers a host of additional features. The only problem is that you’ll likely never use any of them. Most people want a password manager to do one thing really well – not a whole host of things with mediocrity.
-
-Since Passky is designed to do one thing well, it’s faster, less resource intensive, easier to use, and requires less storage space than Bitwarden. Plus, it’s just more modern.
-
-Passky is built for today’s users, not yesterday’s.
-
-But how does Passky stack up against other password managers on the market today?
-
-Unfortunately, that’s the problem with them. Most other password managers are on the market. They’ve been built to be sold to people like you. Those managers aren’t open-source or free. They require an upfront cost, or a monthly or yearly subscription.
-
-We believe in the power of open-source software. And we also believe in the generosity of those who benefit from our products. That’s why we’ve made Passky available at no cost. We only ask that you’d consider making a donation if you benefit from the work we’ve put in to this product.
-
-And when you donate, don’t think that you’re paying us to rest on our laurels. We’re dedicated to enhancing Passky in a number of valuable and important ways, including…
+Feature | Passky | Bitwarden | NordPass | Dashlane | 1Password | LastPass
+--- | :---: | :---: | :---: | :---: | :---: | :---: |
+Premium Price | $${\color{orange}\$2/month}$$ | $${\color{green}\$0.83/month}$$ | $${\color{orange}1.99€/month}$$ | $${\color{orange}2€/month}$$ | $${\color{red}\$2.99/month}$$ | $${\color{red}2.90€/month}$$ |
+Number of Passwords | $${\color{green}Unlimited}$$ | $${\color{green}Unlimited}$$ | $${\color{green}Unlimited}$$ | $${\color{green}Unlimited}$$ | $${\color{green}Unlimited}$$ | $${\color{green}Unlimited}$$
+Two-factor Authentication | $${\color{green}Yes}$$ | $${\color{green}Yes}$$ | $${\color{green}Yes}$$ | $${\color{green}Yes}$$ | $${\color{green}Yes}$$ | $${\color{green}Yes}$$
+Zero-knowledge architecture | $${\color{green}Yes}$$ | $${\color{green}Yes}$$ | $${\color{green}Yes}$$ | $${\color{green}Yes}$$ | $${\color{green}Yes}$$ | $${\color{green}Yes}$$
+Encryption | $${\color{green}XChaCha20/Argon2id}$$ | $${\color{orange}AES-256/PBKDF2}$$ | $${\color{green}XChaCha20/Argon2id}$$ | $${\color{orange}AES-256/PBKDF2}$$ | $${\color{orange}AES-256/PBKDF2}$$ | $${\color{orange}AES-256/PBKDF2}$$
+Open-Source | $${\color{green}Yes}$$ | $${\color{green}Yes}$$ | $${\color{red}No}$$ | $${\color{red}No}$$ | $${\color{red}No}$$ | $${\color{red}No}$$
+Customization | $${\color{green}Yes}$$ | $${\color{red}No}$$ | $${\color{red}No}$$ | $${\color{red}No}$$ | $${\color{red}No}$$ | $${\color{red}No}$$
 
-    • An increasing number of themes that users can choose from to customize their Passky experience.
-    • More language options for our worldwide users.
-    • And more…
+> Comparison data accurate as of January 25th, 2023
 
-If you’re ready to try Passky out at no cost, you can get started by visiting our website at https://passky.org. We currently have a desktop application available for Windows and Linux operating systems along with a mobile app on the Google Play Store. MacOS and iOS apps are currently being developed. In addition, we offer browser extensions for all major browsers except for Safari.
+# Installation
+> ℹ️ The Passky Website is a client-side only application and as such, it does not require any server-side code for its operation. As a result, it can be hosted for free on [Cloudflare Pages](https://pages.cloudflare.com/).
+## Docker
 
-## Installation
-#### Passky.org
-1. You can manage passwords right thru https://passky.org website
-#### Self-hosted
-##### Hosting Provider
-1. Drag and drop all files inside "website" folder to "public_html" folder (Root folder of your domain or sub-domain) on your hosting provider
-2. Now you can visit your domain and you would see Passky login page
-##### Docker Compose
+#### Debian & Ubuntu & Raspberry Pi OS (x64 & arm64)
 ```yaml
 # Download docker-compose.yml file from GitHub
 wget https://raw.githubusercontent.com/Rabbit-Company/Passky-Website/main/docker-compose.yml
 # Start the container
 docker-compose up -d
-# Your website should be now deployed on port 8081. This can be changed in docker-compose.yml file.
 ```
+
+The website for the Passky is designed to be deployed on **port 8081** by default. However, it is important to note that this can be modified to a different port as per your requirements, by editing the appropriate settings in the `docker-compose.yml` file.
+
+## Shared Hosting
+
+1. Create a sub-domain specifically for the Passky Website, for example, `vault.yourdomain.com`.
+
+2. Once the sub-domain is created, a new folder should appear in the root directory, named `vault` or `vault.yourdomain.com`.
+
+3. [Download the latest version of the Passky Website from the official GitHub repository](https://github.com/Rabbit-Company/Passky-Website/releases/latest/download/passky-website.zip) and extract it to the previously created folder.
+
+4. Access the URL `vault.yourdomain.com` to view the newly installed Passky Website. It is recommended to verify that the website is functional and that all required components are properly configured.
+
+> ⚠️ When deploying the Passky Website, it is essential to ensure that appropriate security measures are in place. If not utilizing Cloudflare Pages, it is recommended that all relevant [security headers](https://github.com/Rabbit-Company/Passky-Website/blob/main/website/_headers) are properly implemented to protect against potential vulnerabilities.
diff --git a/docker-compose-build-from-source.yml b/docker-compose-build-from-source.yml
@@ -1,7 +1,7 @@
 version: '3'
 services:
-  passky-web:
-    container_name: passky-web
+  passky-client:
+    container_name: passky-client
     build:
       context: .
     restart: unless-stopped

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,8 +1,8 @@
 version: '3'
 services:
-  passky-web:
-    container_name: passky-web
-    image: 'rabbitcompany/passky-web:latest'
+  passky-client:
+    container_name: passky-client
+    image: 'rabbitcompany/passky-client:latest'
     restart: unless-stopped
     ports:
       - 8081:80
diff --git a/nginx.conf b/nginx.conf
@@ -0,0 +1,23 @@
+server {
+	listen	80;
+	listen	[::]:80;
+	server_name	localhost;
+
+	add_header 'X-Frame-Options' 'DENY';
+	add_header 'X-Content-Type-Options' 'nosniff';
+	add_header 'Referrer-Policy' 'no-referrer';
+	add_header 'X-XSS-Protection' '1; mode=block';
+	add_header 'Permissions-Policy' 'interest-cohort=()';
+	add_header 'Content-Security-Policy' "script-src 'self' 'unsafe-inline' https://storage.googleapis.com/; base-uri 'none'; object-src 'none'; form-action 'self'; frame-ancestors 'none'; worker-src 'self' blob:;";
+
+	location / {
+		root	/usr/share/nginx/html;
+		index	index.html index.htm;
+	}
+
+	error_page	404	/404.html;
+	error_page	500 502 503 504	/50x.html;
+	location = /50x.html {
+		root	/usr/share/nginx/html;
+	}
+}
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "passky-website",
   "description": "Website for Passky (password manager)",
-  "version": "8.0.1",
+  "version": "8.1.0",
   "main": "tailwind.config.js",
   "scripts": {
     "build": "npx tailwindcss -i ./tailwind.css -o ./website/css/tailwind.min.css --minify"

diff --git a/website/404.html b/website/404.html
@@ -18,7 +18,7 @@ <h1 class="text-4xl font-bold tracking-tight text-white sm:text-5xl">Page not fo
             <p class="mt-1 text-base text-gray-100">Please check the URL in the address bar and try again.</p>
           </div>
           <div class="mt-10 flex space-x-3 sm:border-l sm:border-transparent sm:pl-6">
-            <a href="https://passky.org" class="inline-flex items-center rounded-md border border-transparent bg-indigo-600 px-4 py-2 text-sm font-medium text-white shadow-sm hover:bg-indigo-700 focus:outline-none">Go back home</a>
+            <a href="/" class="inline-flex items-center rounded-md border border-transparent bg-indigo-600 px-4 py-2 text-sm font-medium text-white shadow-sm hover:bg-indigo-700 focus:outline-none">Go back home</a>
             <a href="https://passky.org/contact" class="inline-flex items-center rounded-md border border-transparent bg-indigo-100 px-4 py-2 text-sm font-medium text-indigo-700 hover:bg-indigo-200 focus:outline-none">Contact support</a>
           </div>
         </div>

diff --git a/website/css/index.css b/website/css/index.css
@@ -1,11 +1,17 @@
 body{
-	min-width: 300px;
+	min-width: 500px;
+	min-height: 500px;
+	overflow-x: hidden;
 }
 
 body * {
 	-webkit-tap-highlight-color: rgba(0,0,0,0);
 }
 
+::-webkit-scrollbar {
+	width: 8px;
+}
+
 input::-webkit-outer-spin-button,
 input::-webkit-inner-spin-button{
 	-webkit-appearance: none;

diff --git a/website/css/tailwind.min.css b/website/css/tailwind.min.css
diff --git a/website/export.html b/website/export.html
@@ -10,7 +10,7 @@
     <meta name="apple-mobile-web-app-status-bar-style" content="black" />
     <title>Passky</title>
     <link rel="shortcut icon" type="image/png" href="images/logo.png"/>
-    <link rel="apple-touch-icon" href="images/icons/apple-touch-icon.png" />
+		<link rel="apple-touch-icon" href="images/icons/apple-touch-icon.png" />
     <link rel="apple-touch-icon" sizes="57x57" href="images/icons/apple-touch-icon-57x57.png" />
     <link rel="apple-touch-icon" sizes="72x72" href="images/icons/apple-touch-icon-72x72.png" />
     <link rel="apple-touch-icon" sizes="76x76" href="images/icons/apple-touch-icon-76x76.png" />