github.com/sid-sun/secure-notes-api
An API written in Go to demonstrate CRUD (Create Read Update Delete) on encrypted notes anonymous without storing password in any manner - As an example to using cryptography to facilitate authentication
A proof-of-concept to my Medium article on Doing secure password authentication without storing passwords - the main difference being here we do CRUD on notes instead of encryption and decryption on asymmetric private keys
We all like greetings - This API likes to greet, but it is not pushy about it, it only offers you its heartfelt time-appropriate greetings if you ask for them.
Request Type: HTTP GET
URL:
http://$host:$port/
Request Type: HTTP POST
BODY:
{
"id": "mySecretNote",
"pass": "&now:we@pluto",
"note": "I am a bufferfly, flying through the sky"
}
URL:
http://$host:$port/set
Upon success, the Original ID is returned along with Status: 200. If an ID is not supplied or a note already exists with the supplied id, A randomly generated 8 character ID is returned insted.
Response on success:
{
"ID": "mySecretNote"
}
A request may fail due to any one (or all) of the following reasons:
If the Request fails, Status: 400 is returned
Request Type: HTTP GET
BODY:
{
"id": "mySecretNote",
"pass": "&now:we@pluto"
}
URL:
http://$host:$port/get
Upon success, the Original ID is returned along with the note with Status: 200.
Response on success:
{
"ID": "mySecretNote",
"Note": "I am a bufferfly, flying through the sky"
}
A request may fail due to any one of the following reasons:
If the Request fails due to 1 or 2, Status: 400 is returned
If the Request fails due to 3 or 4, Status: 404 is returned
Request Type: HTTP DELETE
BODY:
{
"id": "mySecretNote",
"pass": "&now:we@pluto"
}
URL:
http://$host:$port/delete
Upon success, the Original ID is returned with Status: 200.
Response on success:
{
"ID": "mySecretNote"
}
A request may fail due to any one of the following reasons:
If the Request fails due to 1 or 2, Status: 400 is returned
If the Request fails due to 3 or 4, Status: 404 is returned
Request Type: HTTP PUT
BODY:
{
"id": "mySecretNote",
"pass": "&now:we@pluto",
"note": "I am a bufferfly, flying through the sky on Mars"
}
Optionally to change the password for the new note, newpass may also be defined, like so:
BODY:
{
"id": "mySecretNote",
"pass": "&now:we@pluto",
"newpass": "&now:we@moon",
"note": "I am a bufferfly, flying through the sky on Mars"
}
URL:
http://$host:$port/update/note
Upon success, the Original ID is returned with Status: 200.
Response on success:
{
"ID": "mySecretNote"
}
A request may fail due to any one of the following reasons:
If the Request fails due to 1, Status: 400 is returned
If the Request fails due to 2, Status: 404 is returned
Request Type: HTTP PATCH
BODY:
{
"id": "mySecretNote",
"pass": "&now:we@pluto",
"newpass": "&now:we@moon"
}
URL:
http://$host:$port/update/pass
Upon success, the Original ID is returned with Status: 200.
Response on success:
{
"ID": "mySecretNote"
}
A request may fail due to any one of the following reasons:
If the Request fails due to 1 or 2, Status: 400 is returned
If the Request fails due to 3, Status: 404 is returned
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
Security News
Research
A malicious npm campaign is targeting Ethereum developers by impersonating Hardhat plugins and the Nomic Foundation, stealing sensitive data like private keys.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.