Secure one time passwords sharing
We're seeking to develop a clone of OneTimeSecret.com using Go. This application will allow users to share sensitive information securely by creating a link to a secret message that can only be viewed once before being destroyed.
- Create a secure, Go-based clone of OneTimeSecret.com
- Implement core functionality of creating and sharing one-time viewable secrets
- Ensure high security standards for data transmission and storage
- Provide a clean, intuitive user interface
- Allow users to input a secret message or text
- Generate a unique, secure link for the secret
- Implement optional password protection for secrets
- Allow users to set an expiration time for the secret
- Enable secret viewing through the generated link
- Implement one-time viewing mechanism (secret destruction after viewing)
- Support password entry for protected secrets
- Use AES-256 encryption for storing secrets
- Implement secure random generation for secret keys and passwords
- Ensure all communications are over HTTPS
- Implement rate limiting to prevent brute-force attacks
- Create a clean, responsive web interface
- Provide clear instructions for users
- Implement copy-to-clipboard functionality for generated links
- Develop a RESTful API for programmatic secret creation and retrieval
- Implement proper authentication for API access
- Backend must be written in Go
- Use a suitable web framework (e.g., Gin, Echo, or Fiber)
- Implement proper logging and error handling
- Use a reliable database for storing encrypted secrets (e.g., PostgreSQL)
- Containerize the application using Docker
- User visits the homepage
- User enters the secret text
- User (optionally) sets a password and expiration time
- User submits the form
- System generates a unique link
- User copies the link to share
- Recipient clicks on the shared link
- If password-protected, recipient enters the password
- System displays the secret
- System destroys the secret after viewing
- Implement proper input sanitization to prevent XSS attacks
- Ensure secrets are not logged or cached
- Use secure random number generation for all tokens and keys
- Implement proper key management practices
- Application should handle at least 100 concurrent users
- Secret creation and retrieval should complete in under 5 seconds
- Implement unit tests for all core functions
- Conduct security audits and penetration testing
- Perform load testing to ensure performance requirements are met
- Provide clear API documentation
- Include setup instructions for local development and deployment
- Document security practices and encryption methods used
- Source code hosted on a public GitHub repository
- Docker configuration for easy deployment
- Comprehensive README with setup and usage instructions
- API documentation
- Code quality and adherence to Go best practices
- Security of the implementation
- Completeness of features compared to OneTimeSecret.com
- Quality of documentation
- Performance under load
- Bounty Amount: $2500
- Submission Deadline: Dec 31 2024
- Evaluation Period: 6 weeks
- Fork the designated GitHub repository
- Implement the project according to the PRD
- Submit a pull request with your implementation
- Include any necessary documentation in the pull request
- If you have any questions, create it as an issue on this repo
- Participants are encouraged to ask questions and seek clarifications
- Regular updates and communication are appreciated
- Code must be original and free of copyright infringements