Skip to content

Latest commit

 

History

History
131 lines (92 loc) · 4.03 KB

README.md

File metadata and controls

131 lines (92 loc) · 4.03 KB

secure_secrets

Secure one time passwords sharing

One-Time Secret Clone PRD

1. Product Overview

We're seeking to develop a clone of OneTimeSecret.com using Go. This application will allow users to share sensitive information securely by creating a link to a secret message that can only be viewed once before being destroyed.

2. Objectives

  • Create a secure, Go-based clone of OneTimeSecret.com
  • Implement core functionality of creating and sharing one-time viewable secrets
  • Ensure high security standards for data transmission and storage
  • Provide a clean, intuitive user interface

3. Features and Requirements

3.1 Secret Creation

  • Allow users to input a secret message or text
  • Generate a unique, secure link for the secret
  • Implement optional password protection for secrets
  • Allow users to set an expiration time for the secret

3.2 Secret Retrieval

  • Enable secret viewing through the generated link
  • Implement one-time viewing mechanism (secret destruction after viewing)
  • Support password entry for protected secrets

3.3 Security

  • Use AES-256 encryption for storing secrets
  • Implement secure random generation for secret keys and passwords
  • Ensure all communications are over HTTPS
  • Implement rate limiting to prevent brute-force attacks

3.4 User Interface

  • Create a clean, responsive web interface
  • Provide clear instructions for users
  • Implement copy-to-clipboard functionality for generated links

3.5 API

  • Develop a RESTful API for programmatic secret creation and retrieval
  • Implement proper authentication for API access

4. Technical Requirements

  • Backend must be written in Go
  • Use a suitable web framework (e.g., Gin, Echo, or Fiber)
  • Implement proper logging and error handling
  • Use a reliable database for storing encrypted secrets (e.g., PostgreSQL)
  • Containerize the application using Docker

5. User Flows

5.1 Creating a Secret

  1. User visits the homepage
  2. User enters the secret text
  3. User (optionally) sets a password and expiration time
  4. User submits the form
  5. System generates a unique link
  6. User copies the link to share

5.2 Viewing a Secret

  1. Recipient clicks on the shared link
  2. If password-protected, recipient enters the password
  3. System displays the secret
  4. System destroys the secret after viewing

6. Security Considerations

  • Implement proper input sanitization to prevent XSS attacks
  • Ensure secrets are not logged or cached
  • Use secure random number generation for all tokens and keys
  • Implement proper key management practices

7. Performance Requirements

  • Application should handle at least 100 concurrent users
  • Secret creation and retrieval should complete in under 5 seconds

8. Testing Requirements

  • Implement unit tests for all core functions
  • Conduct security audits and penetration testing
  • Perform load testing to ensure performance requirements are met

9. Documentation

  • Provide clear API documentation
  • Include setup instructions for local development and deployment
  • Document security practices and encryption methods used

10. Deliverables

  • Source code hosted on a public GitHub repository
  • Docker configuration for easy deployment
  • Comprehensive README with setup and usage instructions
  • API documentation

11. Evaluation Criteria

  • Code quality and adherence to Go best practices
  • Security of the implementation
  • Completeness of features compared to OneTimeSecret.com
  • Quality of documentation
  • Performance under load

12. Bounty Details

  • Bounty Amount: $2500
  • Submission Deadline: Dec 31 2024
  • Evaluation Period: 6 weeks

13. Submission Process

  1. Fork the designated GitHub repository
  2. Implement the project according to the PRD
  3. Submit a pull request with your implementation
  4. Include any necessary documentation in the pull request
  5. If you have any questions, create it as an issue on this repo

14. Additional Notes

  • Participants are encouraged to ask questions and seek clarifications
  • Regular updates and communication are appreciated
  • Code must be original and free of copyright infringements