Skip to content

seguinleo/Bloc-notes

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Logo

Bloc-notes

A fast, private and secure web notebook.

License

Table of contents

Features

Users can create task lists, reminders, tables, links, and code blocks using Markdown and HTML. They can add online images, audio, or videos via URL. Notes can be searched, sorted by category, or organized into folders.

Users can sync notes across devices in a secure database after signing in without needing an email address, only a username and strong password. Public notes can be shared via random URLs.

This website is a Progressive Web App (PWA) that can be installed as an application. Automatic updates are handled by the Service Worker. Design is responsive and optimized for all mobile devices or macOS/Windows.

The site is accessible to users with disabilities through high-contrast colors, ARIA modules, and focusable elements. Users can choose between light/dark modes and select the page's accent color.

Security

The website follows OWASP security recommendations.

User's connections are managed with secure cookies and tokens.

All notes are sanitized and validated through the DOMPurify library. All notes are encrypted with AES-256-GCM. Each user has a cryptographically secure key generated after signing up.

Users can lock the app using biometrics (fingerprints, face, etc.). These biometric data are never sent to the server.

Todo

  • 2FA login (may refractor backend to Node.js)
  • Markdown plugins (may add security or slowness issues)
  • WEB Notification for reminders
  • Calendar for reminders (have to find a light and fast library)

Community

If you find issues, vulnerabilities or if you have any suggestions to improve this project, feel free to discuss!

Self-hosting

docker-compose up --build -d to build the Docker container

Important

The website is available at localhost:8787, but if you want to deploy it on a server with a domain name or an IP address, you need to install a SSL certificate to use note encryption (Web Crypto API requires HTTPs). Edit all users, passwords and Docker configurations for production. To store user encryption keys, I recommend using a secure vault like AWS KMS, Azure Key Vault or a self-hosted solution instead of the database.

Desktop preview

A big thank you to DOMPurify and marked!