• Stars
    star
    361
  • Rank 117,957 (Top 3 %)
  • Language
    JavaScript
  • License
    Other
  • Created about 5 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

chai - Experience Zero Trust security with Chai! Convert and view documents as vivid images right in your browser. No mandatory downloads, no hassleโ€”just pure, joyful security! ๐ŸŒˆ

๐Ÿ’– DocumentSpark

Simple secure document viewing server. Used by Viewfinderโ„ข

Converts a document to a picture of its pages. View a document from the internet without downloading or running it on your machine, and without needing a word processor, spreadsheet app, or PDF viewer installed. This provides content disarm and reconstruction, or CDR. Also known as p2., this code is deployed commercially by Dosyago in their ViewFinder cloud browser product.

Description

This is a very simple server in NodeJS to accept a document upload (or a URL) and convert that document (using ImageMagick, LibreOffice and GhostScript) into a series of images, one for each page of the document.

The point was originally to allow people to view documents securely (such as email attachments) without needing to run nor download said document to their own devices. It was successful in doing that, but its use grew to becoming ad-hoc document hosting where people were attracted to the ability to access a page of a document, without needing to download the entire document.

The code is shared as something you can build upon and adapt to your uses in the open. It's not meant as a finished solution, it's meant as a starting point, something to give you ideas for how to implement your own version, or something to plug in to your own open-source work. The project was originally called "p2." for "PDF to ...", but it works on a wide range of source documents, including DOCX and (often but not always) XLSX, and so on. It doesn't work on HTML or TXT.

Use it

$ git clone https://github.com/dosyago/documentspark.git
$ cd documentspark
$ ./scripts/setup.sh 
$ ./scripts/restart.sh

Or:

$ npm i documentspark@latest
$ cd node_modules/documentspark
$ ./scripts/setup.sh 
$ ./scripts/restart.sh

If you have SSL certs in $HOME/sslcerts/ these will be used (including mkcert localhost certs!), if not the server will run on HTTP. It will run under pm2 and default to port 443. You can supply a custom port with npm start <PORT>.

Navigate to yourserver:your_port/secretpage-canneverbefound.html to convert a document. You can input either a file, or a URL. It may not always be possible to obtain a document from the URL.

Document view pages are not protected by any authentication, they are simply chosen pseudo-randomly. You can modify the code to give document viewing pages longer, more securely random URLs.

By default, converted documents are cleaned out after 3 days. You can change this in /public/uploads/clean.sh which runs every few minutes and cleans any documents older than 4319 minutes (roughly 3 days).

Make it an API

There's a very simple "master key" secret parameter sent with the POST request. You can call this POST endpoint via a secure HTTPS API (using multitype/form encoding) and pass your custom secret= as a parameter to authorize the conversion.

System Requirements

You need a beefy machine. 4 cores, with 8 GB RAM for most documents. But more is better. Smaller machines will routinely run out of memory or take a long time when running the libreoffice, imagemagick and gs jobs.

Improving perf

You can try recompiling ImageMagick to have multicore support. I found this significantly improves performance.

Thanks to*

*No affiliation

License

Licensed under PolyForm Strict 1.0

If you'd like to deploy this in your org without going open-source or for a for-profit project where youd want to include the source under something other conditions, write me ([email protected]) about a license exemption.

More Repositories

1

dn

๐Ÿ’พ dn - offline full-text search and archiving for your Chromium-based browser.
JavaScript
3,760
star
2

BrowserBoxPro

๐ŸŒ€ BrowserBoxPro - The internet. But unrestricted. And secure. Remote browser isolation product, available open-source here and for purchase on our website.
JavaScript
2,529
star
3

sirdb

๐Ÿ‘จ a simple, git diffable JSON database on yer filesystem. By the power of NodeJS
JavaScript
570
star
4

DISCoHAsH

๐Ÿš€ DISCoHAsH - Simple, fast, quality hash in 120 lines. 10GB/s serial (depending on hardware). Also in NodeJS
C++
218
star
5

WeirdJSON

the JS/Node.JS library for encoding complex and unconventional data structures. Support for BigInts, TypedArrays, null, undefined, and Symbol. Multiple flavors available.
JavaScript
201
star
6

graderjs

๐Ÿ’ฆ Turn your full-stack NodeJS application into a downloadable cross-platform binary. Also works for SPAs, or regular web-sites.
Shell
154
star
7

beamsplitter

๐Ÿ’Ž Beamsplitter - A new (possibly universal) hash that passes SMHasher. Built mainly with a random 10x64 S-box. Also in NodeJS
C
90
star
8

puppetromium

๐ŸŽฉ A single tab web browser built with puppeteer. Also, no client-side JS. Viewport is streamed with MJPEG. For realz.
JavaScript
53
star
9

rain

Rain Hashes: Rainbow, Rainstorm and more! Support our work with a โญ ๐Ÿฅฐ
C++
31
star
10

devtoolium

๐Ÿ“ก expose browser devtools port publicly with TLS and authentication.
JavaScript
16
star
11

selector-generalization

๐Ÿ” selector-generalization - Select columns of data by clicking on examples.
JavaScript
16
star
12

floppsy

๐Ÿค floppsy - SMHasher-passing 200Mb/s hash using floating-point ops
JavaScript
12
star
13

browsergap.js

BrowserGap client side library. Check commercial product: https://dosyago.com
JavaScript
11
star
14

browsercontrollers.store

โšก BrowserController - A new distribution channel for your apps. More control than a browser extension, more lightweight than an Electron app. Just as powerful as Node.
3
star
15

Laminar

On-prem, downloadable, no phone-home web RPA solution to automate any sequence of interactions in the Chrome browser.
2
star
16

tarobox

๐Ÿฑ TaroBox - A simple pseudo-random number generator built from base64 and xor. Passes Dieharder, does not pass SMHasher. ๐Ÿคทโ€โ™‚๏ธ
C
2
star
17

xen

๐Ÿ‘ฝ xen - Discover unknown crypto tools. Like demos? https://cutt.ly/xen
JavaScript
2
star
18

dual-licensing

Dosyago software dual licensing information
1
star
19

vulnerability-reports

๐Ÿ”“ vulnerability-reports - Responsible Disclosures
1
star
20

jellyness

A WebRTC Chat Server
JavaScript
1
star
21

service-issues

Central contract point for Service Issues on DOSYAGO Products
1
star
22

bc-boilerplate

๐Ÿ“„ Get started developing a browser controller today, to fully leverage the power of Chrome-enabled apps in a downloadable binary without the bloat of Electron, or the limitations of Extensions.
1
star
23

tinymap

A world map in a single SVG, with latitude and longitude
1
star