- Darim: Diary Improved
- Darim is a personal diary service that supports encryption, calendar view, and markdown syntax.
- You can keep your diary a secret even from the developer through client-side encryption.
- Darim is following the layered architecture.
- Each layer cannot be cross-referenced. All references between layers can flow in a higher direction. In other words, only the upper layer can invoke the lower layer members.
+-----------------------+
| Models |
+-------+----------+----+
| |
+------------+ +-------+------+ |
| Components | | API Fetchers | |
+------+-----+ +-------+------+ |
| | |
+------+-----------------+----------+----+
| Pages |
+-------------------+--------------------+
|
+-------------------+--------------------+
| Client (index.html) |
+-------------------+--------------------+
|
+-------------------+--------------------+
| Server (main.rs) |
+-------------------+--------------------+
|
+-------------------+--------------------+
| Routes |
+-------------------+--------------------+
|
+-------------------+--------------------+
| Services |
+-------------------+--------------------+
|
+-------------------+--------------------+
| Models |
+--------+----------------------+--------+
| |
+--------+--------+ +--------+--------+
| MariaDB | | Redis |
+-----------------+ +-----------------+
index.html- An entry point of the application. It is built by parcel.- Pages - Pages represented by URL. Each page can use general components, API fetchers, and models.
- Components - Reusable components used on multiple pages.
main.rs- An entry point of the application. It runs a http server.- Routes - A presentation layer that makes API public and passes request/response data to other layers.
- Services - A business layer that processes the transaction.
- Models - A data layer that can access the database and define data structures.
- Darim supports client-side encryption to protect the user's secrect from others including server.
+------------+ +----------------------+ +---------------+
+-->| Secret key +-->| Encrypted secret key +-->| Local storage |
+---------+ | +------------+ +----------------------+ +---------------+
| Sign-up |--+ ^
+---------+ | +------------+ | +--------+ +----------+
+-->| Public key +--------------+------>| Server +-->| Database |
+------------+ +--------+ +----------+
- When a user finishes the sign-up process, the secret key and public key are generated on the client-side.
- The client encrypts the secret key by public key and saevs the encrypted secret key in local storage.
- The public key is sent to the server, and the server stores it.
Database
+----------------------+ +----------------------+ +--------+ +----------------+
| Plaintext post +-->| Encrypted post +-->| +-->| Encrypted post |
+----------------------+ +----------------------+ | | +----------------+
^ | Server | | |
Local storage | | | | |
+----------------------+ +-----------+----------+ | | +----------------+
| Encrypted secret key +-->| Decrypted secret key |<--+ |<--+ Public key |
+----------------------+ +----------------------+ +--------+ +----------------+
- When a user creates the plaintext post, the client requests the public key to the server.
- The client decrypts the encrypted secret key in the local storage using the public key from the server.
- The plaintext post is encrypted by the secret key decrypted by the public key.
- The encrypted post is sent to the server, and the server stores it.
- At this point, the server can only know encrypted post.
- When the client requests the server to read the post, whole flows are reversed.
This project is distributed under the AGPL-3.0 License - see the LICENSE file for details.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent