A fast, private and secure web notebook.
Users can create task lists, reminders, tables, links, math expressions or code blocks using Markdown and HTML. They can add online images, audio or videos via URL. Notes can be searched, sorted by category or organized into folders.
Users can sync notes across devices in a secure database after signing in without needing an email address, only a username and strong password. Public notes can be shared via random URLs.
This website is a Progressive Web App (PWA) that can be installed as an application. Design is responsive and optimized for all mobile devices or macOS/Windows.
The site is accessible to users with disabilities through high-contrast colors, ARIA modules, and focusable elements.
The website follows OWASP security recommendations.
All notes are sanitized and validated through the DOMPurify library. All notes are encrypted with AES-256-GCM. Each user has a cryptographically secure key generated after signing up.
Users can lock the app using biometrics (fingerprints, face, etc.). These biometric data are never sent to the server.
- 2FA login
- WEB Notification for reminders
- Calendar for reminders
- Offline mode for cloud notes
If you find issues, vulnerabilities or if you have any suggestions to improve this project, feel free to discuss!
docker-compose up --build -d to build the Docker container
docker-compose up to start the Docker container
Important
Once built, the website is available at localhost:8787, but if you want to deploy it on a public server, you need to install a SSL certificate to use note encryption (Web Crypto API requires HTTPs).
- Change NODE_ENV to "production" in .env
- Secure nginx and express with HTTPs
- Edit all users, passwords and secret keys
- Edit nginx and Docker configurations
- Edit .env and docker-compose.yml files
- To store user encryption keys, I recommend using a secure vault like AWS KMS, Azure Key Vault or a self-hosted solution instead of the database
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}