diff --git a/CLAUDE.md b/CLAUDE.md index 12ccb08..5e71961 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -74,4 +74,8 @@ For detailed architecture, API specs, and data models, refer to `docs/SPEC.md`. 7. When merging, write commit summary from all commits in the pull request 8. Use a comprehensive summary (not a commit list) as the squash merge commit message, describing the overall work accomplished in the PR - Prefer rebase over merge to keep history clean -- Always pull latest changes from `main` before starting new work \ No newline at end of file +- Always pull latest changes from `main` before starting new work + +## Best Practices + +- Always check official documentation of frameworks, UI components, Cloudflare, CodeMirror before implementing changes. If they provide generator or command line, please follow the documentation instead of manually generate them. \ No newline at end of file diff --git a/README.md b/README.md index ab4c040..f007ce9 100644 --- a/README.md +++ b/README.md @@ -42,12 +42,12 @@ Simply open the shared link - the decryption key is in the URL fragment and neve ## ๐Ÿ› ๏ธ Technical Stack -- **Frontend**: Next.js 14+ with React +- **Framework**: Next.js 15 with React +- **Runtime**: Cloudflare Workers (Edge) - **UI Components**: shadcn/ui - **Code Editor**: CodeMirror 6 - **Encryption**: Web Crypto API (AES-GCM) -- **Storage**: Cloudflare R2 -- **Deployment**: Cloudflare Workers +- **Storage**: Cloudflare R2 with native bindings ## ๐Ÿ“Š Limits @@ -63,8 +63,9 @@ Simply open the shared link - the decryption key is in the URL fragment and neve ### Prerequisites - Node.js 18+ -- npm or yarn -- Cloudflare account (for R2 storage) +- npm or yarn +- Cloudflare account (for Workers and R2) +- Wrangler CLI (`npm install -g wrangler`) ### Setup @@ -76,29 +77,56 @@ cd ghostpaste # Install dependencies npm install -# Copy environment variables -cp .env.example .env.local +# Login to Cloudflare +wrangler login -# Configure your Cloudflare R2 credentials in .env.local +# Create R2 bucket +wrangler r2 bucket create ghostpaste-bucket + +# Copy wrangler configuration +cp wrangler.toml.example wrangler.toml # Run development server npm run dev ``` -### Environment Variables +### Configuration + +Create a `wrangler.toml` file: + +```toml +name = "ghostpaste" +compatibility_date = "2024-12-01" + +[[r2_buckets]] +binding = "GHOSTPASTE_BUCKET" +bucket_name = "ghostpaste-bucket" + +[vars] +NEXT_PUBLIC_APP_URL = "https://ghostpaste.dev" +``` + +For local development secrets, create `.dev.vars`: + +``` +# Any additional secrets go here +``` + +### Deployment + +```bash +# Build for Cloudflare Workers +npm run build -```env -CLOUDFLARE_ACCOUNT_ID=your_account_id -CLOUDFLARE_R2_ACCESS_KEY_ID=your_access_key -CLOUDFLARE_R2_SECRET_ACCESS_KEY=your_secret_key -CLOUDFLARE_R2_BUCKET_NAME=ghostpaste-bucket -NEXT_PUBLIC_APP_URL=http://localhost:3000 +# Deploy to production +npm run deploy ``` ## ๐Ÿ“– Documentation - [Technical Specification](docs/SPEC.md) - Detailed architecture and implementation details - [AI Development Guide](CLAUDE.md) - Guidelines for AI-assisted development +- [Implementation TODO](docs/TODO.md) - Development roadmap and progress tracking ## ๐Ÿค Contributing diff --git a/docs/SPEC.md b/docs/SPEC.md index e25e3d0..e2ed7c3 100644 --- a/docs/SPEC.md +++ b/docs/SPEC.md @@ -17,16 +17,24 @@ GhostPaste is a zero-knowledge encrypted code sharing platform where users can c ## ๐Ÿ—๏ธ Architecture +### Deployment Model + +GhostPaste runs entirely on Cloudflare's edge network: +- **Next.js** deployed via Cloudflare Workers using `@cloudflare/next-on-pages` +- **R2 Storage** accessed through native Workers bindings (no AWS SDK needed) +- **Zero cold starts** with Workers' always-warm edge runtime +- **Global distribution** across Cloudflare's network + ### Tech Stack | Component | Technology | Purpose | | -------------- | --------------------------------------- | --------------------------------- | -| **Frontend** | Next.js 14+ (SPA mode) | React framework with app router | +| **Frontend** | Next.js 15 | React framework with app router | | **UI Library** | [shadcn/ui](https://ui.shadcn.com) | Modern, accessible components | | **Editor** | CodeMirror 6 | Syntax highlighting & editing | | **Encryption** | Web Crypto API | AES-GCM client-side encryption | -| **Backend** | Next.js API + Cloudflare Workers | API endpoints & edge computing | -| **Storage** | Cloudflare R2 | Object storage for all data | +| **Runtime** | Cloudflare Workers | Edge computing platform | +| **Storage** | Cloudflare R2 | Object storage with native bindings | ### Storage Structure @@ -135,6 +143,8 @@ For editable gists: ## ๐Ÿ”Œ API Endpoints +All API routes run on Cloudflare Workers with Edge Runtime. + ### Create Gist ```http @@ -222,6 +232,8 @@ Error codes: | Update rate | 60/hour/IP | Allow active editing | | Minimum PIN length | 4 digits | Basic security | | Maximum PIN length | 8 digits | Usability | +| Request size | 100 MB | Cloudflare Workers limit | +| CPU time | 50ms | Workers CPU limit | --- @@ -235,16 +247,18 @@ Users can set expiration times: - Default: No expiration Implementation: -- Cloudflare Workers CRON job +- Separate Cloudflare Worker with scheduled trigger - Checks `expires_at` field hourly -- Deletes expired gists + versions +- Batch deletes expired gists + versions +- Configured in wrangler.toml ### 2. One-Time View Gists that delete after first decryption: -- Special flag in metadata +- `one_time_view: true` flag in metadata - Client notifies server after successful decrypt -- Server immediately deletes +- Server immediately deletes all gist data +- Optional download before viewing ### 3. Version History @@ -322,35 +336,54 @@ img-src 'self' data: https:; ### Development Setup ```bash -# Environment variables -CLOUDFLARE_ACCOUNT_ID= -CLOUDFLARE_R2_ACCESS_KEY_ID= -CLOUDFLARE_R2_SECRET_ACCESS_KEY= -CLOUDFLARE_R2_BUCKET_NAME=ghostpaste-bucket -NEXT_PUBLIC_APP_URL=https://ghostpaste.dev - -# Commands +# Install dependencies npm install + +# Local development with Wrangler npm run dev + +# Build for Cloudflare Workers npm run build + +# Deploy to Cloudflare Workers npm run deploy ``` -### R2 Configuration +### Wrangler Configuration -```bash -# Create bucket -wrangler r2 bucket create ghostpaste-bucket - -# Set CORS -wrangler r2 bucket cors put ghostpaste-bucket --rules '[ - { - "allowedOrigins": ["https://ghostpaste.dev"], - "allowedMethods": ["GET", "PUT", "POST", "DELETE"], - "allowedHeaders": ["*"], - "maxAgeSeconds": 3600 - } -]' +```toml +# wrangler.toml +name = "ghostpaste" +compatibility_date = "2024-12-01" + +[[r2_buckets]] +binding = "GHOSTPASTE_BUCKET" +bucket_name = "ghostpaste-bucket" + +[vars] +NEXT_PUBLIC_APP_URL = "https://ghostpaste.dev" + +# Scheduled worker for expiry cleanup +[[triggers]] +crons = ["0 * * * *"] # Every hour +``` + +### R2 Access in Workers + +```typescript +// Access R2 from Workers environment +export interface Env { + GHOSTPASTE_BUCKET: R2Bucket; +} + +// Example usage in API route +export async function POST(request: Request, env: Env) { + // Direct R2 access without credentials + await env.GHOSTPASTE_BUCKET.put( + `metadata/${id}.json`, + JSON.stringify(metadata) + ); +} ``` ### Client-Side Encryption Example diff --git a/docs/TODO.md b/docs/TODO.md new file mode 100644 index 0000000..992fd17 --- /dev/null +++ b/docs/TODO.md @@ -0,0 +1,298 @@ +# ๐Ÿ“‹ GhostPaste Implementation TODO + +This document tracks the implementation progress of GhostPaste. Check off tasks as they are completed. + +## ๐Ÿ—๏ธ Phase 1: Project Setup + +### Initial Setup +- [ ] Initialize Next.js 15 project with TypeScript (using `create-next-app`) +- [ ] Set up Cloudflare Workers environment with wrangler +- [ ] Configure project for Next.js on Cloudflare Workers using @cloudflare/next-on-pages +- [ ] Configure Edge Runtime compatibility for all routes +- [ ] Configure ESLint and Prettier +- [ ] Set up Git hooks with Husky and lint-staged +- [ ] Create wrangler.toml with R2 bucket bindings and environment variables +- [ ] Configure path aliases in `tsconfig.json` +- [ ] Set up VS Code workspace settings +- [ ] Create .dev.vars for local development secrets + +### Dependencies +- [ ] Install @cloudflare/next-on-pages for Workers deployment +- [ ] Install wrangler for local development +- [ ] Install and configure shadcn/ui (using official CLI) +- [ ] Install CodeMirror 6 and language modes +- [ ] Install nanoid for ID generation +- [ ] Install @cloudflare/workers-types for type definitions +- [ ] Install development dependencies (vitest, @testing-library/react) +- [ ] Install next-themes for theme management + +### Project Structure +- [ ] Create folder structure (`app/`, `components/`, `lib/`, `types/`) +- [ ] Set up app router pages structure +- [ ] Create base layout with theme provider +- [ ] Set up global styles and CSS variables + +## ๐Ÿ”ง Phase 2: Core Infrastructure + +### Type Definitions +- [ ] Create TypeScript interfaces for GistMetadata +- [ ] Create TypeScript interfaces for UserMetadata +- [ ] Create TypeScript interfaces for EncryptedData +- [ ] Create TypeScript interfaces for API responses +- [ ] Create TypeScript interfaces for error types +- [ ] Create type for binary file format +- [ ] Export all types from `types/index.ts` + +### Configuration +- [ ] Create configuration module for environment variables +- [ ] Create constants file for limits and defaults +- [ ] Set up feature flags system +- [ ] Configure bindings types for TypeScript +- [ ] Create env.d.ts for Cloudflare bindings +- [ ] Set up local development with miniflare + +### Utilities +- [ ] Create logger utility +- [ ] Create error handling utilities +- [ ] Create validation utilities +- [ ] Create ID generation utility (nanoid) + +## ๐Ÿ” Phase 3: Encryption Implementation + +### Crypto Module (`lib/crypto.ts`) +- [ ] Implement key generation using Web Crypto API +- [ ] Implement AES-GCM encryption function (Workers-compatible) +- [ ] Implement AES-GCM decryption function (Workers-compatible) +- [ ] Implement key export/import utilities +- [ ] Create URL-safe key encoding/decoding (base64url) +- [ ] Add encryption error handling +- [ ] Ensure all crypto operations are Edge Runtime compatible + +### Binary Format (`lib/binary.ts`) +- [ ] Implement file encoding to binary format +- [ ] Implement binary format decoding +- [ ] Add format validation +- [ ] Create unit tests for binary operations + +### PIN Authentication (`lib/auth.ts`) +- [ ] Implement PBKDF2 PIN hashing +- [ ] Create PIN validation function +- [ ] Add salt generation utility +- [ ] Create PIN strength validation + +## ๐ŸŽจ Phase 4: UI Components + +### Layout Components +- [ ] Create Header component with navigation +- [ ] Create Footer component +- [ ] Create Container component for consistent spacing +- [ ] Implement responsive design tokens + +### Form Components +- [ ] Create FileTab component for multi-file support +- [ ] Create CodeEditor component (CodeMirror wrapper) +- [ ] Create ExpirySelector component +- [ ] Create PINInput component +- [ ] Create ShareDialog component with copy functionality + +### Display Components +- [ ] Create GistViewer component +- [ ] Create FileList component +- [ ] Create VersionHistory dropdown +- [ ] Create LoadingStates component +- [ ] Create ErrorBoundary component + +### UI Features +- [ ] Implement dark/light theme toggle +- [ ] Add toast notifications +- [ ] Create keyboard shortcuts +- [ ] Add copy-to-clipboard functionality +- [ ] Implement responsive design + +## ๐Ÿ”Œ Phase 5: API Development + +### Storage Client (`lib/storage.ts`) +- [ ] Create R2 client wrapper using Cloudflare Workers R2 bindings +- [ ] Configure R2 bucket binding in wrangler.toml +- [ ] Implement metadata upload/download (JSON) using R2 API +- [ ] Implement blob upload/download (binary) using R2 API +- [ ] Handle R2 errors (R2Error, R2ObjectNotFound) +- [ ] Create type-safe wrapper for R2 operations +- [ ] Implement streaming for large files + +### API Routes +- [ ] Configure all routes with `export const runtime = 'edge'` +- [ ] `POST /api/gists` - Create gist endpoint +- [ ] `GET /api/gists/[id]` - Get gist metadata +- [ ] `GET /api/blobs/[id]` - Get encrypted blob +- [ ] `PUT /api/gists/[id]` - Update gist +- [ ] `DELETE /api/gists/[id]` - Delete gist +- [ ] Implement Cloudflare rate limiting rules +- [ ] Add input validation middleware +- [ ] Add error handling middleware +- [ ] Configure API routes to access R2 bindings + +### API Features +- [ ] Implement multipart form data parsing (Workers-compatible) +- [ ] Add request size validation (Workers limit: 100MB) +- [ ] Create consistent error responses +- [ ] Add API documentation +- [ ] Implement CORS configuration +- [ ] Handle Workers CPU time limits (50ms) + +## โœจ Phase 6: Features Implementation + +### Core Features +- [ ] Implement gist creation flow +- [ ] Implement gist viewing flow +- [ ] Implement gist editing with PIN +- [ ] Add version history support +- [ ] Implement file management (add/remove/rename) + +### Self-Expiring Gists +- [ ] Add expiry field to creation form +- [ ] Create separate Cloudflare Worker for scheduled CRON cleanup +- [ ] Configure CRON trigger in wrangler.toml +- [ ] Implement batch deletion for expired gists +- [ ] Implement expiry warning UI +- [ ] Add countdown timer display + +### One-Time View +- [ ] Add one-time view option to creation +- [ ] Implement view tracking (mark as viewed in metadata) +- [ ] Create deletion after successful decryption +- [ ] Add warning modal before viewing +- [ ] Implement download option before viewing + +### Additional Features +- [ ] Implement syntax highlighting selection +- [ ] Add line numbers toggle +- [ ] Create print-friendly view +- [ ] Add raw file download +- [ ] Implement URL shortening (optional) + +## ๐Ÿงช Phase 7: Testing + +### Unit Tests +- [ ] Test encryption/decryption functions +- [ ] Test binary format encoding/decoding +- [ ] Test PIN hashing and validation +- [ ] Test API route handlers with Workers test environment +- [ ] Test utility functions +- [ ] Test R2 operations with miniflare + +### Integration Tests +- [ ] Test complete gist creation flow +- [ ] Test gist viewing with decryption +- [ ] Test gist editing with PIN +- [ ] Test expiry functionality +- [ ] Test one-time view functionality + +### E2E Tests +- [ ] Set up Playwright or Cypress +- [ ] Test user journey: create โ†’ share โ†’ view +- [ ] Test error scenarios +- [ ] Test responsive design +- [ ] Test accessibility + +### Performance Tests +- [ ] Test large file handling +- [ ] Test encryption performance +- [ ] Measure page load times +- [ ] Test concurrent user load + +## ๐Ÿš€ Phase 8: Deployment + +### Cloudflare Setup +- [ ] Create R2 bucket (ghostpaste-bucket) +- [ ] Configure R2 bucket bindings in wrangler.toml +- [ ] Set up Cloudflare Workers project +- [ ] Configure Workers routes for the app +- [ ] Set up scheduled Workers for CRON jobs (expiry cleanup) +- [ ] Configure custom domain (ghostpaste.dev) +- [ ] Set up SSL certificates (automatic with Cloudflare) +- [ ] Configure environment variables in Workers dashboard + +### CI/CD Pipeline +- [ ] Set up GitHub Actions workflow for Cloudflare deployment +- [ ] Configure automated testing with vitest +- [ ] Add build verification using @cloudflare/next-on-pages +- [ ] Set up deployment pipeline with wrangler +- [ ] Configure environment secrets in GitHub +- [ ] Set up preview deployments for PRs + +### Production Readiness +- [ ] Implement error tracking (Sentry) +- [ ] Set up monitoring and alerts +- [ ] Configure CDN for static assets +- [ ] Implement backup strategy +- [ ] Create runbook for operations + +### Security Hardening +- [ ] Implement Content Security Policy headers +- [ ] Configure HSTS and security headers +- [ ] Set up rate limiting with Cloudflare +- [ ] Implement input sanitization +- [ ] Add request size limits +- [ ] Configure CORS properly +- [ ] Security audit of encryption implementation + +## ๐Ÿ“š Phase 9: Documentation & Polish + +### User Documentation +- [ ] Create user guide +- [ ] Add FAQ section +- [ ] Create video tutorials +- [ ] Write security best practices +- [ ] Add troubleshooting guide + +### Developer Documentation +- [ ] Document API endpoints +- [ ] Create architecture diagrams +- [ ] Write contribution guidelines +- [ ] Add code style guide +- [ ] Create development setup guide + +### Final Polish +- [ ] Optimize bundle size +- [ ] Improve lighthouse scores +- [ ] Add OpenGraph meta tags +- [ ] Create custom 404 page +- [ ] Add analytics (privacy-friendly) +- [ ] Implement feedback mechanism + +## ๐ŸŽฏ Stretch Goals + +- [ ] CLI tool for GhostPaste +- [ ] Browser extension +- [ ] Mobile app (React Native) +- [ ] GitHub integration +- [ ] Collaborative editing +- [ ] Folder/collection support +- [ ] Search functionality +- [ ] User dashboards (optional auth) +- [ ] Import from GitHub Gists +- [ ] Export to various formats +- [ ] Syntax theme customization +- [ ] Custom short URLs + +--- + +## Progress Tracking + +**Phase Completion:** +- [ ] Phase 1: Project Setup +- [ ] Phase 2: Core Infrastructure +- [ ] Phase 3: Encryption Implementation +- [ ] Phase 4: UI Components +- [ ] Phase 5: API Development +- [ ] Phase 6: Features Implementation +- [ ] Phase 7: Testing +- [ ] Phase 8: Deployment +- [ ] Phase 9: Documentation & Polish + +**Last Updated:** 2025-06-04 + +--- + +๐Ÿ’ก **Note:** This is a living document. Add new tasks as they are discovered and update progress regularly. \ No newline at end of file