~fancycade/mysterio

Password manager web app
Several improvements
Quality of life improvement to search
Remove id from exports

refs

main
browse  log 

clone

read-only
https://git.sr.ht/~fancycade/mysterio
read/write
git@git.sr.ht:~fancycade/mysterio

You can also use your local clone with git send-email.

#mysterio

A password manager web application. Erlang cowboy web application with no javascript.

#Build

Alpine Linux:

doas apk add erlang npm bsd-compat-headers

To build the project:

$ npm install
$ rebar3 compile

#Usage

Setup RSA public/private key pair:

openssl genrsa -out private.pem 2048
openssl rsa -in private.pem -out public.pem -outform PEM -pubout

2FA login is done with email which requires its own config file to get setup, email_config.json looks like this:

{"smtp_host": "smtp.migadu.com",
 "smtp_username": "user@site.com",
 "smtp_password": "supersecret"}

Path locations are intended to be configurable, take a look at config/*.config.src to see these paths.

Run app:

$ rebar3 shell

#Deployment

rebar3 as prod tar

This will be a self contained release that can be copied over to a server and be deployed.

#Security Guidelines

Mysterio has been built around these security guidelines:

Suggestions on how to make mysterio more secure are greatly appreciated.

#TODO's:

  • Unit tests
  • Typespecs
  • Refactoring
  • Limit admin password retries without DoS
  • favicon