A fast, private and secure web notebook.
Users can create task lists, tables, links, and code blocks using Markdown and HTML. They can add online images, audio, or videos via URL. Notes can be searched, sorted by category, or organized into folders.
Users can sync notes across devices in a secure database after signing in without needing an email address, only a username and strong password. Public notes can be shared via random URLs.
This website is a Progressive Web App (PWA) that can be installed as an application. Automatic updates are handled by the Service Worker. Design is responsive and optimized for all mobile devices or macOS/Windows.
The site is accessible to users with disabilities through high-contrast colors, ARIA modules, and focusable elements. Users can choose between light/dark modes and select the page's accent color.
The website follows OWASP security recommendations.
User's connections are managed with secure cookies and tokens.
All notes are sanitized and validated through the DOMPurify library. All notes are encrypted with AES-256-GCM. Each user has a cryptographically secure key generated after signing up.
Users can lock the app using biometrics (fingerprints, face, etc.). These biometric data are never sent to the server.
- 2FA login
- Markdown plugins
- Reminders with calendar
If you find issues, vulnerabilities or if you have any suggestions to improve this project, feel free to discuss!
docker-compose up --build -d to build the Docker container
Important
The website is available at localhost:8787, but if you want to deploy it on a server with a domain name or an IP address, you need to install a SSL certificate to use note encryption (Web Crypto API requires HTTPs). Edit all users, passwords and Docker configurations for production. To store user encryption keys, I recommend using a secure vault like AWS KMS, Azure Key Vault or a self-hosted solution instead of the database.
