diff --git a/frontends/web/.env.example b/frontends/web/.env.example index 72d13f9..014e3eb 100644 --- a/frontends/web/.env.example +++ b/frontends/web/.env.example @@ -5,9 +5,10 @@ STEGASOO_AUTH_ENABLED=true STEGASOO_HTTPS_ENABLED=false STEGASOO_HOSTNAME=localhost +STEGASOO_PORT=5000 -# Channel Key (256-bit hex for private channel isolation) -# Generate with: python -c "import secrets; print(secrets.token_hex(32))" +# Channel Key (format: XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX) +# Generate with: stegasoo generate --channel-key # Leave empty for public mode STEGASOO_CHANNEL_KEY= diff --git a/frontends/web/app.py b/frontends/web/app.py index b2bb6a3..258a593 100644 --- a/frontends/web/app.py +++ b/frontends/web/app.py @@ -1405,9 +1405,10 @@ if __name__ == "__main__": else: print("Authentication disabled") + port = int(os.environ.get("STEGASOO_PORT", "5000")) app.run( host="0.0.0.0", - port=5000, + port=port, debug=False, ssl_context=ssl_context, ) diff --git a/frontends/web/templates/generate.html b/frontends/web/templates/generate.html index 476aecd..95a4bd9 100644 --- a/frontends/web/templates/generate.html +++ b/frontends/web/templates/generate.html @@ -74,36 +74,47 @@ -
- - -
- - -
- - - - -
-
For private groups: generate, then use Custom mode when encoding/decoding.
-
- - + + +
+
+

+ +

+
+
+

+ Channel keys create private encoding channels. Only users with the same key can decode each other's images. + Learn more +

+ +
+ + + + +
+
+ + After generating, configure this key in your server's environment or use Custom channel mode when encoding/decoding. +
+
+
+
+
{% else %} diff --git a/rpi/BUILD_IMAGE.md b/rpi/BUILD_IMAGE.md new file mode 100644 index 0000000..3da49a0 --- /dev/null +++ b/rpi/BUILD_IMAGE.md @@ -0,0 +1,108 @@ +# Stegasoo Pi Image Build Workflow + +Quick reference for building a distributable SD card image. + +## Step 1: Flash Fresh Raspbian + +Use rpi-imager with these settings: +- **OS**: Raspberry Pi OS (64-bit) +- **Hostname**: `stegasoo` +- **Enable SSH**: Yes (password auth) +- **Username**: `pi` (or any) +- **Password**: `raspberry` (temporary) +- **WiFi**: Skip (use ethernet for clean image) + +## Step 2: Boot & SSH In + +```bash +# Wait for Pi to boot (~60 seconds), then: +ssh pi@stegasoo.local +# or use IP from router DHCP list +``` + +## Step 3: Run Setup Script + +```bash +curl -sSL https://raw.githubusercontent.com/adlee-was-taken/stegasoo/main/rpi/setup.sh | bash +``` + +This takes ~15-20 minutes and installs: +- Python 3.12 via pyenv +- jpegio (patched for ARM) +- Stegasoo with web UI +- Systemd service + +## Step 4: Test It Works + +```bash +sudo systemctl start stegasoo +curl -k https://localhost:5000 +# Should return HTML +``` + +## Step 5: Sanitize for Distribution + +```bash +curl -sSL https://raw.githubusercontent.com/adlee-was-taken/stegasoo/main/rpi/sanitize-for-image.sh | sudo bash +``` + +This removes: +- WiFi credentials +- SSH authorized keys +- Bash history +- Stegasoo auth database +- Logs and temp files + +The Pi will shut down when complete. + +## Step 6: Copy the Image + +Remove SD card, insert into your Linux machine: + +```bash +# Find the SD card device (CAREFUL!) +lsblk + +# Copy (replace sdX with actual device, e.g., sda) +sudo dd if=/dev/sdX of=stegasoo-rpi-$(date +%Y%m%d).img bs=4M status=progress +``` + +## Step 7: Shrink & Compress + +```bash +# Optional: Shrink image (saves space) +wget https://raw.githubusercontent.com/Drewsif/PiShrink/master/pishrink.sh +chmod +x pishrink.sh +sudo ./pishrink.sh stegasoo-rpi-*.img + +# Compress +xz -9 -T0 stegasoo-rpi-*.img +``` + +## Step 8: Distribute + +Upload `.img.xz` to GitHub Releases. + +Users can flash with: +```bash +# Linux +xzcat stegasoo-rpi-*.img.xz | sudo dd of=/dev/sdX bs=4M status=progress + +# Or use rpi-imager "Use custom" option +``` + +--- + +## Quick Command Summary + +```bash +# On Pi: +curl -sSL https://raw.githubusercontent.com/adlee-was-taken/stegasoo/main/rpi/setup.sh | bash +sudo systemctl start stegasoo +curl -k https://localhost:5000 +curl -sSL https://raw.githubusercontent.com/adlee-was-taken/stegasoo/main/rpi/sanitize-for-image.sh | sudo bash + +# On your machine: +sudo dd if=/dev/sdX of=stegasoo-rpi-$(date +%Y%m%d).img bs=4M status=progress +xz -9 -T0 stegasoo-rpi-*.img +``` diff --git a/rpi/setup.sh b/rpi/setup.sh index c9f9b28..edd8208 100755 --- a/rpi/setup.sh +++ b/rpi/setup.sh @@ -182,6 +182,7 @@ WorkingDirectory=$INSTALL_DIR/frontends/web Environment="PATH=$INSTALL_DIR/venv/bin:/usr/bin" Environment="STEGASOO_AUTH_ENABLED=true" Environment="STEGASOO_HTTPS_ENABLED=false" +Environment="STEGASOO_PORT=5000" ExecStart=$INSTALL_DIR/venv/bin/python app.py Restart=on-failure RestartSec=5 @@ -217,8 +218,28 @@ echo " journalctl -u stegasoo -f" echo "" echo -e "${GREEN}Access Web UI:${NC}" PI_IP=$(hostname -I | awk '{print $1}') -echo " http://$PI_IP:5000" +echo " http://$PI_IP:5000 (default port, configurable via STEGASOO_PORT)" echo "" echo -e "${YELLOW}Note: On first access, you'll be prompted to create an admin account.${NC}" echo "" +echo -e "${GREEN}Enable HTTPS:${NC}" +echo " sudo nano /etc/systemd/system/stegasoo.service" +echo "" +echo " Change: Environment=\"STEGASOO_HTTPS_ENABLED=false\"" +echo " To: Environment=\"STEGASOO_HTTPS_ENABLED=true\"" +echo "" +echo " Save (Ctrl+O, Enter, Ctrl+X), then:" +echo " sudo systemctl daemon-reload" +echo " sudo systemctl restart stegasoo" +echo "" +echo -e "${GREEN}Private Channel Key (optional):${NC}" +echo " Generate a key:" +echo " source $INSTALL_DIR/venv/bin/activate" +echo " stegasoo generate --channel-key" +echo "" +echo " Add to the service file (same nano command above):" +echo " Environment=\"STEGASOO_CHANNEL_KEY=XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX\"" +echo "" +echo " This ensures only users with the same key can decode your images." +echo "" echo -e "To start now: ${YELLOW}sudo systemctl start stegasoo${NC}"