alee/stegasoo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
34ede3815f3c3eaff35dc862b011195b8db6c702
stegasoo/TODO-4.2.1.md
Aaron D. Lee 34ede3815f Add API key authentication and TLS support 
API Authentication (v4.2.1):
- API key auth via X-API-Key header
- Keys hashed (SHA-256) and stored in ~/.stegasoo/api_keys.json
- Auth disabled when no keys configured
- Protected endpoints: encode, decode, generate, channel/*, compare, etc.
- Public endpoints: /, /docs, /modes, /auth/status, /channel/status

TLS Support:
- Auto-generates self-signed certs on first run
- Certs include localhost, local IPs, hostname.local
- Stored in ~/.stegasoo/certs/

CLI Commands:
- stegasoo api keys list/create/delete
- stegasoo api tls generate/info
- stegasoo api serve (starts with TLS by default)

Updated systemd service to use TLS.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-11 18:03:51 -05:00

2.2 KiB
Raw Blame History

Stegasoo 4.2.1 Plan

Bugs

  • Fix EXIF viewer panel not loading metadata in Web UI
    • Redesigned with card-based grid layout and categories
    • Compact styling for better space usage
  • DCT mode: portrait photos export rotated 90° (EXIF orientation not handled)
    • Added _apply_exif_orientation() to apply EXIF rotation before embedding
  • DCT mode: add rotation fallback (try as-is, rotate 90°, retry on failure)
    • Added rotation fallback in extract_from_dct() with quick header validation
  • Rotate tool: use jpegtran for lossless JPEG rotation (preserves DCT stego!)
    • Web UI rotate tool now uses jpegtran for JPEGs
    • DCT decode rotation fallback now uses jpegtran for JPEGs
    • Dynamic UI shows "DCT Safe" for JPEGs, warning for other formats

Tools Audit

  • Web UI tools - full shakedown and fixes
    • Compress, Rotate, Strip, EXIF viewer all working
    • Rotate uses jpegtran for lossless JPEG rotation
    • Compact UI styling
  • CLI tools - full shakedown and fixes
    • Fixed encode to output JPEG when carrier is JPEG (was always PNG)
    • Fixed jpegtran -trim flag destroying DCT stego data
    • Added compress, rotate, convert tools (matching Web UI)
    • Rotate uses jpegtran for JPEGs, supports flip-only operations

AUR Packages

  • stegasoo-cli - standalone CLI package (no web dependencies)
    • Created aur-cli/PKGBUILD with [cli,dct,compression] extras only
    • No flask/gunicorn/fastapi/uvicorn/pyzbar deps
    • 68MB vs 79MB for full package
  • stegasoo-api - REST API package (needs auth overhaul first)

API Auth Work

  • API key authentication (simpler than OAuth2 for personal use)
    • frontends/api/auth.py - key generation, hashing, validation
    • Keys stored in ~/.stegasoo/api_keys.json (hashed)
    • X-API-Key header for authentication
    • Auth disabled when no keys configured
  • TLS with self-signed certificates
    • Auto-generates certs on first run
    • CLI: stegasoo api tls generate
    • Certs stored in ~/.stegasoo/certs/
  • CLI commands for API management
    • stegasoo api keys list/create/delete
    • stegasoo api tls generate/info
    • stegasoo api serve (starts with TLS by default)

API Documentation

  • Postman collection
  • Environment variable templates
Reference in New Issue View Git Blame Copy Permalink