Hacker-Software/minmal-file-cloud-email-pim-passmanager
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: Mini-Cloud Plattform - komplette Implementierung Phase 0-8

Browse Source 
Selbstgehostete Web-Cloud mit Dateiverwaltung, Kalender, Kontakte,
Email-Webclient, Office-Viewer und Passwort-Manager.

Backend (Flask/Python):
- JWT-Auth mit Access/Refresh Tokens, Benutzerverwaltung
- Dateien: Upload/Download, Ordner, Berechtigungen, Share-Links
- Kalender: CRUD, Teilen, iCal-Export, CalDAV well-known URLs
- Kontakte: Adressbuecher, vCard-Export, Teilen
- Email: IMAP/SMTP-Proxy, Multi-Account
- Office-Viewer: DOCX/XLSX/PPTX/PDF Vorschau
- Passwort-Manager: AES-256-GCM clientseitig, KeePass-Import
- Sync-API fuer Desktop/Mobile-Clients
- SQLite mit WAL-Modus

Frontend (Vue 3 + PrimeVue):
- Datei-Explorer mit Breadcrumbs und Share-Dialogen
- Monatskalender mit Event-Verwaltung
- Kontaktliste mit Adressbuch-Sidebar
- Email-Client mit 3-Spalten-Layout
- Passwort-Manager mit TOTP und Passwort-Generator
- Admin-Panel, Settings, oeffentliche Share-Seite

Docker: Multi-Stage Build, Bind Mounts (keine Volumes)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Stefan Hacker
2026-04-11 14:53:28 +02:00
parent d4f7e90d0c
commit 62f550c373
56 changed files with 8047 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/app/models/password_vault.py
+99
View File
@@ -0,0 +1,99 @@
from datetime import datetime, timezone
from app.extensions import db
class PasswordFolder(db.Model):
__tablename__ = 'password_folders'
id = db.Column(db.Integer, primary_key=True)
owner_id = db.Column(db.Integer, db.ForeignKey('users.id'), nullable=False, index=True)
parent_id = db.Column(db.Integer, db.ForeignKey('password_folders.id'), nullable=True,
index=True)
name = db.Column(db.String(255), nullable=False)
icon = db.Column(db.String(50), nullable=True)
created_at = db.Column(db.DateTime, default=lambda: datetime.now(timezone.utc))
updated_at = db.Column(db.DateTime, default=lambda: datetime.now(timezone.utc),
onupdate=lambda: datetime.now(timezone.utc))
children = db.relationship('PasswordFolder',
backref=db.backref('parent', remote_side='PasswordFolder.id'),
lazy='dynamic')
entries = db.relationship('PasswordEntry', backref='folder', lazy='dynamic',
cascade='all, delete-orphan')
def to_dict(self):
return {
'id': self.id,
'owner_id': self.owner_id,
'parent_id': self.parent_id,
'name': self.name,
'icon': self.icon,
'created_at': self.created_at.isoformat() if self.created_at else None,
}
class PasswordEntry(db.Model):
__tablename__ = 'password_entries'
id = db.Column(db.Integer, primary_key=True)
user_id = db.Column(db.Integer, db.ForeignKey('users.id'), nullable=False, index=True)
folder_id = db.Column(db.Integer, db.ForeignKey('password_folders.id'), nullable=True,
index=True)
# All sensitive fields are encrypted client-side (AES-256-GCM)
title_encrypted = db.Column(db.LargeBinary, nullable=False)
url_encrypted = db.Column(db.LargeBinary, nullable=True)
username_encrypted = db.Column(db.LargeBinary, nullable=True)
password_encrypted = db.Column(db.LargeBinary, nullable=True)
notes_encrypted = db.Column(db.LargeBinary, nullable=True)
totp_secret_encrypted = db.Column(db.LargeBinary, nullable=True)
passkey_data_encrypted = db.Column(db.LargeBinary, nullable=True)
# IV for each entry (needed for AES-GCM decryption)
iv = db.Column(db.LargeBinary, nullable=False)
category = db.Column(db.String(100), nullable=True) # Plaintext for filtering
created_at = db.Column(db.DateTime, default=lambda: datetime.now(timezone.utc))
updated_at = db.Column(db.DateTime, default=lambda: datetime.now(timezone.utc),
onupdate=lambda: datetime.now(timezone.utc))
user = db.relationship('User', backref='password_entries')
def to_dict(self):
import base64
return {
'id': self.id,
'folder_id': self.folder_id,
'title_encrypted': base64.b64encode(self.title_encrypted).decode() if self.title_encrypted else None,
'url_encrypted': base64.b64encode(self.url_encrypted).decode() if self.url_encrypted else None,
'username_encrypted': base64.b64encode(self.username_encrypted).decode() if self.username_encrypted else None,
'password_encrypted': base64.b64encode(self.password_encrypted).decode() if self.password_encrypted else None,
'notes_encrypted': base64.b64encode(self.notes_encrypted).decode() if self.notes_encrypted else None,
'totp_secret_encrypted': base64.b64encode(self.totp_secret_encrypted).decode() if self.totp_secret_encrypted else None,
'passkey_data_encrypted': base64.b64encode(self.passkey_data_encrypted).decode() if self.passkey_data_encrypted else None,
'iv': base64.b64encode(self.iv).decode() if self.iv else None,
'category': self.category,
'created_at': self.created_at.isoformat() if self.created_at else None,
'updated_at': self.updated_at.isoformat() if self.updated_at else None,
}
class PasswordShare(db.Model):
__tablename__ = 'password_shares'
id = db.Column(db.Integer, primary_key=True)
shareable_type = db.Column(db.String(20), nullable=False) # 'entry' or 'folder'
shareable_id = db.Column(db.Integer, nullable=False)
shared_by_id = db.Column(db.Integer, db.ForeignKey('users.id'), nullable=False)
shared_with_id = db.Column(db.Integer, db.ForeignKey('users.id'), nullable=False, index=True)
permission = db.Column(db.String(20), nullable=False, default='read') # 'read', 'write', 'manage'
# Re-encrypted data for the recipient (encrypted with recipient's public key)
encrypted_key = db.Column(db.LargeBinary, nullable=True)
created_at = db.Column(db.DateTime, default=lambda: datetime.now(timezone.utc))
shared_by = db.relationship('User', foreign_keys=[shared_by_id], backref='password_shares_given')
shared_with = db.relationship('User', foreign_keys=[shared_with_id], backref='password_shares_received')
__table_args__ = (
db.UniqueConstraint('shareable_type', 'shareable_id', 'shared_with_id',
name='uq_password_share'),
db.Index('ix_password_shareable', 'shareable_type', 'shareable_id'),
)