- A client chooses a
siteId. - The client encrypts note content locally.
- The client derives an
authTokenlocally from its secret. - The client sends only encrypted note data, metadata, and the derived token to the API.
- The API stores the encrypted payload and a salted hash of the token.
- Updates and deletes require the same derived token and the expected version.
Defines the HTTP server and routes:
GET /healthGET /api/v1/sites/:siteIdPUT /api/v1/sites/:siteIdDELETE /api/v1/sites/:siteId
It also applies request validation, error mapping, and IP-based rate limiting.
Implements persistence and business rules:
- lazy loading from disk
- create and update semantics
- optimistic concurrency
- auth token verification
- delete behavior
Hashes and verifies client-derived authorization tokens using Node's built-in crypto primitives.
Normalizes and validates incoming siteId values so the API uses a consistent identifier format.
Provides a simple in-memory limiter keyed by client IP address.
The current store writes a JSON file shaped like this:
{
"sites": [
{
"siteId": "demo-site",
"version": 1,
"createdAt": "2026-04-24T08:00:00.000Z",
"updatedAt": "2026-04-24T08:00:00.000Z",
"ciphertext": "base64...",
"iv": "base64...",
"salt": "base64...",
"algorithm": "aes-256-gcm",
"kdf": "argon2id",
"noteHash": "sha256...",
"auth": {
"salt": "hex...",
"hash": "hex..."
}
}
]
}The API removes the auth object before returning site data to clients.