Auto remember me from shareable link

[uzadude]

This is an amazing project!

Would like to suggest an option to auto enable the "remember me" when using the shareable link .

With that users would need to use the "ugly" link only once, and from there on the readable link.

[robinmoisson]

Hey @uzadude, thanks for reporting and for opening a PR! I'm curious, could you share a little more about why that's necessary in your setup?

I'd think you can either send the link with the auto-decrypt hash, and people can bookmark it or set it as a link on a text in a doc (like this), or you can send the person both the regular link and the password - the password should be unique anyway, and sending the link with the auto-decrypt hash is the same security wise.

In general I want to be conservative in adding new toggles to staticrypt to keep it easy to understand and to use for newcomers, so I want to make sure the current abilities don't cover the use case in a significant way.

That being said as I'm writing this I'm realizing, maybe it'd be useful to share an auto-decrypt link to a project that has multiple pages, where we'd want a single entry link to auto-decrypt all pages. 🤔

[uzadude]

Hi,
yup, it's related to what you wrote in the last sentence.
Our use-case is documentation site based on docusaurus (react) which indeed has many pages. The experience we want to give to our customers is basically that they will not even be aware that it is an encrypted site. they will just click the link once, and from there on they will be able to freely navigate between the pages and even share links (without the hashed-password)
with one another.

[robinmoisson]

I think that makes sense, though maybe unusual for share links, since encrypting multiple pages is a common use case.

Thanks for the suggestion!

[samibkf]

Hello @robinmoisson & @uzadude , I really need the shareable link auto-remember feature.
If it's already implemented, I'd be grateful if you could point me towards how to use it!

[uzadude]

@samibkf - we ended up using a patch (with patch-package) with the contents of #184 and it works great.

[robinmoisson]

Woops sorry, looks like time flew faster than I noticed. This is now a feature of version 3.4.0 that has just been pushed to npm - you can add &remember_me to your sharable link, or add the --share-remember flag to your command to get the link, as is now documented in the readme.

@uzadude the hashed password is preferred in the url fragment rather than query params (#staticrypt_pwd=... rather than ?staticrypt_pwd=...) to avoid sending it to the server since it's only needed client-side. We still support query param for backward compat reason, so I added support for the remember_me to be passed in query param too like you did, so it should be backward compatible with your patched version as well. 🙂

staticrypt/lib/staticryptJs.js

Line 210 in 1e5e6cf

const rememberMeQuery = queryParams.get(rememberMeKey);

Let me know if you guys hit any problem using it, and thanks for the idea! (and final push 🙏 )