gjfy

gjfy is a single binary, standalone web server with only one purpose: Create links that automatically disappear once clicked. On first click it will show a "secret", for instance a password that somebody wants to send to someone.

The idea is that if the original receiver finds the link invalid, they know that the secret was intercepted by a third party and the sender can reset the password.

There are other tools available that do similar things. However, usually those involve installing lots of dependencies or web frameworks and often require setting up a database. Some of them are even offering a hosted service, so you would be handing your secrets to a third party.

Gjfy does not need any of this: it is a completely self-contained and on-premise system.

Probably the most notable difference is that secrets are only kept in memory. They are never written into a database or a file. So it can never happen that, because of a program bug or sysadmin mistake, the secrets are left on the disk. However, it is possible that the operating system will write part of the program memory into swap temporarily, which is not easy to avoid.

The author believes that tools like this should not load assets from external sources and also that no javascript should be used. Gjfy will never do that and instead try to be as simple and privacy respecting as possible.

Features

• Everything in a single binary
• No web server or application server needed
• No database needed
• No persistence
• No javascript
• Simple json API (demo client included)
• Simple html user interface
• Simple token based authentication
• Supports IPv6, HTTP2, TLS
• Email notification