cryptify
GitHub · Rust + TypeScript · File Sharing Service
Cryptify is the file encryption and sharing service that PostGuard uses for delivering encrypted files. It allows encrypting any file with an identity attribute. Only people who can prove they have that attribute can decrypt and view the contents.
The PostGuard website and the JavaScript SDK use Cryptify as the default file storage and delivery backend.
Architecture
Cryptify has two parts:
- Backend (Rust, Rocket framework): Handles file storage, chunked uploads, email notifications, and serves the API.
- Frontend (TypeScript): Web UI for uploading and downloading encrypted files.
Configuration
The backend reads its configuration from a TOML file. Example configuration files are in conf/. Set the ROCKET_CONFIG environment variable to point to the configuration file.
Configuration parameters:
| Parameter | Description | Example |
|---|---|---|
server_url | Public URL of the frontend (via nginx) | http://localhost:8080/ |
address | Bind address | 0.0.0.0 |
port | Backend listen port | 8000 |
data_dir | Directory for storing uploaded files | /tmp/data |
email_from | Sender address for notification emails | noreply@postguard.local |
smtp_url | SMTP server hostname | mailcrab |
smtp_port | SMTP server port | 1025 |
smtp_tls | Enable TLS for SMTP | false |
smtp_username | Optional SMTP username | user |
smtp_password | Optional SMTP password | pw |
allowed_origins | Regex pattern for CORS allowed origins | ^https?://(localhost|127\\.0\\.0\\.1)(:[0-9]+)?$ |
pkg_url | URL of the PostGuard PKG server | http://postguard-pkg:8087 |
API
The backend exposes a file upload/download API. An OpenAPI 3.0 specification is available in api-description.yaml in the repository root. The main endpoints:
POST /fileupload/init— Initialize a multipart file upload (takes sender email, recipient email, file size, mail content, and language).PUT /fileupload/{uuid}— Upload a file chunk (useContent-Rangeheader for chunked uploads).POST /fileupload/finalize/{uuid}— Finalize the upload and send the notification email.GET /filedownload/{uuid}— Download a file.
Development
Docker (recommended)
# Development setup
docker-compose -f docker-compose.dev.yml up
# Production-like setup
docker-compose upManual Setup
Frontend
Requires Node.js 14+:
cd cryptify-front-end
npm install
npm run start # development server
npm run build # production buildWhen developing locally, change the baseurl constant in FileProvider.ts to http://localhost:3000 so the frontend uses the local backend.
Backend
Requires Rust.
Configuration
The backend needs a configuration file. See conf/ for examples (config.toml for production, config.dev.toml for development).
| Option | Description |
|---|---|
server_url | Public URL of the service |
address | Bind address (e.g. 0.0.0.0) |
data_dir | Directory for file storage |
email_from | Sender address for email notifications |
smtp_url | SMTP server hostname |
smtp_port | SMTP server port |
smtp_tls | Enable TLS for SMTP (default: false) |
smtp_username | SMTP username (optional) |
smtp_password | SMTP password (optional) |
allowed_origins | CORS allowed origins (regex) |
pkg_url | PostGuard PKG server URL |
Building and running
# Development (with auto-reload)
env ROCKET_ENV=development ROCKET_CONFIG=conf/config.dev.toml cargo watch -x run
# Production build
env ROCKET_ENV=production cargo build --release
# Run the built binary
env ROCKET_CONFIG=conf/config.toml ./target/release/cryptify-backendElectron Packaging
Cryptify can also be packaged as a desktop app:
cd cryptify-front-end
npm run dist-electronReleasing
This repository uses Release-plz for automated versioning. Merging a release PR triggers a multi-architecture Docker image build.
CI/CD
| Workflow | Trigger | What it does |
|---|---|---|
ci.yml | Push to main | Release-plz PR/release, multi-arch Docker build |