Lighthouse Notes is a source available digital forensics note taking application
Report Bug
·
Request Feature
·
Get Support
Lighthouse is a university dissertation project which implements a source available digital forensics note taking application. With the following features:
- Authentication / Authorization
- User management
- Case management
- Basic exhibit management
- Timestamped contemporaneous notes
- Custom tabs
- Image / Picture uploads
- Exhibit and user tagging
- MD5 and SHA256 hashing
- Storage of notes, tabs and images in a S3 bucket (encrypted using SSE-KMS)
- Localization settings
- Audit log
This repository holds a script to generate a docker-compose file, nginx site configurations and a database initialization script. As well as the instructions for how to deploy Lighthouse notes using docker.
-
A domain name
-
A public facing server with the following installed on:
-
Docker Install Docker Engine
-
Docker Compose Install Docker Engine
-
Python
-
DotNet SDK - Install .NET on Linux distributions - .NET | Microsoft Learn (SDK verison does not matter)
-
The following DNS records need to be created for your domain name:
api.example.com 1 IN A 1.2.3.4
app.example.com 1 IN A 1.2.3.4
s3.example.com 1 IN A 1.2.3.4
Note
Replace example.com with your own domain name and 1.2.3.4 with the ip address of the public facing server.
Register for a Synfusion license here.
Tip
Depending on your company size and revenue you may be eligible for a free community license.
After you have create an account and obtained a license, navigate to https://www.syncfusion.com/account/downloads. Click "Get License Key" and chose the following options:
- Platform - select ASP.NET, ASP.NET Core and Blazor
- Change version to 24.x.x
Click "Get License Key", copy the license key and when prompted in the gen.py script enter it.
Important
The license key will only be shown once!
-
Create an Auth0 account and tenant following the instructions here.
-
Navigate to Dashboard > Applications > APIs and create an API.
Note
Replace example.com with your own domain name.
-
Navigate to Dashboard > Applications > Applications and create an application. Making sure to select "Regular Web Applications".
Configure application Settings as follows
- Set "Application Login URI" to
https://app.example.com/account/login?returnUrl=
- Set "Application Login URI" to
Note
Replace example.com with your own domain name.
- Set "Allowed Callback URLs to
https://app.example.com/callback
Note
Replace example.com with your own domain name.
- Set "Allowed Logout URLS to
https://app.example.com/
Note
Replace example.com with your own domain name.
- Enable "Refresh Token Rotation"
- Enable "Inactivity Expiration".
- Change to the "Organizations" section.
- Click "Disable Grants Now".
- Change "Types of Users" to "Business Users".
- Change "Login Flow" to "Prompt for Credentials".
-
Create another application, this time selecting "Machine to Machine Applications".
-
Navigate to Dashboard > User Management > Roles and create the following roles:
user sio organization-administrator
Warning
Role names are case senstive
-
Navigate to Dashboard > User Management > Users and create a user.
-
Navigate to Dashboard > Organizations and create an organization.
-
Change to the "Connections" panel and enable the "Username-Password-Authentication" database connection by clicking "Enable Connections" and then selecting "Username-Password-Authentication" and clicking "Enable Connection".
-
Add the user to the organization by changing to the "Members" tab and clicking "Add Members".
-
Click the "..." next to the member you just added and click "Assign Roles".
-
Assign all the roles we created in step 5 (user, sio, and organization-administrator).
-
Navigate to Dashboard > Applications > APIs > API we created in step 2. Then click the "Machine To Machine Applications" tab and enable "Lighthouse Notes".
-
Navigate to Dashboard > Actions > Flows > Login. Click the + to add an action and choose Build from scratch".
-
Add the following code inside the
exports.onExecutePostLoginfunction:// Id token is the stored by the app api.idToken.setCustomClaim(`http://schemas.microsoft.com/ws/2008/06/identity/claims/role`, event.authorization.roles); api.idToken.setCustomClaim(`http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress`, event.user.email); // Access token is used to call api api.accessToken.setCustomClaim(`http://schemas.microsoft.com/ws/2008/06/identity/claims/role`, event.authorization.roles);
-
Click "Deploy" and then click "Add to flow" in the notification.
-
Then drag the "Custom Claims" into the flow.
-
Click "Apply".
- Clone the Github repository with
git clone https://github.com/LighthouseNotes/Docker.git. - Navigate to the repository with
cd Docker. - Create a virtual environment with
python -m venv env. - Activate the virtual environment with
source env/bin/activateon Linux and MacOS orenv\Scripts\activate.bat. - Install the requirements with
pip install -r requirements.txt. - Run the script with
python gen.py. - Follow the instructions.
-
Download Synfusion Blink Libraries by visting: https://www.syncfusion.com/account/downloads/studio/licensed/24_1_41 , selecting Linux and scrolling down to the "Add-On" section and then clicking the "Download" button next to "HTML Converter for Linux".
-
Unzip the file with
unzip syncfusionessentialhtmlconverter.zip "BlinkBinaries/*" -d "./BlinkBinaries"
Important
The BlinkBinaries folder must be in the same directory as the docker-compose.yml file
- Generate a self signed certificate
dotnet dev-certs https -ep lighthousenotes.pfx -p CHANGME.
Note
Replace CHANGEME with the password you specified in the script for the "Certificate Password" prompt
-
Start SWAG with
docker compose up -d swag. -
Once you see
successfully received certificateandServer readyin the swag container logs, move to step 6.
Tip
Use docker logs swag to view the container logs
-
Copy the Nginx site configs with
mv site-confs/* swag/nginx/site-confs/. -
Restart the SWAG container with
docker restart swag. -
Bring up the rest of the docker containers with
docker compose up -d. -
Navigate to the S3 console by opening the following in a browser https://s3.example.com:9001
Note
Replace example.com with your own domain name.
-
Login with
minioas the user and the password you specified in the script at the "Minio root password" prompt. -
Create a bucket named
lighthouse-notesand enable "Versioning".
-
Click on the newly created bucket.
-
Click "Lifecycle", then "Add Lifecycle Rule" and set the lifecycle rule as follows:
-
Set "Object Version" to "Non-Current Version"
-
Set "After" to 30 days
-
Enable "Expire Delete Marker"
-
Important
Change "After" to the time period you wish to store edits to tabs for. E.g if you want to store edits to a tab for the past 30 days, set it to 30.
- Navigate to the "Access Keys" section in the side menu, and create an access key.
Important
Store the access key and secret key somewhere temporarily as they are only shown once
- Open the application in a private web browser, by visiting app.example.com.
Note
Use a private web browser untill you have set the organization settings, this is because it wil cache the incorrect settings on first load.
Note
Replace example.com with your own domain name.
-
Login with the user you created in the Auth0
-
Navigate to organization settings and change the "S3 Access Key" and "S3 Secret Key" to ones you created in step 10.
-
Change the "Meilisearch API key "to the key outputted at the end of the the gen.py script.
-
Click "Save".
-
Click the profile icon in top right and click "Profile" on this page click "Submit".
Note
This is to save your user information to Meilisearch so your user is searchable.
- Close the private browser window and then use the app as normal.