fixed rebase issue

'

@@ -0,0 +1,28 @@
+from flask import Flask
+from app import build
+from pathlib import Path
+import markdown
+import os
+from dotenv import load_dotenv
+
+app = Flask(__name__)
+
+PRIVATE_VAULT_DIR = Path("/vault")
+PUBLIC_VAULT_DIR = "/content"
+
+build.obsidian_vault(PRIVATE_VAULT_DIR) # initialize the private obsidian repo
+build.public_vault(PRIVATE_VAULT_DIR, PUBLIC_VAULT_DIR) # initialize the public notes from the private repo
+
+@app.route("/")
+def index():
+    md_content = "# Welcome to my blog!\nThis is rendered from **Markdown**.\n##[test](http://localhost/test)"
+    html_content = markdown.markdown(md_content)
+    return html_content
+@app.route("/api/vault-update") #webhook for vault updated
+def update_vault():
+# TODO SECURE THIS WITH SECRETTTTT or auth header
+    print(build.public_vault(PRIVATE_VAULT_DIR, PUBLIC_VAULT_DIR))# initialize the public notes from the private repo
+    return "vault-rebuilt"
+@app.route ("/<filename>") # renders a filename if not otherwise specified
+def render_post(filename):
+    return build.html_file(filename, PUBLIC_VAULT_DIR)

.env

@@ -1,2 +1,5 @@
 obsidian_vault=/home/venus/Documents/Personal-Wiki
+obsidian_vault_url=git.riverrooks.dev/Personal-Wiki
+OBSIDIAN_VAULT_URL=git.riverrooks.dev/Personal-Wiki
+obsidian_vault_token=bd8cd9301ae2c1c5bacfb3340492acb5e862686a
 

.gitignore

@@ -0,0 +1,3 @@
+app/__pychache__
+public-vault
+compose.yml

Dockerfile

@@ -0,0 +1,29 @@
+FROM python:3.14-slim
+
+#install git
+RUN apt-get update && apt-get install -y \
+    git \
+    && rm -rf /var/lib/apt/lists/*
+#install dependencies
+RUN mkdir /app 
+COPY app/requirements.txt /app
+RUN pip3 install -r /app/requirements.txt
+
+#parse from .env file
+ARG DEBUG_MODE=0
+ARG obsidian_vault=/home/venus/Documents/Personal-Wiki
+ARG OBSIDIAN_VAULT_URL=git.riverrooks.dev/venus/Personal-Wiki
+ARG obsidian_vault_token=bd8cd9301ae2c1c5bacfb3340492acb5e862686a
+
+ENV FLASK_DEBUG=$DEBUG_MODE
+ENV FLASK_APP=app
+# ENV OBSIDIAN_VAULT=$obsidian_vault
+ENV OBSIDIAN_VAULT_URL=$OBSIDIAN_VAULT_URL
+ENV OBSIDIAN_VAULT_TOKEN=$obsidian_vault_token
+
+COPY app /app
+
+ENTRYPOINT ["flask"]
+CMD ["run", "--host=0.0.0.0", "--port=80"]
+
+

app/Dockerfile

@@ -1,21 +0,0 @@
-FROM python:3.10-slim AS builder
-
-ARG DEBUG_MODE=0
-ENV FLASK_DEBUG=$DEBUG_MODE
-ENV FLASK_APP=app
-
-
-
-COPY requirements.txt
-
-RUN pip3 install -r requirements.txt
-
-COPY . .
-
-
-EXPOSE 443
-ENTRYPOINT ["flask"]
-# CMD [ "run", "--host=0.0.0.0", "--port=80"]
-CMD ["--app", "app", "run", "--host=0.0.0.0", "--port=443"]
-
-

app/___init___.py

@@ -1,35 +0,0 @@
-from flask import Flask
-import markdown
-from pathlib import Path
-
-app = Flask(__name__)
-
-CONTENT_DIR = Path(__file__).parent.parent / "content"
-
-@app.route("/hello")
-def hello_world():
-    return "<h1>Hello, World!</h1>"
-
-@app.route("/")
-def index():
-    # Write your markdown content
-    md_content = "# Welcome to my blog!\nThis is rendered from **Markdown**."
-    # Convert it to HTML
-    html_content = markdown.markdown(md_content)
-    return html_content
-
-@app.route ("/post/<filename>")
-def render_markdown_file(filename):
-    filePath = CONTENT_DIR / f"{filename}.md"
-    # 3. Protect against missing files
-    if not filePath.is_file():
-        return f"<h1>404</h1><p>Could not find {filename}.md in {filePath}</p>", 404
-    # else:
-    #     return f"<h1> found</h1> <p> found {filename} in {filePath}</p>"
-    # 4. Open, read, and convert the file
-    with open(filePath, "r", encoding="utf-8") as f:
-        textContent = f.read()
-        
-    htmlContent = markdown.markdown(textContent)
-    
-    return htmlContent

app/__init__.py

@@ -0,0 +1,28 @@
+from flask import Flask
+from app import build
+from pathlib import Path
+import markdown
+import os
+from dotenv import load_dotenv
+
+app = Flask(__name__)
+
+PRIVATE_VAULT_DIR = Path("/vault")
+PUBLIC_VAULT_DIR = "/content"
+
+build.obsidian_vault(PRIVATE_VAULT_DIR) # initialize the private obsidian repo
+build.public_vault(PRIVATE_VAULT_DIR, PUBLIC_VAULT_DIR) # initialize the public notes from the private repo
+
+@app.route("/")
+def index():
+    md_content = "# Welcome to my blog!\nThis is rendered from **Markdown**.\n##[test](http://localhost/test)"
+    html_content = markdown.markdown(md_content)
+    return html_content
+@app.route("/api/vault-update") #webhook for vault updated
+def update_vault():
+# TODO SECURE THIS WITH SECRETTTTT or auth header
+    print(build.public_vault(PRIVATE_VAULT_DIR, PUBLIC_VAULT_DIR))# initialize the public notes from the private repo
+    return "vault-rebuilt"
+@app.route ("/<filename>") # renders a filename if not otherwise specified
+def render_post(filename):
+    return build.html_file(filename, PUBLIC_VAULT_DIR)

app/build.py

@@ -1,26 +1,61 @@
 from obsidian_parser import Vault
 import shutil
-from git import Repo
+import markdown
+from pathlib import Path
+import os
 
 
+def html_file(filename, contentPath): #renders markwown from filename 
+    filePath = Path(f"{contentPath}/{filename}.md")
+    # 3. Protect against missing files
+    if not filePath.is_file():
+        return f"<h1>404</h1><p>Could not find {filename}.md in {filePath}</p>", 404
+    # open the file for reading
+    with open(filePath, "r", encoding="utf-8") as f:
+        textContent = f.read()
+    # convert it to markdown
+    htmlContent = markdown.markdown(textContent)
+    return htmlContent
 
-def clone_secure_repo(url: str, token: str = "", dest: str): # clone a gittea repo using optional security token into dest dirand return a path to the directory
-    return dest
 
-def public_notes(src: str): # return a list of notes tagged with public from an obsidian directory
-    # build vault from source
-    vault = Vault(src)
-    if vault:
-        print ("found vault")
-    else:
+def obsidian_vault(dest = "/vault"): # makes sure there is a vault in dest
+    from git import Repo
+    url = os.getenv("OBSIDIAN_VAULT_URL")
+    token = os.getenv("OBSIDIAN_VAULT_TOKEN")
+    if not(token):
+        print ("token not found, cant build vault")
+        raise NameError("tokenNotFound")
+        return 0
+
+    url = f"https://{token}@{url}"
+
+    if os.path.exists(os.path.join(dest, '.git')):
+        #TODO handle merge conflictsjjj
+        print (f"pulling vault from {url} in {dest}")
+        repo = Repo(dest)
+        origin = repo.remotes.origin
+        origin.fetch()
+        origin.pull(strategy_option='theirs')
+        print ("vault updated")
+        return 1
+
+    print (f"building vault from {url} in {dest}")
+    Repo.clone_from(url, dest)
+    print("cloned vault!")
+    return 1
+
+def public_vault(privateVault = "/vault", dest = "/content"): # build the public vault in dest from an obsidian repo in src
+    vault = Vault(privateVault)
+    if not(vault):
         print("could not find vault")
-        return []
+        raise NameError("vaultNotFound")
+        return 0
 
-    # return a list ofnotes
-    return vault.get_notes_with_tag("public")
+    print(f"valid vault{vault}")
     
+    publicNotes = vault.get_notes_with_tag("public")
 
-def buld_public_vault(src: str, dest: str): # build the public vault in dest from an obsidian repo in src
-    for note in public_notes(src):
+    print(f"publicNotes: {publicNotes}")
+    for note in publicNotes:
         print(note.title)
         shutil.copy2(f"{note.path}", dest)

app/requirements.txt

@@ -1,2 +1,5 @@
 flask
 markdown
+obsidianmd-parser
+GitPython
+python-dotenv

compose.yml

@@ -1,15 +1,13 @@
 services:
   app:
     build: 
-      context: app
       args:
         - DEBUG_MODE=1
+        - obsidian_vault_url=https://git.riverrooks.dev/Personal-Wiki
+        - obsidian_vault_token=bd8cd9301ae2c1c5bacfb3340492acb5e862686a
+
     ports:
-      - '80:80'
+      - '8188:80'
     volumes:
-      - ./content:/content
-  # public_vault_builder:
-  #   build:
-  #     context: public_vault_builder
-  #   volumes: 
-  #     - ./public_vault:/content
+      - ./content:/content #public
+      - ./public-vault:/vault #private

content/Malware.md

@@ -0,0 +1,296 @@
+#public 
+# Malware/malicious software
+ - **Malware**: software written with intent to do HARM
+```mermaid
+flowchart TD
+    A[Data] <---> B[People]
+    A <---> C[Devices]
+    B <---> C
+```
+> Greatest Vulnerability is People
+## Malware types
+ - **virus:** program to modify other programs
+ - **Worm**: program that spreads itself
+ > diff b/t virus and worm is method of movement
+ - **Trojan**: an innocent program that hides malware inside
+ - **Ransomware**: require payment to remove (often in exchange for decryption key)
+ - **Phishing**: Faking identity in order to build trust to encourage specific user behavior
+ - **DOS/DDOS**: (distributed) denial of service to overwhelm services and prevent legitimate activity from getting through
+
+# Threat Actors
+| Group            | Motivations                                              |
+| ---------------- | -------------------------------------------------------- |
+| Nation States    | Intelligence Infrastructure                              |
+| Groups of people | Intimidate, org-goals                                    |
+| Individuals      | ego, \$\$\$, etc                                         |
+| Insider Threats  | Those inside of an organization who abuse trusted access |
+>Insider Threats are the Greatest challenge in cyber-sec
+
+> There is an upward trend in the amount of malware and damage done in USD. 5 month avg for identifying breaches
+
+# CIA TRIAD
+```mermaid
+flowchart TD
+    A[Confidentiality] <---> B[Integrity]
+    A <---> C[Accessibility]
+    B <---> C
+````
+True security manages all 3, our job is to find the right balance
+## CONFIDENTIALITY
+	Ensuring that only authorized users can access data
+### 3 Types of confidentiality
+| type            | definition                                                                 | exampe                    |     |
+| --------------- | -------------------------------------------------------------------------- | ------------------------- | --- |
+| Confidentiality | limiting access to information including the existence of such information | "What conversation"       |     |
+| Privacy         | Limit the information shared                                               | Not giving away PII       |     |
+| Secrecy         | Data not to be shared beyond small circle                                  | Restricting access to PII |     |
+ - **PII**: personally identifiable information
+## INTEGRITY
+    Ensure data and system resources are trustworthy
+    Trustworthy: known author, not maliciously modified
+    
+| Catagory | definition |
+| --- | --- |
+| Data integrity | Data has not been modified or overwritten |
+| Origin Integrity | maintaining the authorship and chain of editors |
+| System  integrity | overall design of processes that work with data |
+> While confidentiality is often considered the "Traditional" focus of security, Integrity can be considred just as important
+## AVAILABILITY
+Authorized users can access data and systems when needed.
+Confilicts directly with Confidentiality, this balance is our job.
+DDOS/DOS attacks affect availibility.
+> "If one person can have access, many have access"
+
+# What is security?
+> Just fire-walling/encrypting your system $\neq$ security
+
+**Security is a systems issue**, good security is a heuristic endeavor encompassing the following questions:
+ 1. What are we protecting?
+ 2. What can go wrong?
+ 3. What are we going to do about it?
+ 4. Did we do a good job?
+
+You need to deal with policy and procedure. E.G. talking to non-tech savvy people or encouraging more scrutiny of strange emails
+
+ - **Forensics:** determine what was done when
+```mermaid
+mindmap
+	id))system((
+		id(Hardware(
+		id(Software(
+		id)networking(
+
+```
+# The Five As
+| [[Malware#Authentication]] | Verification of a user's Identity            | static password           |
+| ------------------------ | -------------------------------------------- | ------------------------- |
+| Access control           | control who is allowed access to something   | ACT card                  |
+| [[Malware#Accounting]]     | keeping track of activity                    | logs of command history   |
+| [[Malware#Auditing]]       | checking for suspicious behavior or failures | log analysis              |
+| Action                   | taking action on a threat                    | changing a users password |
+
+
+## Authentication
+ > How do we know who you say you are? j do we know you're authorized?
+### 3 mechanism of authentication:
+| something you **know** | Static username and passwd                                           |
+| ---------------------- | -------------------------------------------------------------------- |
+| something you **have** | one time password (OTP) --> usually **2nd device** as authentication |
+| something you **are**  | Biometric credential                                                 |
+
+## Accounting
+ - cant have $\infty$ storage, so what do you keep?
+## Auditing
+You need to know your system is compromised if you're taksed to protect it.
+"Did something happen?"
+This is looking at logs created and making policies to take action of some kind
+    you also need to determine the action to take
+# measures and countermeasures
+| prevention | measures to **stop breaches**     | Gaurd at the gate, strong authentication policy |     |
+| ---------- | --------------------------------- | ----------------------------------------------- | --- |
+| detection  | measures to **detect breaches**   | beggining, ongoing, or afterwords               |     |
+| Reaction   | measures to **recover of assets** | Rebuild, Repair, Pursue                         |     |
+
+```mermaid
+flowchart TB
+id1[Passwords are easy to guess] --> id2[Password policies] --> id3[Users write down passwds] --> id4[etc]
+
+```
+# Insider threats
+ - **Threat**: An event of condition that has the potential to cause loss or undesirable consequences
+ - **Insider Threat**: threat caused by someone inside of the organization
+    - Disgruntled employee
+    - Careless employee
+
+|       |IT sabatoge| Theft of IP   | Fraud | Espionage |
+| ---   | ---       | ---           | ---   | ---       |
+| WHO   | techinal/priveleged access | scientists, programmers, engineers, sales | fincacial pros, low/mid developers, customer service | anybody |
+| WHEN | on/before termination | ~60 days b4 leaving | Long period of time |  long period of time |
+| WHY | revenge | new job, start company | Greed, financial need | dissatisfaction, greed, financial need |
+
+## Identifying Insider Threats:
+ - Who has the most access?
+    > Don't assume sysadmin is the villan, just be aware of their access level
+ - become the insider. "Think like the attacker" 
+ - most employees dont join to become insiders
+## Lifecycle of an insider
+ 1. Recruitment/tipping point
+ 2. Search/Reconnisance
+ 3. Acquisition/collection
+ 4. Exfiltration/Action
+
+# Threat Modeling
+> The equifax breach exploited a known vulnerability that equifax didn't patch for months. $1.4 Billion in damages 
+## The fundamental security problem
+There are more attacks than can be reasonably stopped with limited time/money
+## Why threat model
+ - Proactive vs Reactive
+ - Prioritization
+ - Systematic approach
+ - Find problem's you'd otherwise miss
+ - Legal compliance
+## The cost of a vulnerability
+![[Diagram 2.svg]]
+## What is threat modeling?
+A structured process to identify, quantify, and address security risks in a system or process
+## Key Questions
+ 1. What are we protecting
+ 2. What can go wrong
+ 3. What are we going to do about it
+ 4. did we do a good job
+## Steps
+ ### 1. define scopes and assets
+ ### 2. Create architecture diagram
+    - Data flow
+    - Network diagram
+    - Component diagram
+    - Trust breakdown diagram
+ ### 3. Identify threats
+| S     | spoofing Identity         |
+| ---   | ---                       |
+| T     | Tampering with data       |
+| R     | Repudation                |
+| I     | Information disclosure    |
+| D     | Denial of servie          |
+| E     | Escalation of privelege   |
+> [[Malware#CIA Triad]]
+
+ ### 4. Rank and prioritize threats
+
+#### DREAD 
+on a scale of 1 - 10
+Risk = (D+R+E+A+D)/5
+
+| D    | Damage potential  |
+| ---  | ---               |
+| R    | Reproducability   |
+| E    | Exploitability    |
+| A    | Affected Users    |
+| D    | Discoverability   |
+
+Ex: Mybama SQLI
+
+| D   | 10  |
+| --- | --- |
+| R   | 10  |
+| E   | 7   |
+| A   | 10  |
+| D   | 8   |
+R 9 = (10 + 10 + 7 + 10 + 8) / 5 
+9 is a **Critical threat**
+#### Impact/likelyhood table
+
+| likelyhood | low | med | high |
+| ---------- | --- | --- | ---- |
+| low        | 1   | 2   | 3    |
+| med        | 2   | 4   | 6    |
+| high       | 3   | 6   | 9    |
+
+| < 3   | < 6   | 9 |
+| ---   | ---   |---|
+| low, fix when possible | Vulnerable. Fix ASAP | HUGE PROBLEM |
+
+ ### 5. Determine Mitigation
+  1. **Eliminate**: remove the vuln --> unused admin page
+  2. **Mitigate**: Reduce likelihood of attack --> Sanitize SQL inputs
+  3. **Transfer**: Move to somewhere else --> send it to your SSO
+  4. **Accept**: It's good enough --> password logins (using microsoft)
+
+## Why it works:
+ 1. Systematic, not random
+ 2. Visual
+ 3. Collaborative
+ 4. Proactive
+ 5. Prioritized
+ 6. Documented
+
+# Encryption
+## Symmetric V. Asymmetric
+ - **Symmetric encryption**: Uses a single key
+ - **Asymmetric encryption**: Uses two keys
+
+```mermaid
+stateDiagram-v2
+    
+        state symmetric{
+        plaintext
+        }
+        state asymmetric{
+        text
+        key
+        }
+        text --> encryption
+        key --> encryption
+        encryption --> cyphertext 
+        plaintext --> encryption
+        cyphertext --> decryption
+        decryption --> Plaintext
+
+```
+### Asymmetric key encryption
+> Asymmetric has 2 keys and is more computationally expensive
+
+takes 2 keys, and runs the encryption algo on the combined input
+1 is the private key, one is the public
+    how do you securely send the keys?
+### Symmetric key encryption
+Cheaper, older and more common
+> Block cipher
+ - **DES**: Data Encryption Standard
+    - Oldest standard
+    - originally labbeled by NIST
+ - **AES**: Advanced Encryption Standard
+    - updated DES, more computationally signifigant for modern computing
+ - **3DES**: 3 Data Encryption Standard
+    - does DES 3 times
+ - **TLS**: Transport Layer security
+    - for high level web traffic 
+ - **SSL**: Secure Socket layer
+    - for secure communication between machine
+## Feistel block cipher
+Takes initial input, splits in half, encrypts left half, and switches. Repeats 
+The key is used in encryption through a reversable algorithm.
+![[Pasted image 20260217083518.png]]
+
+## Diffie Heiman Key exchange
+Symmetric means you have to pass around the key,
+Asymmetric is computationally expensive
+Diffie-Heiman is a solution
+ 1. Publish your public key
+ 2. Send hash function with any work you then publish
+ 3. Your public key can be used to verify integrety of any published work
+    3a. verifying file downloads
+    3b. git commits
+You can aslo force 1-way encryption with a block cipher so:
+data --> hash
+but not:
+hash --> data
+any slight change of input, dramatically changes output (Avalance effect)
+> since encryption methods take any size and hash it to a fixed size, collisions are possible. Furthermore, Collisions are going to be vastly different inputs
+
+## Hash functions
+ - Md5
+ - Sha1
+ - Sha3
+ - Sha256
+ - RSA

content/test.md

@@ -1,3 +1,11 @@
+---
+public: "true"
+tags:
+  - public
+---
 # This is a test
 and this is p
-*italics*
+[https://localhost/test]()
+[asd](https://localhost/test)
+
+

public_vault/test.md

@@ -1,7 +0,0 @@
----
-public: "true"
-tags:
-  - public
----
-# This is a test
-and this is p

public_vault_builder/Dockerfile

@@ -1,14 +0,0 @@
-FROM python:3.12-slim
-
-
-run mkdir /public-vault
-
-WORKDIR /build
-
-COPY requirements.txt .
-
-RUN pip3 install -r requirements.txt
-
-COPY . .
-
-CMD ["python", "build.py"]

public_vault_builder/build.py

@@ -1,25 +0,0 @@
-from obsidian_parser import Vault
-import shutil
-from git import Repo
-
-
-# repo_url = "https://gitlab.com/username/my-vault.git"
-dest = "/content"
-src = "Personal-Wiki"
-# Load a vault
-vault = Vault(src)
-
-if vault:
-    print ("found vault")
-else:
-    print("could not find vault")
-
-# Find notes by exact name
-note = vault.get_note("test")
-
-# Findd all public notes
-publicNotes = vault.get_notes_with_tag("public")
-
-for note in publicNotes:
-    print(note.title)
-    shutil.copy2(f"{note.path}", dest)

public_vault_builder/requirements.txt

@@ -1,2 +0,0 @@
-obsidianmd-parser
-GitPython