Initial deployment

.gitattributes

@@ -0,0 +1,32 @@
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.arrow filter=lfs diff=lfs merge=lfs -text
+*.bin filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.ckpt filter=lfs diff=lfs merge=lfs -text
+*.ftz filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.h5 filter=lfs diff=lfs merge=lfs -text
+*.joblib filter=lfs diff=lfs merge=lfs -text
+*.lfs.* filter=lfs diff=lfs merge=lfs -text
+*.mlmodel filter=lfs diff=lfs merge=lfs -text
+*.model filter=lfs diff=lfs merge=lfs -text
+*.msgpack filter=lfs diff=lfs merge=lfs -text
+*.npy filter=lfs diff=lfs merge=lfs -text
+*.npz filter=lfs diff=lfs merge=lfs -text
+*.onnx filter=lfs diff=lfs merge=lfs -text
+*.ot filter=lfs diff=lfs merge=lfs -text
+*.parquet filter=lfs diff=lfs merge=lfs -text
+*.pb filter=lfs diff=lfs merge=lfs -text
+*.pickle filter=lfs diff=lfs merge=lfs -text
+*.pkl filter=lfs diff=lfs merge=lfs -text
+*.pt filter=lfs diff=lfs merge=lfs -text
+*.pth filter=lfs diff=lfs merge=lfs -text
+*.rar filter=lfs diff=lfs merge=lfs -text
+*.safetensors filter=lfs diff=lfs merge=lfs -text
+*.tar.* filter=lfs diff=lfs merge=lfs -text
+*.tflite filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.wasm filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1,11 @@
+__pycache__/
+*.py[cod]
+*$py.class
+.DS_Store
+.env
+.venv
+venv/
+ENV/
+create_space.py
+deploy.sh
+setup_hf_space.py 

Dockerfile

@@ -0,0 +1,16 @@
+FROM python:3.9-slim
+
+WORKDIR /app
+
+COPY . .
+
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Create necessary directories
+RUN mkdir -p static templates
+
+# Make port 7860 available (default for HF Spaces)
+EXPOSE 7860
+
+# Command to run the application
+CMD ["python", "app.py"] 

README.md

@@ -0,0 +1,75 @@
+# Secure Balance Academy Viewer
+
+This is a secure implementation of the Balance Academy web application that prevents users from downloading, copying, or inspecting the HTML content.
+
+## Features
+
+- Authentication system with token-based access
+- Prevention of right-click context menu
+- Detection and prevention of developer tools
+- Content made uncopyable
+- Dynamic watermarking with timestamp
+- Security headers for additional protection
+
+## Usage
+
+Simply click the "Access Secure Content" button to view the protected content. Your session will automatically expire after 1 hour.
+
+## Security Notice
+
+The protections implemented in this application are designed to discourage casual copying and downloading but cannot prevent determined technical users from accessing the content. For the most sensitive content, consider additional server-side protection measures
+
+## Setup Instructions
+
+### Local Development
+
+1. Install the required dependencies:
+   ```
+   pip install -r requirements.txt
+   ```
+
+2. Run the Flask application:
+   ```
+   python app.py
+   ```
+
+3. Open your browser and navigate to `http://localhost:7860`
+
+### Deployment on Hugging Face Spaces
+
+1. Create a new Space on Hugging Face with the "Gradio" template
+2. Upload all the files in this directory to your Space
+3. Add the following to your `requirements.txt`:
+   ```
+   flask==2.3.3
+   Werkzeug==2.3.7
+   gunicorn==21.2.0
+   Flask-Session==0.5.0
+   ```
+4. Add the following to your `app.py` at the top:
+   ```python
+   # This file will be used by Hugging Face Spaces
+   ```
+5. Commit and push your changes
+
+## How It Works
+
+The application serves the HTML content with added JavaScript protections that:
+
+1. Disable right-clicking to prevent context menu access
+2. Intercept keyboard shortcuts that could be used to save or inspect the page
+3. Detect when developer tools are opened and replace page content with a warning
+4. Make text selection and copying difficult
+5. Add a dynamic watermark that updates with the current time
+
+Additionally, the server adds security headers to every response to prevent certain attacks and restricts how the content can be loaded or framed.
+
+## Limitations
+
+While these protections make it more difficult for casual users to copy or download the content, they are not foolproof against determined technical users. No client-side protection can be 100% effective against someone with technical knowledge, as the browser must ultimately receive and render the content.
+
+For the most sensitive content, consider server-side rendering of partial content or delivering content as images rather than HTML.
+
+## License
+
+This project is licensed under the terms of the LICENSE file included in the repository. 

README_HF.md

@@ -0,0 +1,20 @@
+# Secure Balance Academy Viewer
+
+This is a secure implementation of the Balance Academy web application that prevents users from downloading, copying, or inspecting the HTML content.
+
+## Features
+
+- Authentication system with token-based access
+- Prevention of right-click context menu
+- Detection and prevention of developer tools
+- Content made uncopyable
+- Dynamic watermarking with timestamp
+- Security headers for additional protection
+
+## Usage
+
+Simply click the "Access Secure Content" button to view the protected content. Your session will automatically expire after 1 hour.
+
+## Security Notice
+
+The protections implemented in this application are designed to discourage casual copying and downloading but cannot prevent determined technical users from accessing the content. For the most sensitive content, consider additional server-side protection measures.

app.py

@@ -0,0 +1,196 @@
+from flask import Flask, render_template, send_from_directory, Response
+import os
+import uuid
+import time
+from functools import wraps
+
+app = Flask(__name__, static_folder='static')
+
+# Configure session-based token security
+app.config['SECRET_KEY'] = str(uuid.uuid4())
+app.config['SESSION_TYPE'] = 'filesystem'
+app.config['PERMANENT_SESSION_LIFETIME'] = 1800  # 30 minutes
+
+# Store for valid tokens and their expiry times (in a real app, use a proper database)
+VALID_TOKENS = {}
+TOKEN_EXPIRY = 3600  # 1 hour
+
+# Security headers for all responses
+@app.after_request
+def add_security_headers(response):
+    # Prevent content from being framed by other sites
+    response.headers['X-Frame-Options'] = 'DENY'
+    
+    # Prevent browsers from performing MIME sniffing
+    response.headers['X-Content-Type-Options'] = 'nosniff'
+    
+    # Enable XSS protection in browsers
+    response.headers['X-XSS-Protection'] = '1; mode=block'
+    
+    # Content Security Policy to restrict resources
+    response.headers['Content-Security-Policy'] = "default-src 'self' https://cdn.tailwindcss.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' data:; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://cdn.tailwindcss.com; script-src 'self' 'unsafe-inline' https://cdn.tailwindcss.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net"
+    
+    # Cache control - prevent caching
+    response.headers['Cache-Control'] = 'no-store, no-cache, must-revalidate, max-age=0'
+    response.headers['Pragma'] = 'no-cache'
+    response.headers['Expires'] = '0'
+    
+    return response
+
+# Load the HTML content
+with open(os.path.join(os.path.dirname(os.path.dirname(__file__)), 'dist', 'index.html'), 'r') as f:
+    html_content = f.read()
+
+# Add anti-inspection/download JavaScript to the HTML
+def add_protection_scripts(html):
+    # Insert scripts right before the closing body tag
+    protection_scripts = """
+    <script>
+        // Disable right-click context menu
+        document.addEventListener('contextmenu', e => e.preventDefault());
+        
+        // Disable keyboard shortcuts that could be used to save the page
+        document.addEventListener('keydown', function(e) {
+            // Ctrl/Cmd + S (Save)
+            if ((e.ctrlKey || e.metaKey) && e.keyCode === 83) {
+                e.preventDefault();
+                return false;
+            }
+            
+            // Ctrl/Cmd + P (Print, which can be used to save as PDF)
+            if ((e.ctrlKey || e.metaKey) && e.keyCode === 80) {
+                e.preventDefault();
+                return false;
+            }
+            
+            // Ctrl/Cmd + Shift + I or F12 (Developer Tools)
+            if (((e.ctrlKey || e.metaKey) && e.shiftKey && e.keyCode === 73) || e.keyCode === 123) {
+                e.preventDefault();
+                return false;
+            }
+            
+            // Ctrl/Cmd + U (View Source)
+            if ((e.ctrlKey || e.metaKey) && e.keyCode === 85) {
+                e.preventDefault();
+                return false;
+            }
+        });
+        
+        // Detect and prevent developer tools from opening with periodic check
+        (function() {
+            function detectDevTools() {
+                const widthThreshold = window.outerWidth - window.innerWidth > 160;
+                const heightThreshold = window.outerHeight - window.innerHeight > 160;
+                
+                if (widthThreshold || heightThreshold) {
+                    document.body.innerHTML = '<div style="text-align: center; padding: 50px;"><h1>Developer tools detected</h1><p>Please close developer tools to view this content.</p></div>';
+                }
+            }
+            
+            // Check periodically
+            setInterval(detectDevTools, 1000);
+        })();
+        
+        // Make content uncopyable
+        document.addEventListener('selectstart', e => e.preventDefault());
+        document.addEventListener('copy', e => e.preventDefault());
+        
+        // Add a watermark with user info and timestamp
+        (function() {
+            const watermark = document.createElement('div');
+            watermark.style.position = 'fixed';
+            watermark.style.top = '0';
+            watermark.style.left = '0';
+            watermark.style.width = '100%';
+            watermark.style.height = '100%';
+            watermark.style.pointerEvents = 'none';
+            watermark.style.display = 'flex';
+            watermark.style.justifyContent = 'center';
+            watermark.style.alignItems = 'center';
+            watermark.style.zIndex = '10000';
+            
+            const watermarkText = document.createElement('p');
+            watermarkText.style.transform = 'rotate(-45deg)';
+            watermarkText.style.fontSize = '20px';
+            watermarkText.style.color = 'rgba(0, 0, 0, 0.1)';
+            watermarkText.style.userSelect = 'none';
+            
+            // Update watermark with current time every minute
+            function updateWatermark() {
+                const date = new Date();
+                watermarkText.textContent = 'Balance Academy - ' + date.toLocaleString();
+            }
+            
+            updateWatermark();
+            setInterval(updateWatermark, 60000);
+            
+            watermark.appendChild(watermarkText);
+            document.body.appendChild(watermark);
+        })();
+        
+        // Additional anti-inspection code, tries to detect if devtools is open
+        (function() {
+            let devtools = function() {};
+            devtools.toString = function() {
+                document.body.innerHTML = '<div style="text-align: center; padding: 50px;"><h1>Developer tools detected</h1><p>Please close developer tools to view this content.</p></div>';
+                return 'Dev tools usage detected!';
+            };
+            console.log('%c', devtools);
+        })();
+    </script>
+    """
+    return html.replace('</body>', protection_scripts + '</body>')
+
+protected_html = add_protection_scripts(html_content)
+
+# Create a simple token-based authentication system
+def generate_token():
+    token = str(uuid.uuid4())
+    VALID_TOKENS[token] = time.time() + TOKEN_EXPIRY
+    return token
+
+def is_valid_token(token):
+    if token in VALID_TOKENS:
+        if time.time() < VALID_TOKENS[token]:
+            return True
+        else:
+            # Token expired
+            del VALID_TOKENS[token]
+    return False
+
+def clean_expired_tokens():
+    current_time = time.time()
+    expired = [token for token, expiry in VALID_TOKENS.items() if current_time > expiry]
+    for token in expired:
+        del VALID_TOKENS[token]
+
+# Authentication decorator
+def token_required(f):
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        token = kwargs.get('token')
+        if not token or not is_valid_token(token):
+            return Response('Unauthorized access', 401)
+        return f(*args, **kwargs)
+    return decorated_function
+
+# Routes
+@app.route('/')
+def index():
+    token = generate_token()
+    clean_expired_tokens()
+    return render_template('login.html', token=token)
+
+@app.route('/view/<token>')
+@token_required
+def view_content(token):
+    return protected_html
+
+@app.route('/static/<path:filename>')
+def serve_static(filename):
+    return send_from_directory(app.static_folder, filename)
+
+if __name__ == '__main__':
+    os.makedirs(os.path.join(os.path.dirname(__file__), 'static'), exist_ok=True)
+    os.makedirs(os.path.join(os.path.dirname(__file__), 'templates'), exist_ok=True)
+    app.run(host='0.0.0.0', port=7860, debug=False) 

requirements.txt

@@ -0,0 +1,4 @@
+flask==2.3.3
+Werkzeug==2.3.7
+gunicorn==21.2.0
+Flask-Session==0.5.0 

templates/login.html

@@ -0,0 +1,112 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Secure Access - Balance Academy</title>
+    <link href="https://fonts.googleapis.com/css2?family=Nunito:wght@300;400;500;600;700&display=swap" rel="stylesheet">
+    <style>
+        body {
+            font-family: 'Nunito', sans-serif;
+            background-color: #f3f4f6;
+            display: flex;
+            justify-content: center;
+            align-items: center;
+            height: 100vh;
+            margin: 0;
+            padding: 0;
+        }
+        
+        .login-container {
+            background-color: white;
+            border-radius: 8px;
+            box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
+            padding: 2rem;
+            width: 100%;
+            max-width: 400px;
+            text-align: center;
+        }
+        
+        .login-logo {
+            font-size: 1.5rem;
+            font-weight: 700;
+            color: #0D6EFD;
+            margin-bottom: 1.5rem;
+        }
+        
+        .login-title {
+            font-size: 1.25rem;
+            margin-bottom: 1rem;
+            color: #4b5563;
+        }
+        
+        .login-description {
+            color: #6b7280;
+            margin-bottom: 1.5rem;
+            font-size: 0.875rem;
+        }
+        
+        .login-button {
+            background-color: #0D6EFD;
+            color: white;
+            border: none;
+            border-radius: 4px;
+            padding: 0.75rem 1.5rem;
+            font-weight: 600;
+            cursor: pointer;
+            transition: background-color 0.2s;
+            width: 100%;
+            font-size: 1rem;
+        }
+        
+        .login-button:hover {
+            background-color: #0b5ed7;
+        }
+        
+        .terms {
+            margin-top: 1.5rem;
+            font-size: 0.75rem;
+            color: #6b7280;
+        }
+        
+        .disclaimer {
+            margin-top: 1rem;
+            font-size: 0.75rem;
+            color: #ef4444;
+        }
+    </style>
+</head>
+<body>
+    <div class="login-container">
+        <div class="login-logo">Balance Academy</div>
+        <h1 class="login-title">Secure Access Portal</h1>
+        <p class="login-description">
+            This content is protected and requires secure access. By continuing, you agree not to download, copy, or distribute this content.
+        </p>
+        <a href="/view/{{ token }}">
+            <button class="login-button">Access Secure Content</button>
+        </a>
+        <p class="terms">
+            By accessing this content, you agree to our terms of use and privacy policy.
+            Your access is being logged and monitored.
+        </p>
+        <p class="disclaimer">
+            WARNING: Attempts to bypass security measures or extract content are prohibited and may result in legal action.
+        </p>
+    </div>
+    
+    <script>
+        // Disable right-click
+        document.addEventListener('contextmenu', e => e.preventDefault());
+        
+        // Disable keyboard shortcuts
+        document.addEventListener('keydown', function(e) {
+            if ((e.ctrlKey || e.metaKey) && 
+                (e.keyCode === 83 || e.keyCode === 80 || e.keyCode === 85)) {
+                e.preventDefault();
+                return false;
+            }
+        });
+    </script>
+</body>
+</html>