=============================================================================== AUTHTRAIL API DOCUMENTATION =============================================================================== OVERVIEW -------- AuthTrail is a comprehensive document security and verification system that uses steganography, encryption, and AI-powered analysis to ensure document authenticity. SYSTEM ARCHITECTURE ------------------ - Frontend: HTML/CSS/JavaScript with Lucide icons - Backend: AWS Lambda functions (Node.js) - Storage: AWS S3 + DynamoDB - AI: Google Gemini Pro for trust assessment - Email: SMTP Lambda for notifications =============================================================================== API ENDPOINTS =============================================================================== 1. PDF PROCESSING API (Upload & Secure) --------------------------------------- URL: https://g576f42xmoxofuvv3tdqribj2a0jdsgb.lambda-url.ap-south-1.on.aws/ Method: POST Region: ap-south-1 (Mumbai) PARAMETERS: - fileName (required): Name of the PDF file - email (required): User email address REQUEST: curl -X POST "https://g576f42xmoxofuvv3tdqribj2a0jdsgb.lambda-url.ap-south-1.on.aws/?fileName=document.pdf&email=user@example.com" \ -H "Content-Type: application/pdf" \ --data-binary @document.pdf RESPONSE: { "success": true, "message": "PDF uploaded and processed successfully", "hash": "53288a64c8081e2a431d25012f95ad36e5ba27278df2b0a70b1a84ba7d111550", "s3Location": { "bucket": "temp-hasher-autho", "key": "uploads/2025-10-09/53288a64...pdf" }, "data": { "fileName": "document.pdf", "fileSize": 227267, "pages": 8, "textLength": 5497, "extractedText": "...", "encryptedText": "f7539cef70f0a35835...", "steganographedPDFUrl": "https://temp-hasher-autho.s3.ap-south-1.amazonaws.com/files/returned/..." }, "dynamodb": { "table": "hashes", "partitionKey": "53288a64..." } } FEATURES: - Text extraction using pdf-parse - AES-256-CBC encryption - SHA-256 hash generation - Steganographic hash embedding - S3 storage (original + secured PDF) - DynamoDB metadata storage - Email association =============================================================================== 2. DOCUMENT VERIFICATION API (Decode & Verify) ---------------------------------------------- URL: https://g576f42xmoxofuvv3tdqribj2a0jdsgb.lambda-url.ap-south-1.on.aws/decode Method: POST Region: ap-south-1 (Mumbai) REQUEST: curl -X POST "https://g576f42xmoxofuvv3tdqribj2a0jdsgb.lambda-url.ap-south-1.on.aws/decode" \ -H "Content-Type: application/pdf" \ --data-binary @document.pdf RESPONSE: { "success": true, "embeddedHash": "53288a64c8081e2a431d25012f95ad36e5ba27278df2b0a70b1a84ba7d111550", "found": true, "existsInDatabase": true, "contentMatchPercentage": 100, "uploadedTextLength": 5497, "record": { "fileName": "document.pdf", "pages": 8, "userEmail": "user@example.com", "contentAnalysis": { "matchPercentage": 100, "totalDifferences": 0, "contentChanges": { "wordsRemoved": [], "wordsAdded": [] }, "trustAssessment": "Document shows 100% content match with original...", "recommendation": "TRUSTED" } } } TRUST LEVELS: - TRUSTED: 100% match, no tampering detected - MOSTLY_TRUSTED: 90-99% match, minor differences - CAUTION_REQUIRED: 70-89% match, moderate changes - NOT_TRUSTED: <70% match or no hash found FEATURES: - Steganographic hash extraction - Database lookup and verification - Content comparison analysis - AI-powered trust assessment (Gemini Pro) - Tamper detection - Word-level difference analysis =============================================================================== 3. EMAIL NOTIFICATION API (SMTP Alerts) --------------------------------------- URL: https://us2xsz4msgovspepgmoskpkvve0ikygp.lambda-url.us-east-1.on.aws/ Method: POST Region: us-east-1 (Virginia) REQUEST: curl -X POST "https://us2xsz4msgovspepgmoskpkvve0ikygp.lambda-url.us-east-1.on.aws/" \ -H "Content-Type: application/json" \ -d '{ "email": "navchetna.official.llp@gmail.com", "message": "🚨 Fake Document Detected\n\nFile: document.pdf\n\nA fake document was detected on:\nIP Address: 192.168.1.1\nDevice: MacIntel\nBrowser: Mozilla/5.0...\nTimestamp: 2025-01-09T10:30:00.000Z\n\nAnalysis: This document does not contain a valid security hash or failed authenticity verification." }' RESPONSE: { "success": true, "message": "Email sent successfully" } TRIGGER CONDITIONS: - Document flagged as NOT_TRUSTED - No embedded hash found - Hash not in database - Content match < 70% EMAIL CONTENT INCLUDES: - File name - Detection timestamp - User IP address - Device information - Browser details - Analysis reason =============================================================================== SECURITY FEATURES =============================================================================== ENCRYPTION ---------- - Algorithm: AES-256-CBC - Key: SHA-256 hashed encryption key - IV: Random 16-byte initialization vector - Text: All extracted PDF text encrypted before storage STEGANOGRAPHY ------------ - Method: PDF comment injection - Encoding: Base64 encoded hash - Location: PDF trailer section or before %%EOF - Pattern: "% Hidden: [base64-hash]" or "% Embedded: [base64-hash]" HASHING ------- - Algorithm: SHA-256 - Input: Complete PDF binary content - Output: 64-character hexadecimal hash - Usage: Unique document identifier and integrity check AI ANALYSIS ----------- - Model: Google Gemini 2.5 Flash Lite - Purpose: Trust assessment and content analysis - Fallback: Rule-based analysis if API fails - Output: Human-readable trust assessment =============================================================================== DATA STORAGE =============================================================================== AWS S3 BUCKETS -------------- Bucket: temp-hasher-autho Structure: - uploads/YYYY-MM-DD/[hash]-[filename].pdf (original files) - files/returned/[hash]-stego-[filename].pdf (secured files) DYNAMODB TABLE -------------- Table: hashes Partition Key: cryp (document hash) Schema: { "cryp": "string", // Document hash (partition key) "timestamp": "string", // Upload timestamp (ISO) "fileName": "string", // Original filename "userEmail": "string", // User email address "s3Key": "string", // S3 object key "s3Bucket": "string", // S3 bucket name "fileSize": "number", // File size in bytes "pages": "number", // Number of pages "textLength": "number", // Extracted text length "textPreview": "string", // First 500 characters "encryptedText": "string", // AES encrypted text "encryptionIV": "string", // Encryption IV "source": "string", // Always "user_upload" "extractedAt": "string" // Processing timestamp } =============================================================================== FRONTEND INTEGRATION =============================================================================== UPLOAD PAGE (frontend/index.html) --------------------------------- - Drag & drop PDF upload - File validation (PDF only) - Progress indicators - PDF preview with pdf.js - Download buttons (original + secured) - Automatic email parameter injection VERIFICATION PAGE (frontend/check/upload.html) --------------------------------------------- - Document upload interface - Real-time verification - Trust level visualization - AI assessment display - Device information collection - Automatic fake document alerts DESIGN SYSTEM ------------ - Font: Inter (Google Fonts) - Colors: Teal (#5da5b8), Light Gray (#F8F9FB) - Icons: Lucide icon library - Framework: Vanilla JavaScript - Responsive: Mobile-friendly design =============================================================================== ERROR HANDLING =============================================================================== COMMON ERRORS ------------ 400 Bad Request: - Invalid PDF file - Missing required parameters - Empty file upload 500 Internal Server Error: - AWS service failures - Database connection issues - Encryption/decryption errors CORS Issues: - Resolved by Lambda URL CORS configuration - No custom headers in responses Network Errors: - Timeout handling in frontend - Retry logic for critical operations - User-friendly error messages =============================================================================== DEPLOYMENT NOTES =============================================================================== AWS LAMBDA CONFIGURATION ----------------------- - Runtime: Node.js 18.x - Memory: 512 MB (recommended) - Timeout: 30 seconds - Environment: Production DEPENDENCIES ----------- Backend (package.json): - @aws-sdk/client-s3 - @aws-sdk/client-dynamodb - @aws-sdk/lib-dynamodb - @google/generative-ai - pdf-parse Frontend: - Lucide icons (CDN) - PDF.js (CDN) ENVIRONMENT VARIABLES -------------------- - ENCRYPTION_KEY: Document encryption key - GEMINI_API_KEY: Google AI API key - S3_BUCKET: AWS S3 bucket name - DYNAMODB_TABLE: DynamoDB table name =============================================================================== USAGE FLOW =============================================================================== DOCUMENT UPLOAD FLOW ------------------- 1. User uploads PDF via frontend 2. Frontend adds email parameter automatically 3. Lambda processes PDF (extract text, encrypt, hash) 4. Steganographic hash embedded in PDF 5. Files stored in S3, metadata in DynamoDB 6. User receives secured PDF download link DOCUMENT VERIFICATION FLOW ------------------------- 1. User uploads PDF for verification 2. Lambda extracts embedded hash 3. Database lookup for original record 4. Content comparison and analysis 5. AI trust assessment generated 6. Results displayed with trust level 7. Email alert sent if document is fake FAKE DOCUMENT DETECTION ---------------------- 1. No embedded hash found → NOT_TRUSTED 2. Hash not in database → NOT_TRUSTED 3. Content mismatch > 30% → NOT_TRUSTED 4. Automatic email notification sent 5. Device information logged =============================================================================== CONTACT INFO =============================================================================== System Owner: NavChetna Official LLP Email: navchetna.official.llp@gmail.com System: AuthTrail Document Security Platform Version: 1.0 Last Updated: January 2025 ===============================================================================