I use the famous openpgpjs library (used by Proton) to do the end-to-end encryption. See what is PGP here.
Your device generates a public & private key pair.
Then your device encrypts the private key with your password;
Then your device sends your username, public key, encrypted private key to server;
Your password never leaves your device!!!
Most websites send your password in plain text to their server, like Google, Facebook, X etc.
Your device makes a request with your username to get your public key, encrypted private key, and a challenge encrypted with your public key;
Your device decrypts the encrypted private key with your password;
Then it uses the decrypted private key to decrypt the challenge, and send the decrypted challenge to server;
Server checks if the challenge is solved, if yes, it will return an access token and a refresh token back to your device, and you are logged in.
So again, your password never leaves your device!!!
Your device encrypts your writings with your public key;
Then your device sends the encrypted texts to server;
You send your content in HTML format to server;
Server generates PDF from the HTML content;
Server encrypts the PDF with your public key;
Server saves the encrypted PDF to storage;
Your device gets the encrypted writings and PDFs from server;
Your device decrypts the encrypted writings and PDFs with your private key;