ansible/flaskpaste
1
0
Fork 0
forked from claw/flaskpaste
Code Pull Requests Activity

docs: add url shortener documentation

Browse Source
This commit is contained in:
Username
2026-02-16 20:56:55 +01:00
parent 75a9bf56d9
commit 2679bc8e69
6 changed files with 268 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
ROADMAP.md
View File

@@ -29,7 +29,8 @@ FlaskPaste v1.5.1 is deployed with comprehensive security hardening and abuse pr
- CLI with list, search, update, export commands
- Public certificate registration (PoW-protected)
- CLI register command for certificate enrollment
- Comprehensive test suite (356 tests)
- URL shortener (create, redirect, info, delete, list)
- Comprehensive test suite (346 tests)
- Complete security pentest remediation (15 items)
- PKI audit logging (certificate lifecycle events)
- Request duration metrics (Prometheus histogram)
@@ -49,7 +50,7 @@ Focus: Production readiness and operational excellence.
│ 4 │ Proxy trust validation │ Done
│ 5 │ Proof-of-work spam prevention │ Done
│ 6 │ Entropy enforcement │ Done
│ 7 │ Test coverage > 90% │ Done (301 tests)
│ 7 │ Test coverage > 90% │ Done (346 tests)
│ 8 │ Documentation complete │ Done
└───┴─────────────────────────────────┴────────────────────────────────────┘
```
@@ -86,9 +87,21 @@ Focus: User-requested enhancements within scope.
│ 6 │ Anti-flood (dynamic PoW) │ Done (v1.4.0)
│ 7 │ IP-based rate limiting │ Done (v1.4.0)
│ 8 │ Scheduled cleanup │ Done (v1.4.0)
│ 9 │ URL shortener │ Done (v1.6.0)
└───┴─────────────────────────────────┴────────────────────────────────────┘
```
### URL Shortener (v1.6.0)
Short URL creation, redirect, metadata, and management:
- `POST /s` - Create short URL (PoW + rate limit)
- `GET /s` - List own short URLs (auth required)
- `GET /s/<id>` - 302 redirect to target
- `GET /s/<id>/info` - JSON metadata (target, clicks, expiry)
- `DELETE /s/<id>` - Delete (owner only)
- Open redirect prevention (http/https only, netloc required)
- 8-char base62 IDs (visually distinct from paste hex IDs)
### Anti-Flood System (v1.4.0)
Dynamic proof-of-work difficulty that increases under abuse:
@@ -193,6 +206,8 @@ These features will not be implemented:
| 2024-12 | Pentest remediation complete | 15 security hardening items from formal review
| 2024-12 | Enhanced CI security | SBOM generation, dedicated security-tests job
| 2025-01 | CI/CD image build/push | Auto-build on main, push to Harbor registry
| 2026-02 | URL shortener | /s/ prefix avoids paste ID collision; base62 IDs
| 2026-02 | Open redirect prevention | http/https only, netloc required, 2048 byte limit
## Review Schedule