ansible/flaskpaste
1
0
Fork 0
forked from claw/flaskpaste
Code Pull Requests Activity

routes: skip PoW for trusted certificate holders

Browse Source
This commit is contained in:
Username
2026-02-16 22:51:08 +01:00
parent c31923f491
commit 283f87b9c4
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/api/routes.py
View File

@@ -950,7 +950,7 @@ class IndexView(MethodView):
f"GET {prefixed_url('/health')}": "Health check", f"GET {prefixed_url('/health')}": "Health check",
f"GET {prefixed_url('/client')}": "Download CLI client (fpaste)", f"GET {prefixed_url('/client')}": "Download CLI client (fpaste)",
f"GET {prefixed_url('/challenge')}": "Get proof-of-work challenge", f"GET {prefixed_url('/challenge')}": "Get proof-of-work challenge",
f"POST {prefixed_url('/')}": "Create paste (PoW required)", f"POST {prefixed_url('/')}": "Create paste (PoW required unless trusted cert)",
f"GET {prefixed_url('/pastes')}": "List your pastes (cert required)", f"GET {prefixed_url('/pastes')}": "List your pastes (cert required)",
f"GET {prefixed_url('/<id>')}": "Get paste metadata", f"GET {prefixed_url('/<id>')}": "Get paste metadata",
f"GET {prefixed_url('/<id>/raw')}": "Get raw paste content", f"GET {prefixed_url('/<id>/raw')}": "Get raw paste content",
@@ -958,7 +958,7 @@ class IndexView(MethodView):
f"DELETE {prefixed_url('/<id>')}": "Delete paste (owner only)", f"DELETE {prefixed_url('/<id>')}": "Delete paste (owner only)",
f"GET {prefixed_url('/register/challenge')}": "Get registration challenge", f"GET {prefixed_url('/register/challenge')}": "Get registration challenge",
f"POST {prefixed_url('/register')}": "Register for client certificate", f"POST {prefixed_url('/register')}": "Register for client certificate",
f"POST {prefixed_url('/s')}": "Create short URL (PoW required)", f"POST {prefixed_url('/s')}": "Create short URL (PoW required unless trusted cert)",
f"GET {prefixed_url('/s')}": "List your short URLs (cert required)", f"GET {prefixed_url('/s')}": "List your short URLs (cert required)",
f"GET {prefixed_url('/s/<id>')}": "Redirect to target URL", f"GET {prefixed_url('/s/<id>')}": "Redirect to target URL",
f"GET {prefixed_url('/s/<id>/info')}": "Short URL metadata", f"GET {prefixed_url('/s/<id>/info')}": "Short URL metadata",
@@ -1072,9 +1072,9 @@ class IndexView(MethodView):
add_rate_limit_headers(response, 0, limit, reset_timestamp) add_rate_limit_headers(response, 0, limit, reset_timestamp)
return response return response
# Proof-of-work verification # Proof-of-work verification (trusted certs exempt)
difficulty = current_app.config["POW_DIFFICULTY"] difficulty = current_app.config["POW_DIFFICULTY"]
if difficulty > 0: if difficulty > 0 and not trusted_client:
token = request.headers.get("X-PoW-Token", "") token = request.headers.get("X-PoW-Token", "")
solution = request.headers.get("X-PoW-Solution", "") solution = request.headers.get("X-PoW-Solution", "")
@@ -2005,9 +2005,9 @@ class ShortURLCreateView(MethodView):
add_rate_limit_headers(response, 0, limit, reset_timestamp) add_rate_limit_headers(response, 0, limit, reset_timestamp)
return response return response
# Proof-of-work # Proof-of-work (trusted certs exempt)
difficulty = current_app.config["POW_DIFFICULTY"] difficulty = current_app.config["POW_DIFFICULTY"]
if difficulty > 0: if difficulty > 0 and not trusted_client:
token = request.headers.get("X-PoW-Token", "") token = request.headers.get("X-PoW-Token", "")
solution = request.headers.get("X-PoW-Solution", "") solution = request.headers.get("X-PoW-Solution", "")