forked from claw/flaskpaste
docs: update project status for v1.2.0
This commit is contained in:
Username
26
TODO.md
26
TODO.md
@@ -6,34 +6,33 @@ Unstructured intake buffer for ideas, issues, and observations. Items here are r
|
||||
|
||||
## Ideas
|
||||
|
||||
- Prometheus metrics endpoint (`/metrics`) for monitoring integration
|
||||
- Structured JSON logging for log aggregation compatibility
|
||||
- Burn-after-read paste option
|
||||
- Custom expiry header for per-paste TTL
|
||||
- Rate limit headers in responses (X-RateLimit-*)
|
||||
- Paste compression for large text content
|
||||
- ETag support for conditional requests
|
||||
- Paste listing for authenticated users (their own pastes only)
|
||||
- Neovim/Vim plugin for editor integration
|
||||
- Webhook notifications for paste events
|
||||
- Certificate renewal reminder in CLI
|
||||
- Admin endpoint for CA key rotation
|
||||
|
||||
## Observations
|
||||
|
||||
- Abuse prevention uses content-hash dedup + PoW + entropy enforcement
|
||||
- SQLite WAL mode could improve concurrent read performance
|
||||
- Container image size could be reduced with multi-stage build
|
||||
- E2E encryption in CLI uses cryptography package (optional dependency)
|
||||
- Entropy check has size threshold to avoid false positives on small data
|
||||
- PKI uses AES-256-GCM for CA private key encryption (PBKDF2 key derivation)
|
||||
- SHA1 fingerprints are X.509 standard, not security-relevant (usedforsecurity=False)
|
||||
- Revoked certificates are soft-deleted (status tracked, not removed)
|
||||
- CI pipeline: lint runs parallel with security, tests wait for lint
|
||||
- Ruff replaces flake8/isort/pyupgrade with single fast tool
|
||||
- Bandit configured for medium+ severity only (-ll flag)
|
||||
|
||||
## Questions
|
||||
|
||||
- Should expired paste cleanup run in-process or via external cron?
|
||||
- Is SQLite sufficient for anticipated load, or plan for PostgreSQL?
|
||||
- Should burn-after-read pastes show in metadata before burn?
|
||||
- Password-protected pastes: derive key from password or store hash?
|
||||
- Certificate renewal: reissue with same CN or require new request?
|
||||
- Should revoked certs be purged after grace period?
|
||||
|
||||
## Debt
|
||||
|
||||
- Mypy has pre-existing type errors (runs with --ignore-missing-imports)
|
||||
- No integration tests for container deployment
|
||||
- Missing test for concurrent paste creation
|
||||
- Could add more deployment examples (Kubernetes, systemd)
|
||||
@@ -41,8 +40,7 @@ Unstructured intake buffer for ideas, issues, and observations. Items here are r
|
||||
## External Dependencies
|
||||
|
||||
- Consider adding `python-magic` for better MIME detection (currently magic bytes only)
|
||||
- Evaluate `structlog` for structured logging when implemented
|
||||
- Look into `prometheus-flask-exporter` for metrics
|
||||
- cryptography package required for PKI features (optional otherwise)
|
||||
|
||||
---
|
||||
|
||||
|
||||
Reference in New Issue
Block a user