ansible/flaskpaste
1
0
Fork 0
forked from claw/flaskpaste
Code Pull Requests Activity

docs: update for tiered expiry, admin features, batch delete

Browse Source
This commit is contained in:
Username
2025-12-21 22:16:51 +01:00
parent 916a09f595
commit e2e2039903
3 changed files with 75 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
README.md
View File

@@ -92,6 +92,12 @@ curl -X DELETE \
http://localhost:5000/abc12345
```
### List user's pastes (requires authentication)
```bash
curl -H "X-SSL-Client-SHA1: <your-cert-fingerprint>" \
http://localhost:5000/pastes
```
## CLI Client
A standalone command-line client `fpaste` is included. For E2E encryption, install the optional `cryptography` package.
@@ -138,9 +144,21 @@ echo "Hello" | ./fpaste
# Get paste metadata
./fpaste get -m abc12345
# List your pastes (requires auth)
./fpaste list
# List all pastes (admin only)
./fpaste list --all
# Delete paste (requires auth)
./fpaste delete abc12345
# Delete multiple pastes
./fpaste delete abc12345 def67890
# Delete all pastes (admin only, requires confirmation)
./fpaste delete --all --confirm 42 # where 42 is expected count
# Show server info
./fpaste info
@@ -237,7 +255,10 @@ Configuration via environment variables:
| `FLASKPASTE_ID_LENGTH` | `12` | Paste ID length (hex characters) |
| `FLASKPASTE_MAX_ANON` | `3145728` (3 MiB) | Max paste size for anonymous users |
| `FLASKPASTE_MAX_AUTH` | `52428800` (50 MiB) | Max paste size for authenticated users |
| `FLASKPASTE_EXPIRY` | `432000` (5 days) | Paste expiry in seconds |
| `FLASKPASTE_EXPIRY_ANON` | `86400` (1 day) | Default expiry for anonymous users |
| `FLASKPASTE_EXPIRY_UNTRUSTED` | `604800` (7 days) | Default expiry for untrusted cert users |
| `FLASKPASTE_EXPIRY_TRUSTED` | `2592000` (30 days) | Default expiry for trusted (PKI) cert users |
| `FLASKPASTE_MAX_EXPIRY` | `7776000` (90 days) | Maximum custom expiry allowed |
| `FLASKPASTE_DEDUP_WINDOW` | `3600` (1 hour) | Dedup throttle window in seconds |
| `FLASKPASTE_DEDUP_MAX` | `3` | Max identical submissions per window |
| `FLASKPASTE_PROXY_SECRET` | (empty) | Shared secret for proxy trust validation |
@@ -276,9 +297,24 @@ location / {
}
```
### Trust Levels
FlaskPaste distinguishes three trust levels:
| Level | Description | Default Expiry |
|-------|-------------|----------------|
| Anonymous | No certificate | 1 day |
| Untrusted | Valid certificate, not registered via PKI | 7 days |
| Trusted | Certificate registered via `/register` endpoint | 30 days |
Authenticated users can:
- Upload larger pastes (50 MiB vs 3 MiB)
- Delete their own pastes
- List their own pastes
**Admin users** (first user to register via PKI) can additionally:
- List all pastes (`GET /pastes?all=1`)
- Delete any paste
## Production Deployment