ansible/flaskpaste
1
0
Fork 0
forked from claw/flaskpaste
Code Pull Requests Activity
216 Commits 1 Branch 0 Tags
main
Commit Graph

17 Commits

Author SHA1 Message Date
Username
2679bc8e69 docs: add url shortener documentation 2026-02-16 20:56:55 +01:00
Username
b9f0283a3b add Podman Quadlet deployment 
- flaskpaste.container for rootless systemd integration
- UserNS mapping for bind mount permissions
- README updated with deployment instructions
 2026-01-17 13:58:52 +01:00
Username
0496a39a91 add comprehensive MIME detection tests (50 tests) 
Cover all 42 magic byte signatures:
- Images: BMP, TIFF, ICO
- Video: MP4, WebM, FLV
- Audio: MP3, FLAC, OGG
- Documents: MS Office OLE
- Executables: PE, ELF, Mach-O, WASM
- Archives: BZIP2, XZ, ZSTD, LZ4, 7z, RAR
- Data: SQLite
- Edge cases: empty, short, boundary tests

Also adds missing Mach-O 32-bit little-endian signature.
 2025-12-25 20:36:49 +01:00
Username
764b831bb0 expand magic byte detection for common file formats 
Add detection for:
- Images: BMP, TIFF, ICO
- Video: MP4, WebM, FLV, Matroska
- Audio: MP3, FLAC, OGG
- Documents: MS Office OLE (DOC/XLS/PPT)
- Executables: PE (EXE/DLL), ELF, Mach-O, WASM
- Archives: BZIP2, XZ, ZSTD, LZ4, 7z, RAR
- Data: SQLite

This improves REQUIRE_BINARY enforcement by detecting more
recognizable formats that should be encrypted before upload.
 2025-12-25 19:47:33 +01:00
Username
14c8d0d83d docs: update test count and fix pki.md inaccuracies 
- README: update test count from 283 to 337
- pki.md: fix environment variable names (PKI_CA_PASSWORD)
- pki.md: correct CLI usage examples (config via env/file)
- pki.md: update pki status output format
- pki.md: clarify revocation is API-only (no CLI command)
 2025-12-25 19:24:17 +01:00
Username
cf458347ef add systemd service unit and rate limit headers 
Systemd deployment:
- examples/flaskpaste.service with security hardening
- examples/flaskpaste.env with all config options
- README deployment section updated

Rate limit headers (X-RateLimit-*):
- Limit, Remaining, Reset on 201 and 429 responses
- Per-IP tracking with auth multiplier
- api.md documented
 2025-12-24 17:51:14 +01:00
Username
cb6eebee59 docs: update for v1.5.0 features 
- Add PKI audit logging, request duration metrics to features list
- Update test count from 216 to 283
- Add audit.py and metrics.py to project structure
- Document audit logging in api.md
- Update TASKLIST.md with completed tasks
- Update TODO.md (remove resolved debt items)
- Update ROADMAP.md decision log
 2025-12-24 17:10:42 +01:00
Username
028367d803 docs: modernize and clean deprecated content 
- replace deprecated FLASK_ENV with FLASK_DEBUG
- remove duplicate FLASKPASTE_MAX_EXPIRY entry
- update API version to 1.5.0
- add missing /pastes and /pki endpoints to table
- remove deprecated X-XSS-Protection header
- add PKI config variables
- update features list with current capabilities
- update auth benefits and security sections
 2025-12-21 22:36:48 +01:00
Username
e2e2039903 docs: update for tiered expiry, admin features, batch delete 2025-12-21 22:16:51 +01:00
Username
880bf631e3 fpaste: add register command for public certificate enrollment 
- Add register command to obtain client cert from server
- Solve PoW challenge, receive PKCS#12 bundle
- Extract cert/key, optionally update config (--configure)
- Fix registration to work without PKI_ENABLED (only needs PKI_CA_PASSWORD)
- Add skip_enabled_check param to get_ca_info() for registration path
- Update docs: README examples, API header name fix (X-Fingerprint-SHA1)
 2025-12-21 10:59:09 +01:00
Username
5849c7406f add /register endpoint for public certificate registration 
Public endpoint allows anyone to obtain a client certificate for
authentication. Features:

- Higher PoW difficulty than paste creation (24 vs 20 bits)
- Auto-generates CA on first registration if not present
- Returns PKCS#12 bundle with cert, key, and CA
- Configurable via FLASKPASTE_REGISTER_POW

Endpoints:
- GET /register/challenge - Get registration PoW challenge
- POST /register - Register and receive PKCS#12 bundle
 2025-12-21 10:34:02 +01:00
Username
b47c26dd14 docs: update for v1.4.0 features 
- Add anti-flood, rate limiting, scheduled cleanup to feature lists
- Update version to 1.4.0, test count to 205
- Document /pastes endpoint with query parameters
- Add anti-flood fields to /challenge response
- Update CLI docs with new commands (list, search, export)
- Add decision log entries for recent features
 2025-12-20 21:36:09 +01:00
Username
a2c5a013ef docs: update for encrypt-by-default CLI 
Update README.md, api.md, and error hints to reflect:
- encryption is now default (no -e flag needed)
- use -E/--no-encrypt to disable
- file path shortcut (fpaste file.txt)
 2025-12-20 18:12:00 +01:00
Username
260d6e894d update project documentation 2025-12-20 17:20:40 +01:00
Username
ccfd8509cc docs: add pow, cli client, and head method documentation 2025-12-20 04:09:08 +01:00
Username
202e927918 add content-hash dedup for abuse prevention 
Throttle repeated submissions of identical content using SHA256 hash
tracking. Configurable via FLASKPASTE_DEDUP_WINDOW and FLASKPASTE_DEDUP_MAX.
 2025-12-20 03:31:20 +01:00
Username
8f9868f0d9 flaskpaste: initial commit with security hardening 
Features:
- REST API for text/binary pastes with MIME detection
- Client certificate auth via X-SSL-Client-SHA1 header
- SQLite with WAL mode for concurrent access
- Automatic paste expiry with LRU cleanup

Security:
- HSTS, CSP, X-Frame-Options, X-Content-Type-Options
- Cache-Control: no-store for sensitive responses
- X-Request-ID tracing for log correlation
- X-Proxy-Secret validation for defense-in-depth
- Parameterized queries, input validation
- Size limits (3 MiB anon, 50 MiB auth)

Includes /health endpoint, container support, and 70 tests.
 2025-12-16 04:42:18 +01:00