From 37d2ccef0f4a2147ad488d91cea666c026a0b14c Mon Sep 17 00:00:00 2001 From: Username Date: Sun, 21 Dec 2025 12:34:35 +0100 Subject: [PATCH] docs: update for v1.5.0 public registration feature --- PROJECT.md | 6 ++++-- ROADMAP.md | 16 ++++++++++++---- TASKLIST.md | 2 ++ 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/PROJECT.md b/PROJECT.md index 09b9b40..523716a 100644 --- a/PROJECT.md +++ b/PROJECT.md @@ -119,7 +119,7 @@ A self-hosted pastebin API that: ## Current Status -**Version:** 1.4.0 +**Version:** 1.5.0 ``` ┌─────────────────────────────────┬────────────────────────────────────────────┐ @@ -149,6 +149,8 @@ A self-hosted pastebin API that: │ CI/CD pipeline │ Complete │ Scheduled cleanup │ Complete │ CLI paste listing/search │ Complete -│ Test suite │ 205 tests passing +│ Public certificate registration │ Complete +│ CLI register command │ Complete +│ Test suite │ 216 tests passing └─────────────────────────────────┴────────────────────────────────────────────┘ ``` diff --git a/ROADMAP.md b/ROADMAP.md index a6f3740..e92159c 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -2,7 +2,7 @@ ## Current State -FlaskPaste v1.4.0 is deployed with comprehensive security hardening and abuse prevention. +FlaskPaste v1.5.0 is deployed with comprehensive security hardening and abuse prevention. **Implemented:** - Full REST API (CRUD operations) @@ -26,7 +26,9 @@ FlaskPaste v1.4.0 is deployed with comprehensive security hardening and abuse pr - Security tooling (ruff, bandit, mypy, pip-audit) - CI/CD pipeline with lint, security, and test jobs - CLI with list, search, update, export commands -- Comprehensive test suite (205 tests) +- Public certificate registration (PoW-protected) +- CLI register command for certificate enrollment +- Comprehensive test suite (216 tests) ## Phase 1: Hardening (Complete) @@ -97,9 +99,12 @@ Integrated certificate authority for mTLS: - `POST /pki/ca` - Generate CA (first-run bootstrap) - `GET /pki/status` - CA status and fingerprint - `GET /pki/ca.crt` - Download CA certificate -- `POST /pki/issue` - Issue client certificate +- `POST /pki/issue` - Issue client certificate (admin) - `POST /pki/revoke/` - Revoke certificate +- `GET /register/challenge` - Get PoW challenge for registration +- `POST /register` - Public certificate registration (PoW-protected) - CLI: `fpaste pki status`, `fpaste pki issue`, `fpaste pki revoke` +- CLI: `fpaste register` - Self-service certificate enrollment ## Phase 4: Ecosystem (In Progress) @@ -130,8 +135,10 @@ Standalone Python CLI with encryption, PKI, and paste management: - `fpaste update ` - Update paste content/metadata - `fpaste export -o dir/` - Export all pastes to directory - `fpaste pki status` - Show PKI status -- `fpaste pki issue -n "name"` - Request client certificate +- `fpaste pki issue -n "name"` - Request client certificate (admin) - `fpaste pki revoke ` - Revoke certificate +- `fpaste register` - Self-service certificate registration +- `fpaste register --configure` - Register and auto-configure client - Automatic retry on PoW failure (max 5 attempts) - Config file for server URL and cert fingerprint - Downloadable via `curl https://server/client > fpaste` @@ -170,6 +177,7 @@ These features will not be implemented: | 2024-12 | Scheduled cleanup (in-process) | No external cron needed | 2024-12 | CLI encrypt-by-default | Security-first design | 2024-12 | CLI retry on PoW failure | Graceful handling of stale tokens +| 2024-12 | Public cert registration | Self-service onboarding with PoW protection ## Review Schedule diff --git a/TASKLIST.md b/TASKLIST.md index 6209f9d..05ceab0 100644 --- a/TASKLIST.md +++ b/TASKLIST.md @@ -37,6 +37,8 @@ Prioritized, actionable tasks. Each task is small and completable in one session | Date | Task |------------|-------------------------------------------------------------- +| 2024-12 | Add public certificate registration endpoint +| 2024-12 | Add CLI register command | 2024-12 | Implement anti-flood (dynamic PoW difficulty) | 2024-12 | Implement IP-based rate limiting | 2024-12 | Add scheduled cleanup (pastes, hashes, rate limits)