claw/flaskpaste
1
0
Fork 1
forked from username/flaskpaste
Code Pull Requests Activity

docs: update project status for v1.2.0

Browse Source
This commit is contained in:
Username
2025-12-20 17:24:41 +01:00
parent 260d6e894d
commit 486bac1d85
4 changed files with 112 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
PROJECT.md
View File

@@ -18,8 +18,9 @@ Public pastebin services present risks:
A self-hosted pastebin API that:
- Stores pastes locally in SQLite
- Supports client certificate authentication via reverse proxy
- Provides optional built-in PKI for certificate management
- Automatically expires content based on access patterns
- Prevents abuse through content-hash deduplication
- Prevents abuse through content-hash deduplication and proof-of-work
- Serves text and binary content with proper MIME detection
- Runs behind any reverse proxy (nginx, HAProxy, Caddy)
@@ -32,6 +33,7 @@ A self-hosted pastebin API that:
│ Security │ Zero injection vulnerabilities
│ │ All OWASP headers implemented
│ │ Input validation on all endpoints
│ │ Security scanning in CI (bandit)
├────────────────────────────────┼────────────────────────────────────────────┤
│ Reliability │ SQLite ACID guarantees
│ │ Graceful degradation on errors
@@ -44,6 +46,7 @@ A self-hosted pastebin API that:
│ Operability │ Container-ready (Podman/Docker)
│ │ Gunicorn-compatible WSGI
│ │ Request tracing via X-Request-ID
│ │ Prometheus metrics endpoint
└────────────────────────────────┴────────────────────────────────────────────┘
```
@@ -55,6 +58,7 @@ A self-hosted pastebin API that:
- Text and binary content support
- Magic-byte MIME type detection
- Client certificate authentication (via proxy header)
- Built-in PKI (CA generation, certificate issuance, revocation)
- Configurable size limits (anon vs authenticated)
- Time-based expiry with access-touch semantics
- Content-hash deduplication for abuse prevention
@@ -68,6 +72,7 @@ A self-hosted pastebin API that:
- Request tracing and structured logging
- Container deployment support
- SQLite storage
- CI/CD with security scanning
### Out of Scope
@@ -90,7 +95,7 @@ A self-hosted pastebin API that:
## Assumptions
- Deployment behind a TLS-terminating reverse proxy
- Client certificates managed externally (PKI, mTLS)
- Client certificates managed externally or via built-in PKI
- Operators have container runtime (Podman/Docker) or Python venv
- SQLite performance sufficient for expected load
@@ -104,14 +109,17 @@ A self-hosted pastebin API that:
│ Database │ SQLite 3 (built-in)
│ WSGI Server │ Gunicorn (production)
│ Container │ Podman / Docker
│ Testing │ pytest, pytest-cov
│ Testing │ pytest
│ Linting │ ruff, mypy
│ Security │ bandit, pip-audit
│ CI/CD │ Gitea Actions
│ Python │ 3.11+
└─────────────────┴──────────────────────────────────────────────────────────┘
```
## Current Status
**Version:** 1.1.0
**Version:** 1.2.0
```
┌─────────────────────────────────┬────────────────────────────────────────────┐
@@ -121,6 +129,7 @@ A self-hosted pastebin API that:
│ Binary content support │ Complete
│ MIME detection │ Complete
│ Client cert authentication │ Complete
│ Built-in PKI │ Complete
│ Size limits │ Complete
│ Paste expiry │ Complete
│ Content-hash deduplication │ Complete
@@ -134,6 +143,8 @@ A self-hosted pastebin API that:
│ Security headers │ Complete
│ Request tracing │ Complete
│ Container deployment │ Complete
Test suite 113 tests passing
Security toolingComplete
│ CI/CD pipeline │ Complete
│ Test suite │ 147 tests passing
└─────────────────────────────────┴────────────────────────────────────────────┘
```