claw/flaskpaste
1
0
Fork 1
forked from username/flaskpaste
Code Pull Requests Activity

add systemd service unit and rate limit headers

Browse Source 
Systemd deployment:
- examples/flaskpaste.service with security hardening
- examples/flaskpaste.env with all config options
- README deployment section updated

Rate limit headers (X-RateLimit-*):
- Limit, Remaining, Reset on 201 and 429 responses
- Per-IP tracking with auth multiplier
- api.md documented
This commit is contained in:
Username
2025-12-24 17:51:14 +01:00
parent cb6eebee59
commit cf458347ef
7 changed files with 265 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
README.md
View File

@@ -13,7 +13,7 @@ A lightweight, secure pastebin REST API built with Flask.
- **Abuse prevention** - Content-hash deduplication throttles spam
- **Proof-of-work** - Computational puzzles prevent automated abuse
- **Anti-flood** - Dynamic PoW difficulty increases under attack
- **Rate limiting** - Per-IP throttling with auth multiplier
- **Rate limiting** - Per-IP throttling with X-RateLimit-* headers
- **E2E encryption** - Client-side AES-256-GCM with key in URL fragment
- **Burn-after-read** - Single-access pastes that auto-delete
- **Password protection** - PBKDF2-HMAC-SHA256 with 600k iterations
@@ -338,6 +338,29 @@ podman run -d -p 5000:5000 -v flaskpaste-data:/app/data flaskpaste
See `Containerfile` for container build configuration.
### Using systemd
```bash
# Create service user
sudo useradd -r -s /sbin/nologin flaskpaste
# Copy application
sudo mkdir -p /opt/flaskpaste/data
sudo cp -r . /opt/flaskpaste/
sudo chown -R flaskpaste:flaskpaste /opt/flaskpaste
# Copy service unit and environment file
sudo cp examples/flaskpaste.service /etc/systemd/system/
sudo mkdir -p /etc/flaskpaste
sudo cp examples/flaskpaste.env /etc/flaskpaste/env
sudo chmod 600 /etc/flaskpaste/env
# Enable and start service
sudo systemctl daemon-reload
sudo systemctl enable --now flaskpaste
```
See `examples/` for service unit and configuration templates.
## Development
### Running Tests
@@ -385,7 +408,7 @@ flaskpaste/
- **Password protection** - PBKDF2-HMAC-SHA256 with 600k iterations
- **Security headers** - HSTS, CSP, X-Frame-Options, X-Content-Type-Options
- **Proof-of-work** - Computational puzzles prevent automated spam
- **Rate limiting** - Per-IP throttling with auth multiplier
- **Rate limiting** - Per-IP throttling with X-RateLimit-* headers
- **Request tracing** - X-Request-ID for log correlation
- **PKI support** - Built-in CA for client certificate issuance
- **Audit logging** - PKI certificate events for compliance and forensics