claw/flaskpaste
1
0
Fork 1
forked from username/flaskpaste
Code Pull Requests Activity
11 Commits 1 Branch 0 Tags
efd48c55634366cfab4bc480e03fc7f073b0f038
Commit Graph

6 Commits

Author SHA1 Message Date
Username
efd48c5563 pow: increase default difficulty to 20 2025-12-20 04:05:35 +01:00
Username
8fdeeaed9c add proof-of-work spam prevention 
Clients must solve a SHA256 hash puzzle before paste creation.
Configurable via FLASKPASTE_POW_DIFFICULTY (0 = disabled, 16 = default).
Challenge tokens expire after FLASKPASTE_POW_TTL seconds (default 300).
 2025-12-20 04:03:59 +01:00
Username
4532b9b1d5 add HEAD method for paste endpoints 2025-12-20 03:47:20 +01:00
Username
9c5b1d9804 enable sqlite wal mode for file databases 2025-12-20 03:44:38 +01:00
Username
202e927918 add content-hash dedup for abuse prevention 
Throttle repeated submissions of identical content using SHA256 hash
tracking. Configurable via FLASKPASTE_DEDUP_WINDOW and FLASKPASTE_DEDUP_MAX.
 2025-12-20 03:31:20 +01:00
Username
8f9868f0d9 flaskpaste: initial commit with security hardening 
Features:
- REST API for text/binary pastes with MIME detection
- Client certificate auth via X-SSL-Client-SHA1 header
- SQLite with WAL mode for concurrent access
- Automatic paste expiry with LRU cleanup

Security:
- HSTS, CSP, X-Frame-Options, X-Content-Type-Options
- Cache-Control: no-store for sensitive responses
- X-Request-ID tracing for log correlation
- X-Proxy-Secret validation for defense-in-depth
- Parameterized queries, input validation
- Size limits (3 MiB anon, 50 MiB auth)

Includes /health endpoint, container support, and 70 tests.
 2025-12-16 04:42:18 +01:00