forked from username/flaskpaste
48 lines
1.6 KiB
Markdown
48 lines
1.6 KiB
Markdown
# TODO
|
|
|
|
Unstructured intake buffer for ideas, issues, and observations. Items here are raw and unrefined. Actionable items should be promoted to TASKLIST.md.
|
|
|
|
---
|
|
|
|
## Ideas
|
|
|
|
- Rate limit headers in responses (X-RateLimit-*)
|
|
- Paste compression for large text content
|
|
- ETag support for conditional requests
|
|
- Paste listing for authenticated users (their own pastes only)
|
|
- Neovim/Vim plugin for editor integration
|
|
- Webhook notifications for paste events
|
|
- Certificate renewal reminder in CLI
|
|
- Admin endpoint for CA key rotation
|
|
|
|
## Observations
|
|
|
|
- PKI uses AES-256-GCM for CA private key encryption (PBKDF2 key derivation)
|
|
- SHA1 fingerprints are X.509 standard, not security-relevant (usedforsecurity=False)
|
|
- Revoked certificates are soft-deleted (status tracked, not removed)
|
|
- CI pipeline: lint runs parallel with security, tests wait for lint
|
|
- Ruff replaces flake8/isort/pyupgrade with single fast tool
|
|
- Bandit configured for medium+ severity only (-ll flag)
|
|
|
|
## Questions
|
|
|
|
- Should expired paste cleanup run in-process or via external cron?
|
|
- Certificate renewal: reissue with same CN or require new request?
|
|
- Should revoked certs be purged after grace period?
|
|
|
|
## Debt
|
|
|
|
- Mypy has pre-existing type errors (runs with --ignore-missing-imports)
|
|
- No integration tests for container deployment
|
|
- Missing test for concurrent paste creation
|
|
- Could add more deployment examples (Kubernetes, systemd)
|
|
|
|
## External Dependencies
|
|
|
|
- Consider adding `python-magic` for better MIME detection (currently magic bytes only)
|
|
- cryptography package required for PKI features (optional otherwise)
|
|
|
|
---
|
|
|
|
*Review weekly. Promote actionable items to TASKLIST.md. Archive or delete stale items.*
|