fix: use mTLS client cert to bypass PoW on flaskpaste
When secrets/flaskpaste/derp.crt and derp.key are present, load them into the SSL context for mutual TLS auth and skip the PoW challenge entirely. Fall back to PoW only when no client cert is available.
This commit is contained in:
user
@@ -862,9 +862,8 @@ Output format:
|
||||
https://paste.mymx.me/abc12345
|
||||
```
|
||||
|
||||
- PoW challenge (difficulty 20) solved per request
|
||||
- mTLS client cert skips PoW; falls back to PoW challenge if no cert
|
||||
- Content sent as JSON body to FlaskPaste API
|
||||
- No API key needed -- PoW is the auth mechanism
|
||||
- Raw content available at `<paste_url>/raw`
|
||||
|
||||
### `!shorten` -- Shorten URL
|
||||
@@ -882,7 +881,7 @@ https://paste.mymx.me/s/AbCdEfGh
|
||||
```
|
||||
|
||||
- URL must start with `http://` or `https://`
|
||||
- PoW challenge (difficulty 20) solved per request
|
||||
- mTLS client cert skips PoW; falls back to PoW challenge if no cert
|
||||
- Also used internally by `!alert` to shorten announcement URLs
|
||||
|
||||
### FlaskPaste Configuration
|
||||
@@ -892,4 +891,5 @@ https://paste.mymx.me/s/AbCdEfGh
|
||||
url = "https://paste.mymx.me" # or set FLASKPASTE_URL env var
|
||||
```
|
||||
|
||||
TLS: custom CA cert at `secrets/flaskpaste/derp.crt` loaded automatically.
|
||||
Auth: place client cert/key at `secrets/flaskpaste/derp.crt` and `derp.key`
|
||||
for mTLS (bypasses PoW). Without them, PoW challenges are solved per request.
|
||||
|
||||
Reference in New Issue
Block a user