add /register endpoint for public certificate registration
Public endpoint allows anyone to obtain a client certificate for authentication. Features: - Higher PoW difficulty than paste creation (24 vs 20 bits) - Auto-generates CA on first registration if not present - Returns PKCS#12 bundle with cert, key, and CA - Configurable via FLASKPASTE_REGISTER_POW Endpoints: - GET /register/challenge - Get registration PoW challenge - POST /register - Register and receive PKCS#12 bundle
This commit is contained in:
Username
@@ -53,6 +53,8 @@ python run.py
|
||||
| `GET /<id>/raw` | Retrieve raw paste content |
|
||||
| `HEAD /<id>/raw` | Retrieve paste headers (no body) |
|
||||
| `DELETE /<id>` | Delete paste (requires auth) |
|
||||
| `GET /register/challenge` | Get PoW challenge for registration |
|
||||
| `POST /register` | Register and get client certificate (PKCS#12) |
|
||||
|
||||
## Usage Examples
|
||||
|
||||
@@ -230,6 +232,7 @@ Configuration via environment variables:
|
||||
| `FLASKPASTE_PROXY_SECRET` | (empty) | Shared secret for proxy trust validation |
|
||||
| `FLASKPASTE_POW_DIFFICULTY` | `20` | PoW difficulty (leading zero bits, 0=disabled) |
|
||||
| `FLASKPASTE_POW_TTL` | `300` (5 min) | PoW challenge validity period |
|
||||
| `FLASKPASTE_REGISTER_POW` | `24` | Registration PoW difficulty (higher than paste creation) |
|
||||
| `FLASKPASTE_POW_SECRET` | (auto) | Secret for signing PoW challenges |
|
||||
| `FLASKPASTE_ANTIFLOOD` | `1` | Enable anti-flood (dynamic PoW difficulty) |
|
||||
| `FLASKPASTE_ANTIFLOOD_WINDOW` | `60` | Anti-flood measurement window (seconds) |
|
||||
|
||||
Reference in New Issue
Block a user