username/flaskpaste
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
68 Commits 1 Branch 0 Tags
028367d803ce6cfd0907ceecdedcbdd3266cff54
Commit Graph

14 Commits

Author SHA1 Message Date
Username
028367d803 docs: modernize and clean deprecated content
All checks were successful
CI / Lint & Format (push) Successful in 17s
Details
CI / Security Scan (push) Successful in 21s
Details
CI / Tests (push) Successful in 1m5s
Details 
- replace deprecated FLASK_ENV with FLASK_DEBUG
- remove duplicate FLASKPASTE_MAX_EXPIRY entry
- update API version to 1.5.0
- add missing /pastes and /pki endpoints to table
- remove deprecated X-XSS-Protection header
- add PKI config variables
- update features list with current capabilities
- update auth benefits and security sections
 2025-12-21 22:36:48 +01:00
Username
e2e2039903 docs: update for tiered expiry, admin features, batch delete
All checks were successful
CI / Lint & Format (push) Successful in 16s
Details
CI / Security Scan (push) Successful in 21s
Details
CI / Tests (push) Successful in 1m5s
Details
2025-12-21 22:16:51 +01:00
Username
880bf631e3 fpaste: add register command for public certificate enrollment
Some checks failed
CI / Lint & Format (push) Failing after 15s
Details
CI / Tests (push) Has been skipped
Details
CI / Security Scan (push) Failing after 19s
Details 
- Add register command to obtain client cert from server
- Solve PoW challenge, receive PKCS#12 bundle
- Extract cert/key, optionally update config (--configure)
- Fix registration to work without PKI_ENABLED (only needs PKI_CA_PASSWORD)
- Add skip_enabled_check param to get_ca_info() for registration path
- Update docs: README examples, API header name fix (X-Fingerprint-SHA1)
 2025-12-21 10:59:09 +01:00
Username
5849c7406f add /register endpoint for public certificate registration
Some checks failed
CI / Lint & Format (push) Failing after 15s
Details
CI / Tests (push) Has been skipped
Details
CI / Security Scan (push) Failing after 19s
Details 
Public endpoint allows anyone to obtain a client certificate for
authentication. Features:

- Higher PoW difficulty than paste creation (24 vs 20 bits)
- Auto-generates CA on first registration if not present
- Returns PKCS#12 bundle with cert, key, and CA
- Configurable via FLASKPASTE_REGISTER_POW

Endpoints:
- GET /register/challenge - Get registration PoW challenge
- POST /register - Register and receive PKCS#12 bundle
 2025-12-21 10:34:02 +01:00
Username
b47c26dd14 docs: update for v1.4.0 features
Some checks failed
CI / Lint & Format (push) Successful in 16s
Details
CI / Security Scan (push) Failing after 19s
Details
CI / Tests (push) Failing after 35s
Details 
- Add anti-flood, rate limiting, scheduled cleanup to feature lists
- Update version to 1.4.0, test count to 205
- Document /pastes endpoint with query parameters
- Add anti-flood fields to /challenge response
- Update CLI docs with new commands (list, search, export)
- Add decision log entries for recent features
 2025-12-20 21:36:09 +01:00
Username
a2c5a013ef docs: update for encrypt-by-default CLI
Some checks failed
CI / Lint & Format (push) Failing after 14s
Details
CI / Tests (push) Has been skipped
Details
CI / Security Scan (push) Failing after 21s
Details 
Update README.md, api.md, and error hints to reflect:
- encryption is now default (no -e flag needed)
- use -E/--no-encrypt to disable
- file path shortcut (fpaste file.txt)
 2025-12-20 18:12:00 +01:00
Username
cdf8de5a8b document encryption enforcement options
Some checks failed
CI / Lint & Format (push) Failing after 15s
Details
CI / Tests (push) Has been skipped
Details
CI / Security Scan (push) Failing after 21s
Details
2025-12-20 17:46:58 +01:00
Username
4e38517faf pki: add minimal certificate authority 
- CA generation with encrypted private key storage (AES-256-GCM)
- Client certificate issuance with configurable validity
- Certificate revocation with status tracking
- SHA1 fingerprint integration with existing mTLS auth
- API endpoints: /pki/status, /pki/ca, /pki/issue, /pki/revoke
- CLI commands: fpaste pki status/issue/revoke
- Comprehensive test coverage
 2025-12-20 17:20:15 +01:00
Username
7deba711d4 entropy: exempt small content from check
All checks were successful
CI / test (push) Successful in 38s
Details 
Small data has unreliable entropy measurement due to sample size.
MIN_ENTROPY_SIZE (default 256 bytes) sets the threshold.
 2025-12-20 08:48:13 +01:00
Username
8addf2d9e8 add entropy enforcement for optional encryption requirement
All checks were successful
CI / test (push) Successful in 38s
Details 
Shannon entropy check rejects low-entropy content when MIN_ENTROPY > 0.
Encrypted data ~7.5-8.0 bits/byte, plaintext ~4.0-5.0 bits/byte.
Configurable via FLASKPASTE_MIN_ENTROPY environment variable.
 2025-12-20 06:57:50 +01:00
Username
c76a158c18 bump version to 1.1.0, centralize VERSION constant
All checks were successful
CI / test (push) Successful in 37s
Details
2025-12-20 04:21:06 +01:00
Username
ccfd8509cc docs: add pow, cli client, and head method documentation
All checks were successful
CI / test (push) Successful in 37s
Details
2025-12-20 04:09:08 +01:00
Username
202e927918 add content-hash dedup for abuse prevention 
Throttle repeated submissions of identical content using SHA256 hash
tracking. Configurable via FLASKPASTE_DEDUP_WINDOW and FLASKPASTE_DEDUP_MAX.
 2025-12-20 03:31:20 +01:00
Username
8f9868f0d9 flaskpaste: initial commit with security hardening 
Features:
- REST API for text/binary pastes with MIME detection
- Client certificate auth via X-SSL-Client-SHA1 header
- SQLite with WAL mode for concurrent access
- Automatic paste expiry with LRU cleanup

Security:
- HSTS, CSP, X-Frame-Options, X-Content-Type-Options
- Cache-Control: no-store for sensitive responses
- X-Request-ID tracing for log correlation
- X-Proxy-Secret validation for defense-in-depth
- Parameterized queries, input validation
- Size limits (3 MiB anon, 50 MiB auth)

Includes /health endpoint, container support, and 70 tests.
 2025-12-16 04:42:18 +01:00