Username
7fe1cc164b
database: add short_urls table schema
2026-02-16 20:26:39 +01:00
Username
c130020ab8
security: implement HASH-001 and ENUM-001 remediations
...
CI / Lint & Format (push) Failing after 16s
CI / Tests (push) Has been skipped
CI / Memory Leak Check (push) Has been skipped
CI / Security Scan (push) Successful in 23s
HASH-001: Add threading lock to content hash deduplication
- Prevents race condition between SELECT and UPDATE
- Ensures accurate dedup counting under concurrent load
ENUM-001: Add rate limiting to paste lookups
- Separate rate limiter for GET/HEAD on paste endpoints
- Default 60 requests/minute per IP (configurable)
- Prevents brute-force paste ID enumeration attacks
2025-12-24 23:12:28 +01:00
Username
7063f8718e
feat: add observability and CLI enhancements
...
CI / Lint & Format (push) Failing after 16s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 20s
Audit logging:
- audit_log table with event tracking
- app/audit.py module with log_event(), query_audit_log()
- GET /audit endpoint (admin only)
- configurable retention and cleanup
Prometheus metrics:
- app/metrics.py with custom counters
- paste create/access/delete, rate limit, PoW, dedup metrics
- instrumentation in API routes
CLI clipboard integration:
- fpaste create -C/--clipboard (read from clipboard)
- fpaste create --copy-url (copy result URL)
- fpaste get -c/--copy (copy content)
- cross-platform: xclip, xsel, pbcopy, wl-copy
Shell completions:
- completions/ directory with bash/zsh/fish scripts
- fpaste completion --shell command
2025-12-23 22:39:50 +01:00
Username
ca9342e92d
fix: add comprehensive type annotations for mypy
...
CI / Lint & Format (push) Successful in 18s
CI / Security Scan (push) Successful in 21s
CI / Tests (push) Successful in 1m6s
- database.py: add type hints for Path, Flask, Any, BaseException
- pki.py: add assertions to narrow Optional types after has_ca() checks
- routes.py: annotate config values to avoid Any return types
- api/__init__.py: use float for cleanup timestamps (time.time())
- __init__.py: remove unused return from setup_rate_limiting
2025-12-22 19:11:11 +01:00
Username
2acf640d91
pki: first registered user gets admin rights
...
CI / Lint & Format (push) Successful in 17s
CI / Security Scan (push) Successful in 21s
CI / Tests (push) Successful in 1m2s
Auto-detect first certificate issuance and grant admin flag.
Add is_admin column to issued_certificates table.
Add is_admin_certificate() helper function.
Include is_admin in /pki/issue response and X-Is-Admin header in registration.
2025-12-21 21:13:30 +01:00
Username
4e38517faf
pki: add minimal certificate authority
...
- CA generation with encrypted private key storage (AES-256-GCM)
- Client certificate issuance with configurable validity
- Certificate revocation with status tracking
- SHA1 fingerprint integration with existing mTLS auth
- API endpoints: /pki/status, /pki/ca, /pki/issue, /pki/revoke
- CLI commands: fpaste pki status/issue/revoke
- Comprehensive test coverage
2025-12-20 17:20:15 +01:00
Username
9c5b1d9804
enable sqlite wal mode for file databases
CI / test (push) Has been cancelled
2025-12-20 03:44:38 +01:00
Username
202e927918
add content-hash dedup for abuse prevention
...
Throttle repeated submissions of identical content using SHA256 hash
tracking. Configurable via FLASKPASTE_DEDUP_WINDOW and FLASKPASTE_DEDUP_MAX.
2025-12-20 03:31:20 +01:00
Username
8f9868f0d9
flaskpaste: initial commit with security hardening
...
Features:
- REST API for text/binary pastes with MIME detection
- Client certificate auth via X-SSL-Client-SHA1 header
- SQLite with WAL mode for concurrent access
- Automatic paste expiry with LRU cleanup
Security:
- HSTS, CSP, X-Frame-Options, X-Content-Type-Options
- Cache-Control: no-store for sensitive responses
- X-Request-ID tracing for log correlation
- X-Proxy-Secret validation for defense-in-depth
- Parameterized queries, input validation
- Size limits (3 MiB anon, 50 MiB auth)
Includes /health endpoint, container support, and 70 tests.
2025-12-16 04:42:18 +01:00
