2a287c65f4
fix: use nosec for bandit SQL injection suppression
CI / Lint & Format (push) Failing after 16s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Successful in 22s
2025-12-23 22:53:52 +01:00
482bd9a152
style: format metrics.py
CI / Lint & Format (push) Successful in 18s
CI / Security Scan (push) Failing after 21s
CI / Tests (push) Successful in 1m8s
2025-12-23 22:51:11 +01:00
7063f8718e
feat: add observability and CLI enhancements
...
CI / Lint & Format (push) Failing after 16s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 20s
Audit logging:
- audit_log table with event tracking
- app/audit.py module with log_event(), query_audit_log()
- GET /audit endpoint (admin only)
- configurable retention and cleanup
Prometheus metrics:
- app/metrics.py with custom counters
- paste create/access/delete, rate limit, PoW, dedup metrics
- instrumentation in API routes
CLI clipboard integration:
- fpaste create -C/--clipboard (read from clipboard)
- fpaste create --copy-url (copy result URL)
- fpaste get -c/--copy (copy content)
- cross-platform: xclip, xsel, pbcopy, wl-copy
Shell completions:
- completions/ directory with bash/zsh/fish scripts
- fpaste completion --shell command
2025-12-23 22:39:50 +01:00
4d08a4467d
fix: conditional requests import in container tests
CI / Lint & Format (push) Successful in 18s
CI / Security Scan (push) Successful in 22s
CI / Tests (push) Successful in 1m7s
2025-12-22 20:06:51 +01:00
ceb81fdd7c
style: format test files
CI / Lint & Format (push) Successful in 18s
CI / Security Scan (push) Successful in 22s
CI / Tests (push) Failing after 19s
2025-12-22 20:04:46 +01:00
a469fc3343
test: add paste management tests (list, search, update, delete)
CI / Lint & Format (push) Failing after 16s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Successful in 22s
2025-12-22 19:42:55 +01:00
bf74988ddb
test: add container integration tests
...
CI / Lint & Format (push) Failing after 16s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Successful in 22s
Tests verify:
- Container image builds successfully
- Health endpoint responds
- Paste creation/retrieval works
- Security headers present
- Non-root execution
- Gunicorn workers running
Skipped by default, run with:
FLASKPASTE_INTEGRATION=1 pytest tests/test_container_integration.py
2025-12-22 19:22:41 +01:00
e130e9c84d
test: add concurrent submission tests for abuse prevention
CI / Lint & Format (push) Failing after 16s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Successful in 22s
2025-12-22 19:16:24 +01:00
ca9342e92d
fix: add comprehensive type annotations for mypy
...
CI / Lint & Format (push) Successful in 18s
CI / Security Scan (push) Successful in 21s
CI / Tests (push) Successful in 1m6s
- database.py: add type hints for Path, Flask, Any, BaseException
- pki.py: add assertions to narrow Optional types after has_ca() checks
- routes.py: annotate config values to avoid Any return types
- api/__init__.py: use float for cleanup timestamps (time.time())
- __init__.py: remove unused return from setup_rate_limiting
2025-12-22 19:11:11 +01:00
680b068c00
refactor: code consistency and best practices
...
CI / Lint & Format (push) Successful in 18s
CI / Security Scan (push) Successful in 22s
CI / Tests (push) Successful in 1m6s
- add type hints to error handlers in app/__init__.py
- add docstrings to nested callback functions
- remove deprecated X-XSS-Protection header (superseded by CSP)
- fix typo in cleanup log message (entr(ies) -> entries)
- standardize loop variable naming in fpaste CLI
- update test for intentional header removal
2025-12-22 00:25:18 +01:00
028367d803
docs: modernize and clean deprecated content
...
CI / Lint & Format (push) Successful in 17s
CI / Security Scan (push) Successful in 21s
CI / Tests (push) Successful in 1m5s
- replace deprecated FLASK_ENV with FLASK_DEBUG
- remove duplicate FLASKPASTE_MAX_EXPIRY entry
- update API version to 1.5.0
- add missing /pastes and /pki endpoints to table
- remove deprecated X-XSS-Protection header
- add PKI config variables
- update features list with current capabilities
- update auth benefits and security sections
2025-12-21 22:36:48 +01:00
e2e2039903
docs: update for tiered expiry, admin features, batch delete
CI / Lint & Format (push) Successful in 16s
CI / Security Scan (push) Successful in 21s
CI / Tests (push) Successful in 1m5s
2025-12-21 22:16:51 +01:00
916a09f595
fpaste: add batch delete and --all with confirmation
CI / Lint & Format (push) Successful in 17s
CI / Security Scan (push) Successful in 22s
CI / Tests (push) Successful in 1m4s
2025-12-21 22:06:53 +01:00
e8a99d5bdd
add tiered auto-expiry based on auth level
CI / Lint & Format (push) Successful in 17s
CI / Security Scan (push) Successful in 22s
CI / Tests (push) Successful in 1m5s
2025-12-21 21:55:30 +01:00
3fe631f6b9
fpaste: add --all flag and expiry countdown to list
CI / Lint & Format (push) Successful in 17s
CI / Security Scan (push) Successful in 35s
CI / Tests (push) Successful in 1m11s
2025-12-21 21:43:48 +01:00
40873434c3
pki: admin can list/delete any paste
...
CI / Lint & Format (push) Successful in 17s
CI / Security Scan (push) Successful in 21s
CI / Tests (push) Successful in 1m5s
Add is_admin() helper to check if current user is admin.
Update DELETE /<id> to allow admin to delete any paste.
Update GET /pastes to support ?all=1 for admin to list all pastes.
Admin view includes owner fingerprint in paste metadata.
2025-12-21 21:30:50 +01:00
2acf640d91
pki: first registered user gets admin rights
...
CI / Lint & Format (push) Successful in 17s
CI / Security Scan (push) Successful in 21s
CI / Tests (push) Successful in 1m2s
Auto-detect first certificate issuance and grant admin flag.
Add is_admin column to issued_certificates table.
Add is_admin_certificate() helper function.
Include is_admin in /pki/issue response and X-Is-Admin header in registration.
2025-12-21 21:13:30 +01:00
99e6a019f4
tests: fix flaky cleanup test timing for CI
CI / Lint & Format (push) Successful in 17s
CI / Security Scan (push) Successful in 21s
CI / Tests (push) Successful in 1m2s
2025-12-21 13:45:05 +01:00
2ccbfcbfaa
ci: update linting and security checks
...
CI / Lint & Format (push) Successful in 17s
CI / Security Scan (push) Successful in 21s
CI / Tests (push) Failing after 37s
- Fix bandit suppressions (use # nosec B608 for bandit)
- Add # noqa: S608 for ruff compatibility
- CI workflow: add coverage reporting (informational)
- CI workflow: track mypy error baseline
- CI workflow: improve documentation
2025-12-21 13:39:30 +01:00
0c7bf6b587
improve index endpoint with comprehensive API info
...
CI / Lint & Format (push) Failing after 15s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 20s
- Add all endpoints including PUT, register, PKI
- Show authentication tiers (anonymous/client_cert/trusted)
- Display current limits (size, rate) for each tier
- Show PoW status and difficulty
- Add CLI install/usage hints
- Conditionally show PKI endpoints when enabled
2025-12-21 13:16:49 +01:00
098789ff89
allow untrusted certs to manage own pastes
...
CI / Lint & Format (push) Failing after 15s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 20s
Split authentication into two functions:
- get_client_fingerprint(): Identity for ownership (any cert)
- get_client_id(): Elevated privileges (trusted certs only)
Behavior:
- Anonymous: Create only, strict limits
- Untrusted cert: Create + delete/update/list own pastes, strict limits
- Trusted cert: All operations, relaxed limits (50MB, 5x rate)
Updated tests to reflect new behavior where revoked certs
can still manage their own pastes.
2025-12-21 12:59:18 +01:00
1f09f2686a
fpaste: consolidate code and add type hints
...
CI / Lint & Format (push) Failing after 15s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 19s
- Add type hints throughout (NoReturn, Path | None, etc.)
- Extract helper functions to eliminate duplication:
- read_config_file() / write_config_file()
- parse_error() for JSON error parsing
- format_paste_row() / print_paste_list()
- prepare_content(), extract_paste_id()
- auth_headers(), require_auth()
- Add constants (CONFIG_DIR, CONFIG_KEYS, MIME_EXTENSIONS)
- Replace if/elif chains with command dispatch tables
- Extract build_parser() from main()
- Use walrus operators and frozenset where appropriate
Net reduction: 170 lines (-793 +623)
2025-12-21 12:43:34 +01:00
37d2ccef0f
docs: update for v1.5.0 public registration feature
CI / Lint & Format (push) Failing after 15s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 19s
2025-12-21 12:34:35 +01:00
c0c65a23ad
bump version to 1.5.0
CI / Lint & Format (push) Failing after 15s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 19s
2025-12-21 11:09:53 +01:00
880bf631e3
fpaste: add register command for public certificate enrollment
...
CI / Lint & Format (push) Failing after 15s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 19s
- Add register command to obtain client cert from server
- Solve PoW challenge, receive PKCS#12 bundle
- Extract cert/key, optionally update config (--configure)
- Fix registration to work without PKI_ENABLED (only needs PKI_CA_PASSWORD)
- Add skip_enabled_check param to get_ca_info() for registration path
- Update docs: README examples, API header name fix (X-Fingerprint-SHA1)
2025-12-21 10:59:09 +01:00
5849c7406f
add /register endpoint for public certificate registration
...
CI / Lint & Format (push) Failing after 15s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 19s
Public endpoint allows anyone to obtain a client certificate for
authentication. Features:
- Higher PoW difficulty than paste creation (24 vs 20 bits)
- Auto-generates CA on first registration if not present
- Returns PKCS#12 bundle with cert, key, and CA
- Configurable via FLASKPASTE_REGISTER_POW
Endpoints:
- GET /register/challenge - Get registration PoW challenge
- POST /register - Register and receive PKCS#12 bundle
2025-12-21 10:34:02 +01:00
68d51c5b3e
fpaste: show elevated pow difficulty on create
CI / Lint & Format (push) Successful in 16s
CI / Security Scan (push) Failing after 19s
CI / Tests (push) Successful in 35s
2025-12-20 21:57:13 +01:00
b47c26dd14
docs: update for v1.4.0 features
...
CI / Lint & Format (push) Successful in 16s
CI / Security Scan (push) Failing after 19s
CI / Tests (push) Failing after 35s
- Add anti-flood, rate limiting, scheduled cleanup to feature lists
- Update version to 1.4.0, test count to 205
- Document /pastes endpoint with query parameters
- Add anti-flood fields to /challenge response
- Update CLI docs with new commands (list, search, export)
- Add decision log entries for recent features
2025-12-20 21:36:09 +01:00
98bc656c87
config: increase anti-flood decay to 60s
CI / Lint & Format (push) Successful in 16s
CI / Security Scan (push) Failing after 20s
CI / Tests (push) Failing after 35s
2025-12-20 21:18:54 +01:00
c6b3dd410a
fpaste: retry on pow failure (max 5 attempts)
CI / Lint & Format (push) Successful in 16s
CI / Security Scan (push) Failing after 19s
CI / Tests (push) Failing after 35s
2025-12-20 21:09:14 +01:00
89ac2af161
fpaste info: show pow difficulty level
CI / Lint & Format (push) Successful in 16s
CI / Security Scan (push) Failing after 20s
CI / Tests (push) Successful in 35s
2025-12-20 20:58:17 +01:00
8d13f52549
bump to 1.4.0, lower anti-flood threshold to 5
CI / Lint & Format (push) Successful in 16s
CI / Security Scan (push) Failing after 20s
CI / Tests (push) Successful in 34s
2025-12-20 20:53:49 +01:00
45712ea93f
add anti-flood: dynamic PoW difficulty under load
...
CI / Lint & Format (push) Successful in 17s
CI / Security Scan (push) Failing after 19s
CI / Tests (push) Failing after 35s
When paste creation rate exceeds threshold, PoW difficulty
increases to slow down attackers. Decays back to base when
abuse stops.
Config:
- ANTIFLOOD_THRESHOLD: requests/window before increase (30)
- ANTIFLOOD_STEP: difficulty bits per step (2)
- ANTIFLOOD_MAX: maximum difficulty cap (28)
- ANTIFLOOD_DECAY: seconds before reducing (30)
2025-12-20 20:45:58 +01:00
a6812af027
remove /solver endpoint
CI / Lint & Format (push) Successful in 17s
CI / Security Scan (push) Failing after 19s
CI / Tests (push) Failing after 35s
2025-12-20 20:38:02 +01:00
3fe3f6f160
add /solver endpoint for PoW solver script download
CI / Lint & Format (push) Successful in 16s
CI / Security Scan (push) Failing after 19s
CI / Tests (push) Failing after 35s
2025-12-20 20:32:39 +01:00
4f0b33fd7b
compose: set URL_PREFIX for HAProxy deployment
CI / Lint & Format (push) Successful in 16s
CI / Security Scan (push) Failing after 19s
CI / Tests (push) Successful in 34s
2025-12-20 20:25:09 +01:00
14be46cdaf
compose: use port 5001 (avoid libretranslate conflict)
CI / Lint & Format (push) Successful in 16s
CI / Security Scan (push) Failing after 19s
CI / Tests (push) Successful in 35s
2025-12-20 20:22:55 +01:00
dfca09102a
bump version to 1.3.0
CI / Lint & Format (push) Successful in 17s
CI / Security Scan (push) Failing after 19s
CI / Tests (push) Failing after 35s
2025-12-20 20:20:47 +01:00
bfc238b5cf
add CLI enhancements and scheduled cleanup
...
CI / Lint & Format (push) Successful in 16s
CI / Security Scan (push) Failing after 19s
CI / Tests (push) Successful in 34s
CLI commands:
- list: show user's pastes with pagination
- search: filter by type (glob), after/before timestamps
- update: modify content, password, or extend expiry
- export: save pastes to directory with optional decryption
API changes:
- PUT /<id>: update paste content and metadata
- GET /pastes: add type, after, before query params
Scheduled tasks:
- Thread-safe cleanup with per-task intervals
- Activate cleanup_expired_hashes (15min)
- Activate cleanup_rate_limits (5min)
Tests: 205 passing
2025-12-20 20:13:00 +01:00
cf31eab678
ci: handle pre-existing type and audit issues
CI / Lint & Format (push) Successful in 16s
CI / Security Scan (push) Successful in 20s
CI / Tests (push) Successful in 33s
2025-12-20 18:42:09 +01:00
d364c954d8
style: format with ruff
CI / Lint & Format (push) Failing after 17s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 21s
2025-12-20 18:32:47 +01:00
d0b199de11
fix lint errors (line length, unused var, nested if)
CI / Lint & Format (push) Failing after 15s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 21s
2025-12-20 18:31:47 +01:00
9e92db5217
fpaste: fix -E flag with piped stdin
CI / Lint & Format (push) Failing after 15s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 21s
2025-12-20 18:22:59 +01:00
a2c5a013ef
docs: update for encrypt-by-default CLI
...
CI / Lint & Format (push) Failing after 14s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 21s
Update README.md, api.md, and error hints to reflect:
- encryption is now default (no -e flag needed)
- use -E/--no-encrypt to disable
- file path shortcut (fpaste file.txt)
2025-12-20 18:12:00 +01:00
ba29b6e319
fpaste: encrypt by default, add file path shortcut
...
CI / Lint & Format (push) Failing after 15s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 21s
Change encryption from opt-in (-e) to opt-out (-E/--no-encrypt).
Add argument preprocessing to auto-insert "create" command when
file path is detected, allowing `fpaste file.txt` shortcut.
2025-12-20 18:05:33 +01:00
85110b2570
fpaste: add file path shortcut (fpaste <file>)
CI / Lint & Format (push) Failing after 15s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 21s
2025-12-20 17:56:34 +01:00
cdf8de5a8b
document encryption enforcement options
CI / Lint & Format (push) Failing after 15s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 21s
2025-12-20 17:46:58 +01:00
b7f247d148
add tests for size and binary enforcement
2025-12-20 17:46:54 +01:00
28ee2bae31
add minimum size and binary content enforcement
2025-12-20 17:46:49 +01:00
01ee337936
slim down production dependencies
CI / Lint & Format (push) Failing after 16s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 21s
2025-12-20 17:37:41 +01:00
Username