Username
4f0b33fd7b
compose: set URL_PREFIX for HAProxy deployment
CI / Lint & Format (push) Successful in 16s
CI / Security Scan (push) Failing after 19s
CI / Tests (push) Successful in 34s
2025-12-20 20:25:09 +01:00
Username
14be46cdaf
compose: use port 5001 (avoid libretranslate conflict)
CI / Lint & Format (push) Successful in 16s
CI / Security Scan (push) Failing after 19s
CI / Tests (push) Successful in 35s
2025-12-20 20:22:55 +01:00
Username
dfca09102a
bump version to 1.3.0
CI / Lint & Format (push) Successful in 17s
CI / Security Scan (push) Failing after 19s
CI / Tests (push) Failing after 35s
2025-12-20 20:20:47 +01:00
Username
bfc238b5cf
add CLI enhancements and scheduled cleanup
...
CI / Lint & Format (push) Successful in 16s
CI / Security Scan (push) Failing after 19s
CI / Tests (push) Successful in 34s
CLI commands:
- list: show user's pastes with pagination
- search: filter by type (glob), after/before timestamps
- update: modify content, password, or extend expiry
- export: save pastes to directory with optional decryption
API changes:
- PUT /<id>: update paste content and metadata
- GET /pastes: add type, after, before query params
Scheduled tasks:
- Thread-safe cleanup with per-task intervals
- Activate cleanup_expired_hashes (15min)
- Activate cleanup_rate_limits (5min)
Tests: 205 passing
2025-12-20 20:13:00 +01:00
Username
cf31eab678
ci: handle pre-existing type and audit issues
CI / Lint & Format (push) Successful in 16s
CI / Security Scan (push) Successful in 20s
CI / Tests (push) Successful in 33s
2025-12-20 18:42:09 +01:00
Username
d364c954d8
style: format with ruff
CI / Lint & Format (push) Failing after 17s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 21s
2025-12-20 18:32:47 +01:00
Username
d0b199de11
fix lint errors (line length, unused var, nested if)
CI / Lint & Format (push) Failing after 15s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 21s
2025-12-20 18:31:47 +01:00
Username
9e92db5217
fpaste: fix -E flag with piped stdin
CI / Lint & Format (push) Failing after 15s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 21s
2025-12-20 18:22:59 +01:00
Username
a2c5a013ef
docs: update for encrypt-by-default CLI
...
CI / Lint & Format (push) Failing after 14s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 21s
Update README.md, api.md, and error hints to reflect:
- encryption is now default (no -e flag needed)
- use -E/--no-encrypt to disable
- file path shortcut (fpaste file.txt)
2025-12-20 18:12:00 +01:00
Username
ba29b6e319
fpaste: encrypt by default, add file path shortcut
...
CI / Lint & Format (push) Failing after 15s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 21s
Change encryption from opt-in (-e) to opt-out (-E/--no-encrypt).
Add argument preprocessing to auto-insert "create" command when
file path is detected, allowing `fpaste file.txt` shortcut.
2025-12-20 18:05:33 +01:00
Username
85110b2570
fpaste: add file path shortcut (fpaste <file>)
CI / Lint & Format (push) Failing after 15s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 21s
2025-12-20 17:56:34 +01:00
Username
cdf8de5a8b
document encryption enforcement options
CI / Lint & Format (push) Failing after 15s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 21s
2025-12-20 17:46:58 +01:00
Username
b7f247d148
add tests for size and binary enforcement
2025-12-20 17:46:54 +01:00
Username
28ee2bae31
add minimum size and binary content enforcement
2025-12-20 17:46:49 +01:00
Username
01ee337936
slim down production dependencies
CI / Lint & Format (push) Failing after 16s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 21s
2025-12-20 17:37:41 +01:00
Username
486bac1d85
docs: update project status for v1.2.0
CI / Lint & Format (push) Failing after 17s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 27s
2025-12-20 17:24:41 +01:00
Username
260d6e894d
update project documentation
CI / Lint & Format (push) Failing after 17s
CI / Tests (push) Has been skipped
CI / Security Scan (push) Failing after 27s
2025-12-20 17:20:40 +01:00
Username
713052de3d
ci: optimize workflow structure
...
- add concurrency control to cancel stale runs
- job dependencies (test waits for lint)
- move syntax check to lint job
- quieter apt-get and pip output
- remove continue-on-error on pip-audit
2025-12-20 17:20:33 +01:00
Username
9da33f786e
fix lint issues across codebase
2025-12-20 17:20:27 +01:00
Username
adbb5be5c0
add security tooling and development workflow
...
- ruff for linting and formatting
- bandit for security scanning
- mypy for type checking
- pip-audit for dependency vulnerabilities
- Makefile with lint/format/security/test targets
2025-12-20 17:20:21 +01:00
Username
4e38517faf
pki: add minimal certificate authority
...
- CA generation with encrypted private key storage (AES-256-GCM)
- Client certificate issuance with configurable validity
- Certificate revocation with status tracking
- SHA1 fingerprint integration with existing mTLS auth
- API endpoints: /pki/status, /pki/ca, /pki/issue, /pki/revoke
- CLI commands: fpaste pki status/issue/revoke
- Comprehensive test coverage
2025-12-20 17:20:15 +01:00
Username
7deba711d4
entropy: exempt small content from check
...
CI / test (push) Successful in 38s
Small data has unreliable entropy measurement due to sample size.
MIN_ENTROPY_SIZE (default 256 bytes) sets the threshold.
2025-12-20 08:48:13 +01:00
Username
8addf2d9e8
add entropy enforcement for optional encryption requirement
...
CI / test (push) Successful in 38s
Shannon entropy check rejects low-entropy content when MIN_ENTROPY > 0.
Encrypted data ~7.5-8.0 bits/byte, plaintext ~4.0-5.0 bits/byte.
Configurable via FLASKPASTE_MIN_ENTROPY environment variable.
2025-12-20 06:57:50 +01:00
Username
9ccd4225dd
fpaste: add E2E encryption support
...
CI / test (push) Successful in 38s
-e/--encrypt flag encrypts content with AES-256-GCM before upload.
Key is appended to URL fragment (#...), never sent to server.
Auto-detects key fragment on retrieval and decrypts locally.
2025-12-20 06:51:35 +01:00
Username
964698428c
routes: use detected base URL in usage examples
CI / test (push) Successful in 37s
2025-12-20 05:27:10 +01:00
Username
677d3e5ba1
client: also update help text with detected URL
CI / test (push) Successful in 38s
2025-12-20 05:23:00 +01:00
Username
d6fb2e92af
client: auto-detect server URL from request headers
CI / test (push) Successful in 39s
2025-12-20 05:21:55 +01:00
Username
2272b1ff12
add /client endpoint to download fpaste CLI
CI / test (push) Successful in 38s
2025-12-20 05:19:20 +01:00
Username
274648e1f7
fix: return relative URLs in responses, prefix only for docs
CI / test (push) Successful in 38s
2025-12-20 04:48:55 +01:00
Username
5770698847
add URL_PREFIX config for reverse proxy path support
CI / test (push) Successful in 38s
2025-12-20 04:43:36 +01:00
Username
c76a158c18
bump version to 1.1.0, centralize VERSION constant
CI / test (push) Successful in 37s
2025-12-20 04:21:06 +01:00
Username
ccfd8509cc
docs: add pow, cli client, and head method documentation
CI / test (push) Successful in 37s
2025-12-20 04:09:08 +01:00
Username
efd48c5563
pow: increase default difficulty to 20
CI / test (push) Successful in 38s
2025-12-20 04:05:35 +01:00
Username
8fdeeaed9c
add proof-of-work spam prevention
...
CI / test (push) Successful in 37s
Clients must solve a SHA256 hash puzzle before paste creation.
Configurable via FLASKPASTE_POW_DIFFICULTY (0 = disabled, 16 = default).
Challenge tokens expire after FLASKPASTE_POW_TTL seconds (default 300).
2025-12-20 04:03:59 +01:00
Username
682df17257
add command-line client
CI / test (push) Successful in 36s
2025-12-20 03:57:41 +01:00
Username
7f3c37f271
tasklist: mark head method complete
CI / test (push) Successful in 37s
2025-12-20 03:47:35 +01:00
Username
4532b9b1d5
add HEAD method for paste endpoints
CI / test (push) Has been cancelled
2025-12-20 03:47:20 +01:00
Username
4007f0ea65
tasklist: mark wal mode complete
CI / test (push) Successful in 36s
2025-12-20 03:45:05 +01:00
Username
9c5b1d9804
enable sqlite wal mode for file databases
CI / test (push) Has been cancelled
2025-12-20 03:44:38 +01:00
Username
a07f1e662e
add gitea ci workflow
CI / test (push) Successful in 36s
2025-12-20 03:31:43 +01:00
Username
4cb29fa3d2
add project structure files
2025-12-20 03:31:37 +01:00
Username
202e927918
add content-hash dedup for abuse prevention
...
Throttle repeated submissions of identical content using SHA256 hash
tracking. Configurable via FLASKPASTE_DEDUP_WINDOW and FLASKPASTE_DEDUP_MAX.
2025-12-20 03:31:20 +01:00
Username
8f9868f0d9
flaskpaste: initial commit with security hardening
...
Features:
- REST API for text/binary pastes with MIME detection
- Client certificate auth via X-SSL-Client-SHA1 header
- SQLite with WAL mode for concurrent access
- Automatic paste expiry with LRU cleanup
Security:
- HSTS, CSP, X-Frame-Options, X-Content-Type-Options
- Cache-Control: no-store for sensitive responses
- X-Request-ID tracing for log correlation
- X-Proxy-Secret validation for defense-in-depth
- Parameterized queries, input validation
- Size limits (3 MiB anon, 50 MiB auth)
Includes /health endpoint, container support, and 70 tests.
2025-12-16 04:42:18 +01:00
