flaskpaste

Author	SHA1	Message	Date
user	e7c278be0d	fix: share PoW HMAC secret across gunicorn workers Some checks failed CI / Lint & Format (push) Failing after 29s Details CI / Unit Tests (push) Has been skipped Details CI / Memory Leak Check (push) Has been skipped Details CI / Fuzz Testing (push) Has been skipped Details CI / SBOM Generation (push) Has been skipped Details CI / Security Scan (push) Successful in 34s Details CI / Security Tests (push) Has been skipped Details CI / Advanced Security Tests (push) Has been skipped Details CI / Build & Push Image (push) Has been skipped Details CI / Harbor Vulnerability Scan (push) Has been skipped Details get_pow_secret() generated a random secret per process, so challenges signed by worker A failed verification on worker B (~90% failure rate with 2 workers). Persist a file-backed secret to data/.pow_secret using O_EXCL for atomic creation. FLASKPASTE_POW_SECRET env var still takes priority when configured. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-23 21:32:18 +01:00
Username	cd7a9e8340	gitignore: add .hypothesis test cache Some checks failed CI / Lint & Format (push) Failing after 16s Details CI / Unit Tests (push) Has been skipped Details CI / Memory Leak Check (push) Has been skipped Details CI / SBOM Generation (push) Has been skipped Details CI / Security Scan (push) Failing after 21s Details CI / Security Tests (push) Has been skipped Details	2025-12-25 19:20:33 +01:00
Username	5849c7406f	add /register endpoint for public certificate registration Some checks failed CI / Lint & Format (push) Failing after 15s Details CI / Tests (push) Has been skipped Details CI / Security Scan (push) Failing after 19s Details Public endpoint allows anyone to obtain a client certificate for authentication. Features: - Higher PoW difficulty than paste creation (24 vs 20 bits) - Auto-generates CA on first registration if not present - Returns PKCS#12 bundle with cert, key, and CA - Configurable via FLASKPASTE_REGISTER_POW Endpoints: - GET /register/challenge - Get registration PoW challenge - POST /register - Register and receive PKCS#12 bundle	2025-12-21 10:34:02 +01:00
Username	8f9868f0d9	flaskpaste: initial commit with security hardening Features: - REST API for text/binary pastes with MIME detection - Client certificate auth via X-SSL-Client-SHA1 header - SQLite with WAL mode for concurrent access - Automatic paste expiry with LRU cleanup Security: - HSTS, CSP, X-Frame-Options, X-Content-Type-Options - Cache-Control: no-store for sensitive responses - X-Request-ID tracing for log correlation - X-Proxy-Secret validation for defense-in-depth - Parameterized queries, input validation - Size limits (3 MiB anon, 50 MiB auth) Includes /health endpoint, container support, and 70 tests.	2025-12-16 04:42:18 +01:00

4 Commits