12 Commits

Author	SHA1	Message	Date
Username	880bf631e3	fpaste: add register command for public certificate enrollment ... - Add register command to obtain client cert from server - Solve PoW challenge, receive PKCS#12 bundle - Extract cert/key, optionally update config (--configure) - Fix registration to work without PKI_ENABLED (only needs PKI_CA_PASSWORD) - Add skip_enabled_check param to get_ca_info() for registration path - Update docs: README examples, API header name fix (X-Fingerprint-SHA1)	2025-12-21 10:59:09 +01:00
Username	5849c7406f	add /register endpoint for public certificate registration ... Public endpoint allows anyone to obtain a client certificate for authentication. Features: - Higher PoW difficulty than paste creation (24 vs 20 bits) - Auto-generates CA on first registration if not present - Returns PKCS#12 bundle with cert, key, and CA - Configurable via FLASKPASTE_REGISTER_POW Endpoints: - GET /register/challenge - Get registration PoW challenge - POST /register - Register and receive PKCS#12 bundle	2025-12-21 10:34:02 +01:00
Username	b47c26dd14	docs: update for v1.4.0 features ... - Add anti-flood, rate limiting, scheduled cleanup to feature lists - Update version to 1.4.0, test count to 205 - Document /pastes endpoint with query parameters - Add anti-flood fields to /challenge response - Update CLI docs with new commands (list, search, export) - Add decision log entries for recent features	2025-12-20 21:36:09 +01:00
Username	a2c5a013ef	docs: update for encrypt-by-default CLI ... Update README.md, api.md, and error hints to reflect: - encryption is now default (no -e flag needed) - use -E/--no-encrypt to disable - file path shortcut (fpaste file.txt)	2025-12-20 18:12:00 +01:00
Username	cdf8de5a8b	document encryption enforcement options	2025-12-20 17:46:58 +01:00
Username	4e38517faf	pki: add minimal certificate authority ... - CA generation with encrypted private key storage (AES-256-GCM) - Client certificate issuance with configurable validity - Certificate revocation with status tracking - SHA1 fingerprint integration with existing mTLS auth - API endpoints: /pki/status, /pki/ca, /pki/issue, /pki/revoke - CLI commands: fpaste pki status/issue/revoke - Comprehensive test coverage	2025-12-20 17:20:15 +01:00
Username	7deba711d4	entropy: exempt small content from check ... Small data has unreliable entropy measurement due to sample size. MIN_ENTROPY_SIZE (default 256 bytes) sets the threshold.	2025-12-20 08:48:13 +01:00
Username	8addf2d9e8	add entropy enforcement for optional encryption requirement ... Shannon entropy check rejects low-entropy content when MIN_ENTROPY > 0. Encrypted data ~7.5-8.0 bits/byte, plaintext ~4.0-5.0 bits/byte. Configurable via FLASKPASTE_MIN_ENTROPY environment variable.	2025-12-20 06:57:50 +01:00
Username	c76a158c18	bump version to 1.1.0, centralize VERSION constant	2025-12-20 04:21:06 +01:00
Username	ccfd8509cc	docs: add pow, cli client, and head method documentation	2025-12-20 04:09:08 +01:00
Username	202e927918	add content-hash dedup for abuse prevention ... Throttle repeated submissions of identical content using SHA256 hash tracking. Configurable via FLASKPASTE_DEDUP_WINDOW and FLASKPASTE_DEDUP_MAX.	2025-12-20 03:31:20 +01:00
Username	8f9868f0d9	flaskpaste: initial commit with security hardening ... Features: - REST API for text/binary pastes with MIME detection - Client certificate auth via X-SSL-Client-SHA1 header - SQLite with WAL mode for concurrent access - Automatic paste expiry with LRU cleanup Security: - HSTS, CSP, X-Frame-Options, X-Content-Type-Options - Cache-Control: no-store for sensitive responses - X-Request-ID tracing for log correlation - X-Proxy-Secret validation for defense-in-depth - Parameterized queries, input validation - Size limits (3 MiB anon, 50 MiB auth) Includes /health endpoint, container support, and 70 tests.	2025-12-16 04:42:18 +01:00