b47c26dd14
- Add anti-flood, rate limiting, scheduled cleanup to feature lists - Update version to 1.4.0, test count to 205 - Document /pastes endpoint with query parameters - Add anti-flood fields to /challenge response - Update CLI docs with new commands (list, search, export) - Add decision log entries for recent features
1.7 KiB
1.7 KiB
TODO
Unstructured intake buffer for ideas, issues, and observations. Items here are raw and unrefined. Actionable items should be promoted to TASKLIST.md.
Ideas
- Rate limit headers in responses (X-RateLimit-*)
- Paste compression for large text content
- ETag support for conditional requests
- Paste listing for authenticated users (their own pastes only)
- Neovim/Vim plugin for editor integration
- Webhook notifications for paste events
- Certificate renewal reminder in CLI
- Admin endpoint for CA key rotation
Observations
- PKI uses AES-256-GCM for CA private key encryption (PBKDF2 key derivation)
- SHA1 fingerprints are X.509 standard, not security-relevant (usedforsecurity=False)
- Revoked certificates are soft-deleted (status tracked, not removed)
- CI pipeline: lint runs parallel with security, tests wait for lint
- Ruff replaces flake8/isort/pyupgrade with single fast tool
- Bandit configured for medium+ severity only (-ll flag)
Questions
- Certificate renewal: reissue with same CN or require new request?
- Should revoked certs be purged after grace period?
Resolved
- Expired paste cleanup runs in-process via before_request hook (no cron needed)
Debt
- Mypy has pre-existing type errors (runs with --ignore-missing-imports)
- No integration tests for container deployment
- Missing test for concurrent paste creation
- Could add more deployment examples (Kubernetes, systemd)
External Dependencies
- Consider adding
python-magicfor better MIME detection (currently magic bytes only) - cryptography package required for PKI features (optional otherwise)
Review weekly. Promote actionable items to TASKLIST.md. Archive or delete stale items.