moulecorp / pasthis Goto Github PK

Simple stupid pastebin

License: Other

CSS 14.20% PHP 62.83% JavaScript 9.51% Python 13.46%

pastebin privacy secure simple php sqlite prettify

pasthis's Introduction

Pasthis

Pasthis is a pastebin written in PHP using SQLite as database backend, prettify to handle syntax highlighting and skeleton. This project is licensed under GPLv2+.

Privacy, security, simplicity

Expired pastes are automatically deleted.
Paste IDs aren't predictable (their URL cannot be guessed easily).
No statistics, counter or public list of pastes is available.
The use of HTTPS to post or get the pastes is enforced.
A trivial anti-spam filter is built-in.
By default the content is not formatted nor changed in any way (no wrap, no syntax highlighting). It is a user driven choice to do so.
Pastes can be displayed as raw.
A command-line tool can be downloaded to post pastes directly from terminals.
Tabulations are handled within the textarea to avoid changing the focus.
The design is mobile friendly (responsive) 😊

Deployment

Download Pasthis.
Configure the web server:
- Apache: edit the RewriteBase directive in the .htaccess if needed.
- Nginx: see the provided nginx.conf.
- Caddy v1: see the provided Caddyfile.
- Caddy v2: see the provided Caddyfile.
Make sure that the folder is readable and writable by www-data, since this is required by PHP to be able to create the SQLite database.

It is required to call the cron method on a regular basis to delete expired pastes, as a privacy concern. To do this on a GNU/Linux machine edit the /etc/crontab file and add the following line:

*/10 * * * * www-data php /path/to/pasthis/index.php

Be aware expired pastes can only be deleted when requested or when the cron method is called. Without the previous cron configuration, their deletion can't be ensured. They just won't be displayed.

Update

Update to the latest version (keep the database!).
Run php update.php.

Command line tool

A command line tool is available allowing you to post files. In order to take advantage of this utility, download it, make it executable and display the help output for more information:

chmod +x ./pasthis.py
./pasthis.py --help
./pasthis.py --url https://www.example.net/pasthis/ file.txt

Anti-spam

Every time a paste is sent, a value (called degree) is associated to the poster's ip hash. It is used in the following formula:

T = time() + intval(pow(degree, 2.5))

If the user posts another paste after T, the degree is reset to zero. If he tries before T, the degree is incremented, and the paste is denied.

There is also an hidden field, that set the degree to 512 (which corresponds to ~72h) if filled.

pasthis's People

Contributors

Stargazers

Watchers

Forkers

hyask fr33tux rogersguedes tpetazzoni paulkocialkowski stadsc csbsundar rich43

pasthis's Issues

Unusable "burn after reading" option

Summary

When trying to use the "burn after reading" option the paste becomes unavailable, using the latest version of this repo.

Steps to reproduce

Create a new paste
Select "burn after reading"
Send the paste
Get redirected to see the paste

Expected behavior

Create a new paste, get redirected to it but let it be available one more time. I think that the issue comes from step 4 described above.

server {
    listen 80;
    server_name paste.blah.org;

    root /srv/htdocs/paste.blah.org;
    index index.php;

    location / {
            if (!-e $request_filename){
            rewrite "^([a-zA-Z0-9]{6}(@raw)?)$" /index.php?p=$1;
            }
    }

    location /pasthis.db {
                deny all;
    }

    location ~ \.php$ {
                 include fastcgi.conf;
                 fastcgi_index index.php;
                 fastcgi_pass 127.0.0.1:9000;
    }
}

Thanks in advance for helping.
Cheers,

a 301 (or the shiny new 308), to redirect to a randomly generated URL, or even its own IP
a 420 (♥) : Enhance Your Calm
a 429 : Too Many Requests

Thanks! :)