tiararodney/httpaste
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merged in release/v1.1.0-beta (pull request #44)

Browse source 
Release/v1.1.0 beta
This commit is contained in:
Tiara Rodney 2022-04-15 18:45:56 +00:00
commit 2474c7be61
8 changed files with 49 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -2,7 +2,7 @@
![](docs/_assets/images/favpng_parrot-royalty-free-cartoon.png) ![](docs/_assets/images/favpng_parrot-royalty-free-cartoon.png)
**NOTE**: httpaste is publicly hosted at [httpaste.it](http://httpaste.it) and as a hidden Tor service ([https://paste77ubkwxy4fqezffsmthxdh3xerwi72tlsw2mch7ecjhw2xn7iyd.onion](https://paste77ubkwxy4fqezffsmthxdh3xerwi72tlsw2mch7ecjhw2xn7iyd.onion)). **NOTE**: httpaste is publicly hosted at [httpaste.it](http://httpaste.it) and as a [Tor Onion Service](https://community.torproject.org/onion-services/overview/) ([http://paste77ubkwxy4fqezffsmthxdh3xerwi72tlsw2mch7ecjhw2xn7iyd.onion](http://paste77ubkwxy4fqezffsmthxdh3xerwi72tlsw2mch7ecjhw2xn7iyd.onion)).
Both services are to be considered evaluatory, as long as the source code Both services are to be considered evaluatory, as long as the source code
is in pre-release. Regarding voidance of pre-release status, see [Open Issues](https://victorykit.atlassian.net/issues/?jql=project%20%3D%20HTTPASTE%20AND%20fixVersion%20in%20(1.1.0-beta%2C%201.2.0-beta%2C%201.3.0)), for more information. is in pre-release. Regarding voidance of pre-release status, see [Open Issues](https://victorykit.atlassian.net/issues/?jql=project%20%3D%20HTTPASTE%20AND%20fixVersion%20in%20(1.1.0-beta%2C%201.2.0-beta%2C%201.3.0)), for more information.

4
docs/README.rst
View file

@ -10,7 +10,7 @@ httpaste - versatile HTTP pastebin
.. image:: _assets/images/favpng_parrot-royalty-free-cartoon.png .. image:: _assets/images/favpng_parrot-royalty-free-cartoon.png
.. note:: .. note::
httpaste is publicly hosted at `httpaste.it`_ and as a hidden Tor service (`<https://paste77ubkwxy4fqezffsmthxdh3xerwi72tlsw2mch7ecjhw2xn7iyd.onion>`_). httpaste is publicly hosted at `httpaste.it`_ and as a `Tor Onion Service`_ (`<http://paste77ubkwxy4fqezffsmthxdh3xerwi72tlsw2mch7ecjhw2xn7iyd.onion>`_).
Both services are to be considered evaluatory, as long as the source code Both services are to be considered evaluatory, as long as the source code
is in pre-release. Regarding voidance of pre-release status, see `Open Issues`_, for more information. is in pre-release. Regarding voidance of pre-release status, see `Open Issues`_, for more information.
@ -79,6 +79,8 @@ This program uses licensed third-party software.
ARCHITECTURE ARCHITECTURE
CONTRIBUTING CONTRIBUTING
.. _Tor Onion Service: https://community.torproject.org/onion-services/overview/
.. _ix.io: http://ix.io/ .. _ix.io: http://ix.io/
.. _sprunge.us: http://sprunge.us .. _sprunge.us: http://sprunge.us
.. _pygments: https://pygments.org/ .. _pygments: https://pygments.org/

6
docs/guide/backend.rst
View file

@ -6,17 +6,17 @@ The backend can be configured within the `[backend]` section of the configuratio
SQLite SQLite
------ ------
.. autoclass:: httpaste.backend.sqlite.Parameters .. autoclass:: httpaste.backend.sqlite.Config
:members: :members:
Filesystem Filesystem
---------- ----------
.. autoclass:: httpaste.backend.file.Parameters .. autoclass:: httpaste.backend.file.Config
:members: :members:
MySQL MySQL
----- -----
.. autoclass:: httpaste.backend.mysql.Parameters .. autoclass:: httpaste.backend.mysql.Config
:members: :members:

2
samples/httpaste.it/docker-compose.yml
View file

@ -1,4 +1,4 @@
version: "3.3" version: "3.4"
services: services:
httpaste: httpaste:
build: build:

13
samples/httpaste.it/httpd/Dockerfile
View file

@ -1,3 +1,14 @@
FROM httpd:2.4 FROM httpd:2.4
RUN apt-get update -y && apt-get install -y libapache2-mod-proxy-uwsgi RUN apt-get update -y && apt-get install -y \
libapache2-mod-proxy-uwsgi \
libapache2-mod-evasive \
libapache2-mod-security2
RUN mkdir -p /usr/local/apache2/crs-tecmint
ADD https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/refs/tags/v3.2.0.tar.gz /usr/local/apache2/crs/master
RUN cd /usr/local/apache2/crs && \
tar -xzf master && \
cp owasp-modsecurity-crs-3.2.0/crs-setup.conf.example owasp-modsecurity-crs-3.2.0/crs-setup.conf

20
samples/httpaste.it/httpd/usr/local/apache2/conf/httpd.conf
View file

@ -16,6 +16,9 @@ LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
LoadModule unixd_module modules/mod_unixd.so LoadModule unixd_module modules/mod_unixd.so
LoadModule access_compat_module modules/mod_access_compat.so LoadModule access_compat_module modules/mod_access_compat.so
LoadModule security2_module /usr/lib/apache2/modules/mod_security2.so
LoadModule evasive20_module /usr/lib/apache2/modules/mod_evasive20.so
<IfModule unixd_module> <IfModule unixd_module>
User www-data User www-data
@ -23,7 +26,23 @@ LoadModule access_compat_module modules/mod_access_compat.so
</IfModule> </IfModule>
ServerAdmin you@example.com ServerAdmin you@example.com
ServerSignature Off
ServerTokens Prod
<IfModule security2_module>
Include crs/owasp-modsecurity-crs-3.2.0/crs-setup.conf
Include crs/owasp-modsecurity-crs-3.2.0/rules/*.conf
</IfModule>
<IfModule mod_evasive24.c>
DOSHashTableSize 3097
DOSPageCount 3
DOSSiteCount 10
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSCloseSocket On
</IfModule>
ErrorLog /proc/self/fd/2 ErrorLog /proc/self/fd/2
@ -58,6 +77,7 @@ ServerName 127.0.0.1
<VirtualHost 0.0.0.0:80> <VirtualHost 0.0.0.0:80>
#ProxyPreserveHost On #ProxyPreserveHost On
ServerName httpaste.it ServerName httpaste.it
ServerAlias localhost
SetEnv proxy-sendchunks SetEnv proxy-sendchunks
ProxyPass "/" "unix:/shared/uwsgi.sock|uwsgi://localhost/" ProxyPass "/" "unix:/shared/uwsgi.sock|uwsgi://localhost/"
</VirtualHost> </VirtualHost>

10
src/httpaste/__init__.py
View file

@ -9,8 +9,6 @@ SYNOPSIS
HTTP [POST|PUT|DELETE|GET] {url}paste/[public|private] HTTP [POST|PUT|DELETE|GET] {url}paste/[public|private]
{url}ui
DESCRIPTION DESCRIPTION
This program offers an HTTP interface for storing public and private data This program offers an HTTP interface for storing public and private data
@ -21,7 +19,7 @@ DESCRIPTION
listed on any index, since it isn't technically possible (by design). listed on any index, since it isn't technically possible (by design).
All pastes are symetrically encrypted with an HMAC derived key using All pastes are symetrically encrypted with an HMAC derived key using
{hmac_iterations} iterations and SHA-512 hashing, a server-side salt and a {hmac_iterations} iterations and SHA-256 hashing, a server-side salt and a
randomly generated password. Public paste's passwords are derived from randomly generated password. Public paste's passwords are derived from
their ids. Private paste's passwords are randomly generated and stored their ids. Private paste's passwords are randomly generated and stored
inside a symetrically encrypted personal database, with the encryption key inside a symetrically encrypted personal database, with the encryption key
@ -115,12 +113,12 @@ EXAMPLES
SEE ALSO SEE ALSO
Documentation <https://victorykit.bitbucket.org/httpaste> Documentation <https://victorykit.bitbucket.io/httpaste>
Sources <https://bitbucket.org/victorykit/httpaste> Sources <https://bitbucket.org/victorykit/httpaste>
Host (HTTPS) <https://httpaste.it> Host (HTTP) <http://httpaste.it>
(HTTP) <http://httpaste.it> (Onion) <http://paste77ubkwxy4fqezffsmthxdh3xerwi72tlsw2mch7ecjhw2xn7iyd.onion>
NOTES NOTES

6
src/httpaste/controller/paste/__init__.py
View file

@ -100,11 +100,13 @@ def get(**kwargs):
else: else:
paste_model.remove(pid, backend.paste) paste_model.remove(pid, backend.paste)
if encoding is not None:
data = data.decode(encoding)
if syntax is not None: if syntax is not None:
data = highlight(data, str(syntax), formatter, linenos) data = highlight(data, str(syntax), formatter, linenos)
if encoding is not None:
data = data.decode(encoding)
return ConnexionResponse( return ConnexionResponse(
status_code=200, status_code=200,