Merged in hotfix/HTTPASTE-37 (pull request #33)

docs: sound less like a smart-ass sales person

.gitignore

@@ -9,4 +9,6 @@
 **/__pycache__/
 .DS_Store
 .coverage
-/*.md
+/*.md
+/.eggs/
+/devel/

MANIFEST.in

@@ -1,2 +0,0 @@
-recursive-include src/httpaste/schema *.json
-recursive-incude src/httpaste/backend *.sql

README.md

@@ -2,28 +2,40 @@
 
 ![](docs/_assets/images/favpng_parrot-royalty-free-cartoon.png)
 
-httpaste is a pastebin application for easily pasting and retrieving data over
+**NOTE**: httpaste is publicly hosted at [httpaste.it](http://httpaste.it) and as a hidden Tor service ([https://paste77ubkwxy4fqezffsmthxdh3xerwi72tlsw2mch7ecjhw2xn7iyd.onion](https://paste77ubkwxy4fqezffsmthxdh3xerwi72tlsw2mch7ecjhw2xn7iyd.onion)).
-HTTP from shell environments and web browsers. It is inspired by [sprunge.us](http://sprunge.us)
+Both services are to be considered evaluatory, as long as the source code
-and [ix.io](http://ix.io/), but focuses on extendability, advanced security, with little to
+is in pre-release. Regarding voidance of pre-release status, see [Open Issues](https://victorykit.atlassian.net/issues/?jql=project%20%3D%20HTTPASTE%20AND%20fixVersion%20in%20(1.1.0-beta%2C%201.2.0-beta%2C%201.3.0)), for more information.
-no trade-off to simplicity. It can be hosted through WSGI, CGI, Fast CGI, or
-as a standalone evaluation server. It offers multiple storage backends, such as
-a filesystem backend, SQLite backend, MySQL backend, or MongoDB backend.
 
-All pastes are being encrypted on the fly and can only be retrieved by an
+This program offers an HTTP interface for storing public and private data
-authorized user, either through knowing the paste id of a public paste, or
+(a.k.a. pastes), commonly referred to as a pastebin application. It is inspired by [sprunge.us](http://sprunge.us) and [ix.io](http://ix.io/). It can be hosted through WSGI, CGI, Fast
-having authentication credentials, as well as the paste id of a private paste.
+CGI, or as a standalone evaluation server. It offers multiple storage backends,
-This makes httpaste ideal as a pastebin for sensitive environments such as the
+such as a filesystem backend, SQLite backend, or MySQL backend.
-Tor network. Authentication credentials are created on-the-fly and don’t  require a sign-up process.
 
-httpaste supports output formatting for syntax highlighting (powered by
+Public data can be accessed through an URL, where as private pastes
+additionally require HTTP basic authentication. Creation of authentication
+credentials happens on the fly, there is no sign-up process. Public pastes can
+only be accessed by knowing their paste ids, they are not listed on any index,
+since it isn’t technically possible (by design).
+
+All pastes are symetrically encrypted server-side with an HMAC derived key and
+SHA-256 hashing, a server-side salt and a randomly generated password. Public
+paste’s passwords are derived from their ids. Private paste’s passwords are
+randomly generated and stored inside a symetrically encrypted personal
+database, with the encryption key also being derived through the same HMAC
+mechanism, where the HTTP basic authentication credentials act as the master
+password.
+
+Paste ids, usernames, and any other identifiable attributes are only stored
+inside storage backends as keyed and salted BLAKE2 hashes.
+
+The program supports output formatting for syntax highlighting (powered by
 [pygments](https://pygments.org/)), as well as MIME type output manipulation, and input encoding.
-Therefore httpaste can server as an anonymous object storage for small data.
+The program can therefore serve as a minimalist, anonymous object storage for
+small data.
 
-Minute-based and ‘burn-after-read’ paste expiration are supported.
+Minute-based and ‘burn-after-read’ paste expiration are also supported.
 
-httpaste focuses on security through cryptography, making it a computationally intensive application.
+# Getting Started
-
-# Get Started
 
 ## Install
 

docs/README.rst

@@ -9,28 +9,41 @@ httpaste - versatile HTTP pastebin
 
     .. image:: _assets/images/favpng_parrot-royalty-free-cartoon.png
 
-httpaste is a pastebin application for easily pasting and retrieving data over 
+.. note::
-HTTP from shell environments and web browsers. It is inspired by `sprunge.us`_ 
+    httpaste is publicly hosted at `httpaste.it`_ and as a hidden Tor service (`<https://paste77ubkwxy4fqezffsmthxdh3xerwi72tlsw2mch7ecjhw2xn7iyd.onion>`_). 
-and `ix.io`_, but focuses on extendability, advanced security, with little to 
+    Both services are to be considered evaluatory, as long as the source code 
-no trade-off to simplicity. It can be hosted through WSGI, CGI, Fast CGI, or 
+    is in pre-release. Regarding voidance of pre-release status, see `Open Issues`_, for more information.
-as a standalone evaluation server. It offers multiple storage backends, such as 
-a filesystem backend, SQLite backend, MySQL backend, or MongoDB backend.
 
-All pastes are being encrypted on the fly and can only be retrieved by an 
+This program offers an HTTP interface for storing public and private data
-authorized user, either through knowing the paste id of a public paste, or 
+(a.k.a. pastes), commonly referred to as a pastebin application. It is inspired by `sprunge.us`_ and `ix.io`_. It can be hosted through WSGI, CGI, Fast 
-having authentication credentials, as well as the paste id of a private paste. 
+CGI, or as a standalone evaluation server. It offers multiple storage backends, 
-This makes httpaste ideal as a pastebin for sensitive environments such as the 
+such as a filesystem backend, SQLite backend, or MySQL backend.
-Tor network. Authentication credentials are created on-the-fly and don't  require a sign-up process.
 
-httpaste supports output formatting for syntax highlighting (powered by 
+Public data can be accessed through an URL, where as private pastes 
+additionally require HTTP basic authentication. Creation of authentication 
+credentials happens on the fly, there is no sign-up process. Public pastes can 
+only be accessed by knowing their paste ids, they are not listed on any index, 
+since it isn't technically possible (by design).
+
+All pastes are symetrically encrypted server-side with an HMAC derived key and 
+SHA-256 hashing, a server-side salt and a randomly generated password. Public 
+paste's passwords are derived from their ids. Private paste's passwords are 
+randomly generated and stored inside a symetrically encrypted personal 
+database, with the encryption key also being derived through the same HMAC 
+mechanism, where the HTTP basic authentication credentials act as the master 
+password.
+
+Paste ids, usernames, and any other identifiable attributes are only stored
+inside storage backends as keyed and salted BLAKE2 hashes.
+
+The program supports output formatting for syntax highlighting (powered by 
 `pygments`_), as well as MIME type output manipulation, and input encoding. 
-Therefore httpaste can server as an anonymous object storage for small data.
+The program can therefore serve as a minimalist, anonymous object storage for
+small data.
 
-Minute-based and 'burn-after-read' paste expiration are supported.
+Minute-based and 'burn-after-read' paste expiration are also supported.
 
-httpaste focuses on security through cryptography, making it a computationally intensive application.
+.. include:: guide/getting-started.rst
-
-.. include:: guide/get-started.rst
 
 Documentation
 -------------
@@ -69,4 +82,8 @@ This program uses licensed third-party software.
 .. _ix.io: http://ix.io/
 .. _sprunge.us: http://sprunge.us
 .. _pygments: https://pygments.org/
-.. _icon: https://favpng.com/png_view/parrot-parrot-royalty-free-cartoon-png/gps7HM42
+.. _icon: https://favpng.com/png_view/parrot-parrot-royalty-free-cartoon-png/gps7HM42
+
+.. _Open Issues: https://victorykit.atlassian.net/issues/?jql=project%20%3D%20HTTPASTE%20AND%20fixVersion%20in%20(1.1.0-beta%2C%201.2.0-beta%2C%201.3.0)
+
+.. _httpaste.it: http://httpaste.it

docs/guide/getting-started.rst

@@ -1,5 +1,5 @@
-Get Started
+Getting Started
-===========
+===============
 
 Install
 """""""

docs/index.rst

@@ -4,7 +4,7 @@
     :maxdepth: 1
     :caption: Guides
 
-    guide/get-started
+    guide/getting-started
     guide/advanced-usage
     guide/backend
     guide/cli

pyproject.toml

@@ -1,7 +1,8 @@
 [build-system]
 requires = [
     "setuptools",
-    "wheel"
+    "wheel",
+    "setuptools-scm[toml]"
 ]
 build-backend = "setuptools.build_meta"
 
@@ -9,4 +10,6 @@ build-backend = "setuptools.build_meta"
 max_line_length = 80
 aggressive = 3
 recursive = true
-in-place = true
+in-place = true
+
+[tool.setuptools_scm]

setup.cfg

@@ -1,6 +1,5 @@
 [metadata]
 name = httpaste-victorykit
-version = 1.0.9-alpha
 author = Tiara Rodney
 author_email = t.rodney@victoryk.it
 description = a versatile HTTP pastebin
@@ -38,3 +37,7 @@ console_scripts =
 [options.packages.find]
 where = src
 
+[options.package_data]
+* = 
+	*.json
+	*.sql

src/httpaste/__init__.py

@@ -144,13 +144,14 @@ from configparser import ConfigParser
 from ast import literal_eval
 from io import StringIO
 from os import environ
+from importlib.resources import path as resource_path
 
 from connexion import FlaskApp
 from connexion.resolver import RestyResolver
 
 from httpaste.model import Backend
 from httpaste.backend import get_backend_map
-from httpaste.helper.common import (generate_random_string, tmp_pkg_resource_text_path)
+from httpaste.helper.common import generate_random_string
 from httpaste.helper.http import (
     BadRequestError,
     ForbiddenError,
@@ -302,7 +303,7 @@ def get_flask_app(
     options = {"swagger_ui": server_config.swagger_ui}
 
     #context manager returns a pathlib.Path object
-    with tmp_pkg_resource_text_path('httpaste.schema', 'httpaste.openapi.json') as path:
+    with resource_path('httpaste.schema', 'httpaste.openapi.json') as path:
 
         application = FlaskApp(__name__, specification_dir=path.parent)
 

src/httpaste/helper/common.py

@@ -1,7 +1,6 @@
 from random import choice
 from base64 import b64decode
 from urllib.parse import urljoin
-from importlib.resources import read_text
 from tempfile import mkdtemp
 from pathlib import Path
 from contextlib import contextmanager
@@ -35,28 +34,3 @@ def decode(data: str, encoding: str) -> bytes:
 def join_url(base:str, url: str) -> str:
 
     return urljoin(base, url, True)
-
-
-@contextmanager
-def tmp_pkg_resource_text_path(package:str, resource:str) -> Path:
-    """context manager for accessing package resources from a real path
-
-        this applies to the circumstance of the package living inside of an
-        egg and therefore is unable to provide real existing paths to any
-        module that may require it.
-
-        :param package: dot seperated package name
-        :param resource: basename of resource inside package
-
-        :returns: a Path-like object
-    """
-    data = read_text(package, resource)
-    tmp_dirname = mkdtemp()
-    tmp_dirpath = Path(tmp_dirname)
-    tmp_file = tmp_dirpath.joinpath(resource)
-    tmp_file.write_text(data)
-    try:
-        yield tmp_file
-    finally:
-        tmp_file.unlink()
-        tmp_dirpath.rmdir()