Tygs/0bin

just a feedback with my wishlist. hope it's useful

dl9sau opened this issue · 1 comments

dl9sau commented

Just a feedback for 0bin with problems I stumbled over, how I solved, and what I'm missing.
Thank you for that nice software.

Applied patches

Recommendation:
chown www-data 0bin/zerobin/content; chmod 700 0bin/zerobin/content

My changes

  • expiry
    DURATIONS = { 
    •   '1_min': 60,

    •   '10_min': 600,

    •   '1_hour': 3600,

    •   '10_hours': 36000,
 '1_day': 24 \* 3600,

    •    '3_days': 3 \* 24 \* 3600,

    •    '1_week': 7 \* 24 \* 3600,
 '1_month': 30 \* 24 \* 3600,
 'never': 365 \* 24 \* 3600 \* 100,

Problems

  • with WSGI, URLs are not relative to the alias ->
    • 0bin/paste becomes /paste
      => needed to add
      WSGIScriptAlias /paste /srv/www/0bin/zerobin/app.wsgi/paste
      WSGIScriptAlias /static /srv/www/0bin/zerobin/app.wsgi/static
    • home (click top left on "0bin.net") becomes / -> leaves 0bin and goes to the webserver root
      -> commented that url out
    • "New paste" button: becomes / -> leaves 0bin and goes to the webserver root
  • problems with 0bin/pull/99 (Add support for more binary file types (audio, video and other binaries)):
    • pictures are ok. An audio file I tested did not work. PDF, odt, tar pastes raw (after heavy CPU load by the browser)
    • download button appears twice in a line, the left one has the correct URL for the image file; the right one (which is always present, text or binary) is pointing to / (-> in my config, I leave 0bin and land on my webserver-root) => this original download button does not work.
    • google chrome and safari on (an old) IOS do the download of a picture flawlessly.
    • osx: firefox eats the filename-suffix on download.
    • android: firefox tends to segfault. another browser also eats the filename-suffix. chrome did not work (but this may be a security setting I did)
    • would have contacted author xdarklight but did not found how..

Does not work:

  • zerobin/cmd.py -> now using apache2 with WSGIDaemonProcess, WSGIScriptAlias /0bin ...zerobin/app.wsgi
    with zerobin/app.wsgi:
    import os, sys
    ZEROBIN_PARENT_DIR = os.path.dirname(os.path.dirname(file))
    sys.path.insert(0, ZEROBIN_PARENT_DIR)
    from zerobin.routes import get_app

My todo:
make CSP config work, i.E.
Header set Content-Security-Policy "default-src 'none'; script-src 'unsafe-inline'; style-src 'unsafe-inline'; img-src 'self'

Feature request:

  • upload all file types (esp. pdf; pdf preview would be nice)
  • store data on the server in binary form (saves hd space)
  • burn after reading: counter for n times.
  • optionaly (user defined on upload) save and show IPv4/IPv6 addresses and timestamps when a file was downloaded (-> transparency, if something suspicious has happened before)
  • delete button for being able to remove a paste before expiry
sametmax commented

Than for your feed back. There are a lot of things here, so I think they will be splitted into seperate issues.