Rustypaste is a minimal file upload/pastebin service.

Related tags

Web programming rust upload file-upload pastebin file-sharing file-upload-server pastebin-service upload-file upload-images multipart-uploads file-upload-service paste-service file-uploading
Overview

Rustypaste is a minimal file upload/pastebin service.

awesome.txt $ curl -F "[email protected]" https://paste.site.com https://paste.site.com/safe-toad.txt $ curl https://paste.site.com/safe-toad.txt some text "> 
$ echo "some text" > awesome.txt

$ curl -F "[email protected]" https://paste.site.com
https://paste.site.com/safe-toad.txt

$ curl https://paste.site.com/safe-toad.txt
some text

Features

  • File upload & URL shortening
    • supports basic HTTP authentication
    • random file names (optional)
      • pet name (e.g. capital-mosquito.txt)
      • alphanumeric string (e.g. yB84D2Dv.txt)
    • guesses MIME types
  • Single binary
  • Easy to deploy
  • No database
    • filesystem is used
  • Self-hosted
    • centralization is bad!
  • Written in Rust
    • blazingly fast!

Usage

CLI

" "" } "> 
function rpaste() {
    curl -F "file=@$1" -H "Authorization: " ""
}

* consider reading authorization headers from a file. (e.g. -H @rpaste_auth)

# upload a file
$ rpaste x.txt

# paste from stdin
$ rpaste -

URL Shortening

" "> 
curl -F "url=https://example.com/some/long/url" ""

Server

To start the server:

$ rustypaste

If the configuration file is not found in the current directory, specify it via CONFIG environment variable:

$ CONFIG="$HOME/.rustypaste.toml" rustypaste

To enable basic HTTP auth, set the AUTH_TOKEN environment variable (via .env):

.env $ rustypaste "> 
$ echo "AUTH_TOKEN=$(openssl rand -base64 16)" > .env
$ rustypaste

See config.toml for configuration options.

Docker

Following command can be used to run a container which is built from the Dockerfile in this repository:

$ docker run --rm -d \
  -v "$(pwd)/upload/":/app/upload \
  --env-file "$(pwd)/.env" \
  -e "RUST_LOG=debug" \
  -p 8000:8000 \
  --name rustypaste \
  orhunp/rustypaste
  • uploaded files go into ./upload (on the host machine)
  • set the AUTH_TOKEN via -e or --env-file to enable auth

You can build this image using docker build -t rustypaste . command.

If you want to run the image using docker compose, simply run docker-compose up -d. (see docker-compose.yml)

Nginx

Example server configuration with reverse proxy:

server {
    listen 80;
    location / {
        proxy_pass                         http://localhost:8000/;
        proxy_set_header Host              $host;
        proxy_set_header X-Forwarded-For   $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        add_header X-XSS-Protection        "1; mode=block";
        add_header X-Frame-Options         "sameorigin";
        add_header X-Content-Type-Options  "nosniff";
    }
}

If you get a 413 Request Entity Too Large error during upload, set the max body size in nginx.conf:

http {
    # ...
    client_max_body_size 100M;
}

Roadmap

  • Support "disappearing" files
  • Support setting an expiry date for uploads
  • Write a CLI tool in Rust

Contributing

Pull requests are welcome!

Consider submitting your ideas via issues first. Also, see the roadmap and/or run the following command to see what is needed to be done:

$ grep -nr "TODO:" src/

License

All code is licensed under The MIT License.
Comments
  • feat(server): add landing page

    feat(server): add landing page

    Fixes orhun/rustypaste#13

    The default landing page is set as a const in the binary, but is configurable with the server.landing_page key. Should the key be in another section (i.e. not [server]? Handling is added for when the config file doesn't have any landing page. I updated the default config.toml.

    opened by TheTechRobo 11
  • How to setup authentication?

    How to setup authentication?

    Hello,

    I'm really liking the very minimalist-style setup of rustypaste so far. It's so much faster than everything else I've tried lately.

    I am curious if we could get some more documentation about how to use the authentication portion of rustypaste. How do we setup authentication on the server side? I think the documentation on how to use the authentication on the client side is clear but we'll find out once I figure out how to setup the server side authentication.

    Thanks!

    opened by Nbelles 9
  • How about making the server delete expired files by itself?

    How about making the server delete expired files by itself?

    Currently you need to run an outside command to make sure expired files are actually deleted. Couldn't this step be easily performed by the server itself during runtime so you don't need to add the complexity of having a second thing that modifies the files?

    enhancement 
    opened by svenstaro 7
  • Argument support

    Argument support

    First of all, thanks for this, looks really useful.

    I've packaged it and might make a nixos module out of this, but I have a small suggestion if you'd consider; cmdline arguments/parameters. Configuration options are not too many, so it might be helpful to override a 'default configuration' via arguments. Plus it can help later probably, e.g. having a --version.

    opened by seqizz 5
  • Docker container not showing webui when lauched, instead going to GitHub repo

    Docker container not showing webui when lauched, instead going to GitHub repo

    Hello, I would like to know if someone that has successufully installed RustPaste in Docker, experienced the same as me.

    When, I launch the container, it simply redirects the webui to the GitHub repo (orhun/rustypaste).

    Note: I used the config.toml file as it is, didn't modified anything. All things related to port redirection and so on, I do that via command.

    What could be happening here?

    opened by SmartPhoneLover 3
  • Landing page

    Landing page

    Show a cool 😎 landing page instead of redirecting to the repository when / is visited.

    Some ideas:

    help wanted good first issue 
    opened by orhun 2
  • Idea: Deduplication/hashing/hardlinking

    Idea: Deduplication/hashing/hardlinking

    Hi again,

    I realized when same file uploaded twice, takes twice amount of place on the server. Just as an idea (possible with a strong-enough-to-trust hashing):

    Hardlinks can be used on server side and/or client side can send the hash before uploading file to the server (and it can return the same/a brand new URL). This might save some bandwidth & disk space.

    Of course there is security side of the things, like guessing attacks etc, but whole thing can be optional depending on the use case.

    opened by seqizz 2
  • chore(deps): bump versions

    chore(deps): bump versions

    this PR was intended to fix #8 but after checking, I found that this crate is already on 2021.. so I decided to run a cargo update in order to contribute at least something :)

    opened by sassman 1
  • Uploads are allowed to escape the `upload` directory using path traversal on the filename given

    Uploads are allowed to escape the `upload` directory using path traversal on the filename given

    curl localhost:8000 -X POST -F "file=;filename=../." will upload the data to the parent directory of upload. An attacker doesn't seem to have direct control over the filename given (unless random_url is disabled, in which case they can freely overwrite any file the web server has access to!), other than the extension, so they probably can't use this to overwrite important files, but this is still bad.

    opened by 5225225 1
  • Content length is checked after downloading full file, allowing for OOM

    Content length is checked after downloading full file, allowing for OOM

    In upload, you're loading in the full content of the file to memory, and then checking if it is too big. You should be checking the size while downloading, and immediately rejecting a file that is too big.

    Steps to reproduce:

    curl localhost:8000 -X POST -F file=@/dev/zero and watch as the process uses all your system's memory despite having a max_content_length of 10MB.

    opened by 5225225 1
  • Retrieve server version

    Retrieve server version

    It would be nice to know the server version with a special endpoint like /version.

    One downside might be that it should be configurable with a flag in the configuration file or only accessible when auth_token is present since system admin might not want to publicly expose the server version due to security concerns.

    Other ideas are appreciated.

    enhancement good first issue 
    opened by orhun 0
  • Mitigating the effects of content discovery and fuzzer tools

    Mitigating the effects of content discovery and fuzzer tools

    Even though the names of uploaded files are random, fuzzer utilities can be used to discover content on the server.

    Related questions are:

    • How can rustypaste be affected by such situation?
      • Need a demonstration of fuzzing with rustbuster or a similar tool.
    • Should there be any precautions for preventing this?
      • Implement blocking user-agents for common fuzzer tools (?)
    • Should we do anything?

    I think it is an interesting topic and needs some brainstorming for improving security.

    help wanted question 
    opened by orhun 0
  • Forced download link on MIME override file

    Forced download link on MIME override file

    Hello,

    Is there a way to force the file to be downloaded when a file type has the MIME override enabled for that type? I want to be able to share the link to a file that would play in the browser (like .mp4) but also share a link that will auto-download as well (like with a flag in the URL or something similar). I thought I had seen this feature somewhere in this project but can't seem to find any documentation on it if it does exist.

    Thanks!

    opened by Nbelles 2
  • Is it possible to adapt this to support folders?

    Is it possible to adapt this to support folders?

    Hello,

    I would like to be able to upload folders at a time instead of just individual files. Am curious if there is any capacity/support for such a thing especially because it seems as though you can supply multiple files when using curl.

    Thanks!

    enhancement help wanted 
    opened by Nbelles 6
  • RUSTSEC-2020-0016: `net2` crate has been deprecated; use `socket2` instead

    RUSTSEC-2020-0016: `net2` crate has been deprecated; use `socket2` instead

    opened by github-actions[bot] 1
Releases(v0.8.2)
Owner
Orhun Parmaksız
FOSS developer, @archlinux packager, oxidizing things
Orhun Parmaksız
GitHub
Rust Macro which loads files into the rust binary at compile time during release and loads the file from the fs during dev.

Rust Embed Rust Custom Derive Macro which loads files into the rust binary at compile time during release and loads the file from the fs during dev. Y

Peter 1k Jan 5, 2023
☁ file.AsyncWrite - because THEY wont do it!!!!!! and its in RUST

☁ gm_async_write Simple module that adds file.AsyncWrite and file.AsyncAppend to Garry's Mod. These functions are mostly based off file.AsyncRead and

William 18 Dec 24, 2022
Rust I18n is use Rust codegen for load YAML file storage translations on compile time, and give you a t! macro for simply get translation texts.

Rust I18n Rust I18n is use Rust codegen for load YAML file storage translations on compile time, and give you a t! macro for simply get translation te

Longbridge 73 Dec 27, 2022
Magnesium-Oxide (MGO) a secure file uploader with support for ShareX.

A blazingly fast, ShareX uploader coded in Rust (using actix web) which utilizes AES-256-GCM-SIV to securely store uploaded content.

Magnesium 26 Nov 25, 2022
Proxies all incoming connections to a minecraft server of your choosing, while also logging all ping and login requests to a json file and discord webhook.

minecraft-honeypot Proxies all incoming connections to a minecraft server of your choosing, while also logging all ping and login requests to a json f

Cleo 19 Jan 4, 2023
A command-line tool aiming to upload the local image used in your markdown file to the GitHub repo and replace the local file path with the returned URL.

Pup A command line tool aiming to upload the local image used in your markdown file to the GitHub repo and replace the local file path with the return

SteveLau 11 Aug 17, 2022
A CLI tool for rustypaste

A CLI tool for rustypaste. Installation From crates.io cargo install rustypaste-cli Binary releases See the available binaries on releases page. Build

Orhun Parmaksız 18 Dec 15, 2022
A simple cross-platform remote file management tool to upload and download files over HTTP/S

A simple cross-platform remote file management tool to upload and download files over HTTP/S

sexnine 13 Dec 30, 2022
A simple command line program to upload file or directory to web3.storage with optional encryption and compression

w3s-cli A simple command line program to upload file or directory to web3.storage with optional encryption and compression. Features Uploads single fi

qdwang 5 Oct 22, 2022
pastebin written in pure rust. A rewrite of ptpb/pb.

rspb rust fork of ptpb/pb TL;DR Create a new paste from the output of cmd: cmd | curl -F c=@- https://pb.mgt.moe/ Usage Creating pastes > echo hi | c

mgt 39 Jan 4, 2023
A (self hosted) pastebin for easily sharing text right from the terminal

termpad termpad allows you to easily host a pastebin server for saving and viewing text right from the terminal, or the browser. Client Usage Assuming

Spyros Roum 28 Aug 29, 2022
A sweet n' simple pastebin with syntax highlighting and no client-side code!

sweetpaste sweetpaste is a sweet n' simple pastebin server. It's completely server-side, with zero client-side code. Configuration The configuration w

Lucy 0 Sep 4, 2022
A cli based pastebin in Rust, but very insecure

pasta A cli based pastebin in Rust, but very insecure Use nightly toolchain to build rustup override set nightly When this program is running, you can

Snehit Sah 3 Mar 25, 2022
A place for the community to upload example Scrypto code

community-scrypto A place for the community to upload example Scrypto code. Please fork from main, work out of a sub-directory of your choosing, and t

Radix DLT 80 Dec 13, 2022
A CLI companion tool for paste.misterio.me, allowing you to easily upload and manage your pastes

This is a CLI companion tool for paste.misterio.me, allowing you to easily upload and manage your pastes, as well as download any pastes you want.

Gabriel Fontes 1 Jan 26, 2022
A rust library + CLI tool that tells you when swas will upload new video through complex calculations

A rust library + CLI tool that tells you when swas will upload new video through complex calculations. It also lets you search and play youtube videos of swas and other channels. Searching about youtube channels is also an option. Basically it's a youtube search cli tool written in rust.

midnightFirefly 4 Jun 10, 2022
Super tiny pastebin webapp written in rust.

MicroBin MicroBin is a super tiny and simple self hosted pastebin app written in Rust. The executable is around 6MB and it uses 2MB memory (plus your

Dániel Szabó 1k Jan 1, 2023
A modern and open source twist to classic pastebin sites.

Turbine A modern and open-source twist to classic pastebin sites. What is this? Turbine originally started out as a simple pastebin idea so I could ha

Jay3332 4 Oct 1, 2022
A pastebin that does just enough to be really useful.

Rocket Powered Pastebin (rktpb | paste.rs) A pastebin that does just enough to be really useful. Really fast, really lightweight. Renders markdown lik

Sergio Benitez 8 Nov 29, 2023
A cli tool to automatically download and upload advent of code problems.

Advent of Code CLI CLI client for advent of code. The purpose of this tool is so you don't have to leave your editor while participating (if you are l

Tobias Walle 43 Dec 7, 2023