105 lines
2.9 KiB
Markdown
105 lines
2.9 KiB
Markdown
# spasteg
|
|
|
|
A secure, self-hostable "burn after reading" paste service with ephemeral storage written in [Gleam](https://gleam.run).
|
|
|
|
## Features
|
|
|
|
- Deletes pastes after they are viewed
|
|
- Data is stored only in memory
|
|
- No user accounts needed
|
|
- Easy to run yourself
|
|
- Fast and reliable
|
|
- Written in Gleam (type-safe)
|
|
|
|
## Architecture
|
|
|
|
| Component | Description |
|
|
| ------------ | -------------------------------------------------------------------------------- |
|
|
| Backend/Core | Gleam (type-safe language built upon the BEAM) |
|
|
| Web | Wisp framework + Mist HTTP server |
|
|
| Frontend | Lustre for HTML rendering |
|
|
| Storage | In-memory only (no persistence) |
|
|
| Security | AES-256-GCM client-side encryption, CSRF tokens, rate limiting, security headers |
|
|
|
|
## Configuration
|
|
|
|
### SECRET_KEY_BASE (Required for Production)
|
|
|
|
The application uses a secret key base for signing cookies and security tokens.
|
|
|
|
You **must** set this for production deployments to ensure security and session persistence across restarts.
|
|
|
|
```bash
|
|
# Generate a secure key (48 bytes of random data)
|
|
export SECRET_KEY_BASE=$(openssl rand -base64 48)
|
|
|
|
# Or set it manually
|
|
export SECRET_KEY_BASE="your-secret-key-here"
|
|
```
|
|
|
|
**⚠️ Warning**: If not set, a temporary key will be generated on each startup. This:
|
|
|
|
- Invalidates all existing user sessions/cookies after restart
|
|
- Reduces security (new key generated each time)
|
|
- Generates a warning in the logs
|
|
|
|
For development, you can use:
|
|
|
|
```bash
|
|
SECRET_KEY_BASE=dev gleam run
|
|
```
|
|
|
|
## How to run
|
|
|
|
### Development
|
|
|
|
```bash
|
|
# Clone and build
|
|
git clone https://git.kharec.info/Kharec/spasteg.git
|
|
cd spasteg
|
|
gleam run
|
|
```
|
|
|
|
The server starts on <http://localhost:3000>.
|
|
|
|
Note: you can run tests with `gleam test`.
|
|
|
|
### Production
|
|
|
|
Production environment is meant to be run via Docker.
|
|
|
|
You can build the Docker image with:
|
|
|
|
```bash
|
|
docker build -t spasteg .
|
|
```
|
|
|
|
Then run the container with:
|
|
|
|
```bash
|
|
# Generate a secure key
|
|
docker run -p 3000:3000 -e SECRET_KEY_BASE=$(openssl rand -base64 48) spasteg
|
|
```
|
|
|
|
Or use a custom port:
|
|
|
|
```bash
|
|
docker run -p 8080:3000 -e SECRET_KEY_BASE=$(openssl rand -base64 48) -e PORT=3000 spasteg
|
|
```
|
|
|
|
The container exposes port 3000 and runs as a non-root user with a health check configured.
|
|
|
|
## Usage
|
|
|
|
1. Visit `http://localhost:3000`
|
|
2. Enter your text in the form
|
|
3. Click "Create Paste"
|
|
4. Share the generated URL
|
|
5. The paste auto-destructs after first access
|
|
|
|
Note: the creator cannot see their post with the copied link (except in private browsing) - it would be burned immediately.
|
|
|
|
## License
|
|
|
|
This project is licensed under the GNU General Public License v3.0 or later (GPLv3+). See the [LICENSE](LICENSE) file for details.
|