tygs / 0bin Goto Github PK
View Code? Open in Web Editor NEWClient side encrypted pastebin
Home Page: https://0bin.net
License: Do What The F*ck You Want To Public License
Client side encrypted pastebin
Home Page: https://0bin.net
License: Do What The F*ck You Want To Public License
As there is an Upload File feature, it would be nice to have a Save to File link that will return the paste contents as an Attachment type that can be directly saved to disk.
I haven't seen any configuration options related to the encryption, but the key generation seems to have a flaw. For a new install, I'm seeing some very weak keys:
eg: /paste/5sj4iLKv#TiBsOr+N
The generated keys should always be 256-bit values.
Wouldn't that be cool if we could paste a bin via a JSON request ? I personnaly need that for a script that periodically logs information from a webgame.
The user puts directly the text to paste in the request, and the type of expiration. 0bin answers the URL where to get the bin pasted.
If you want to prevent flooding, you could forbid the bin pasted via JSON to have the expiration "Never".
Current behavior.js seem to use sjcl.encrypt(key, content)
with no extra parameters and sjcl code (which seem to match the code in minified version - same default-parameters line can be found there: {v:1,iter:1E3,ks:128,ts:64,mode:"ccm",adata:"",cipher:"aes"}
) uses standard AES as in "Rijndael with 128-bit block size" (in CCM mode plus PBKDF2 with 1k iterations for key).
Yet all docs seem to advertise that AES256 is used instead, I'm confused.
Am I reading the code or docs wrong?
If not, maybe it'd be better to either correct documentation or change the cipher actually used (might be more difficult, as it will break all previous pastes)?
If you click on "clone" right now, the texarea does not received a copy of the paste in order to save it.
In python
It will prevent the UI from blocking and should feel faster.
Also, we should start processing the paste before the page rendering (as soon as we got the paste data available), and send events to update the progress bar. The main thread, when dom is ready, will hook on those events and be avaible to udate the css class accordingly.
Would be fine to have more options of Expiration (e.g. 1 week). Probably it would also be possible to define a number of requests after it should burn.
Thank you Guys!
Cheers
Google url shortener has been mention has a better alternative with https hosted site. But is.id is a more neutral provider.
Been able to use both should be possible but setting it in the configuration file.
sometimes we notice a problem of encoding the url when sending mail, spaces are not encoded
I go to a URL containing a pastebin. The text appears correctly.
I click on the link "copy to clipboard". The blue text "The paste is now in your clipboard" appears above.
I switch to any text editor application, I use the "Edit->Paste" function. The pasted text is not the one of the pastebin. It is the one I precedently copied.
The text can still be manually selected, then copy-pasted. But that is less user-friendly.
My system informations
Windows XP Ultimate Edition 7
Service Pack 3
Firefox version
16.0.1
Flash version
WIN 11,4,402,287
(I also got the same bug on a PC with Chrome. Haven't the precise system info of this one).
Would be nice to be able to quickly send an email through the user's email client. eg. mailto:[email protected]?subject=encrypted_message&body=http://0bin.net/paste/xxxx
Using the paste event : http://jsfiddle.net/vdNFR/
It will be good idea to implement a function to download the current paste and other to download all the pastes that are in the LocalStorage. Regards.
Hi. I set MAX_SIZE = 1024_5000, which is 5M. And one 2.6M image(1280x720) was uploaded. On the server, the encrypted file was 2.2M. It's quite OK. But when I view it, it's resized to 1024_576 to fit 'paste-form'. The downloaded size is 922KB, but the whole page size is around 2.2M, which means the real image existed.
So, how can I view the original size of image after decryption?
Best regards.
Use the FileReader API and Canvas to too big images before uploading them.
var file = YOUR_FILE,
fileType = file.type,
reader = new FileReader();
reader.onloadend = function() {
var image = new Image();
image.src = reader.result;
image.onload = function() {
var maxWidth = 960,
maxHeight = 960,
imageWidth = image.width,
imageHeight = image.height;
if (imageWidth > imageHeight) {
if (imageWidth > maxWidth) {
imageHeight *= maxWidth / imageWidth;
imageWidth = maxWidth;
}
}
else {
if (imageHeight > maxHeight) {
imageWidth *= maxHeight / imageHeight;
imageHeight = maxHeight;
}
}
var canvas = document.createElement('canvas');
canvas.width = imageWidth;
canvas.height = imageHeight;
var ctx = canvas.getContext("2d");
ctx.drawImage(this, 0, 0, imageWidth, imageHeight);
// The resized file ready for upload
var finalFile = canvas.toDataURL(fileType);
}
}
reader.readAsDataURL(file);
When I choosed "never" for the expiration time, "Expire the 07/21/2112" was displayed.
When some people give you links to their paste, it could be good to save them to the localStorage.
The other thing here is that expired link doesn't disappear automatically, you must to click on them. It could be nice to keep the expiration date and remove them automatically from the localStorage.
Hello, everybody
I need a little bit help :)
I want to edit the template of 0bin
I want to add paste URL (that was just created) in the template, like it was in zerobin.
For example:
http://img819.imageshack.us/img819/9081/97033196.png
How I understand, I should edit PASTE.TPL and add something :) after
{{ paste.content }}
But I can't load url,
I try to load {{ paste_url }}, but there is a lot of errors.
Help me to make this :)
Why use Bootstrap if you're not going to make it scale properly? Would be nice if this was responsive so it worked on a phone, too.
Add more expiration options
eg: 5 minutes, 10 minutes, 1h, 1d, 1w, 1m, 6m, 1y
Hello,
not sure it's the right place for that but anyway,
In the FAQ (http://0bin.net/faq/), it's advised to use truecrypt for volume/files encryption.
This should be changed to whatever still works (https://prism-break.org/en/all/#disk-encryption) !
Cheers, and thanks a lot for having put new work on zerobin !
Can it be done without requiring Flash?
Removing "at" and "the" plus fixing the size of the li should clean it.
Hello,
First of all thanks for your great job, for some reasons I decided to run zerobin behind uwsgi and nginx, so my configurations are:
[uwsgi]
plugins = python
chdir = /usr/local/lib/python2.7/dist-packages/zerobin
module = zerobin.app
callable = application
and
server {
listen 80;
server_name 0bin.asis.io;
location /favicon.ico {
root /usr/share/nginx/www/static/img;
}
location /static/ {
root /usr/share/nginx/www/;
gzip on;
gzip_http_version 1.0;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_buffers 16 8k;
# Disable gzip for certain browsers.
gzip_disable ~@~\MSIE [1-6].(?!.*SV1)~@~];
expires modified +90d;
}
location / {
include uwsgi_params;
uwsgi_pass unix:/var/run/uwsgi/app/0bin/socket;
}
but i found that the url scheme has changes to very short one like this: http://0bin.asis.io/paste/s6yASlw-#QeQMXOZi
In the previous state the url was long like http://0bin.asis.io/paste/hlqLJInB#Z1ajbGd7qWkrJZdUv76pMgqCqjkpxW75QR4k94G1AyY=
Can you help me to understand this problem? Is it a security issue? How can i fix this? Or just I have to ignore it?
thanks a lot
_factoreal
Subject says it all.. I have installed 0bin have it running and now am attempting to increase the size of the uploads to ??? (I have 512mb set on my php based zerobin server with the file addition and am testing all kinds of file sizes on that. 0Bin is a bit more attractive right now because of the better features(for now) :)
So how to increase file upload limits?
interested 0bin operator wants to know
Hi, my idea is to create a user register service to have later the possibility to edit the paste and store all his pastes.
Implement a button to get a one use URL to a paste. This way you can give the URL to somebody and it redirect to the right URL, and destroy itselft.
This allow permanent paste to be shared without worring about the permalink being in stored in webservices database such as gmail, facebook, etc.
If you create a paste that isn't recognized as a programming language, the following message is displayed:
The paste didn't not seem to be code, so it was not colorized.
There is also multiple fixes required in the FAQ
Add the ability for a user to delete a paste using a single-use token link or cookie.
I am curious if there is a way to allow 0bin be run behind a web server at a non-root path, e.g.: http://example.com/path/to/0bin
I've been toying with Apache with mod_proxy and mod_wsgi, and I keep getting errors with wanting to load resources from '/' (like /static or /create) when the server path is not at '/' but at some other location.
Since we have base64-like encoding shorter urls(#42), I perform Crockford's Base32 encoding which is more human readable in case of you write it down.
it seems that http://0bin.net/ now points to a discourse instance. is that intentional? if so maybe the readme file should be updated to point to other sample sites...
Perfect source, thanks, sametmax and Natim also ;)
More ideas:
It's a month off or so. The calculation should be:
3600_24_365
On a computer used by several persons, you may want to remove entry without flushing the whole browser cache.
A delete button on top of the visual hash on hover could do the trick
For now, we just use python/bottle to get the content and stock it on files.
It might be much better to call the daybed api to handle that.
From an out of the box Debian 7 installation.
Install with Pip:
~/install/install036-zerobin$ sudo pip install zerobin
Downloading/unpacking zerobin
Downloading zerobin-0.3.tar.gz (207Kb): 207Kb downloaded
Running setup.py egg_info for package zerobin
warning: no files found matching '*.tx'
warning: no files found matching '*.jpg' under directory 'zerobin'
warning: no files found matching '*.gif' under directory 'zerobin'
Downloading/unpacking cherrypy (from zerobin)
Downloading CherryPy-3.2.4.tar.gz (424Kb): 424Kb downloaded
Running setup.py egg_info for package cherrypy
Downloading/unpacking bottle (from zerobin)
Downloading bottle-0.11.6.tar.gz (60Kb): 60Kb downloaded
Running setup.py egg_info for package bottle
Downloading/unpacking clize (from zerobin)
Downloading clize-2.2.tar.gz
Running setup.py egg_info for package clize
Downloading/unpacking privilege (from zerobin)
Downloading privilege-1.1.tar.gz
Running setup.py egg_info for package privilege
Installing collected packages: bottle, cherrypy, clize, privilege, zerobin
Running setup.py install for bottle
changing mode of build/scripts-2.6/bottle.py from 644 to 755
changing mode of /usr/local/bin/bottle.py to 755
Running setup.py install for cherrypy
changing mode of build/scripts-2.6/cherryd from 644 to 755
changing mode of /usr/local/bin/cherryd to 755
Running setup.py install for clize
Running setup.py install for privilege
Running setup.py install for zerobin
warning: no files found matching '*.tx'
warning: no files found matching '*.jpg' under directory 'zerobin'
warning: no files found matching '*.gif' under directory 'zerobin'
Installing zerobin script to /usr/local/bin
Successfully installed bottle cherrypy clize privilege zerobin
Cleaning up...
Run:
~/install/install036-zerobin$ zerobin
Traceback (most recent call last):
File "/usr/local/bin/zerobin", line 9, in <module>
load_entry_point('zerobin==0.3', 'console_scripts', 'zerobin')()
File "/usr/lib/python2.6/dist-packages/pkg_resources.py", line 305, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python2.6/dist-packages/pkg_resources.py", line 2244, in load_entry_point
return ep.load()
File "/usr/lib/python2.6/dist-packages/pkg_resources.py", line 1954, in load
entry = __import__(self.module_name, globals(),globals(), ['__name__'])
File "/usr/local/lib/python2.6/dist-packages/zerobin/routes.py", line 23, in <module>
import clize
File "/usr/local/lib/python2.6/dist-packages/clize.py", line 27, in <module>
from collections import namedtuple, OrderedDict
ImportError: cannot import name OrderedDict
Boom...
Need to be careful with links in and to void copying additional to clipboard.
Bonjour,
Il serait intéressant de garder le même format entre Zerobin et 0bin.
Afin de laisser le choix du conteneur (Php ou Python) et être indépendant
des données affichées.
A+
See #39 for context.
From #23.
We could make the comments this way :
javascript only
paginated using javascript
pluggable (so one may use disqu he he wants to spare his server, we should be able to encrypt / decrypt these on the fly)
Not going to implement this anytime soon, but would accept PR.
A download button to see the paste as raw.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.