0bin icon indicating copy to clipboard operation
0bin copied to clipboard
verified publisher icon Tygs

just a feedback with my wishlist. hope it's useful

Open dl9sau opened this issue 9 years ago • 1 comments

Just a feedback for 0bin with problems I stumbled over, how I solved, and what I'm missing. Thank you for that nice software.

Applied patches

  • https://github.com/sametmax/0bin/pull/95
  • https://github.com/sametmax/0bin/pull/99
  • https://github.com/sametmax/0bin/pull/89

Recommendation: chown www-data 0bin/zerobin/content; chmod 700 0bin/zerobin/content

My changes

  • expiry DURATIONS = { 
    •   '1_min': 60,

    •   '10_min': 600,

    •   '1_hour': 3600,

    •   '10_hours': 36000,
 '1_day': 24 \* 3600,

    •    '3_days': 3 \* 24 \* 3600,

    •    '1_week': 7 \* 24 \* 3600,
 '1_month': 30 \* 24 \* 3600,
 'never': 365 \* 24 \* 3600 \* 100,

Problems

  • with WSGI, URLs are not relative to the alias ->
    • 0bin/paste becomes /paste => needed to add WSGIScriptAlias /paste /srv/www/0bin/zerobin/app.wsgi/paste WSGIScriptAlias /static /srv/www/0bin/zerobin/app.wsgi/static
    • home (click top left on "0bin.net") becomes / -> leaves 0bin and goes to the webserver root -> commented that url out
    • "New paste" button: becomes / -> leaves 0bin and goes to the webserver root
  • problems with 0bin/pull/99 (Add support for more binary file types (audio, video and other binaries)):
    • pictures are ok. An audio file I tested did not work. PDF, odt, tar pastes raw (after heavy CPU load by the browser)
    • download button appears twice in a line, the left one has the correct URL for the image file; the right one (which is always present, text or binary) is pointing to / (-> in my config, I leave 0bin and land on my webserver-root) => this original download button does not work.
    • google chrome and safari on (an old) IOS do the download of a picture flawlessly.
    • osx: firefox eats the filename-suffix on download.
    • android: firefox tends to segfault. another browser also eats the filename-suffix. chrome did not work (but this may be a security setting I did)
    • would have contacted author xdarklight but did not found how..

Does not work:

  • zerobin/cmd.py -> now using apache2 with WSGIDaemonProcess, WSGIScriptAlias /0bin ...zerobin/app.wsgi with zerobin/app.wsgi: import os, sys ZEROBIN_PARENT_DIR = os.path.dirname(os.path.dirname(file)) sys.path.insert(0, ZEROBIN_PARENT_DIR) from zerobin.routes import get_app

My todo: make CSP config work, i.E. Header set Content-Security-Policy "default-src 'none'; script-src 'unsafe-inline'; style-src 'unsafe-inline'; img-src 'self'

Feature request:

  • upload all file types (esp. pdf; pdf preview would be nice)
  • store data on the server in binary form (saves hd space)
  • burn after reading: counter for n times.
  • optionaly (user defined on upload) save and show IPv4/IPv6 addresses and timestamps when a file was downloaded (-> transparency, if something suspicious has happened before)
  • delete button for being able to remove a paste before expiry

dl9sau avatar Jun 10 '16 07:06 dl9sau

Than for your feed back. There are a lot of things here, so I think they will be splitted into seperate issues.

sametmax avatar Jun 10 '16 14:06 sametmax