Repository files navigation

Rustypaste is a minimal file upload/pastebin service.

$echo"some text"> awesome.txt$ curl -F"file=@awesome.txt" https://paste.site.comhttps://paste.site.com/safe-toad.txt$ curl https://paste.site.com/safe-toad.txtsome text

• File upload & URL shortening & upload from URL
  • supports basic HTTP authentication
  • random file names (optional)
    • pet name (e.g.capital-mosquito.txt)
    • alphanumeric string (e.g.yB84D2Dv.txt)
    • random suffix (e.g.file.MRV5as.tar.gz)
  • supports expiring links
    • auto-expiration of files (optional)
    • auto-deletion of expired files (optional)
  • supports one shot links/URLs (can only be viewed once)
  • guesses MIME types
    • supports overriding and blacklisting
    • supports forcing to download via?download=true
  • no duplicate uploads (optional)
  • listing/deleting files
  • custom landing page
• Single binary
  • binary releases
• Simple configuration
  • supports hot reloading
• Easy to deploy
  • docker images
  • appjail images
• No database
  • filesystem is used
• Self-hosted
  • centralization is bad!
• Written in Rust
  • blazingly fast!

cargo install rustypaste

pacman -S rustypaste

rustypaste is available forAlpine Edge. It can be installed viaapk after enabling thecommunity repository.

apk add rustypaste

pkg install rustypaste

See the available binaries on thereleases page.

git clone https://github.com/orhun/rustypaste.gitcd rustypaste/cargo build --release

• shuttle: enable an entry point for deploying on Shuttle
• openssl: use distro OpenSSL (binary size is reduced ~20% in release mode)
• rustls: userustls (enabled as default)

To enable a feature for build, pass--features flag tocargo build command.

For example, to reuse the OpenSSL present on a distro already:

cargo build --release --no-default-features --features openssl

cargotest -- --test-threads 1

./fixtures/test-fixtures.sh

The standalone command line tool (rpaste) is availablehere.

functionrpaste() {  curl -F"file=@$1" -H"Authorization: <auth_token>""<server_address>"}

* consider reading authorization headers from a file. (e.g.-H @rpaste_auth)

# upload a file$ rpaste x.txt# paste from stdin$ rpaste -

$ curl -F"file=@x.txt" -H"expire:10min""<server_address>"

supported units:

• nsec,ns
• usec,us
• msec,ms
• seconds,second,sec,s
• minutes,minute,min,m
• hours,hour,hr,h
• days,day,d
• weeks,week,w
• months,month,M
• years,year,y

$ curl -F"oneshot=@x.txt""<server_address>"

$ curl -F"oneshot_url=https://example.com""<server_address>"

$ curl -F"url=https://example.com/some/long/url""<server_address>"

$ curl -F"remote=https://example.com/file.png""<server_address>"

Configure[paste].delete_expired_files to set an interval for deleting the expired files automatically.

On the other hand, following script can be used ascron for cleaning up the expired files manually:

#!/bin/env shnow=$(date +%s)find upload/ -maxdepth 2 -type f -iname"*.[0-9]*"|whileread -r filename;do["$((${filename##*.}/1000- "${now}"))"-lt 0 ]&& rm -v"${filename}"done

Setdelete_tokens array inconfig.toml to activate theDELETE endpoint and secure it with one (or more) auth token(s).

$ curl -H"Authorization: <auth_token>" -X DELETE"<server_address>/file.txt"

TheDELETE endpoint will not be exposed and will return404 error ifdelete_tokens are not set.

The generation of a random filename can be overridden by sending a header calledfilename:

curl -F"file=@x.txt" -H"filename: <file_name>""<server_address>"

To start the server:

$ rustypaste

If the configuration file is not found in the current directory, specify it viaCONFIG environment variable:

$ CONFIG="$HOME/.rustypaste.toml" rustypaste

To enable basic HTTP auth, set theAUTH_TOKEN environment variable (via.env):

$echo"AUTH_TOKEN=$(openssl rand -base64 16)"> .env$ rustypaste

There are 2 options for setting multiple auth tokens:

• Via the array field[server].auth_tokens in yourconfig.toml.
• Or by writing a newline separated list to a file and passing its path to rustypaste viaAUTH_TOKENS_FILE andDELETE_TOKENS_FILE respectively.

If neitherAUTH_TOKEN,AUTH_TOKENS_FILE nor[server].auth_tokens are set, the server will not require any authentication.

Exception is theDELETE endpoint, which requires at least one token to be set. Seedeleting files from server for more information.

Seeconfig.toml for configuration options.

Setexpose_list to true inconfig.toml to be able to retrieve a JSON formatted list of files in your uploads directory. This will not include oneshot files, oneshot URLs, or URLs.

$ curl"http://<server_address>/list"[{"file_name":"accepted-cicada.txt","file_size":241,"expires_at_utc":null}]

This route will require anAUTH_TOKEN if one is set.

It is possible to use an HTML form for uploading files. To do so, you need to update two fields in yourconfig.toml:

• Set the[landing_page].content_type totext/html; charset=utf-8.
• Update the[landing_page].text field with your HTML form or point[landing_page].file to your html file.

For an example, seeexamples/html_form.toml

Following command can be used to run a container which is built from theDockerfile in this repository:

$ docker run --rm -d \  -v"$(pwd)/upload/":/app/upload \  -v"$(pwd)/config.toml":/app/config.toml \  --env-file"$(pwd)/.env" \  -e"RUST_LOG=debug" \  -p 8000:8000 \  --name rustypaste \  orhunp/rustypaste

• uploaded files go into./upload (on the host machine)
• set theAUTH_TOKEN via-e or--env-file to enable auth

You can build this image usingdocker build -t rustypaste . command.

If you want to run the image usingdocker compose, simply rundocker-compose up -d. (seedocker-compose.yml)

Example server configuration with reverse proxy:

server {listen80;location/{proxy_pass                         http://localhost:8000/;proxy_set_header Host$host;proxy_set_header X-Forwarded-For$remote_addr;proxy_set_header X-Forwarded-Proto$scheme;add_header X-XSS-Protection"1; mode=block";add_header X-Frame-Options"sameorigin";add_header X-Content-Type-Options"nosniff";    }}

If you get a413 Request Entity Too Large error during upload, set the max body size innginx.conf:

http {# ...client_max_body_size100M;}

• dbohdan/ferripaste - Alternative rustypaste CLI client
• rukh-debug/droidypaste - Android client built with React Native and Expo
• rukh-debug/rustypaste-gui.sh - Linux's Minimal GUI client powered by zenity

Pull requests are welcome!

Consider submitting your ideas viaissues first and check out theexisting issues.