mirror
/
0bin
mirror of https://github.com/Tygs/0bin.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'v2'

This commit is contained in:
ksamuel 2020-08-18 14:38:46 +02:00
parent ea3ee454b6 fab8f31064
commit 0b1fad5a2b
22 changed files with 216 additions and 1385 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
.gitignore vendored
View File

@ -7,8 +7,7 @@
*_index
*.orig
*.swp
.* # all hidden files...
!.gitignore # ...except gitignore
# binaries
@ -16,25 +15,30 @@
*.pyo
__pycache__
.mypy*
*.db
/tools/zerobinpaste.js
/tools/zerobinpaste.min
/tools/zerobinpaste
# files generated by setuptools
# build and env
build
0bin
env
venv
*.egg-info
dist
*.tar.gz
*.egg
*.in
# others
content
# IDE
*.sublime-project
*.sublime-workspace
settings_local.py
build
*-workspace
*_old*
.vscode
var
# JS
package-lock.json
node_modules

23
compress.sh
View File

@ -1,22 +1,20 @@
#! /bin/bash
command -v "yui-compressor" >/dev/null 2>&1 || {
echo >&2 "Error: this script requires the command 'yui-compressor' to be available"
python -c "import scss" || {
echo >&2 "Error: this script requires the scss python module. pip install -r dev-requirements.txt"
exit 1
}
command -v "uglifyjs" >/dev/null 2>&1 || {
echo >&2 "Error: this script requires the command 'uglifyjs' to be available"
echo >&2 "Error: this script requires the command 'uglifyjs' to be available."
exit 1
}
CURDIR=$(dirname $(readlink -f $0))
STATICDIR=$CURDIR'/zerobin/static/'
CSSDIR=$STATICDIR'css/'
JSDIR=$STATICDIR'js/'
CSSDIR=$CURDIR'/zerobin/static/css/'
JSDIR=$CURDIR'/zerobin/static/js/'
MAIN_JS_OUTPUT=$JSDIR"main.min.js"
ADDITIONAL_JS_OUTPUT=$JSDIR"additional.min.js"
CSS_OUTPUT=$CSSDIR"style.min.css"
cat /dev/null >$CSS_OUTPUT
@ -24,16 +22,19 @@ cat /dev/null >$CSS_OUTPUT
echo "Compressing CSS..."
echo $'\n''/* Prettify */' >>$CSS_OUTPUT
cat $CSSDIR'prettify.css' >>$CSS_OUTPUT
python -m scss $CSSDIR'prettify.css' >>$CSS_OUTPUT
rm $CSSDIR'prettify.min.css'
echo $'\n''/* Desert prettify theme */' >>$CSS_OUTPUT
cat $CSSDIR'desert.css' >>$CSS_OUTPUT
python -m scss $CSSDIR'desert.css' >>$CSS_OUTPUT
rm $CSSDIR'desert.min.css'
echo $'\n''/* Bootswatch bootstrap theme */' >>$CSS_OUTPUT
yui-compressor $CSSDIR'bootswatch.4.5.css' >>$CSS_OUTPUT
python -m scss $CSSDIR'bootswatch.4.5.css' >>$CSS_OUTPUT
rm $CSSDIR'bootswatch.4.5.min.css'
echo $'\n''/* Our own CSS */' >>$CSS_OUTPUT
yui-compressor $CSSDIR'style.css' >>$CSS_OUTPUT
python -m scss $CSSDIR'style.css' >>$CSS_OUTPUT
echo "Compressing JS..."

2
dev-requirements.txt Normal file
View File

@ -0,0 +1,2 @@
doit==0.32.0
pyScss==1.3.7

46
dodo.py Normal file
View File

@ -0,0 +1,46 @@
from pathlib import Path
import zerobin
ROOT = Path(__file__).absolute().parent
SOURCE_DIR = ROOT / "zerobin/"
DIST_DIR = ROOT / "dist"
def source_files(extensions=None):
extensions = extensions or [".*"]
for ext in extensions:
for file in SOURCE_DIR.rglob(f"*{ext}"):
if (
not file.suffix.endswith("pyc")
and not file.is_dir()
and not "/." in str(file)
):
yield file
def generate_manifest():
extensions = " ".join(set(f"*{f.suffix}" for f in source_files()))
(ROOT / "MANIFEST.in").write_text(f"recursive-include zerobin {extensions}")
def task_compress():
return {
"targets": [
str(SOURCE_DIR / "static/js/main.min.js"),
str(SOURCE_DIR / "static/css/style.min.css"),
],
"file_dep": list(str(f) for f in source_files([".css", ".js"])),
"actions": [str(ROOT / "compress.sh")],
}
def task_build():
return {
"targets": [DIST_DIR / f"zerobin-{zerobin.__version__}-py3-none-any.whl"],
"file_dep": list(str(f) for f in source_files() if ".min." not in str(f)),
"actions": [task_compress, generate_manifest, "python setup.py bdist_wheel",],
}

8
requirements.txt
View File

@ -1,8 +0,0 @@
clize==4.1.1
lockfile==0.12.2
sigtools==2.0.2
bottle==0.12.18
Beaker==1.11.0
Paste==3.4.3
appdirs==1.4.4
bleach==3.1.5

BIN
screenshot.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 122 KiB

After

Width:  |  Height:  |  Size: 41 KiB

1
setup.cfg
View File

@ -15,7 +15,6 @@ packages = find:
install_requires =
clize==4.1.1
lockfile==0.12.2
sigtools==2.0.2
bottle==0.12.18
Beaker==1.11.0
Paste==3.4.3

25
tools/Makefile
View File

@ -1,25 +0,0 @@
zerobinpaste: zerobinpaste.js commander.js ../zerobin/static/js/sjcl.js ../zerobin/static/js/lzw.js
echo '#!/usr/bin/env node' > zerobinpaste
cat commander.js ../zerobin/static/js/sjcl.js ../zerobin/static/js/lzw.js >> zerobinpaste
cat zerobinpaste.js >> zerobinpaste
chmod +x zerobinpaste
ugly: zerobinpaste
uglifyjs=$$(PATH="$$(npm bin):$$PATH" which uglifyjs 2>/dev/null) \
|| { npm install uglify-js; uglifyjs=$$(PATH="$$(npm bin):$$PATH" which uglifyjs); } \
&& sed -i 1d zerobinpaste \
&& $${uglifyjs} -o zerobinpaste.min zerobinpaste \
&& echo '#!/usr/bin/env node' > zerobinpaste \
&& cat zerobinpaste.min >> zerobinpaste \
&& chmod +x zerobinpaste
clean:
rm -f zerobinpaste{,.js,.min}
zerobinpaste.js: zerobinpaste.coffee
coffee=$$(PATH="$$(npm bin):$$PATH" which coffee 2>/dev/null) \
|| { npm install coffee-script; coffee=$$(PATH="$$(npm bin):$$PATH" which coffee); } \
&& $$coffee -c zerobinpaste.coffee
.PHONY: uglify

1118
tools/commander.js
View File

File diff suppressed because it is too large Load Diff

145
tools/zerobinpaste.coffee
View File

@ -1,145 +0,0 @@
program
.version('0.0.1')
.usage('[options] [ file ... ]\n\n' + ' Paste contents of file(s) or stdin to 0bin site.')
.option('-u, --url [url]', 'URL of a 0bin site.')
.option('-e, --expire [period]',
'Expiration period - one of: 1_view, 1_day (default), 1_month, never.', '1_day')
.option('-k, --entropy [bytes]',
'Encryption key entropy (and hence length) to use,'\
+ ' in bytes (default: 32).\n'\
+ ' That key will be processed by 1000 pbkdf2-sha256 iterations, not used as-is.', 32)
.option('-c, --config [path]',
'Path to zerobin configuration file (default: ~/.zerobinpasterc).\n'\
+ ' Should be json-file with the same keys as can be specified on the command line.\n'\
+ ' Example contents: {"url": "http://some-0bin.com"}', '~/.zerobinpasterc')
.option('-n, --nocheck', 'do not check SSL certs.')
.parse(process.argv);
[http, https, url, qs, fs, path] = ['http', 'https', 'url', 'querystring', 'fs', 'path'].map(require)
# Parse config file, if any
config = program.config.replace(/^~\/+/, '')
config = path.resolve(process.env.HOME, config)
try
if fs.statSync(config).isFile()
config = JSON.parse(fs.readFileSync(config))
(program[k] = v) for own k, v of config
# Sanity checks and option processing
if not program.url
console.error('ERROR: URL option must be specified.')
process.exit(1)
if program.expire == '1_view'
# "burn_after_reading" is too damn long for cli
program.expire = 'burn_after_reading'
expire_opts = ['burn_after_reading', '1_day', '1_month', 'never']
if program.expire not in expire_opts
console.error(
"ERROR: --expire value (provided: '#{program.expire}')"\
+ ' must be one of: ' + expire_opts.join(', ') + "." )
process.exit(1)
program.entropy = parseInt(program.entropy)
# Generated key will use base64 (6b per char) charset
# Key is not decoded for pbkdf2, so it's generated via base64 here just for convenience
generate_key = (entropy) ->
entropy = Math.ceil(entropy / 8.0) * 8
key = sjcl.bitArray.clamp(
sjcl.random.randomWords(Math.ceil(entropy / 32), 0), entropy )
return sjcl.codec.base64.fromBits(key, 0).replace(/\=+$/, '').replace(/\//, '-')
# Paste one dump and print URL, optionally prefixed with name
paste_file = (content, name) ->
content = sjcl.codec.utf8String.toBits(content)
content = sjcl.codec.base64.fromBits(content)
# content = lzw.compress(content)
key = generate_key(program.entropy)
content = sjcl.encrypt(key, content)
content = qs.stringify
content: content
expiration: program.expire
# host.com -> http://host.com
if not program.url.match(/^https?:\/\//)
program.url = 'http://' + program.url.replace(/^\/+/, '')
proto = http
if program.url.match(/^https:\/\//)
proto = https
req_opts = url.parse(program.url)
req_opts.method = 'POST'
req_opts.headers =
'Content-Type': 'application/x-www-form-urlencoded'
'Content-Length': content.length
req_url_base = req_opts.path
.replace(/\/paste\/create\/?$/, '').replace(/\/+$/, '')
req_opts.path = req_url_base + '/paste/create'
if program.nocheck
req_opts.rejectUnauthorized = false
req = proto.request req_opts, (res) ->
req_reply = ''
res.setEncoding('utf8')
res.on 'data', (chunk) -> req_reply += chunk
res.on 'end', ->
req_reply = JSON.parse(req_reply)
if req_reply.status != 'ok'
console.error("ERROR: failure posting #{name} - " + req_reply.message)
return
req_opts.pathname = req_url_base + '/paste/' + req_reply.paste
req_opts.hash = key
paste = url.format(req_opts)
console.log(if name then "#{name} #{paste}" else paste)
req.write(content)
req.end()
req.on 'error', (e) -> console.error(e)
# Seed sjcl prng from /dev/(u)random
do (bytes=64) ->
for src in ['/dev/urandom', '/dev/random', null]
break if not src or fs.existsSync(src)
if not src
console.error( 'ERROR: Failed to seed PRNG -'\
+ ' /dev/(u)random is unavailable, relying only on sjcl entropy sources' )
return
fd = fs.openSync(src, 'r')
buff = new Buffer(bytes)
fs.readSync(fd, buff, 0, bytes)
fs.closeSync(fd)
sjcl.random.addEntropy(
(buff.readUInt32BE(n) for n in [0..bytes/4]), bytes * 8, src )
# Loop over file args or read stdin
if not program.args or not program.args.length
process.stdin.resume()
process.stdin.setEncoding('utf8')
stdin_data = ''
process.stdin.on 'data', (chunk) -> stdin_data += chunk
process.stdin.on 'end', -> paste_file(stdin_data)
else
for file in program.args
paste_file( fs.readFileSync(file, 'utf8'),
if program.args.length > 1 then path.basename(file) else null )

5
zerobin/routes.py
View File

@ -59,6 +59,11 @@ def index():
def faq():
return GLOBAL_CONTEXT
@app.route("/buy_bitcoin")
@view("buy_bitcoin")
def index():
return GLOBAL_CONTEXT
@app.get(settings.ADMIN_URL)
@app.post(settings.ADMIN_URL)

20
zerobin/static/css/style.css
View File

@ -8,6 +8,10 @@
border: 25px solid red;
}
body {
color: #eee;
}
/* logo */
.brand {
@ -336,6 +340,22 @@ pre {
/* Common css */
#faq {
max-width: 80%;
margin: auto;
}
#buy_bitcoin {
max-width: 80%;
margin: auto;
}
#buy_bitcoin img{
width: 85%;
display: block;
margin: 20px auto;
}
.caret {
border-left: 6px solid transparent;
border-right: 6px solid transparent;

51
zerobin/static/css/style.min.css vendored
View File

File diff suppressed because one or more lines are too long

BIN
zerobin/static/img/binance1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 261 KiB

BIN
zerobin/static/img/binance2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 580 KiB

BIN
zerobin/static/img/binance3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 73 KiB

BIN
zerobin/static/img/binance4.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 16 KiB

BIN
zerobin/static/img/binance5.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 147 KiB

BIN
zerobin/static/img/binance6.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 73 KiB

85
zerobin/views/buy_bitcoin.tpl Normal file
View File

@ -0,0 +1,85 @@
<div class="well" id="buy_bitcoin">
<h1>How To Buy Bitcoin?</h1>
<p></p>
<h4>What is Bitcoin?</h4>
<p>Bitcoin was created by Satoshi Nakamoto, a pseudonymous person or team who outlined the technology in a 2008 white paper. Its an appealingly simple concept: <strong>bitcoin is digital money</strong> that allows for secure peer-to-peer transactions on the internet.
</p>
<p>Unlike services like Venmo and PayPal, which rely on the traditional financial system for permission to transfer money and on existing debit/credit accounts, bitcoin is decentralized: any two people, anywhere in the world, can send bitcoin to each other without the involvement of a bank, government, or other institution.
<p>
Every transaction involving Bitcoin is tracked on the blockchain, which is similar to a banks ledger, or log of customers funds going in and out of the bank. In simple terms, its a record of every transaction ever made using bitcoin.
</p>
<p>
There will only ever be 21 million bitcoin. This is digital money that cannot be inflated or manipulated in any way.
</p>
<p>
It isnt necessary to buy an entire bitcoin: you can buy just a fraction of one if thats all you want or need.
</p>
<h4>Why would I buy Bitcoin?</h4>
<p>Bitcoin is in the news today more than ever. Thanks to skyrocketing prices and rollercoaster dips, everyone and their dogs are interested in learning how to buy and sell Bitcoin. As the most popular form of cryptocurrency, Bitcoin is now widely accepted around the world and has a growing number of applications. If you want to take advantage of that though, you first need to know how to buy Bitcoin and what to do with it when you have.
</p>
<h4>How to buy Bitcoin ?</h4>
<p>The best place to make your first Bitcoin purchase is on an exchange. There are a whole lot of exchanges out there, with varying performance. Some are less trustworthy than others, and some can be quite limited, so its crucial to pick the right exchange in the first place. We recommend using <a href="https://www.binance.com/en/register?ref=CAWS9NNE" title="Buy Bitcoin">Binance</a>, follow the simple guide bellow to buy your first Bitcoins.
</p>
<h6>1. Buy Bitcoin on Binance</h6>
<p>We recommend buying Bitcoins on <a href="https://www.binance.com/en/register?ref=CAWS9NNE" title="Buy Bitcoin">Binance</a> because in terms of volume, it is considered to be the world's leading platform.
In 2019, Binance reports an average trading volume of <strong>$2.8 billion per day</strong>. This platform, launched on July 14, 2017 in Hong Kong, has the advantage of operating with technical assistance 24 hours a day, 7 days a week. Its <strong>CEO Zhao Changpeng</strong>, who has become a billionaire, was featured on the cover of the prestigious Forbes magazine in February 2018.
</p>
<h6>2. How do I register with <a href="https://www.binance.com/en/register?ref=CAWS9NNE" title="Buy Bitcoin">Binance</a> to buy Bitcoin?</h6>
<p>The first step before buying Bitcoin on <a href="https://www.binance.com/en/register?ref=CAWS9NNE" title="Buy Bitcoin">Binance</a> is to register. The user must first select the language in which they want to access the site, then enter a valid email address and finally choose a password.
</p>
<h3 class="text-center"><a href="https://www.binance.com/en/register?ref=CAWS9NNE" title="Buy Bitcoin">Click here to register an account with Binance now!<a></h3>
<img src="/static/img/binance1.png" alt="Register Binance">
<p>For your security, the platform offers you to proceed to the 2FA, also called "Two Step Verification", which consists in logging in with your password and your phone using <a href="https://support.google.com/accounts/answer/1066447?co=GENIE.Platform%3DAndroid">Google Authenticator</a>. Both we and the platform recommend that you delay the purchase of your Bitcoins by opting for this extra layer of security. Binance Academy 2fa available <a href="https://academy.binance.com/tutorials/binance-2fa-guide">here</a>.
</p>
<img src="/static/img/binance2.png" alt="2FA Binance">
<p>The second step is to verify your identity. Indeed, <a href="https://www.binance.com/en/register?ref=CAWS9NNE" title="Buy Bitcoin">Binance</a> is subject to KYC regulations as part of the fight against money laundering and terrorist financing. The platform will ask you whether or not you reside in China, before moving on to other personal information (surname, first name, gender, country of residence).
</p>
<img src="/static/img/binance3.png" alt="Verify identity Binance">
<p>Authentication is done by sending the number and a photocopy of both sides of your ID and a photo of you. On this photo, you must show the same ID and a newspaper (or other document) with the current date.
</p>
<img src="/static/img/binance4.png" alt="Verify identity Binance">
<p>The easiest way to get Bitcoin at Binance is to buy it by credit card. To do so, head over to the “Buy Crypto” section on the <a href="https://www.binance.com/en/register?ref=CAWS9NNE" title="Buy Bitcoin">Binance</a> toolbar, and choose the “Buy with Credit Card” option.
</p>
<img src="/static/img/binance6.png" alt="Verify identity Binance">
<p>Select your currency and BTC coin you wish to purchase and enter the amount before clicking "Buy BTC". All you will need to do is enter your bank details and the purchase will be completed.</p>
<img src="/static/img/binance5.png" alt="Verify identity Binance">
<p>Although it is mainly focused on the exchange of cryptomoney, <a href="https://www.binance.com/en/register?ref=CAWS9NNE" title="Buy Bitcoin">Binance</a> is now establishing itself as a very competitive platform for the purchase of cryptomoney by credit card. It is also reassuring because of its reputation, its activity and its ecosystem.</p>
<h4>You're now a part of the future! Congrats!</h4>
<p></p>
<p>Read more about Bitcoins
<br><a href="https://bitcoin.org/en/">Bitcoin.org</a>
</p>
</div>
% rebase("base", settings=settings, pastes_count=pastes_count)

37
zerobin/views/faq.tpl
View File

@ -2,9 +2,10 @@
<h1>FAQ</h1>
<table>
<tr>How does 0bin work?</tr>
<td>
<p></p>
<h4>How does 0bin work?</h4>
<p>A random key is generated and used to encrypt the paste, thanks to
the <a href="http://crypto.stanford.edu/sjcl/">sjcl</a>
JavaScript library.</p>
@ -17,10 +18,10 @@
JavaScript will use it to decrypt the content sent by the server.</p>
<p>The browser never sends the hash to the server, so the latter does not
receives the key at any time.</p>
</td>
<tr>But JavaScript encryption is not secure!</tr>
<td>
<h4>But JavaScript encryption is not secure!</h4>
<p>No, it isn't.</p>
<p>The goal of 0bin is <strong>not</strong> to protect the user and their data
(including, obviously, their secrets).</p>
@ -32,12 +33,12 @@
<p>Remember that as an user, you should use 0bin in the same way as unencrypted and
insecure pastebins - that is, with caution. The only difference with those is that if
you decide to host a 0bin server, the encryption feature hopefully be used as a defense.
This is not proven, though! :-)
This is not proven, though! :-)</p>
<h4>What if the server changes the JavaScript code? And what happens in the case of a <a
href="https://en.wikipedia.org/wiki/Man-in-the-middle_attack">MITM attack</a>?</h4>
</td>
<tr>What if the server changes the JavaScript code? And what happens in the case of a <a
href="https://en.wikipedia.org/wiki/Man-in-the-middle_attack">MITM attack</a>?</tr>
<td>
<p>Read above.</p>
<p>0bin is not built, and does not aim, to protect user data - but rather the host.
If any user data is compromised, 0bin still provides the host with
@ -53,22 +54,20 @@
<p>It would be unlikely for those softwares to fail you. Errors will nearly always come from your side - you
ought to have a perfect <a href="https://en.wikipedia.org/wiki/Operations_security">operations security</a>
if you do not want your data to be leaked. Remember to use your common sense.</p>
</td>
<tr>How did the idea of 0bin emerge?</tr>
<td>
<h4>How did the idea of 0bin emerge?</h4>
<p>0bin is based on <a href="http://sebsauvage.net/wiki/doku.php?id=php:zerobin">sebsauvage's work</a>.
The project sprang as a reaction to <a
href="https://www.zdnet.com/blog/security/pastebin-to-hunt-for-hacker-pastes-anonymous-cries-censorship/11336">the
implementation of a moderation system on Pastebin</a>,
due to the significant amount of illegal content pasted on it, or that it linked to.</p>
</td>
<tr>How can I get 0bin?</tr>
<td>
<h4>How can I get 0bin?</h4>
<p>0bin is an open-source project, and the code is hosted on <a
href="https://github.com/sametmax/0bin">GitHub</a>.
You can either download a tarball or clone the repository.</p>
</td>
</table>
</div>

7
zerobin/wsgi.py
View File

@ -1,3 +1,10 @@
from zerobin.routes import get_app
# Remember you can set the following environment variables to configure
# how get_app() setup the 0bin:
#
# - ZEROBIN_DEBUG =
# - ZEROBIN_DATA_DIR
# - ZEROBIN_CONFIG_DIR
settings, app = get_app()