{"id":28906809,"url":"https://github.com/ryu-ryuk/yoru-pastebin","last_synced_at":"2026-05-23T09:31:01.841Z","repository":{"id":300031607,"uuid":"1003620213","full_name":"ryu-ryuk/yoru-pastebin","owner":"ryu-ryuk","description":" a simple, secure, and ephemeral text sharing platform written in Go ","archived":false,"fork":false,"pushed_at":"2025-07-17T04:36:09.000Z","size":32048,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-30T16:34:02.617Z","etag":null,"topics":["docker","docker-image","go","golang","pastebin","pastebin-api","pastebin-server","pastebin-service"],"latest_commit_sha":null,"homepage":"https://paste.alokranjan.me","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ryu-ryuk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-17T12:21:34.000Z","updated_at":"2025-07-17T04:36:12.000Z","dependencies_parsed_at":"2025-06-19T14:47:17.554Z","dependency_job_id":"57a06404-1a2a-4bd1-89a9-502c5d4906c7","html_url":"https://github.com/ryu-ryuk/yoru-pastebin","commit_stats":null,"previous_names":["ryu-ryuk/yoru-pastebin"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ryu-ryuk/yoru-pastebin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryu-ryuk%2Fyoru-pastebin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryu-ryuk%2Fyoru-pastebin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryu-ryuk%2Fyoru-pastebin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryu-ryuk%2Fyoru-pastebin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ryu-ryuk","download_url":"https://codeload.github.com/ryu-ryuk/yoru-pastebin/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryu-ryuk%2Fyoru-pastebin/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32470879,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-30T13:12:12.517Z","status":"ssl_error","status_checked_at":"2026-04-30T13:12:06.837Z","response_time":57,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","docker-image","go","golang","pastebin","pastebin-api","pastebin-server","pastebin-service"],"created_at":"2025-06-21T15:09:57.457Z","updated_at":"2026-04-30T16:34:19.910Z","avatar_url":"https://github.com/ryu-ryuk.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n\u003ch1 align=\"center\"\u003e\n  \u003cimg src=\"https://raw.githubusercontent.com/ryu-ryuk/yoru-pastebin/main/docs/assets/yoru.png\" width=\"800\" alt=\"Yoru Pastebin Banner\"/\u003e\n  \u003cimg src=\"https://raw.githubusercontent.com/catppuccin/catppuccin/main/assets/misc/transparent.png\" height=\"16\" width=\"0px\"/\u003e\n  \n  \u003cspan style=\"color:#cdd6f4;\"\u003eYoru Pastebin\u003c/span\u003e\n\u003c/h1\u003e\n\n\u003ch6 align=\"center\" style=\"color:#bac2de;\"\u003e\n  A production-grade, security-first pastebin with enterprise features\n\u003c/h6\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/ryu-ryuk/yoru-pastebin/stargazers\"\u003e\u003cimg src=\"https://img.shields.io/github/stars/ryu-ryuk/yoru-pastebin?colorA=1e1e2e\u0026colorB=cba6f7\u0026style=for-the-badge\u0026logo=github\u0026logoColor=cdd6f4\"\u003e\u003c/a\u003e\u003ca href=\"https://github.com/ryu-ryuk/yoru-pastebin/issues\"\u003e\u003cimg src=\"https://img.shields.io/github/issues/ryu-ryuk/yoru-pastebin?colorA=1e1e2e\u0026colorB=f38ba8\u0026style=for-the-badge\u0026logo=github\u0026logoColor=cdd6f4\"\u003e\u003c/a\u003e\u003ca href=\"https://github.com/ryu-ryuk/yoru-pastebin/blob/main/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/License-GPLv3-89b4fa?style=for-the-badge\u0026logo=gnu\u0026logoColor=1e1e2e\u0026colorA=1e1e2e\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Go-1.22+-89b4fa?style=for-the-badge\u0026logo=go\u0026logoColor=white\u0026colorA=1e1e2e\" /\u003e\n  \u003cimg src=\"https://img.shields.io/badge/PostgreSQL-15+-b4befe?style=for-the-badge\u0026logo=postgresql\u0026logoColor=white\u0026colorA=1e1e2e\" /\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Docker-Production-94e2d5?style=for-the-badge\u0026logo=docker\u0026logoColor=white\u0026colorA=1e1e2e\" /\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Traefik-SSL-fab387?style=for-the-badge\u0026logo=traefikmesh\u0026logoColor=white\u0026colorA=1e1e2e\" /\u003e\n  \u003cimg src=\"https://img.shields.io/badge/File%20Storage-Hybrid-94e2d5?style=for-the-badge\u0026logo=files\u0026logoColor=white\u0026colorA=1e1e2e\" /\u003e\n\u003c/p\u003e\n\n\n**A production-grade, security-hardened pastebin service built for teams and organizations.**\n\nYoru Pastebin implements enterprise-grade security, performance optimizations, and production deployment capabilities. Built with Go, PostgreSQL, deployed on GCP with support for hybrid cloud storage.\n\n**Live Demo:** [https://paste.alokranjan.me](https://paste.alokranjan.me)\n\n## Key Features\n\n### Security Architecture\n- **Zero-knowledge encryption** with AES-256-GCM for password-protected pastes\n- **Cryptographically secure ID generation** using Base62 encoding\n- **PBKDF2 key derivation** with bcrypt cost factor 12 for password hashing\n- **Secure file storage** with hash-based paths preventing direct access\n- **Creator session management** with 15-minute expiration for seamless UX\n- **Protected file downloads** requiring authentication for password-protected content\n- **Content Security Policy** headers and XSS protection via Traefik\n- **Rate limiting** (2 requests/second default) and DDoS protection\n- **Automatic expiration** with secure deletion (24-hour default)\n\n### Performance Optimizations\n- **Lazy-loaded syntax highlighting** with 35+ language support\n- **Optimized Go backend** with efficient request handling\n- **PostgreSQL 16** with connection pooling\n- **Multi-stage Docker builds** for minimal image size\n- **Static asset optimization** with proper caching headers\n\n### Production Infrastructure\n- **Multi-replica deployment** with Docker Swarm/Compose\n- **Hybrid file storage** using local volumes and optional AWS S3 (20MB max per file)\n- **PostgreSQL persistence** with volume mounting\n- **Graceful shutdown** handling with 10-second timeout\n- **Health monitoring** and container orchestration\n\n### Developer Experience\n- **RESTful API** for programmatic access\n- **File upload support** with drag-and-drop interface\n- **35+ programming languages** with syntax highlighting\n- **Responsive web interface** with modern catppuccin UI\n- **Comprehensive Makefile** for development workflow\n- **Database migrations** with version control\n\n## Quick Start\n\n### Development Setup\n```bash\n# Clone repository\ngit clone https://github.com/ryu-ryuk/yoru-pastebin.git\ncd yoru-pastebin\n\n# Initialize development environment\nmake setup\n\n# Start application (PostgreSQL + Go server)\nmake run\n\n# Access at http://localhost:8080\n```\n\n### Production Deployment\n```bash\n# Setup production environment\nmake prod-setup\n\n# Deploy with Docker Compose\n./deployment.sh\n\n# Check deployment status  \nmake prod-status\n```\n\n## Documentation\n\n- **[API Reference](docs/API.md)** - Complete API documentation [To be updated]\n- **[Deployment Guide](DEPLOYMENT.md)** - Production deployment instructions [TODO]\n- **[Architecture Overview](docs/architecture.md)** - System design and diagrams [To be updated]\n\n## Configuration\n\n## Configuration\n\n### Core Configuration (`configs/config.toml`)\n\n```toml\n[server]\nport = 8080\n\n[database]\nconnection_string = \"postgres://ryu:pass@localhost:5432/yoru_pastebin?sslmode=disable\"\n\n[paste]\nid_length = 8\ndefault_expiration_minutes = 1440  # 24 hours\nmax_content_size_bytes = 20971520  # 20MB\n\n[security]\nbcrypt_cost = 12\nrate_limit_per_second = 2\n\n[s3]\nbucket = \"your-s3-bucket-name\"\nregion = \"your-aws-region\"\n```\n\n### Environment Variables (`.env`)\n\n```bash\n# Server Configuration\nSERVER_PORT=8080\nBASE_URL=https://paste.alokranjan.me\nENVIRONMENT=production\n\n# Database\nDATABASE_CONNECTION_STRING=postgres://yoru_user:${POSTGRES_PASSWORD}@db:5432/yoru_pastebin?sslmode=require\nPOSTGRES_USER=yoru_user\nPOSTGRES_PASSWORD=secure_password\nPOSTGRES_DB=yoru_pastebin\n\n# AWS S3 Storage\nAWS_REGION=us-east-1\nAWS_ACCESS_KEY_ID=your_access_key\nAWS_SECRET_ACCESS_KEY=your_secret_key\nAWS_S3_BUCKET=yoru-pastebin-files\n\n# Security \u0026 Rate Limiting\nRATE_LIMIT_ENABLED=true\nRATE_LIMIT_REQUESTS_PER_MINUTE=60\n\n# TLS Configuration\nTLS_CERT_EMAIL=your-email@domain.com\n```\n\n## Architecture\n### Production Infrastructure\n```mermaid\ngraph TB\n\n    %% define graph nodes\n    subgraph \"Load Balancer \u0026 SSL\"\n        LB[Traefik v2.10\u003cbr/\u003eSSL Termination\u003cbr/\u003eRate Limiting]\n    end\n\n    subgraph \"Application Layer\"\n        LB --\u003e APP1[Yoru 1\u003cbr/\u003e]\n        LB --\u003e APP2[Yoru 2\u003cbr/\u003e]\n    end\n\n    subgraph \"Data Layer\"\n        APP1 --\u003e DB[(PostgreSQL 16\u003cbr/\u003ePersistent Storage)]\n        APP2 --\u003e DB\n        APP1 --\u003e FS[Hybrid File Storage\u003cbr/\u003eLocal or S3]\n        APP2 --\u003e FS\n    end\n\n    subgraph \"Security\"\n        SEC1[CSP Headers]\n        SEC2[Rate Limiting]\n        SEC3[TLS 1.3]\n    end\n\n    %% assign classes\n    classDef mocha fill:#1e1e2e,stroke:#313244,color:#cdd6f4;\n    classDef blue fill:#1e1e2e,stroke:#89b4fa,color:#89b4fa;\n    classDef pink fill:#1e1e2e,stroke:#f5c2e7,color:#f5c2e7;\n    classDef green fill:#1e1e2e,stroke:#a6e3a1,color:#a6e3a1;\n    classDef yellow fill:#1e1e2e,stroke:#f9e2af,color:#f9e2af;\n\n    class LB,APP1,APP2 mocha;\n    class DB yellow;\n    class FS green;\n    class SEC1,SEC2,SEC3 pink;\n```\n\n### Container Orchestration\n\n**Development (`docker-compose.yml`):**\n- Single replica for local development\n- Direct database connection\n- Volume mounting for live reload\n\n**Production (`docker-compose.prod.yml`):**\n- 2 replicas with load balancing\n- External network configuration\n- Health checks and restart policies\n- Traefik integration with SSL\n\n### Security Implementation\n\n- **Traefik Middleware:** Security headers, rate limiting, SSL redirect\n- **Database Security:** SSL connections, credential isolation\n- **Container Security:** Non-root users, read-only filesystems\n- **Network Security:** Internal Docker networks, isolated services\n\n## Production Deployment\n\n### Using Docker Compose\n\n```bash\n# 1. Clone and setup\ngit clone https://github.com/ryu-ryuk/yoru-pastebin.git\ncd yoru-pastebin\n\n# 2. Configure environment\ncp .env.example .env\n# Edit .env with your production values\n\n# 3. Deploy with automated script\n./deployment.sh\n\n# 4. Monitor deployment\nmake prod-status\ndocker-compose -f docker-compose.prod.yml logs -f\n```\n\n### Manual Deployment Steps\n\n```bash\n# Build production image\ndocker build -t yoru-pastebin:latest .\n\n# Create external network\ndocker network create yoru_web\n\n# Deploy with production compose\ndocker-compose -f docker-compose.prod.yml up -d\n\n# Check container health\ndocker-compose -f docker-compose.prod.yml ps\n```\n\n### Infrastructure Components\n\n- **Application:** Go 1.24.4 multi-stage Docker build\n- **Database:** PostgreSQL 16 Alpine with persistent volumes\n- **Reverse Proxy:** Traefik v2.10 with Let's Encrypt integration\n- **File Storage:** AWS S3 with configurable regions\n- **Networking:** Docker overlay networks for service isolation\n\n## API Usage\n\nSee [API Reference](docs/API.md) for complete documentation.\n\n**Create a paste:**\n```bash\ncurl -X POST https://paste.alokranjan.me/api/v1/pastes \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\n    \"content\": \"package main\\n\\nimport \\\"fmt\\\"\\n\\nfunc main() {\\n    fmt.Println(\\\"Hello, Yoru!\\\")\\n}\",\n    \"language\": \"go\",\n    \"expiration_minutes\": 1440\n  }'\n```\n\n**Retrieve a paste:**\n```bash\ncurl https://paste.alokranjan.me/api/v1/pastes/aB3kX9mP\n```\n\n**Upload a file:**\n```bash\ncurl -X POST https://paste.alokranjan.me/api/v1/pastes \\\n  -F \"file=@example.go\" \\\n  -F \"language=go\" \\\n  -F \"expiration_minutes=60\"\n```\n\n## Security Features\n\n### Encryption Implementation\n- **AES-256-GCM** for authenticated encryption\n- **PBKDF2-SHA256** for password-based key derivation\n- **Constant-time comparison** for password verification\n- **Secure random ID generation** with sufficient entropy\n\n## Deployment \u0026 Operations\n\n### Health Monitoring\n```bash\n# Check application health\ncurl https://paste.alokranjan.me/health\n\n# Monitor logs\ndocker-compose -f docker-compose.prod.yml logs -f yoru\n\n# Check database status\ndocker-compose -f docker-compose.prod.yml exec db psql -U yoru_user -d yoru_pastebin -c \"\\l\"\n```\n\n### Backup \u0026 Maintenance\n```bash\n# Manual database backup\ndocker-compose -f docker-compose.prod.yml exec db pg_dump -U yoru_user yoru_pastebin \u003e backup.sql\n\n# Update deployment\n./deployment.sh\n\n# Scale application instances\ndocker-compose -f docker-compose.prod.yml up -d --scale yoru=3\n```\n\n## Security Features\n\n### File Storage Security\nYoru implements a multi-layered security approach for file storage:\n\n**Hash-Based Storage Paths:**\n- Files are stored using SHA-256 hashes instead of predictable paste IDs\n- Directory structure: `secure/ab/cd/abcdef123...` prevents enumeration\n- Original filenames are preserved only in database metadata\n\n**Access Control:**\n- All file downloads go through application authentication\n- Protected files require password verification before serving\n- Creator session cookies (15-minute expiration) provide seamless access\n- Path traversal protection prevents unauthorized directory access\n\n**Storage Implementation:**\n```go\n// Example secure file path generation\nfunc generateSecureFilePath(pasteID, filename string) string {\n    hash := sha256.Sum256([]byte(pasteID + filename + timestamp))\n    hashStr := hex.EncodeToString(hash[:])\n    return fmt.Sprintf(\"secure/%s/%s/%s\", hashStr[:2], hashStr[2:4], hashStr)\n}\n```\n\n### Encryption \u0026 Password Protection\n- **AES-256-GCM encryption** for password-protected content\n- **PBKDF2 key derivation** with configurable iteration count\n- **Cryptographically secure salt generation** (32 bytes per paste)\n- **Zero-knowledge architecture** - server never stores plaintext passwords\n\n### Session Management\n- **Temporary creator sessions** allow seamless access to protected pastes\n- **Secure session tokens** using crypto/rand with 32-byte entropy\n- **HttpOnly cookies** with appropriate SameSite and Secure flags\n- **Automatic expiration** prevents long-term session hijacking\n\n### Infrastructure Security\n- **Traefik Security Headers:** Frame denial, XSS protection, HSTS\n- **Rate Limiting:** 10 requests/minute average, 20 burst\n- **Content Security Policy:** Strict policy for XSS prevention\n- **TLS Configuration:** Modern TLS with automatic certificate renewal\n- **Database Security:** SSL connections, isolated credentials\n\n## Development\n\n### Prerequisites\n- Go 1.22+ (application uses Go 1.24.4 in Docker)\n- Docker \u0026 Docker Compose\n- PostgreSQL (for local development)\n- Make (optional but recommended)\n\n### Available Make Commands\n```bash\nmake help           # Show all available commands\nmake setup          # Initialize development environment\nmake start_db       # Start PostgreSQL container\nmake run            # Start the application\nmake test           # Run test suite\nmake build          # Build production binary\nmake clean          # Clean up development environment\nmake prod-setup     # Setup production environment\nmake prod-deploy    # Deploy to production\nmake prod-status    # Check production deployment status\n```\n\n### Development Workflow\n```bash\n# First time setup\nmake setup          # Creates DB, runs migrations, builds app\n\n# Daily development\nmake start_db       # Start database if not running\nmake run            # Start application with hot reload\n\n# Testing and building\nmake test           # Run unit and integration tests\nmake build          # Create optimized production build\n```\n\n### Directory Structure\n```\ncmd/yoru/           # Application entry point\ninternal/           # Private application code\n├── config/         # Configuration management\n├── database/       # Database connection and utilities\n├── paste/          # Core paste functionality\n└── server/         # HTTP server and routing\npkg/                # Public packages\n├── crypt/          # Encryption utilities\n└── idgen/          # ID generation\nweb/                # Frontend assets\n├── static/         # CSS, JS, images\n└── templates/      # HTML templates\ndb/migrations/      # Database schema migrations\n```\n\n## Contributing\n\n1. Fork the repository\n2. Create a feature branch (`git checkout -b feature/amazing-feature`)\n3. Make your changes with tests\n4. Run the test suite (`make test`)\n5. Commit your changes (`git commit -m 'Add amazing feature'`)\n6. Push to the branch (`git push origin feature/amazing-feature`)\n7. Submit a pull request\n\n### Development Guidelines\n- Follow Go best practices and `gofmt` formatting\n- Include unit tests for new features\n- Update documentation for API changes\n- Test with both development and production Docker configurations\n\n### Testing [TODO]\n```bash\n# Run all tests\nmake test\n\n# Run specific test packages\ngo test ./internal/paste/...\ngo test ./pkg/crypt/...\n```\n\n## License\n\nSee [LICENSE](LICENSE) for details.\n\n---\n\n**Built for developers who prioritize security, performance and a whole lot of catppuccin ;)**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fryu-ryuk%2Fyoru-pastebin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fryu-ryuk%2Fyoru-pastebin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fryu-ryuk%2Fyoru-pastebin/lists"}