Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/ryu-ryuk/yoru-pastebin

a simple, secure, and ephemeral text sharing platform written in Go
https://github.com/ryu-ryuk/yoru-pastebin

docker docker-image go golang pastebin pastebin-api pastebin-server pastebin-service

Last synced: 10 days ago
JSON representation

a simple, secure, and ephemeral text sharing platform written in Go

Awesome Lists containing this project

README 

          




  Yoru Pastebin Banner

  

  

  Yoru Pastebin






  A production-grade, security-first pastebin with enterprise features






  






  

  

  

  

  




**A production-grade, security-hardened pastebin service built for teams and organizations.**



Yoru Pastebin implements enterprise-grade security, performance optimizations, and production deployment capabilities. Built with Go, PostgreSQL, deployed on GCP with support for hybrid cloud storage.



**Live Demo:** [https://paste.alokranjan.me](https://paste.alokranjan.me)



## Key Features



### Security Architecture

- **Zero-knowledge encryption** with AES-256-GCM for password-protected pastes

- **Cryptographically secure ID generation** using Base62 encoding

- **PBKDF2 key derivation** with bcrypt cost factor 12 for password hashing

- **Secure file storage** with hash-based paths preventing direct access

- **Creator session management** with 15-minute expiration for seamless UX

- **Protected file downloads** requiring authentication for password-protected content

- **Content Security Policy** headers and XSS protection via Traefik

- **Rate limiting** (2 requests/second default) and DDoS protection

- **Automatic expiration** with secure deletion (24-hour default)



### Performance Optimizations

- **Lazy-loaded syntax highlighting** with 35+ language support

- **Optimized Go backend** with efficient request handling

- **PostgreSQL 16** with connection pooling

- **Multi-stage Docker builds** for minimal image size

- **Static asset optimization** with proper caching headers



### Production Infrastructure

- **Multi-replica deployment** with Docker Swarm/Compose

- **Hybrid file storage** using local volumes and optional AWS S3 (20MB max per file)

- **PostgreSQL persistence** with volume mounting

- **Graceful shutdown** handling with 10-second timeout

- **Health monitoring** and container orchestration



### Developer Experience

- **RESTful API** for programmatic access

- **File upload support** with drag-and-drop interface

- **35+ programming languages** with syntax highlighting

- **Responsive web interface** with modern catppuccin UI

- **Comprehensive Makefile** for development workflow

- **Database migrations** with version control



## Quick Start



### Development Setup

```bash

# Clone repository

git clone https://github.com/ryu-ryuk/yoru-pastebin.git

cd yoru-pastebin



# Initialize development environment

make setup



# Start application (PostgreSQL + Go server)

make run



# Access at http://localhost:8080

```



### Production Deployment

```bash

# Setup production environment

make prod-setup



# Deploy with Docker Compose

./deployment.sh



# Check deployment status  

make prod-status

```



## Documentation



- **[API Reference](docs/API.md)** - Complete API documentation [To be updated]

- **[Deployment Guide](DEPLOYMENT.md)** - Production deployment instructions [TODO]

- **[Architecture Overview](docs/architecture.md)** - System design and diagrams [To be updated]



## Configuration



## Configuration



### Core Configuration (`configs/config.toml`)



```toml

[server]

port = 8080



[database]

connection_string = "postgres://ryu:pass@localhost:5432/yoru_pastebin?sslmode=disable"



[paste]

id_length = 8

default_expiration_minutes = 1440  # 24 hours

max_content_size_bytes = 20971520  # 20MB



[security]

bcrypt_cost = 12

rate_limit_per_second = 2



[s3]

bucket = "your-s3-bucket-name"

region = "your-aws-region"

```



### Environment Variables (`.env`)



```bash

# Server Configuration

SERVER_PORT=8080

BASE_URL=https://paste.alokranjan.me

ENVIRONMENT=production



# Database

DATABASE_CONNECTION_STRING=postgres://yoru_user:${POSTGRES_PASSWORD}@db:5432/yoru_pastebin?sslmode=require

POSTGRES_USER=yoru_user

POSTGRES_PASSWORD=secure_password

POSTGRES_DB=yoru_pastebin



# AWS S3 Storage

AWS_REGION=us-east-1

AWS_ACCESS_KEY_ID=your_access_key

AWS_SECRET_ACCESS_KEY=your_secret_key

AWS_S3_BUCKET=yoru-pastebin-files



# Security & Rate Limiting

RATE_LIMIT_ENABLED=true

RATE_LIMIT_REQUESTS_PER_MINUTE=60



# TLS Configuration

TLS_CERT_EMAIL=your-email@domain.com

```



## Architecture

### Production Infrastructure

```mermaid

graph TB



    %% define graph nodes

    subgraph "Load Balancer & SSL"

        LB[Traefik v2.10
SSL Termination
Rate Limiting]

    end



    subgraph "Application Layer"

        LB --> APP1[Yoru 1
]

        LB --> APP2[Yoru 2
]

    end



    subgraph "Data Layer"

        APP1 --> DB[(PostgreSQL 16
Persistent Storage)]

        APP2 --> DB

        APP1 --> FS[Hybrid File Storage
Local or S3]

        APP2 --> FS

    end



    subgraph "Security"

        SEC1[CSP Headers]

        SEC2[Rate Limiting]

        SEC3[TLS 1.3]

    end



    %% assign classes

    classDef mocha fill:#1e1e2e,stroke:#313244,color:#cdd6f4;

    classDef blue fill:#1e1e2e,stroke:#89b4fa,color:#89b4fa;

    classDef pink fill:#1e1e2e,stroke:#f5c2e7,color:#f5c2e7;

    classDef green fill:#1e1e2e,stroke:#a6e3a1,color:#a6e3a1;

    classDef yellow fill:#1e1e2e,stroke:#f9e2af,color:#f9e2af;



    class LB,APP1,APP2 mocha;

    class DB yellow;

    class FS green;

    class SEC1,SEC2,SEC3 pink;

```



### Container Orchestration



**Development (`docker-compose.yml`):**

- Single replica for local development

- Direct database connection

- Volume mounting for live reload



**Production (`docker-compose.prod.yml`):**

- 2 replicas with load balancing

- External network configuration

- Health checks and restart policies

- Traefik integration with SSL



### Security Implementation



- **Traefik Middleware:** Security headers, rate limiting, SSL redirect

- **Database Security:** SSL connections, credential isolation

- **Container Security:** Non-root users, read-only filesystems

- **Network Security:** Internal Docker networks, isolated services



## Production Deployment



### Using Docker Compose



```bash

# 1. Clone and setup

git clone https://github.com/ryu-ryuk/yoru-pastebin.git

cd yoru-pastebin



# 2. Configure environment

cp .env.example .env

# Edit .env with your production values



# 3. Deploy with automated script

./deployment.sh



# 4. Monitor deployment

make prod-status

docker-compose -f docker-compose.prod.yml logs -f

```



### Manual Deployment Steps



```bash

# Build production image

docker build -t yoru-pastebin:latest .



# Create external network

docker network create yoru_web



# Deploy with production compose

docker-compose -f docker-compose.prod.yml up -d



# Check container health

docker-compose -f docker-compose.prod.yml ps

```



### Infrastructure Components



- **Application:** Go 1.24.4 multi-stage Docker build

- **Database:** PostgreSQL 16 Alpine with persistent volumes

- **Reverse Proxy:** Traefik v2.10 with Let's Encrypt integration

- **File Storage:** AWS S3 with configurable regions

- **Networking:** Docker overlay networks for service isolation



## API Usage



See [API Reference](docs/API.md) for complete documentation.



**Create a paste:**

```bash

curl -X POST https://paste.alokranjan.me/api/v1/pastes \

  -H "Content-Type: application/json" \

  -d '{

    "content": "package main\n\nimport \"fmt\"\n\nfunc main() {\n    fmt.Println(\"Hello, Yoru!\")\n}",

    "language": "go",

    "expiration_minutes": 1440

  }'

```



**Retrieve a paste:**

```bash

curl https://paste.alokranjan.me/api/v1/pastes/aB3kX9mP

```



**Upload a file:**

```bash

curl -X POST https://paste.alokranjan.me/api/v1/pastes \

  -F "file=@example.go" \

  -F "language=go" \

  -F "expiration_minutes=60"

```



## Security Features



### Encryption Implementation

- **AES-256-GCM** for authenticated encryption

- **PBKDF2-SHA256** for password-based key derivation

- **Constant-time comparison** for password verification

- **Secure random ID generation** with sufficient entropy



## Deployment & Operations



### Health Monitoring

```bash

# Check application health

curl https://paste.alokranjan.me/health



# Monitor logs

docker-compose -f docker-compose.prod.yml logs -f yoru



# Check database status

docker-compose -f docker-compose.prod.yml exec db psql -U yoru_user -d yoru_pastebin -c "\l"

```



### Backup & Maintenance

```bash

# Manual database backup

docker-compose -f docker-compose.prod.yml exec db pg_dump -U yoru_user yoru_pastebin > backup.sql



# Update deployment

./deployment.sh



# Scale application instances

docker-compose -f docker-compose.prod.yml up -d --scale yoru=3

```



## Security Features



### File Storage Security

Yoru implements a multi-layered security approach for file storage:



**Hash-Based Storage Paths:**

- Files are stored using SHA-256 hashes instead of predictable paste IDs

- Directory structure: `secure/ab/cd/abcdef123...` prevents enumeration

- Original filenames are preserved only in database metadata



**Access Control:**

- All file downloads go through application authentication

- Protected files require password verification before serving

- Creator session cookies (15-minute expiration) provide seamless access

- Path traversal protection prevents unauthorized directory access



**Storage Implementation:**

```go

// Example secure file path generation

func generateSecureFilePath(pasteID, filename string) string {

    hash := sha256.Sum256([]byte(pasteID + filename + timestamp))

    hashStr := hex.EncodeToString(hash[:])

    return fmt.Sprintf("secure/%s/%s/%s", hashStr[:2], hashStr[2:4], hashStr)

}

```



### Encryption & Password Protection

- **AES-256-GCM encryption** for password-protected content

- **PBKDF2 key derivation** with configurable iteration count

- **Cryptographically secure salt generation** (32 bytes per paste)

- **Zero-knowledge architecture** - server never stores plaintext passwords



### Session Management

- **Temporary creator sessions** allow seamless access to protected pastes

- **Secure session tokens** using crypto/rand with 32-byte entropy

- **HttpOnly cookies** with appropriate SameSite and Secure flags

- **Automatic expiration** prevents long-term session hijacking



### Infrastructure Security

- **Traefik Security Headers:** Frame denial, XSS protection, HSTS

- **Rate Limiting:** 10 requests/minute average, 20 burst

- **Content Security Policy:** Strict policy for XSS prevention

- **TLS Configuration:** Modern TLS with automatic certificate renewal

- **Database Security:** SSL connections, isolated credentials



## Development



### Prerequisites

- Go 1.22+ (application uses Go 1.24.4 in Docker)

- Docker & Docker Compose

- PostgreSQL (for local development)

- Make (optional but recommended)



### Available Make Commands

```bash

make help           # Show all available commands

make setup          # Initialize development environment

make start_db       # Start PostgreSQL container

make run            # Start the application

make test           # Run test suite

make build          # Build production binary

make clean          # Clean up development environment

make prod-setup     # Setup production environment

make prod-deploy    # Deploy to production

make prod-status    # Check production deployment status

```



### Development Workflow

```bash

# First time setup

make setup          # Creates DB, runs migrations, builds app



# Daily development

make start_db       # Start database if not running

make run            # Start application with hot reload



# Testing and building

make test           # Run unit and integration tests

make build          # Create optimized production build

```



### Directory Structure

```

cmd/yoru/           # Application entry point

internal/           # Private application code

├── config/         # Configuration management

├── database/       # Database connection and utilities

├── paste/          # Core paste functionality

└── server/         # HTTP server and routing

pkg/                # Public packages

├── crypt/          # Encryption utilities

└── idgen/          # ID generation

web/                # Frontend assets

├── static/         # CSS, JS, images

└── templates/      # HTML templates

db/migrations/      # Database schema migrations

```



## Contributing



1. Fork the repository

2. Create a feature branch (`git checkout -b feature/amazing-feature`)

3. Make your changes with tests

4. Run the test suite (`make test`)

5. Commit your changes (`git commit -m 'Add amazing feature'`)

6. Push to the branch (`git push origin feature/amazing-feature`)

7. Submit a pull request



### Development Guidelines

- Follow Go best practices and `gofmt` formatting

- Include unit tests for new features

- Update documentation for API changes

- Test with both development and production Docker configurations



### Testing [TODO]

```bash

# Run all tests

make test



# Run specific test packages

go test ./internal/paste/...

go test ./pkg/crypt/...

```



## License



See [LICENSE](LICENSE) for details.



---



**Built for developers who prioritize security, performance and a whole lot of catppuccin ;)**