ComputerTech
/
bastebin
1
0
Fork 1
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Fix plaintext POST pastes rendering without encryption key

This commit is contained in:
ComputerTech 2026-03-26 21:27:52 +00:00
parent 14be14e437
commit 89a7c33adb
2 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app.py
View File

@ -4,7 +4,7 @@ import re
import sqlite3 import sqlite3
import uuid import uuid
import datetime import datetime
from flask import Flask, render_template, request, jsonify, abort from flask import Flask, render_template, request, jsonify, abort, Response
# ── Load configuration ──────────────────────────────────────────────────────── # ── Load configuration ────────────────────────────────────────────────────────
@ -162,9 +162,20 @@ def view_paste(paste_id):
@app.route('/<paste_id>/raw') @app.route('/<paste_id>/raw')
def view_paste_raw(paste_id): def view_paste_raw(paste_id):
paste = _get_paste_or_abort(paste_id) paste = _get_paste_or_abort(paste_id)
stored = paste['encrypted_data']
# Plaintext pastes are stored as a JSON object; return the content directly.
if not re.match(r'^[A-Za-z0-9_-]+:[A-Za-z0-9_-]+$', stored):
try:
data = json.loads(stored)
return Response(data.get('content', ''), mimetype='text/plain; charset=utf-8')
except (json.JSONDecodeError, TypeError):
pass
# Encrypted paste — return the raw ciphertext blob for API consumers.
return jsonify({ return jsonify({
'id': paste['id'], 'id': paste['id'],
'encrypted_data': paste['encrypted_data'], 'encrypted_data': stored,
'created_at': paste['created_at'], 'created_at': paste['created_at'],
'expires_at': paste['expires_at'], 'expires_at': paste['expires_at'],
'views': paste['views'], 'views': paste['views'],

11
templates/view.html
View File

@ -27,7 +27,6 @@
{% block scripts %} {% block scripts %}
<script> <script>
let _decryptedPaste = null; let _decryptedPaste = null;
const E2E = {{ cfg.features.encrypt_pastes | tojson }};
(async function () { (async function () {
let rawPayload; let rawPayload;
@ -38,7 +37,12 @@ const E2E = {{ cfg.features.encrypt_pastes | tojson }};
return; return;
} }
if (E2E) { // Detect format from the data itself, not from the config flag.
// Encrypted pastes are stored as "base64url:base64url"; plaintext pastes
// are stored as a JSON object string.
const isEncrypted = typeof rawPayload === 'string' && /^[A-Za-z0-9_-]+:[A-Za-z0-9_-]+$/.test(rawPayload);
if (isEncrypted) {
const keyBase64 = window.location.hash.slice(1); const keyBase64 = window.location.hash.slice(1);
if (!keyBase64) { if (!keyBase64) {
showError('No Key', 'The decryption key is missing from the URL. Use the full link including the # part.'); showError('No Key', 'The decryption key is missing from the URL. Use the full link including the # part.');
@ -53,8 +57,9 @@ const E2E = {{ cfg.features.encrypt_pastes | tojson }};
return; return;
} }
} else { } else {
// Plaintext paste — rawPayload is already the parsed JSON object.
try { try {
_decryptedPaste = JSON.parse(rawPayload); _decryptedPaste = typeof rawPayload === 'object' ? rawPayload : JSON.parse(rawPayload);
} catch (e) { } catch (e) {
showError('Bad Data', 'Could not parse paste data.'); showError('Bad Data', 'Could not parse paste data.');
return; return;