Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added PrivateBin secure temporary storage accessible with bin() and API [done] #396

Closed
kensoh opened this issue Jun 19, 2022 · 8 comments
Closed
Labels

Comments

@kensoh
Copy link
Member

kensoh commented Jun 19, 2022

I have a VPS server running on tebel.org which is being used now for the following 4 services -

  • RPA for Python telegram() function to send Telegram notifications
  • TagUI RPA software telegram step to send Telegram notifications
  • nightly run to generate total download count from GitHub data
  • hosting tebel.org website with info on these open-source tools

Creating an issue to explore and hear feedback from users if anything else interesting can be added to benefit rpa package users. This is a vendor VPS with a 99.9% uptime and a fixed monthly bill. Thus unused bandwidth, CPU and memory cycles are a waste of money. The cloud server is my personal VPS and is quite under-utilised.

Thought to find meaningful ways to use it, after not using it to its maximum capacity for past 7-8 years.

PS - Though not impossible, unlikely to consider supporting Telegram attachments for now, this has a chance of reducing reliability for most users if some users abuse the feature.


Feature is now completed, added a 5th service to above list

  • hosting secure temporary storage for RPA for Python users
@kensoh kensoh added the feature label Jun 19, 2022
@kensoh kensoh changed the title Review introducing new uses for my VPS server at tebel.org - to explore Review introducing new uses for my cloud server at tebel.org - to explore Jun 19, 2022
@kensoh kensoh changed the title Review introducing new uses for my cloud server at tebel.org - to explore To review introducing new uses for my cloud server at tebel.org - to explore Jun 19, 2022
@kensoh
Copy link
Member Author

kensoh commented Jun 24, 2022

After brainstorming and also asking on Telegram group, and my LinkedIn network,

I have shortlisted to consider a new CRUD feature. Create + Read + Update + Delete

More specifically, something like a temporary URL of data that user can create for sharing, thus meeting the C and R.

For Update, it is not viable because to ensure that only the owner of a post has write access to update it, it means I will have to start collecting user data and authenticating user emails. That is not something I would like to do, and is more complex both architecturally and process-wise to do well.

For Delete, probably the most efficient and user friendly way is to expire the URL after some time. 7 days seems like a popular timeframe for online paste bins.

The 2 candidates shortlisted are Hastebin and PrivateBin. Both are open-source and actively maintained. To dig more.

@kensoh
Copy link
Member Author

kensoh commented Jun 25, 2022

Adding notes that Hastebin API can be done through the curl command that comes packaged with TagUI https://www.toptal.com/developers/hastebin/about.md

And PrivateBin API can be done https://github.com/PrivateBin/PrivateBin/wiki/API but seems to be dependent on JSON-LD https://github.com/digitalbazaar/pyld

@kensoh
Copy link
Member Author

kensoh commented Jun 26, 2022

Privatebin API package - https://github.com/Pioverpie/privatebin-api

@kensoh
Copy link
Member Author

kensoh commented Jun 26, 2022

Using curl packaged with TagUI to access Hastebin API, or using privatebinapi package to access PrivateBin both introduces dependencies which leaves some room to be desired. There must be a better way...

@kensoh
Copy link
Member Author

kensoh commented Jun 26, 2022

One way is to host the privatebinapi package as a service. That removes local dependency, but, adds internet dependency.

@kensoh
Copy link
Member Author

kensoh commented Jun 26, 2022

Internet dependency is ok, since storage is done through the internet anyway.

Unless solution is designed to work also for local intranet storage.

@kensoh
Copy link
Member Author

kensoh commented Jun 29, 2022

Selected PrivateBin over HasteBin

@kensoh
Copy link
Member Author

kensoh commented Jun 29, 2022

Added in RPA for Python v1.48 and available with pip install rpa --upgrade

A dedicated PrivateBin server is now live at https://tebel.org/bin/ and accessible in 2 ways

  1. bin() function which uploads through the web browser without any other dependency
# securely share files up to 100 MB which will self-destruct after 1 week
# on a dedicated PrivateBin server with zero knowledge of shared files
bin_url = r.bin('rpa_report.pdf', 'password (optional)')
r.telegram(1234567890, 'Download RPA Report at ' + bin_url)
  1. PrivateBin API which requires pip install privatebinapi and its dependencies
import privatebinapi
send_response = privatebinapi.send('https://tebel.org/bin/', text = 'rpa_report.pdf', file = 'rpa_report.pdf', password = 'optional')
r.telegram(1234567890, 'Download RPA Report at ' + send_response['full_url'])

This means Python rpa package users can now securely store file attachments as part of their automation, and share URLs to someone. For eg through Telegram using telegram() function, or through email with Python's email packages. I have capped the file size limit to 100 MB, this should be a good trade-off for types of user files and server storage capacity. But if your use case requires more than 100 MB, raise an issue and let me know. I'll see if something can be done.

I've hardened the server to achieve A+ on Mozilla Observatory web security standards. Encryption is done end-to-end, so even if evil hackers breach the server, or good governments ask me for your data, it's impossible. And obviously, even if you are not using it through automation, you are also welcome to use it manually to share files or text data securely.

Note - PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES. More info on its GitHub page. If you would like to, you can also host your own PrivateBin instance and set the server parameter in bin() to use your server instead.

@kensoh kensoh changed the title To review introducing new uses for my cloud server at tebel.org - to explore PrivateBin secure temporary storage gone live, accessible from web and API Jun 29, 2022
@kensoh kensoh changed the title PrivateBin secure temporary storage gone live, accessible from web and API PrivateBin secure temporary storage gone live, accessible from Web and API Jun 29, 2022
@kensoh kensoh changed the title PrivateBin secure temporary storage gone live, accessible from Web and API PrivateBin secure temporary storage, accessible from Web and API [done] Jun 30, 2022
@kensoh kensoh changed the title PrivateBin secure temporary storage, accessible from Web and API [done] PrivateBin secure temporary storage, accessible from bin() and API [done] Jul 1, 2022
@kensoh kensoh changed the title PrivateBin secure temporary storage, accessible from bin() and API [done] PrivateBin secure temporary storage, accessible with bin() and API [done] Jul 1, 2022
@kensoh kensoh changed the title PrivateBin secure temporary storage, accessible with bin() and API [done] Added PrivateBin secure temporary storage accessible with bin() and API [done] Jul 1, 2022
@kensoh kensoh closed this as completed Jul 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

1 participant