-
Notifications
You must be signed in to change notification settings - Fork 674
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added PrivateBin secure temporary storage accessible with bin() and API [done] #396
Comments
After brainstorming and also asking on Telegram group, and my LinkedIn network, I have shortlisted to consider a new CRUD feature. Create + Read + Update + Delete More specifically, something like a temporary URL of data that user can create for sharing, thus meeting the C and R. For Update, it is not viable because to ensure that only the owner of a post has write access to update it, it means I will have to start collecting user data and authenticating user emails. That is not something I would like to do, and is more complex both architecturally and process-wise to do well. For Delete, probably the most efficient and user friendly way is to expire the URL after some time. 7 days seems like a popular timeframe for online paste bins. The 2 candidates shortlisted are Hastebin and PrivateBin. Both are open-source and actively maintained. To dig more. |
Adding notes that Hastebin API can be done through the curl command that comes packaged with TagUI https://www.toptal.com/developers/hastebin/about.md And PrivateBin API can be done https://github.com/PrivateBin/PrivateBin/wiki/API but seems to be dependent on JSON-LD https://github.com/digitalbazaar/pyld |
Privatebin API package - https://github.com/Pioverpie/privatebin-api |
Using curl packaged with TagUI to access Hastebin API, or using privatebinapi package to access PrivateBin both introduces dependencies which leaves some room to be desired. There must be a better way... |
One way is to host the privatebinapi package as a service. That removes local dependency, but, adds internet dependency. |
Internet dependency is ok, since storage is done through the internet anyway. Unless solution is designed to work also for local intranet storage. |
Selected PrivateBin over HasteBin |
Added in RPA for Python v1.48 and available with A dedicated PrivateBin server is now live at https://tebel.org/bin/ and accessible in 2 ways
# securely share files up to 100 MB which will self-destruct after 1 week
# on a dedicated PrivateBin server with zero knowledge of shared files
bin_url = r.bin('rpa_report.pdf', 'password (optional)')
r.telegram(1234567890, 'Download RPA Report at ' + bin_url)
import privatebinapi
send_response = privatebinapi.send('https://tebel.org/bin/', text = 'rpa_report.pdf', file = 'rpa_report.pdf', password = 'optional')
r.telegram(1234567890, 'Download RPA Report at ' + send_response['full_url']) This means Python rpa package users can now securely store file attachments as part of their automation, and share URLs to someone. For eg through Telegram using telegram() function, or through email with Python's email packages. I have capped the file size limit to 100 MB, this should be a good trade-off for types of user files and server storage capacity. But if your use case requires more than 100 MB, raise an issue and let me know. I'll see if something can be done. I've hardened the server to achieve A+ on Mozilla Observatory web security standards. Encryption is done end-to-end, so even if evil hackers breach the server, or good governments ask me for your data, it's impossible. And obviously, even if you are not using it through automation, you are also welcome to use it manually to share files or text data securely. Note - PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES. More info on its GitHub page. If you would like to, you can also host your own PrivateBin instance and set the |
I have a VPS server running on tebel.org which is being used now for the following 4 services -
Creating an issue to explore and hear feedback from users if anything else interesting can be added to benefit rpa package users. This is a vendor VPS with a 99.9% uptime and a fixed monthly bill. Thus unused bandwidth, CPU and memory cycles are a waste of money. The cloud server is my personal VPS and is quite under-utilised.
Thought to find meaningful ways to use it, after not using it to its maximum capacity for past 7-8 years.
PS - Though not impossible, unlikely to consider supporting Telegram attachments for now, this has a chance of reducing reliability for most users if some users abuse the feature.
Feature is now completed, added a 5th service to above list
The text was updated successfully, but these errors were encountered: