initial commit

public/index.html

@@ -0,0 +1,21 @@
+<?doctype html?><html ng-app=souris-app><meta charset=utf-8><meta content="IE=edge"http-equiv=X-UA-Compatible><meta content="width=device-width,initial-scale=1"name=viewport><title>PasteBox</title><script id=create.html type=text/ng-template><div class=row ng-show="result != undefined"><div class=col-xs-12><div class=input-group><span class=input-group-btn><a class="btn btn-default"ng-click=reload() type=button>New</a> </span><input class=form-control readonly select-on-click value={{$base_url}}#/{{result.id}}!{{result.key}}> <span class=input-group-btn><a class="btn btn-default"ng-href=#/{{result.id}}!{{result.key}}>Open</a></span></div></div><pre class=col-xs-12> # Command Line: curl -s {{$base_url}}api/get/{{result.id}} | sed "1,/^\$/d" | openssl aes-256-cbc -d -a -k {{result.key}} <span ng-if="o.zip == true">| gzip -dc</span>
+
+{{result.text}}</pre></div><div ng-hide="result != undefined"><form name=paste ng-submit=Encrypt(o)><div class="form form-inline"><ol class=breadcrumb><li><label>Syntax</label><select class="form-control input-sm"ng-init='o.lang = "text"'ng-model=o.lang ng-options='i.key as i.val for i in HighliteLang | orderBy:"+val"'></select><li><label>Expires</label><select class="form-control input-sm"ng-init="o.exp = 604800"ng-model=o.exp ng-options='i.key as i.val for i in ExpireTimes | orderBy:"+key"'></select><li><label><input ng-model=o.burn type=checkbox> Burn on Read</label></ol></div><textarea class=form-control ng-model=o.text required rows=20 style='font-family:hack,"Anonymous Pro",consolita,monospace'></textarea><pre>Additional Entropy: {{entropy}} bytes / Content size: {{o.text|blength|default:0}} bytes</pre><button class="btn btn-default btn-block btn-lg"ng-disabled="o.text == undefined || o.text.length == 0"type=submit>Encrypt</button></form><p>Create pastes from the command line! <a href=./paste.sh>paste.sh</a><pre>
+$ echo /etc/passwd | ./paste.sh
+
+env options: 
+  PASTE_URL  - Set the url base for paste operations (default: HTTPS://sour.is/paste)
+  PASTE_GZIP - 0 = No Compression,  1 = Use gzip compression (default: 0)
+  PASTE_BURN - 0 = No Burn on Read, 1 = Burn on read         (default: 0)
+  PASTE_DATE - Value to be used when setting expire date.    (default: next-week)
+</pre></div></script><script id=view.html type=text/ng-template><div class=row><div class=col-xs-12><div class=input-group><span class=input-group-btn><a class="btn btn-default" ng-click='new()' type=button>New</a> </span><input class=form-control readonly select-on-click value={{$base_url}}#/{{id}}!{{key}}><span class="input-group-btn"><a class='btn btn-default' ng-click='copy(store.tx)'>Copy</a></span></div></div></div><div ng-if="store.err == undefined"><div class="well well-sm"><b>Lang:</b> {{store.lang}}, <b>Expires:</b> <span ng-if='store.exp != "burn_on_read"'>{{store.exp*1000|date}}</span><span ng-if='store.exp == "burn_on_read"'>Burn on Read</span></div><div hljs language={{store.lang}} source=store.tx></div><pre class=col-xs-12> # Command Line: curl -s {{$base_url}}api/get/{{id}} | sed "1,/^\$/d" | openssl aes-256-cbc -d -a -k {{key}} <span ng-if="store.zip != undefined">| gzip -dc</span></div><div ng-if="store.err != undefined"><h3>Error: {{store.err}}</h3></div></script><div id=wrapper><div class=container-responsive><article ng-view></article><a onclick='var e=document.getElementById("debug");e.parentNode.style.display="block",window.scrollTop=window.scrollHeight'style=margin:3px;cursor:context-menu;font-family:monospace;position:fixed;bottom:0;right:0>π</a><div class="panel panel-default"style=height:13em;margin-bottom:0;margin-top:2em;display:none;position:relative;bottom:0><b>Debug Log</b><div style=float:right><a onclick='document.getElementById("debug").parentNode.style.display="none"'class=btn><i class="glyphicon glyphicon-remove"></i></a><br><a onclick='for(var e=document.getElementById("debug");e.firstChild;)e.removeChild(e.firstChild)'class=btn><i class="glyphicon glyphicon-ban-circle"></i></a></div><pre id=debug style=height:12em;overflow:x-scroll></pre><footer></footer></div></div></div><link href=style.css integrity=sha384-2g6CT1TMuzCclIAqYC+AkSkfA21njEedIBVs+k3tcZ6gHhCU7s17aGJMLvYsF0fK rel=stylesheet><script src=app.js></script><noscript><div class=container-responsive><h1>PasteBox</h1><p>It looks like yo don't have javascript enabled for this site. But thats ok. You can still submit and read the content of pastes by using a few curl/openssl/gunzip commands.<h2>Get the paste</h2><p>Lets say you have the following link <code>https://domain.tld/#/FeLq42kIQV69hQCJA8m9lg!5EDDziaCjceHjeG5UQ9M7-6wgyq5YVfysAEZ0wUNy6w</code>. Query the REST endpoint for the ID or part before the ! in the url hash.<pre><code>$ curl -i https://domain.tld/api/FeLq42kIQV69hQCJA8m9lg</code></pre><h2>Decrypt</h2><p>Using Openssl you want to remove the header and pass the remaining base64 for decryption. The cypher used is aes-256-cbc. The key is the portion after the ! in the link.<pre><code>... | sed '1,/^$/d' | openssl aes-256-cbc -d -a -k 5EDDziaCjceHjeG5UQ9M7-6wgyq5YVfysAEZ0wUNy6w</code></pre><h2>Deflate</h2><p>If as in the provided example the paste has been compressed pass it through gunzip. The header will have "zip: true" if it has been compressed.<pre><code> ... | gzip -dc </code></pre><h2>Example Output</h2><pre><code>$ curl -s "https://domain.tld/api/FeLq42kIQV69hQCJA8m9lg" | sed "1,/^$/d" | openssl aes-256-cbc -d -a -k 5EDDziaCjceHjeG5UQ9M7-6wgyq5YVfysAEZ0wUNy6w | gzip -dc
+.                                     ____    .-.
+                                  .-"`    `",( __\_
+                   .-==:;-._    .'         .-.     `'.
+                 .'      `"-:'-/          (  \} -=a  .)
+                /            \/       \,== `-  __..-'`
+             '-'              |       |   |  .'\ `;
+                               \    _/---'\ (   `"`
+                              /.`._ )      \ `;        Sour.is Paste
+                              \`-/.'        `"`
+                               `"\`-.</code></pre></div></noscript>

public/paste.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+
+if [ "$1" = "-h" ]; then
+ cat 1>&2 <<EOL
+usage: echo /etc/passwd | ./paste.sh
+
+env options:
+  PASTE_URL  - Set the url base for paste operations (default: HTTPS://sour.is/paste)
+  PASTE_GZIP - 0 = No Compression,  1 = Use gzip compression (default: 0)
+  PASTE_BURN - 0 = No Burn on Read, 1 = Burn on read         (default: 0)
+  PASTE_DATE - Value to be used when setting expire date.    (default: next-week)
+EOL
+  exit
+fi
+
+PASTE_URL=${PASTE_URL-"https://sour.is/paste"}
+PASTE_BURN=${PASTE_BURN-0}
+PASTE_DATE=${PASTE_DATE-"next-week"}
+PASTE_GZIP=${PASTE_GZIP-0}
+GZBIN="cat"
+[ "$PASTE_GZIP" -eq "1" ] && GZBIN="gzip -c"
+
+PASS=$(head  -c 40 /dev/urandom);
+CHK=$(echo   -s $PASS | openssl dgst -sha256 -binary | openssl dgst -ripemd160 -binary | base64 | tr '/+' '_-' | tr -d '=')
+PASS=$(echo  -s $PASS | openssl dgst -sha256 -binary | base64 | tr '/+' '_-' | tr -d '=')
+HASH=$((echo -e "exp:\t$(date +%s -d ${PASTE_DATE})"; \
+        echo -e "chk:\t$CHK"; \
+        [ "$PASTE_BURN" -eq "1" ] && echo -e "burn:\ttrue"; \
+        [ "$PASTE_GZIP" -eq "1" ] && echo -e "zip:\ttrue"; \
+        echo; \
+        cat /dev/stdin | $GZBIN | openssl aes-256-cbc -e -a -k $PASS) | \
+        curl -s -X POST ${PASTE_URL}/api/ --data-binary @-)
+
+HASH_OK=$(echo $HASH | cut -c1-2)
+
+if [ "$HASH_OK" = "OK" ]; then
+  HASH=$(echo $HASH | cut -f2 -d' ')
+
+  echo "url: ${PASTE_URL}/#/${HASH}!${PASS}"
+  echo -n "shell: curl -s ${PASTE_URL}/api/get/${HASH} | sed '1,/^\$/d' | openssl aes-256-cbc -d -a -k ${PASS}"
+  [ "$PASTE_GZIP" -eq "1" ] && echo " | gzip -dc" || echo;
+  exit
+fi
+
+echo $HASH