Modifying index.html

[Nic321]

Hey guys, just installed pb on a local server using AUR but can't seem to locate the index.html. How do I edit the home page?

Also a mongodb n00b, is it possible to view the pastes from the mongo console?

[buhman]

locate the index.html

https://github.com/ptpb/pb/blob/master/pb/templates/index.rst

view the pastes from the mongo console?

For a paste with digest 4e1243bd22c66e76c2ba9eddc1f91394e57f9f83, you could do:

ptpb@ptpb:~# mongo pb
> db.pastes.find({"digest": "4e1243bd22c66e76c2ba9eddc1f91394e57f9f83"})
{ "_id" : "212e20c540d240b1b1bb07dc4617000e", "date" : ISODate("2015-02-28T14:45:23.444Z"), "content" : BinData(0,"dGVzdAo="), "digest" : "4e1243bd22c66e76c2ba9eddc1f91394e57f9f83", "size" : 5, "short" : "7f9f83" }

[Nic321]

@buhman, thanks for your response. How do I view the raw pastes that were uploaded to the database? For example, if I uploaded a py script to my local mongo database, can I view the script using the mongo console? Or some other console/gui?

[buhman]

The attribute you are looking for is content, which is either the actual content in some mongo-native data type, or a GridFS id.

can I view the script using the mongo console?

Uhh, the easiest way would be to do a GET request from pb.

Otherwise, a script would be pretty easy to write--what's your use-case/what does the usage of this script look like?

no really, I want to do this using the mongo console

For small pastes, something like:

root@ptpb:~# mongo pb --quiet --eval 'db.pastes.findOne({"digest": "4e1243bd22c66e76c2ba9eddc1f91394e57f9f83"}).content.base64()' | base64 -d
test

gridfs example (>8MB pastes or something):

> db.pastes.findOne({"content": {$type: "objectId"}})
{
	"_id" : "<redacted>",
	"size" : 652940,
	"date" : ISODate("2016-07-26T03:52:16.440Z"),
	"mimetype" : "image/png",
	"digest" : "601930640d964e1ee1de4b95e0091bb43210c0c9",
	"content" : ObjectId("5796de708561ba079ce994dc"),
	"short" : "10c0c9"
}
> var files_id = db.pastes.findOne({"content": {$type: "objectId"}}).content
> var cur = db.fs.chunks.find({files_id: files_id})
> cur.forEach(function(chunk) {
  print(chunk.data.base64()) 
})

untested shouldwork™©®

[Nic321]

@buhman
I tried your mongo one-liner (with a digest from my database) and got this error:

E QUERY    [main] TypeError: db.pastes.content is not a function :
@(shell eval):1:1

What about a graphical method for viewing newly uploaded content? Or perhaps a way to report new uploads in the syslog? I'm basically looking for a way to moderate uploads as I'm considering using something like this in a temporary public scenario (campus workgroup) and don't want my peers abusing it for images and inappropriate content. I just don't have time to learn the ins and outs of mongo, but would love a local pastebin solution like this.

Thanks again for your help, really appreciate it.

[buhman]

What about a graphical method for viewing newly uploaded content?
moderate uploads

This sounds like a "pb admin" app, which we'd need to write. Mechanically, the hardest part is likely just designing the presentation/UI, other than that it shouldn't be hard at all.

I'm interested in writing this, if you are patient enough to provide feedback.

[Nic321]

I don't mind helping you with this. What exactly can I do to help?

Meanwhile, can you help me figure the error I get when trying your mongo one-liner?

$ mongo pb --quiet --eval 'db.pastes.findOne({"digest": "4e1243bd22c66e76c2ba9eddc1f91394e57f9f83"}).content.base64()' | base64 -d

test

When I try pressing Tab on my keyboard to auto-complete, .content.base64() doesn't seem to exist. Any ideas?

[Nic321]

Also, you think the UI will take 3 days to get to alpha? 1 week? 1 month?

Thanks again for your help with this.

[buhman]

When I try pressing Tab on my keyboard to auto-complete, .content.base64() doesn't seem to exist. Any ideas?

I don't imagine it would auto-complete (available completions depend on the result of a function call that has not yet been executed), but the content and base64 attributes will definitely exist if findOne returns a result.

You could also look at the result of db.pastes.findOne({"digest": "4e1243bd22c66e76c2ba9eddc1f91394e57f9f83"}) or assign it to an intermediate variable like this:

> var paste = db.pastes.findOne({"digest": "4e1243bd22c66e76c2ba9eddc1f91394e57f9f83"})
> paste.content.base64()

[buhman]

you think the UI will take 3 days to get to alpha?

Eh, I could probably make something that does the Absolute Minimum™©® in about a day.

To make sure we're on the same page, I made a mockup-ish thing while simultaneously playing with semantic-ui:

https://ptpb.pw/G05l.html

Does that look roughly like what you were imagining?

[Nic321]

Wow, fantastic. Can we easily obfuscate the graphical view/html? If so, no complaints from me. It's simple and gets the job done. Would it handle massive (>2000 lines) pastes well?

Generally speaking, does pb have a file size limit or threshold? Would it be trivial to set a limit? Say, 100mb?

[buhman]

does pb have a file size limit or threshold?

Yes, the absolute file size limit is the available memory of the system running pb (a request for a 100MB upload will consume at least 100MB ram temporarily).

Too be fair though, OOM isn't really a limit, so I further limit this with nginx's client_max_body_size directive. If you try something larger than 64MB on ptpb.pw, you should get some 4xx response with html body from nginx.

Would it handle massive (>2000 lines) pastes well?

What's the desired behavior other than just a big ugly box maybe with scrollbars?

Can we easily obfuscate the graphical view/html?

What did you have in mind?

[Nic321]

a request for a 100MB upload will consume at least 100MB ram temporarily

Interesting. I tried uploading a 500mb text file (just to see what happens), and it stalled my local server. I couldn't access the the server on port 80 until stopping the upload.

nginx

Would you advise against using pb without nginx? Are their major security concerns with running servers like this without with apache/nginx?

What did you have in mind?

Well, it's intended for admin usage only right? I don't think a password portal is necessary as long as we can easily change the G05l.html path to something more obscure. To prevent file/directory enumeration.

[buhman]

Would you advise against using pb without nginx?

Eh. The main reason I use it is for TLS termination.

major security concerns

Not really.

path to something more obscure

Sure, if you wanted to deploy it as a paste, you could make it a private paste (longer ID only).

[buhman]

Being in the mood, I hacked up the AbsoluteMinimum™©® today.

The result is pb_admin_api and pb_admin_ui.

There's a few things needed to make this usable I think:

• the paste list needs to be refreshed after at least deletions https://github.com/ptpb/pb_admin_ui/commit/4c6d2824fa03023444a8466e73ad7487cde5cdf6 (maybe even some kind of webhook on paste creation too?)
• needs configuration for API endpoints (currently it just assumes default local development ports for everything) https://github.com/ptpb/pb_admin_ui/commit/393632eb1a3c067ba24c72b55e838b7dc50ad421
• needs minimal deployment documentation
• paste content should probably be lazily loaded on accordion expansion, which shouldn't be too hard, just needs a bit more integration between semanticui and emberjs
• probably needs runtime configuration search parameters, currently just defaults to most recent 20 pastes