Artemis

Paste - School-time projects

Quick'n'easy online pastebin tool

Published the 2017/10/27

Between my first and last project, I took the time to try and make a small pastebin tool.

As always, and once more, my main concern was about lightness. Small'n'easy !

I also had the goal to "securely" store the text that was sent.

After some bumps and fails, I finally managed to make it work !

Why do you talk about this project after the µRL project, that came later ?

Tbh, I only finished this pastebin project recently, due to some mistakes I made during the development.

# A nice start

My first steps were, like with every project, easy:

I wanted a trusted and secure PHP cryptography library, and, obviously, my first thoughts came to the Paragonie Initiative's library, LibSodium.

Since it'll be natively integrated in PHP7.2 (Yay~), it could be a good choice. The only constraint I found was manually compiling and installing the extension.

On my linux servers, I don't say. Windows ? Such a pain to use for compilation.

So, after that, I tried and searched a bit more for a composer-dependency-managed, secured library.

I searched and searched, always looking for an up-to-date solution, until I found this one. Clean code, nice reviews, seems to be quite rock solid and a very approached look on security.

Let's try that !

# Making the flow~

After choosing the first requirements (of course, for database, I'd go with PostgreSQL, as it's list-ordered entries), I started working on the core workflow: Routes and base logic thinking.

Once the first base / route was setup and running (not something very hard...), I started thinking in-depth on how I wanted the upload/storing and download flow to work.

# Security ?

The two flows (send/retrieve) are described below.

# Send flow (aka. Upload)

The send flow has a few "security" steps, to allow retrieval key checking.

# Retrieve flow (aka. Download)

The retrieve flow have a bit less work: only removing the generation part.

# Conclusion

As shown, the workflow is pretty straightforward and identical. No hidden magic, no complicated craft with the data. Only using secure systems and libraries.

Note that the random key generation library was taken and not modified from here and I couldn't use RandomLib.

# Now the only thing left is to make some tools to interact with the server !

As I could discover (and as you could discover by looking at the sourcecode here), it's quite easy to make a basic text storing service, even when security's one of the most important concerns !

Something I wanted to make was an upload client tool, like the µClient one, but a bit more able.