[major] bundle static files with js, discard config.json

README.md

@@ -32,38 +32,29 @@ This is a pastebin that can be deployed on Cloudflare workers. Try it on [shz.al
 
 You are free to deploy the pastebin on your own domain if you host your domain on Cloudflare. 
 
-Requirements:
-1. \*nix environment with bash and basic cli programs. If you are using Windows, try cygwin, WSL or something. 
-2. GNU make. 
-3. `node` and `yarn`. 
+1. Install `node` and `yarn`.
 
-Create two KV namespaces on Cloudflare workers dashboard (one for production, one for test). Remember their IDs. If you do not need testing, simply create one.
+2. Create a KV namespace on Cloudflare workers dashboard, remember its ID.
 
-Clone the repository and enter the directory. Login to your Cloudflare account with `wrangler login`. Modify entries in `wrangler.toml` according to your own account information (`account_id`, routes, kv namespace ids are what you need to modify). The `env.preview` section can be safely removed if you do not need a testing deployment. Refer to [Cloudflare doc](https://developers.cloudflare.com/workers/cli-wrangler/configuration) on how to find out these parameters.
+3. Clone the repository and enter the directory. Login to your Cloudflare account with `wrangler login`.
 
-Modify the contents in `config.json` (which controls the generation of static pages): `BASE_URL` is the URL of your site (no trailing slash); `FAVICON` is the URL to the favicon you want to use on your site. If you need testing, also modify `config.preview.json`.
+4. Modify entries in `wrangler.toml`. Its comments will tell you how.
 
-Deploy and enjoy!
+5. Deploy and enjoy!
 
 ```shell
 $ yarn install
-$ make deploy
+$ yarn deploy
 ```
 
 ## Auth
 
-If you want a private deployment (only you can upload paste, but everyone can read the paste), add the following entry to your `config.json` (other configurations also contained in the outmost brace):
+If you want a private deployment (only you can upload paste, but everyone can read the paste), add the following entry to your `wrangler.toml`.
 
-```json
-{
-  "basicAuth": {
-    "enabled": true,
-    "passwd": {
-      "admin1": "this-is-passwd-1",
-      "admin2": "this-is-passwd-2"
-    }
-  }
-}
+```toml
+[vars.BASIC_AUTH]
+user1 = "passwd1"
+user2 = "passwd2"
 ```
 
 Now every access to PUT or POST request, and every access to the index page, requires an HTTP basic auth with the user-password pair listed above. For example: 

frontend/index.html

@@ -5,7 +5,7 @@
     <meta name='viewport' content='width=device-width, initial-scale=1, shrink-to-fit=no'>
     <link rel='icon' href='{{FAVICON}}' type='image/png' />
     <style media='screen'>
-        {% render 'frontend/style.css' %}
+        {{CSS}}
     </style>
 </head>
 <html lang='en'>
@@ -14,6 +14,7 @@
     <h1>Yet Another Pastebin</h1>
     <p>This is an open source pastebin deployed on Cloudflare Workers. </p>
     <p><b>Usage</b>: paste any text here, submit, then share it with URL. </p>
+    <p><b>Warning</b>: only for temporary share, files will be deleted without notice!</p>
     <p>Refer to <a href='{{REPO}}'>GitHub</a> for more details.</p>
 
     <div id='paste-input-panel'>
@@ -40,17 +41,9 @@ <h1>Yet Another Pastebin</h1>
     <div id='paste-setting-panel'>
         <h2>Settings</h2>
         <div id='paste-expiration-panel' class='paste-setting-subitem-panel'>
-            <input list='expiration-choices' type='number' min='60' step='1' name='paste-expiration'
-                   id='paste-expiration-input' placeholder='Expiration (secs)'>
-            <datalist id='expiration-choices'>
-                <option value='60'>1 minute</option>
-                <option value='300'>5 minutes</option>
-                <option value='3600'>1 hour</option>
-                <option value='86400'>1 day</option>
-                <option value='604800'>1 week</option>
-                <option value='2592000'>1 month</option>
-            </datalist>
-            <label class='small-label' for='paste-expiration-input'>Delete your paste after a period of time. </label>
+            <input list='expiration-choices' type='text' min='60' step='1' name='paste-expiration'
+                   id='paste-expiration-input' placeholder='Expiration (secs)' value='7d'>
+            <label class='small-label' for='paste-expiration-input'>Delete your paste after a period of time. <br>Units: s (seconds), m (minutes), h (hours), d (days), M (months)</label>
         </div>
         <div id='paste-passwd-panel' class='paste-setting-subitem-panel'>
             <input type='text' spellcheck='false' name='paste-expiration' id='paste-passwd-input' placeholder='Password'>
@@ -106,16 +99,13 @@ <h2>Uploaded paste</h2>
 <footer class='px-3 my-2 text-center'>
     <p>
         <a href='{{BASE_URL}}/tos' class='d-inline-block'>Terms & Conditions</a>
-        -
-        <span class='d-inline-block'>
-            Deployed on <span id='deploy-date'></span>
-            (<a href='{{REPO}}/tree/{{COMMIT_HASH_6}}'>{{COMMIT_HASH_6}}</a>)
-        </span>
+        /
+        <a href='{{BASE_URL}}/api' class='d-inline-block'>API Documentation</a>
     </p>
 </footer>
 <script src='https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js'></script>
 <script>
-  {% render 'frontend/index.js' %}
+    {{INDEX_JS}}
 </script>
 </body>
 </html>

frontend/tos.md

@@ -1,20 +1,20 @@
 # TERMS AND CONDITIONS
 
->  TL;DR: **No fucking warranty at all, EXCEPT AS ENFORCED BY LAW**. 
+>  TL;DR: **No warranty at all, EXCEPT AS ENFORCED BY LAW**. 
 
 Last updated: 2021-08-08
 
 ## 1. Introduction
 
-Welcome to the pastebin maintained by **Sharzy** (“Company”, “we”, “our”, “us”)!
+Welcome to the pastebin maintained by **{{TOS_MAINTAINER}}** (“Company”, “we”, “our”, “us”)!
 
-These Terms of Service (“Terms”, “Terms of Service”) govern your use of our website located at **shz.al** (together or individually “Service”) operated by **Sharzy**.
+These Terms of Service (“Terms”, “Terms of Service”) govern your use of our website located at **{{BASE_URL}}** (together or individually “Service”) operated by **{{TOS_MAINTAINER}}**.
 
 Our Privacy Policy also governs your use of our Service and explains how we collect, safeguard and disclose information that results from your use of our web pages.
 
 Your agreement with us includes these Terms and our Privacy Policy (“Agreements”). You acknowledge that you have read and understood Agreements, and agree to be bound of them.
 
-If you do not agree with (or cannot comply with) Agreements, then you may not use the Service, but please let us know by emailing at **[email protected]** so we can try to find a solution. These Terms apply to all visitors, users and others who wish to access or use Service.
+If you do not agree with (or cannot comply with) Agreements, then you may not use the Service, but please let us know by emailing at **{{TOS_MAIL}}** so we can try to find a solution. These Terms apply to all visitors, users and others who wish to access or use Service.
 
 ## 2. Content
 
@@ -24,9 +24,9 @@ By posting Content on or through Service, You represent and warrant that: (i) Co
 
 You retain any and all of your rights to any Content you submit, post or display on or through Service and you are responsible for protecting those rights. We take no responsibility and assume no liability for Content you or any third party posts on or through Service. However, by posting Content using Service you grant us the right and license to use, modify, publicly perform, publicly display, reproduce, and distribute such Content on and through Service. You agree that this license includes the right for us to make your Content available to other users of Service, who may also use your Content subject to these Terms.
 
-Sharzy has the right but not the obligation to monitor and edit all Content provided by users.
+{{TOS_MAINTAINER}} has the right but not the obligation to monitor and edit all Content provided by users.
 
-In addition, Content found on or through this Service are the property of Sharzy or used with permission. You may not distribute, modify, transmit, reuse, download, repost, copy, or use said Content, whether in whole or in part, for commercial purposes or for personal gain, without express advance written permission from us.
+In addition, Content found on or through this Service are the property of {{TOS_MAINTAINER}} or used with permission. You may not distribute, modify, transmit, reuse, download, repost, copy, or use said Content, whether in whole or in part, for commercial purposes or for personal gain, without express advance written permission from us.
 
 ## 3. Prohibited Uses
 
@@ -70,13 +70,13 @@ We may use third-party Service Providers to monitor and analyze the use of our S
 
 ## 5. Intellectual Property
 
-Service and its original content (excluding Content provided by users), features and functionality are and will remain the exclusive property of Sharzy and its licensors. Service is protected by copyright, trademark, and other laws of  and foreign countries. Our trademarks may not be used in connection with any product or service without the prior written consent of Sharzy.
+Service and its original content (excluding Content provided by users), features and functionality are and will remain the exclusive property of {{TOS_MAINTAINER}} and its licensors. Service is protected by copyright, trademark, and other laws of  and foreign countries. Our trademarks may not be used in connection with any product or service without the prior written consent of {{TOS_MAINTAINER}}.
 
 ## 6. Copyright Policy
 
 We respect the intellectual property rights of others. It is our policy to respond to any claim that Content posted on Service infringes on the copyright or other intellectual property rights (“Infringement”) of any person or entity.
 
-If you are a copyright owner, or authorized on behalf of one, and you believe that the copyrighted work has been copied in a way that constitutes copyright infringement, please submit your claim via email to [email protected], with the subject line: “Copyright Infringement” and include in your claim a detailed description of the alleged Infringement as detailed below, under “DMCA Notice and Procedure for Copyright Infringement Claims”
+If you are a copyright owner, or authorized on behalf of one, and you believe that the copyrighted work has been copied in a way that constitutes copyright infringement, please submit your claim via email to {{TOS_MAIL}} with the subject line: “Copyright Infringement” and include in your claim a detailed description of the alleged Infringement as detailed below, under “DMCA Notice and Procedure for Copyright Infringement Claims”
 
 You may be held accountable for damages (including costs and attorneys’ fees) for misrepresentation or bad-faith claims on the infringement of any Content found on and/or through Service on your copyright.
 
@@ -96,17 +96,17 @@ You may submit a notification pursuant to the Digital Millennium Copyright Act (
 
 7.6. a statement by you, made under penalty of perjury, that the above information in your notice is accurate and that you are the copyright owner or authorized to act on the copyright owner’s behalf.
 
-You can contact our Copyright Agent via email at [email protected].
+You can contact our Copyright Agent via email at {{TOS_MAIL}}.
 
 ## 8. Error Reporting and Feedback
 
-You may provide us either directly at [email protected] or via third party sites and tools with information and feedback concerning errors, suggestions for improvements, ideas, problems, complaints, and other matters related to our Service (“Feedback”). You acknowledge and agree that: (i) you shall not retain, acquire or assert any intellectual property right or other right, title or interest in or to the Feedback; (ii) Company may have development ideas similar to the Feedback; (iii) Feedback does not contain confidential information or proprietary information from you or any third party; and (iv) Company is not under any obligation of confidentiality with respect to the Feedback. In the event the transfer of the ownership to the Feedback is not possible due to applicable mandatory laws, you grant Company and its affiliates an exclusive, transferable, irrevocable, free-of-charge, sub-licensable, unlimited and perpetual right to use (including copy, modify, create derivative works, publish, distribute and commercialize) Feedback in any manner and for any purpose.
+You may provide us either directly at {{TOS_MAIL}} or via third party sites and tools with information and feedback concerning errors, suggestions for improvements, ideas, problems, complaints, and other matters related to our Service (“Feedback”). You acknowledge and agree that: (i) you shall not retain, acquire or assert any intellectual property right or other right, title or interest in or to the Feedback; (ii) Company may have development ideas similar to the Feedback; (iii) Feedback does not contain confidential information or proprietary information from you or any third party; and (iv) Company is not under any obligation of confidentiality with respect to the Feedback. In the event the transfer of the ownership to the Feedback is not possible due to applicable mandatory laws, you grant Company and its affiliates an exclusive, transferable, irrevocable, free-of-charge, sub-licensable, unlimited and perpetual right to use (including copy, modify, create derivative works, publish, distribute and commercialize) Feedback in any manner and for any purpose.
 
 ## 9. Links To Other Web Sites
 
-Our Service may contain links to third party web sites or services that are not owned or controlled by Sharzy.
+Our Service may contain links to third party web sites or services that are not owned or controlled by {{TOS_MAINTAINER}}.
 
-Sharzy has no control over, and assumes no responsibility for the content, privacy policies, or practices of any third party web sites or services. We do not warrant the offerings of any of these entities/individuals or their websites.
+{{TOS_MAINTAINER}} has no control over, and assumes no responsibility for the content, privacy policies, or practices of any third party web sites or services. We do not warrant the offerings of any of these entities/individuals or their websites.
 
 YOU ACKNOWLEDGE AND AGREE THAT COMPANY SHALL NOT BE RESPONSIBLE OR LIABLE, DIRECTLY OR INDIRECTLY, FOR ANY DAMAGE OR LOSS CAUSED OR ALLEGED TO BE CAUSED BY OR IN CONNECTION WITH USE OF OR RELIANCE ON ANY SUCH CONTENT, GOODS OR SERVICES AVAILABLE ON OR THROUGH ANY SUCH THIRD PARTY WEB SITES OR SERVICES.
 
@@ -164,5 +164,5 @@ BY USING SERVICE OR OTHER SERVICES PROVIDED BY US, YOU ACKNOWLEDGE THAT YOU HAVE
 
 ## 18. Contact Us
 
-Please send your feedback, comments, requests for technical support by email: **[email protected]**.
+Please send your feedback, comments, requests for technical support by email: **{{TOS_MAIL}}**.
 

package.json

@@ -7,7 +7,8 @@
   "main": "dist/worker.js",
   "type": "module",
   "scripts": {
-    "deploy": "wrangler deploy"
+    "deploy": "wrangler deploy",
+    "dev": "wrangler dev --var BASE_URL:http://localhost:8787"
   },
   "author": "SharzyL <[email protected]>",
   "license": "MIT",

src/auth.js

@@ -1,5 +1,4 @@
 import { WorkerError } from "./common.js";
-import conf from '../config.json'
 
 function parseBasicAuth(request) {
   const Authorization = request.headers.get('Authorization');
@@ -27,25 +26,35 @@ function parseBasicAuth(request) {
   };
 }
 
-export function verifyAuth(request) {
-  if ('basicAuth' in conf && conf.basicAuth.enabled === true) {
-    if (request.headers.has('Authorization')) {
-      const { user, pass } = parseBasicAuth(request)
-      const passwdMap = conf.basicAuth.passwd
-      if (passwdMap[user] === undefined) {
-        throw new WorkerError(401, "user not found for basic auth")
-      } else if (passwdMap[user] !== pass) {
-        throw new WorkerError(401, "incorrect passwd for basic auth")
-      }
+// return true if auth passes or is not required,
+// return auth page if auth is required
+// throw WorkerError if auth failed
+export function verifyAuth(request, env) {
+  // pass auth if 'BASIC_AUTH' is not present
+  console.log(env)
+  if (!('BASIC_AUTH' in env)) return null
+
+  const passwdMap = new Map(Object.entries(env['BASIC_AUTH']))
+
+  // pass auth if 'BASIC_AUTH' is empty
+  if (passwdMap.size == 0) return null
+
+  if (request.headers.has('Authorization')) {
+    const { user, pass } = parseBasicAuth(request)
+    if (passwdMap.get(user) === undefined) {
+      throw new WorkerError(401, "user not found for basic auth")
+    } else if (passwdMap.get(user) !== pass) {
+      throw new WorkerError(401, "incorrect passwd for basic auth")
     } else {
-      return new Response('HTTP basic auth is required', {
-        status: 401,
-        headers: {
-          // Prompts the user for credentials.
-          'WWW-Authenticate': 'Basic realm="my scope", charset="UTF-8"',
-        },
-      });
+      return null
     }
+  } else {
+    return new Response('HTTP basic auth is required', {
+      status: 401,
+      headers: {
+        // Prompts the user for credentials.
+        'WWW-Authenticate': 'Basic realm="my scope", charset="UTF-8"',
+      },
+    });
   }
-  return null
 }