pste-server 0.1.0__tar.gz

pste_server-0.1.0/.gitignore

@@ -0,0 +1,12 @@
+__pycache__/
+*.pyc
+.env
+data/
+dist/
+.venv/
+*.egg-info/
+*.egg
+.pytest_cache/
+build/
+*.coverage
+.coverage

pste_server-0.1.0/Dockerfile

@@ -0,0 +1,13 @@
+FROM python:3.12-slim
+LABEL org.opencontainers.image.source="https://github.com/crognlie/pste"
+LABEL org.opencontainers.image.licenses="MIT"
+RUN useradd -m -u 1000 pste
+WORKDIR /app
+COPY . .
+RUN pip install --no-cache-dir ".[gcs]" \
+    && mkdir -p /app/data \
+    && chown pste:pste /app/data
+USER pste
+EXPOSE 8000
+ENV SQLITE_PATH=/app/data/pste.db
+CMD ["pste-server"]

pste_server-0.1.0/PKG-INFO

@@ -0,0 +1,147 @@
+Metadata-Version: 2.4
+Name: pste-server
+Version: 0.1.0
+Summary: Self-hosted paste server (sprunge-inspired) with API key auth, soft-delete, and configurable storage
+Project-URL: Homepage, https://github.com/crognlie/pste
+Project-URL: Repository, https://github.com/crognlie/pste
+License: MIT
+Keywords: cli,paste,pastebin,self-hosted,sprunge
+Requires-Python: >=3.11
+Requires-Dist: click>=8.1
+Requires-Dist: fastapi>=0.110
+Requires-Dist: pygments>=2.17
+Requires-Dist: python-multipart>=0.0.9
+Requires-Dist: sqlalchemy>=2.0
+Requires-Dist: uvicorn[standard]>=0.29
+Provides-Extra: gcs
+Requires-Dist: google-cloud-storage>=2.0; extra == 'gcs'
+Requires-Dist: psycopg2-binary>=2.9; extra == 'gcs'
+Provides-Extra: postgresql
+Requires-Dist: psycopg2-binary>=2.9; extra == 'postgresql'
+Provides-Extra: test
+Requires-Dist: httpx2>=0.28; extra == 'test'
+Requires-Dist: pytest-timeout>=2.3; extra == 'test'
+Requires-Dist: pytest>=8.0; extra == 'test'
+Requires-Dist: requests>=2.31; extra == 'test'
+Description-Content-Type: text/markdown
+
+# pste-server
+
+Self-hosted paste server inspired by [sprunge](http://sprunge.us). Pastes are world-readable; creating requires an API key.
+
+**HTTPS is required in production.** API keys appear in the `Authorization` header and in the `/?key=<key>` query string used by the web form — both are exposed over plain HTTP. pste-server speaks plain HTTP on port 8000; use a reverse proxy or tunnel to terminate TLS. See [`examples/Caddyfile`](examples/Caddyfile) and [`examples/compose-cloudflare.yml`](examples/compose-cloudflare.yml).
+
+## Quick start
+
+```bash
+pip install -e .
+BASE_URL=https://pste.example.com pste-server
+
+# Add your first API key — prints the bookmark URL directly
+pste-admin key add --user alice
+# -> https://pste.example.com/?key=AbCd1234...
+
+# Set PSTE_URL on the client to that URL, then:
+echo "hello" | pste
+# -> https://pste.example.com/AB1234
+pste AB1234
+# -> hello
+```
+
+See [`examples/`](examples/) for Docker Compose, Cloudflare Tunnel, and cloud deployment configurations.
+
+## API
+
+```
+GET  /              Help page (add ?key=<key> for the paste web form)
+POST /              Create paste (requires Authorization: Bearer <key>)
+GET  /<id>          Fetch paste as plain text
+GET  /<id>?<lang>   Fetch with Pygments syntax highlighting + copy button
+```
+
+**Creating pastes:**
+
+| Field | Type | Description |
+|---|---|---|
+| `pste` | string | Paste content (required) |
+| `lang` | string | Pygments lexer name for syntax highlighting |
+| `auto_detect` | `1` | Auto-detect language (Pygments, >0.5 confidence threshold) |
+| `single_view` | `1` | Delete after first read |
+| `expires_at` | ISO8601 UTC | Absolute expiry timestamp |
+| `expires_in_n` | integer | Expiry amount (used with `expires_in_unit`) |
+| `expires_in_unit` | H/D/W/M | Expiry unit: hours, days, weeks, minutes |
+
+`lang` and `auto_detect` are mutually exclusive — if `lang` is provided, auto-detection is skipped. `expires_at` and `expires_in_n`/`expires_in_unit` are also mutually exclusive.
+
+**Fetching pastes:**
+
+- `GET /<id>` — always plain text, regardless of stored lang
+- `GET /<id>?<lang>` — Pygments-highlighted HTML with table line numbers (line numbers have `user-select: none` so Ctrl-A copies only code) and a Copy button
+- `GET /<id>?none` — plain text (same as bare GET)
+
+## Web form
+
+Open `/?key=<key>` in a browser to use the paste web form. The key is embedded in the bookmark URL; paste it from `pste-admin key add` output. The form includes:
+
+- Textarea for paste content
+- Single-view checkbox
+- Expiry controls (number + H/D/W/M dropdown)
+- Language dropdown (auto-detect default, 27 common lexers)
+
+When submitted with **language auto-detect** (default), if Pygments identifies the language with >0.5 confidence the result page shows both the plain URL and a highlighted URL. When a **specific language** is selected the result shows only the highlighted `?<lang>` URL.
+
+## Managing API keys
+
+```bash
+# Add a key (prints the full bookmark URL)
+pste-admin key add --user alice --notes "personal laptop"
+
+# Specify your own key value (must be [A-Za-z0-9])
+pste-admin key add --key MySecretKey --user alice
+
+# List all keys
+pste-admin key list
+
+# Revoke by key value (immediate, no confirmation)
+pste-admin key revoke --key <key-value>
+
+# Revoke all keys for a user or matching notes (lists keys, requires y to confirm)
+pste-admin key revoke --user alice
+pste-admin key revoke --notes "old laptop"
+
+# Update key metadata
+pste-admin key set --user alice --notes "rotated 2026-07"
+pste-admin key set --key <key-value> --disabled true
+
+# List pastes (shows ID, created, lang, key, deleted status)
+pste-admin paste list --user alice
+```
+
+Keys take effect immediately — no restart required.
+
+## Environment variables
+
+| Variable | Default | Description |
+|---|---|---|
+| `BASE_URL` | `http://localhost:8000` | Public URL used in paste links and key add output |
+| `PORT` | `8000` | Listen port |
+| `STORAGE_BACKEND` | `sqlite` | `sqlite`, `postgresql`, or `gcs` |
+| `SQLITE_PATH` | `./data/pste.db` | SQLite DB path |
+| `DATABASE_URL` | — | PostgreSQL connection string |
+| `GCS_BUCKET` | — | GCS bucket name |
+| `MAX_PASTE_BYTES` | `1048576` | Max paste size (bytes) |
+| `DARK_MODE` | `false` | Use `github-dark` as the highlight style; default (unset) uses `default` (light) |
+| `HIGHLIGHT_STYLE` | — | Pin to any [Pygments style](https://pygments.org/styles/) name, ignoring `DARK_MODE` |
+
+### Deletion
+
+By default, expired and single-view pastes are **soft-deleted** — `deleted_at` is set and they become inaccessible, but the row is retained. The variables below control hard deletion.
+
+| Variable | Default | Description |
+|---|---|---|
+| `DELETE_ON_EXPIRE` | `false` | Hard-delete immediately on expiry |
+| `DELETE_ON_SINGLE_VIEW` | `false` | Hard-delete immediately on first view |
+| `DELETE_AFTER_EXPIRE` | `7D` | Hard-delete soft-deleted expired rows after this duration |
+| `DELETE_AFTER_SINGLE_VIEW` | `7D` | Hard-delete soft-deleted single-view rows after this duration |
+
+Duration format for `DELETE_AFTER_*`: integer + `H` (hours), `D` (days), `W` (weeks), or `M` (minutes). Set to empty string (`DELETE_AFTER_EXPIRE=`) to disable deferred hard-deletion entirely. `DELETE_AFTER_*` runs on a 30-minute cycle, independently of `DELETE_ON_*`.

pste_server-0.1.0/README.md

@@ -0,0 +1,120 @@
+# pste-server
+
+Self-hosted paste server inspired by [sprunge](http://sprunge.us). Pastes are world-readable; creating requires an API key.
+
+**HTTPS is required in production.** API keys appear in the `Authorization` header and in the `/?key=<key>` query string used by the web form — both are exposed over plain HTTP. pste-server speaks plain HTTP on port 8000; use a reverse proxy or tunnel to terminate TLS. See [`examples/Caddyfile`](examples/Caddyfile) and [`examples/compose-cloudflare.yml`](examples/compose-cloudflare.yml).
+
+## Quick start
+
+```bash
+pip install -e .
+BASE_URL=https://pste.example.com pste-server
+
+# Add your first API key — prints the bookmark URL directly
+pste-admin key add --user alice
+# -> https://pste.example.com/?key=AbCd1234...
+
+# Set PSTE_URL on the client to that URL, then:
+echo "hello" | pste
+# -> https://pste.example.com/AB1234
+pste AB1234
+# -> hello
+```
+
+See [`examples/`](examples/) for Docker Compose, Cloudflare Tunnel, and cloud deployment configurations.
+
+## API
+
+```
+GET  /              Help page (add ?key=<key> for the paste web form)
+POST /              Create paste (requires Authorization: Bearer <key>)
+GET  /<id>          Fetch paste as plain text
+GET  /<id>?<lang>   Fetch with Pygments syntax highlighting + copy button
+```
+
+**Creating pastes:**
+
+| Field | Type | Description |
+|---|---|---|
+| `pste` | string | Paste content (required) |
+| `lang` | string | Pygments lexer name for syntax highlighting |
+| `auto_detect` | `1` | Auto-detect language (Pygments, >0.5 confidence threshold) |
+| `single_view` | `1` | Delete after first read |
+| `expires_at` | ISO8601 UTC | Absolute expiry timestamp |
+| `expires_in_n` | integer | Expiry amount (used with `expires_in_unit`) |
+| `expires_in_unit` | H/D/W/M | Expiry unit: hours, days, weeks, minutes |
+
+`lang` and `auto_detect` are mutually exclusive — if `lang` is provided, auto-detection is skipped. `expires_at` and `expires_in_n`/`expires_in_unit` are also mutually exclusive.
+
+**Fetching pastes:**
+
+- `GET /<id>` — always plain text, regardless of stored lang
+- `GET /<id>?<lang>` — Pygments-highlighted HTML with table line numbers (line numbers have `user-select: none` so Ctrl-A copies only code) and a Copy button
+- `GET /<id>?none` — plain text (same as bare GET)
+
+## Web form
+
+Open `/?key=<key>` in a browser to use the paste web form. The key is embedded in the bookmark URL; paste it from `pste-admin key add` output. The form includes:
+
+- Textarea for paste content
+- Single-view checkbox
+- Expiry controls (number + H/D/W/M dropdown)
+- Language dropdown (auto-detect default, 27 common lexers)
+
+When submitted with **language auto-detect** (default), if Pygments identifies the language with >0.5 confidence the result page shows both the plain URL and a highlighted URL. When a **specific language** is selected the result shows only the highlighted `?<lang>` URL.
+
+## Managing API keys
+
+```bash
+# Add a key (prints the full bookmark URL)
+pste-admin key add --user alice --notes "personal laptop"
+
+# Specify your own key value (must be [A-Za-z0-9])
+pste-admin key add --key MySecretKey --user alice
+
+# List all keys
+pste-admin key list
+
+# Revoke by key value (immediate, no confirmation)
+pste-admin key revoke --key <key-value>
+
+# Revoke all keys for a user or matching notes (lists keys, requires y to confirm)
+pste-admin key revoke --user alice
+pste-admin key revoke --notes "old laptop"
+
+# Update key metadata
+pste-admin key set --user alice --notes "rotated 2026-07"
+pste-admin key set --key <key-value> --disabled true
+
+# List pastes (shows ID, created, lang, key, deleted status)
+pste-admin paste list --user alice
+```
+
+Keys take effect immediately — no restart required.
+
+## Environment variables
+
+| Variable | Default | Description |
+|---|---|---|
+| `BASE_URL` | `http://localhost:8000` | Public URL used in paste links and key add output |
+| `PORT` | `8000` | Listen port |
+| `STORAGE_BACKEND` | `sqlite` | `sqlite`, `postgresql`, or `gcs` |
+| `SQLITE_PATH` | `./data/pste.db` | SQLite DB path |
+| `DATABASE_URL` | — | PostgreSQL connection string |
+| `GCS_BUCKET` | — | GCS bucket name |
+| `MAX_PASTE_BYTES` | `1048576` | Max paste size (bytes) |
+| `DARK_MODE` | `false` | Use `github-dark` as the highlight style; default (unset) uses `default` (light) |
+| `HIGHLIGHT_STYLE` | — | Pin to any [Pygments style](https://pygments.org/styles/) name, ignoring `DARK_MODE` |
+
+### Deletion
+
+By default, expired and single-view pastes are **soft-deleted** — `deleted_at` is set and they become inaccessible, but the row is retained. The variables below control hard deletion.
+
+| Variable | Default | Description |
+|---|---|---|
+| `DELETE_ON_EXPIRE` | `false` | Hard-delete immediately on expiry |
+| `DELETE_ON_SINGLE_VIEW` | `false` | Hard-delete immediately on first view |
+| `DELETE_AFTER_EXPIRE` | `7D` | Hard-delete soft-deleted expired rows after this duration |
+| `DELETE_AFTER_SINGLE_VIEW` | `7D` | Hard-delete soft-deleted single-view rows after this duration |
+
+Duration format for `DELETE_AFTER_*`: integer + `H` (hours), `D` (days), `W` (weeks), or `M` (minutes). Set to empty string (`DELETE_AFTER_EXPIRE=`) to disable deferred hard-deletion entirely. `DELETE_AFTER_*` runs on a 30-minute cycle, independently of `DELETE_ON_*`.

pste_server-0.1.0/examples/Caddyfile

@@ -0,0 +1,15 @@
+pste.example.com {
+    # Omit query strings from logs so /?key=<key> isn't recorded
+    log {
+        format filter {
+            wrap json
+            fields {
+                request>uri replace {
+                    regexp "\\?.*$" ""
+                }
+            }
+        }
+    }
+
+    reverse_proxy localhost:8000
+}

pste_server-0.1.0/examples/cloud.md

@@ -0,0 +1,256 @@
+# Cloud deployment
+
+## GCP: Cloud Run + Cloud SQL + GCS
+
+Complete walkthrough from zero to a running pste instance. All commands use
+the `gcloud` and `gsutil` CLIs. The only step that requires the Cloud Console
+UI is creating the service account and downloading its JSON key — everything
+else runs from a terminal.
+
+### Prerequisites
+
+- Google Cloud project with billing enabled
+- `gcloud` CLI installed (`gcloud auth login`, `gcloud config set project YOUR_PROJECT`)
+- **In Cloud Console:** IAM & Admin → Service Accounts → Create Service Account
+  named `pste` with no roles (we assign roles below) → Keys → Add Key → JSON.
+  Save the downloaded file as `pste-sa-key.json`.
+
+### 0. Set variables
+
+```bash
+export PROJECT_ID=$(gcloud config get-value project)
+export REGION=us-central1
+export SA_EMAIL="pste@${PROJECT_ID}.iam.gserviceaccount.com"
+export SA_KEY=/path/to/pste-sa-key.json
+export BUCKET="${PROJECT_ID}-pste-pastes"
+```
+
+### 1. Enable APIs
+
+```bash
+gcloud services enable \
+  run.googleapis.com \
+  sqladmin.googleapis.com \
+  storage.googleapis.com \
+  secretmanager.googleapis.com \
+  sql-component.googleapis.com
+```
+
+### 2. Create Cloud Storage bucket
+
+```bash
+gcloud storage buckets create gs://$BUCKET \
+  --location=$REGION \
+  --uniform-bucket-level-access
+```
+
+### 3. Create Cloud SQL (PostgreSQL) instance
+
+```bash
+gcloud sql instances create pste-db \
+  --database-version=POSTGRES_16 \
+  --tier=db-f1-micro \
+  --edition=ENTERPRISE \
+  --region=$REGION
+
+gcloud sql databases create pste --instance=pste-db
+
+DB_PASS=$(openssl rand -base64 24 | tr -d '/+=')
+gcloud sql users create pste --instance=pste-db --password="$DB_PASS"
+```
+
+> **Note:** `db-f1-micro` requires `--edition=ENTERPRISE`. New projects default
+> to ENTERPRISE_PLUS, which only supports the `db-perf-optimized-N-*` tiers.
+
+### 4. Grant service account permissions
+
+```bash
+# Read/write paste content in GCS
+gcloud storage buckets add-iam-policy-binding gs://$BUCKET \
+  --member="serviceAccount:${SA_EMAIL}" \
+  --role="roles/storage.objectAdmin"
+
+# Connect to Cloud SQL
+gcloud projects add-iam-policy-binding $PROJECT_ID \
+  --member="serviceAccount:${SA_EMAIL}" \
+  --role="roles/cloudsql.client"
+
+# Read secrets from Secret Manager
+gcloud projects add-iam-policy-binding $PROJECT_ID \
+  --member="serviceAccount:${SA_EMAIL}" \
+  --role="roles/secretmanager.secretAccessor"
+```
+
+### 5. Store database URL in Secret Manager
+
+Cloud Run connects to Cloud SQL via a Unix socket at
+`/cloudsql/PROJECT:REGION:INSTANCE`. The `@/pste` form (empty TCP host)
+tells psycopg2 to use the `host` query parameter as the socket directory.
+
+```bash
+DB_URL="postgresql://pste:${DB_PASS}@/pste?host=/cloudsql/${PROJECT_ID}:${REGION}:pste-db"
+printf '%s' "$DB_URL" | gcloud secrets create pste-db-url --data-file=-
+```
+
+### 6. Push image to Artifact Registry
+
+Cloud Run only accepts images from GCR, Artifact Registry, or Docker Hub —
+not GHCR directly. Push the image to Artifact Registry first:
+
+```bash
+# Enable Artifact Registry and create a repository
+gcloud services enable artifactregistry.googleapis.com
+gcloud artifacts repositories create pste \
+  --repository-format=docker \
+  --location=$REGION
+
+# Configure docker auth and push
+gcloud auth configure-docker ${REGION}-docker.pkg.dev --quiet
+IMAGE="${REGION}-docker.pkg.dev/${PROJECT_ID}/pste/pste-server:latest"
+docker pull ghcr.io/crognlie/pste:latest
+docker tag ghcr.io/crognlie/pste:latest $IMAGE
+docker push $IMAGE
+```
+
+> If you're deploying from a machine without Docker, you can also build with
+> Cloud Build: `gcloud builds submit --tag $IMAGE server/`
+
+### 7. Deploy to Cloud Run
+
+Cloud Run needs to know `BASE_URL` (for paste link generation), but you don't
+know the URL until after the first deploy. Deploy once to get the URL, then
+update the service.
+
+```bash
+IMAGE="${REGION}-docker.pkg.dev/${PROJECT_ID}/pste/pste-server:latest"
+
+gcloud run deploy pste-server \
+  --image $IMAGE \
+  --platform managed \
+  --region $REGION \
+  --service-account $SA_EMAIL \
+  --set-env-vars "STORAGE_BACKEND=gcs,GCS_BUCKET=${BUCKET}" \
+  --set-secrets "DATABASE_URL=pste-db-url:latest" \
+  --add-cloudsql-instances "${PROJECT_ID}:${REGION}:pste-db" \
+  --allow-unauthenticated \
+  --port 8000
+
+# Get the assigned URL and redeploy with BASE_URL set
+BASE_URL=$(gcloud run services describe pste-server \
+  --region $REGION --format 'value(status.url)')
+
+gcloud run services update pste-server \
+  --region $REGION \
+  --update-env-vars "BASE_URL=${BASE_URL}"
+
+echo "Service running at $BASE_URL"
+```
+
+### 8. Add your first API key
+
+Use the [Cloud SQL Auth Proxy](https://cloud.google.com/sql/docs/postgres/sql-proxy)
+to open a local tunnel, then run `pste-admin` locally against it.
+**Set `STORAGE_BACKEND=gcs`** so pste-admin connects to PostgreSQL instead of
+defaulting to a local SQLite file.
+
+```bash
+# Download the proxy (Linux x86-64; see docs for other platforms)
+curl -Lo cloud-sql-proxy https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v2.14.1/cloud-sql-proxy.linux.amd64
+chmod +x cloud-sql-proxy
+
+# Start the proxy in the background
+GOOGLE_APPLICATION_CREDENTIALS=$SA_KEY \
+  ./cloud-sql-proxy "${PROJECT_ID}:${REGION}:pste-db" --port 5432 &
+PROXY_PID=$!
+
+# Run pste-admin key add (STORAGE_BACKEND=gcs selects the postgresql engine)
+STORAGE_BACKEND=gcs \
+  DATABASE_URL="postgresql://pste:${DB_PASS}@localhost:5432/pste" \
+  GOOGLE_APPLICATION_CREDENTIALS=$SA_KEY \
+  pste-admin key add --user admin
+# -> http://localhost:8000/?key=AbCd1234...
+# (Replace localhost:8000 with $BASE_URL to get your bookmark URL)
+
+kill $PROXY_PID
+```
+
+### 9. Test with the CLI
+
+```bash
+export PSTE_URL="${BASE_URL}/?key=AbCd1234..."
+echo "hello from GCP" | pste
+pste AB1234
+```
+
+---
+
+## Testing GCS storage locally
+
+To run the server test suite against a real GCS bucket (covers `storage.py`
+GCS paths that can't be tested with mocks):
+
+```bash
+# Start Cloud SQL Auth Proxy (see step 8 above)
+GOOGLE_APPLICATION_CREDENTIALS=$SA_KEY \
+  ./cloud-sql-proxy "${PROJECT_ID}:${REGION}:pste-db" --port 5432 &
+
+cd server
+pip install -e ".[postgresql,gcs]"
+STORAGE_BACKEND=gcs \
+  GCS_BUCKET=$BUCKET \
+  DATABASE_URL="postgresql://pste:${DB_PASS}@localhost:5432/pste" \
+  GOOGLE_APPLICATION_CREDENTIALS=$SA_KEY \
+  python3 -m pytest
+```
+
+---
+
+## AWS: ECS Fargate + RDS + S3
+
+### Infrastructure overview
+
+| Component | AWS service |
+|---|---|
+| Container | ECS Fargate |
+| Database | RDS PostgreSQL |
+| Blob storage | S3 (via `[s3]` extra — see note) |
+| Secrets | AWS Secrets Manager |
+| DNS/TLS | ACM + Application Load Balancer |
+
+> **Note:** The `[s3]` storage backend is not yet implemented. Use `postgresql`
+> backend (store content in RDS) for AWS deployments.
+
+### Example task definition environment
+
+```json
+{
+  "environment": [
+    {"name": "STORAGE_BACKEND", "value": "postgresql"},
+    {"name": "BASE_URL", "value": "https://pste.example.com"}
+  ],
+  "secrets": [
+    {"name": "DATABASE_URL", "valueFrom": "arn:aws:secretsmanager:..."}
+  ]
+}
+```
+
+---
+
+## Azure: Container Apps + Azure Database for PostgreSQL + Azure Blob Storage
+
+> **Note:** The Azure Blob Storage backend is not yet implemented. Use
+> `postgresql` backend with Azure Database for PostgreSQL.
+
+### Example
+
+```bash
+az containerapp create \
+  --name pste-server \
+  --resource-group pste-rg \
+  --image ghcr.io/crognlie/pste:latest \
+  --env-vars \
+    STORAGE_BACKEND=postgresql \
+    BASE_URL=https://pste.example.com \
+    DATABASE_URL=secretref:db-url \
+  --ingress external --target-port 8000
+```

pste_server-0.1.0/examples/compose-cloudflare.yml

@@ -0,0 +1,21 @@
+# Expose pste via Cloudflare Tunnel — no open ports or public IP required.
+#
+# Setup:
+# 1. Create a tunnel at https://one.dash.cloudflare.com
+# 2. Point the public hostname (e.g. pste.example.com) to http://pste:8000
+# 3. Set TUNNEL_TOKEN below from the dashboard
+
+services:
+  pste:
+    image: ghcr.io/crognlie/pste:latest
+    environment:
+      BASE_URL: https://pste.example.com
+      # No ports: exposed — cloudflared reaches pste directly on the Docker network
+
+  cloudflared:
+    image: cloudflare/cloudflared:latest
+    command: tunnel --no-autoupdate run
+    environment:
+      TUNNEL_TOKEN: your-tunnel-token-here
+    depends_on:
+      - pste

pste_server-0.1.0/examples/compose-postgres.yml

@@ -0,0 +1,28 @@
+services:
+  pste:
+    image: ghcr.io/crognlie/pste:latest
+    ports:
+      - "8000:8000"
+    environment:
+      STORAGE_BACKEND: postgresql
+      DATABASE_URL: postgresql://pste:changeme@db/pste
+      BASE_URL: https://pste.example.com
+    depends_on:
+      db:
+        condition: service_healthy
+
+  db:
+    image: postgres:16-alpine
+    environment:
+      POSTGRES_USER: pste
+      POSTGRES_PASSWORD: changeme
+      POSTGRES_DB: pste
+    volumes:
+      - pg-data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U pste"]
+      interval: 5s
+      retries: 10
+
+volumes:
+  pg-data:

pste_server-0.1.0/examples/compose-sqlite.yml

@@ -0,0 +1,13 @@
+services:
+  pste:
+    image: ghcr.io/crognlie/pste:latest
+    ports:
+      - "8000:8000"
+    volumes:
+      - pste-data:/app/data
+    environment:
+      BASE_URL: https://pste.example.com
+      MAX_PASTE_BYTES: 1048576
+
+volumes:
+  pste-data:

pste_server-0.1.0/examples/nginx.conf

@@ -0,0 +1,20 @@
+# Nginx reverse proxy for pste-server.
+# Omits query strings from access logs so /?key=<key> isn't logged.
+
+server {
+    listen 443 ssl;
+    server_name pste.example.com;
+
+    # TLS config omitted — use certbot or your preferred method
+
+    log_format pste '$remote_addr - $remote_user [$time_local] '
+                    '"$request_method $uri $server_protocol" $status';
+    access_log /var/log/nginx/pste.log pste;
+
+    location / {
+        proxy_pass http://127.0.0.1:8000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}

pste_server-0.1.0/pyproject.toml

@@ -0,0 +1,37 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "pste-server"
+version = "0.1.0"
+description = "Self-hosted paste server (sprunge-inspired) with API key auth, soft-delete, and configurable storage"
+readme = "README.md"
+license = {text = "MIT"}
+keywords = ["pastebin", "paste", "sprunge", "self-hosted", "cli"]
+requires-python = ">=3.11"
+dependencies = [
+    "fastapi>=0.110",
+    "python-multipart>=0.0.9",
+    "uvicorn[standard]>=0.29",
+    "sqlalchemy>=2.0",
+    "pygments>=2.17",
+    "click>=8.1",
+]
+
+[project.urls]
+Homepage = "https://github.com/crognlie/pste"
+Repository = "https://github.com/crognlie/pste"
+
+[project.optional-dependencies]
+postgresql = ["psycopg2-binary>=2.9"]
+# gcs includes psycopg2-binary because GCS deployments use PostgreSQL for metadata
+gcs = ["google-cloud-storage>=2.0", "psycopg2-binary>=2.9"]
+test = ["pytest>=8.0", "httpx2>=0.28", "pytest-timeout>=2.3", "requests>=2.31"]
+
+[project.scripts]
+pste-server = "pste_server.main:run"
+pste-admin = "pste_server.admin:cli"
+
+[tool.hatch.build.targets.wheel]
+packages = ["src/pste_server"]