Windows 7 x64, Chromium-based browser, 1024x768.

Those scrollbars, aggrrhh!

The API is already available. A shell script needs to be created to easily upload pastes and fetch pastes. Should preferably support encryption/decryption and password protection.

Enable using custom paths for pastes instead of a random string. A new textbox (with proper validation) can be added to the home page for this.

Bonus points: Add a flag in the .env file so that custom paths can be enabled for everyone, only for registered users or disabled globally.

Reproduction Steps:

1. Navigate to /register
2. Enter an email address that either:

• has a domain with a 5 character long or longer TLD (e.g., [email protected]), or
• has a username that uses the + character (e.g., [email protected])

3. Fill out the other fields, then click "Register."

Expected Result:
An email is sent and the "Please check your e-mail for verification link" message is shown onscreen.

Actual Result:
No email is sent, and a different message, "Invalid email address" is shown onscreen.

I believe the culprit is https://github.com/Yureien/YABin/blob/main/src/lib/server/validate.ts#L1:

const emailRegex = /^[\w-\.]+@([\w-]+\.)+[\w-]{2,4}$/g;

Some other valid addresses that are considered invalid (that someone might theoretically want to be able to register with, particularly if YABin is deployed on their own network) include:

• username@localhost
• username@[192.168.1.9]
• [email protected]

There are also a ton of "valid" addresses that it does not allow, but that are so rare as to probably not worth accounting for, like "user name"@example.com

Addressing the specific issues I ran into, with minimal changes, could be achieved with the following three character change (NOTE: The removal of the g flag is because the regex is stateful when it is set, and that is undesirable):

const emailRegex = /^[\w-+.]+@([\w-]+\.)+[\w-]{2,}$/;

Alternatively, here's a more complex regex that correctly handles more types of invalid addresses:

const emailRegex = /^([\w%+-]+\.)*[\w%+-]+@([A-Z0-9-]+\.)+[A-Z0-9-]{2,}$/i;

This doesn't validate the @[IP address ending in a single digit octet] or @localhost emails, but my understanding is those are extremely rare, anyway, and they're not validated by the current regex, anyway, so it isn't a regression. It correctly prohibits the username part from ending with a period and allows % in the username portion, which is technically allowed (but I've never seen it used). It also correctly prohibits underscores in the domain portion.

Yet another option would be to use an established library like validator, email-validator, isemail, etc.. It looks like the validator library is the most used, very configurable, and seems to be actively developed, but it also has a decent number of open issues related to email validation. It also provides several other validators that you don't need. The other two libraries haven't had a new version pushed in 5+ years, but they still get 500k downloads weekly. From my perspective, that's probably overkill.

Create a dashboard page which will have the following features:

• Ability to edit/view/delete own pastes
• Ability to set defaults such as expiry, should pastes be encrypted by default, etc.
• Change password/user details page

A separate MR can be created for all the above ideas!

Right now, the CLI cannot edit pastes and has no concept of authentication. A login feature can be added and future pastes will be saved with that userId. Additionally, this can enable editing of pastes from the CLI.

Hey there,

I have an issue where sending a rather big file via CLI fails with error: Expecting value: line 1 column 1 (char 0).

The issue does not happen when sending the file to bin.sohamsen.me.

yabin -b https://bin.sohamsen.me create report_file.txt
report_file.txt
https://bin.sohamsen.me/ti44j

Tried both with and without reverse proxy.

Smaller files with a few lines work as expected.

Is there a way to enable some debugging in docker logs or are there some settings that could be adjusted?

Cheers

Considering adding editing feature? For example, paste belongs to me, and I have its password, so I can change its content at any time, so that it can be used as a content link.

It would be great if you can add a custom path feature (with the editing function).

Of course, this is just my request for personal idealization.

YABin is so well now that I've hosted it myself.

Thanks for this project - I've tried a few pastebins and this seems the most usable and with most of the features I need.

I've deployed a public instance but I'd like to restrict creating pastes to logged-in users that only I as admin can create accounts for. As a related point, the PUBLIC_REGISRATION_ENABLED option (note the typo!), when disabled, removes both the login button and the register button. I'd like to remove the register button but keep the login facility, which would be needed for pasting - actually the login page is still accessible but the lack of link means the URL must be entered manually.

Current behaviour:

• The user can go back to the /login route by the back button or by entering the url.

Expected behaviour:

• The user should be redirected to the main page when attempting to go to the login page.

The documentation does not mention all the steps necessary to run the project localy. As we also need to add the migrations to the database and then run them so changing it might be helpful for faster setup of new contributers.

I have issue with"burn after read" as when it's checked, the file opens immediately upon saving on the current page, making it impossible for anyone other than the author to read it because the link expires right after creation. The second issue is that if "encrypted" is checked and the password isn't entered, a lot of random characters appear in the link. In my opinion, there should be an option for default disabling of this for EVERYONE rather than in the settings for just one user, for example, the option to disable it would be in the .env or Docker config.

Right now, some parts of the code are a mess. It can be refactored (such as moving common layout to a +layout.svelte file or moving common code to the lib folder).

1. Is it possible to set an expire date / X days (hours etc.) from creation
2. Login options to manage links / paste
3. Will everything be wiped when you restart for example the docker container

Maybe you can explain these things a bit more in the Readme :-D

Thanks for the good work!

Implement a page to reset the password (via email).

Do not show this page if MAIL_ENABLED is set to false.

Bonus points: If MAIL_ENABLED is set to false, create a new environment variable such as RECOVERY_KEY which will instead be used to reset the password.

1. cannot create a new paste using the same initVector
   If you run the command below, you will encounter an error like {"message":"Internal Error"}. But if you change the initVector variable, a new paste can be created without problems.

curl -H "Content-Type: application/json" -X POST -d '{"content": "Ciallo～(∠・ω< )⌒★", "config": {"language": "plaintext", "encrypted": true, "expiresAfter": 3600, "burnAfterRead": false}, "passwordProtected": false, "initVector": "27DIWK00yDiGx003"}' https://bin.sohamsen.me/api/paste

2. meaning of encrypted and passwordProtected
   It seems like on the API side, encrypted and passwordProtected have no effect on enhancing data security, cause it always return full information of a paste.

curl "https://bin.sohamsen.me/api/paste?key=121o2
# {"success":true,"data":{"key":"121o2","content":"Ciallo～(∠・ω< )⌒★","encrypted":true,"passwordProtected":true,"initVector":"27DIWK00yDiGx004","language":"plaintext"}}