Initial commit: Python pastebin application

Author: Maria Drambyan

.gitignore

@@ -0,0 +1,55 @@
+# Use Python as base image
+FROM python:3.11-slim
+
+# Install system dependencies for database
+RUN apt-get update && apt-get install -y \
+    gcc \
+    g++ \
+    && rm -rf /var/lib/apt/lists/*
+
+# Set working directory
+WORKDIR /app
+
+# Copy requirements
+COPY requirements.txt ./
+
+# Install dependencies
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Copy source code
+COPY . .
+
+# Build the frontend
+WORKDIR /app/frontend
+RUN npm install
+RUN npm run build
+
+WORKDIR /app
+
+# Copy built frontend
+RUN mkdir -p static && cp -r frontend/dist/* static/
+
+# Initialize database
+RUN python -c "
+import asyncio
+from backend.database import create_tables, get_engine
+from backend.models.user import User
+from sqlalchemy.ext.asyncio import AsyncSession
+import bcrypt
+
+async def init():
+    engine = get_engine()
+    await create_tables(engine)
+    async with AsyncSession(engine) as session:
+        admin = User(username='admin', password=bcrypt.hashpw(b'admin', bcrypt.gensalt()).decode(), role='admin')
+        session.add(admin)
+        await session.commit()
+
+asyncio.run(init())
+"
+
+# Expose port
+EXPOSE 8000
+
+# Start the server
+CMD ["python", "main.py"]

Dockerfile

@@ -0,0 +1,93 @@
+Elastic License 2.0
+
+URL: https://www.elastic.co/licensing/elastic-license
+
+## Acceptance
+
+By using the software, you agree to all of the terms and conditions below.
+
+## Copyright License
+
+The licensor grants you a non-exclusive, royalty-free, worldwide,
+non-sublicensable, non-transferable license to use, copy, distribute, make
+available, and prepare derivative works of the software, in each case subject to
+the limitations and conditions below.
+
+## Limitations
+
+You may not provide the software to third parties as a hosted or managed
+service, where the service provides users with access to any substantial set of
+the features or functionality of the software.
+
+You may not move, change, disable, or circumvent the license key functionality
+in the software, and you may not remove or obscure any functionality in the
+software that is protected by the license key.
+
+You may not alter, remove, or obscure any licensing, copyright, or other notices
+of the licensor in the software. Any use of the licensor's trademarks is subject
+to applicable law.
+
+## Patents
+
+The licensor grants you a license, under any patent claims the licensor can
+license, or becomes able to license, to make, have made, use, sell, offer for
+sale, import and have imported the software, in each case subject to the
+limitations and conditions in this license. This license does not cover any
+patent claims that you cause to be infringed by modifications or additions to
+the software. If you or your company make any written claim that the software
+infringes or contributes to infringement of any patent, your patent license for
+the software granted under these terms ends immediately. If your company makes
+such a claim, your patent license ends immediately for work on behalf of your
+company.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you
+also gets a copy of these terms.
+
+If you modify the software, you must include in any modified copies of the
+software prominent notices stating that you have modified the software.
+
+## No Other Rights
+
+These terms do not imply any licenses other than those expressly granted in
+these terms.
+
+## Termination
+
+If you use the software in violation of these terms, such use is not licensed,
+and your licenses will automatically terminate. If the licensor provides you
+with a notice of your violation, and you cease all violation of this license no
+later than 30 days after you receive that notice, your licenses will be
+reinstated retroactively. However, if you violate these terms after such
+reinstatement, any additional violation of these terms will cause your licenses
+to terminate automatically and permanently.
+
+## No Liability
+
+*As far as the law allows, the software comes as is, without any warranty or
+condition, and the licensor will not be liable to you for any damages arising
+out of these terms or the use or nature of the software, under any kind of
+legal claim.*
+
+## Definitions
+
+The **licensor** is the entity offering these terms, and the **software** is the
+software the licensor makes available under these terms, including any portion
+of it.
+
+**you** refers to the individual or entity agreeing to these terms.
+
+**your company** is any legal entity, sole proprietorship, or other kind of
+organization that you work for, plus all organizations that have control over,
+are under the control of, or are under common control with that
+organization. **control** means ownership of substantially all the assets of an
+entity, or the power to direct its management and policies by vote, contract, or
+otherwise. Control can be direct or indirect.
+
+**your licenses** are all the licenses granted to you for the software under
+these terms.
+
+**use** means anything you do with the software requiring one of your licenses.
+
+**trademark** means trademarks, service marks, and similar rights.

LICENSE

@@ -0,0 +1,101 @@
+# Pastebin Demo Application
+
+A simple Pastebin-like application built with FastAPI, React, TypeScript. This application is intentionally built with minimal security measures for educational purposes in security courses.
+
+## Features
+
+- Code snippet creation and editing
+- Support for multiple programming languages:
+  - TypeScript
+  - JavaScript
+  - Python
+  - Java
+  - C++
+- Syntax highlighting using CodeMirror
+- File upload functionality
+- Basic user authentication
+- Unique URLs for each saved snippet
+- SQLite database with SQLAlchemy ORM
+
+## ⚠️ Security Notice
+
+This application is deliberately built WITHOUT security measures for educational purposes. It contains various vulnerabilities including but not limited to:
+- SQL Injection possibilities
+- No input validation
+- Weak authentication
+- No CSRF protection
+- Potential XSS vulnerabilities
+
+DO NOT USE THIS IN PRODUCTION!
+
+## Prerequisites
+
+- Python 3.9 or higher
+- Node.js (v14 or higher)
+- npm (Node Package Manager)
+
+## Installation
+
+1. Clone the repository:
+```bash
+git clone [repository-url]
+cd python-pastebin
+```
+
+2. Install Python dependencies:
+```bash
+pip install -r requirements.txt
+```
+
+3. Install frontend dependencies:
+```bash
+cd frontend
+npm install
+cd ..
+```
+
+4. Start the backend and frontend development server:
+```bash
+python main.py
+```
+
+## Usage
+
+1. Access the application at `http://localhost:8000`
+
+2. Login with default credentials:
+   - Username: `admin`
+   - Password: `admin`
+
+3. Create new snippets:
+   - Enter a title
+   - Select a programming language
+   - Write or paste your code
+   - Click "Save" to generate a unique URL
+
+4. Upload files:
+   - Click the file upload button
+   - Select a text file
+   - The content will be automatically loaded into the editor
+
+5. Access saved snippets:
+   - Use the generated URL (format: `/snippet/:id`)
+   - Edit and save changes as needed
+
+## API Endpoints
+
+- `POST /api/auth/login` - User authentication
+- `POST /api/auth/register` - User registration
+- `POST /api/snippets` - Create/update snippets
+- `GET /api/snippets/:id` - Retrieve a specific snippet
+
+## Development
+
+Both backend and frontend run on port 8000:
+```bash
+python main.py
+```
+
+## Contributing
+
+This is a demo application for educational purposes. If you find any bugs or want to suggest improvements, please open an issue or submit a pull request.

README.md

@@ -0,0 +1,11 @@
+API_BASE_URL = ''  # Empty string for same-origin requests
+JWT_SECRET_KEY = 'jwt-secret-key'
+
+class APIEndpoints:
+    LOGIN = '/api/auth/login'
+    REGISTER = '/api/auth/register'
+    SNIPPETS = '/api/snippets'
+    
+    @staticmethod
+    def SNIPPET(id: str):
+        return f'/api/snippets/{id}'

backend/config.py

@@ -0,0 +1,22 @@
+from sqlalchemy.ext.asyncio import create_async_engine, AsyncSession
+from sqlalchemy.orm import sessionmaker, declarative_base
+
+DATABASE_URL = "sqlite+aiosqlite:///./database.sqlite"
+
+engine = create_async_engine(DATABASE_URL)
+async_session = sessionmaker(engine, class_=AsyncSession)
+Base = declarative_base()
+
+def get_engine():
+    return engine
+
+async def get_db():
+    async with async_session() as session:
+        try:
+            yield session
+        finally:
+            await session.close()
+
+async def create_tables(engine):
+    async with engine.begin() as conn:
+        await conn.run_sync(Base.metadata.create_all)

backend/database.py

@@ -0,0 +1,60 @@
+from fastapi import FastAPI, Request
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.staticfiles import StaticFiles
+from fastapi.responses import FileResponse
+from .database import create_tables, get_engine
+from .models.user import User, Role
+from .database import async_session
+from .routes import auth, snippets, admin
+import bcrypt
+import os
+
+app = FastAPI()
+
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=["*"],
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+# Serve static files from the frontend/dist directory
+if os.path.exists("frontend/dist"):
+    app.mount("/assets", StaticFiles(directory="frontend/dist/assets"), name="assets")
+
+@app.on_event("startup")
+async def startup_event():
+    engine = get_engine()
+    await create_tables(engine)
+    
+    # Create default admin user
+    async with async_session() as session:
+        from sqlalchemy import select
+        result = await session.execute(select(User).where(User.username == 'admin'))
+        existing_admin = result.scalar_one_or_none()
+        
+        if not existing_admin:
+            hashed_password = bcrypt.hashpw(b'admin', bcrypt.gensalt()).decode('utf-8')
+            admin = User(username='admin', password=hashed_password, role=Role.ADMIN)
+            session.add(admin)
+            await session.commit()
+
+# Include routers
+app.include_router(auth.router, prefix="/api/auth")
+app.include_router(snippets.router, prefix="/api/snippets")
+app.include_router(admin.router, prefix="/api/admin")
+
+# Catch-all route to serve React app
+@app.get("/{full_path:path}")
+async def serve_react_app(full_path: str):
+    if full_path.startswith("api/"):
+        from fastapi import HTTPException
+        raise HTTPException(status_code=404)
+    
+    # Serve index.html for client-side routing
+    if os.path.exists("frontend/dist/index.html"):
+        return FileResponse("frontend/dist/index.html")
+    else:
+        from fastapi import HTTPException
+        raise HTTPException(status_code=404)

backend/main.py

@@ -0,0 +1,4 @@
+from .user import User
+from .snippet import Snippet
+
+__all__ = ['User', 'Snippet']

backend/models/__init__.py

@@ -0,0 +1,15 @@
+from sqlalchemy import Column, String, Text, Integer, ForeignKey
+from sqlalchemy.orm import relationship
+import uuid
+from ..database import Base
+
+class Snippet(Base):
+    __tablename__ = 'snippets'
+    
+    id = Column(String, primary_key=True, default=lambda: str(uuid.uuid4()))
+    title = Column(String, nullable=False)
+    content = Column(Text, nullable=False)
+    language = Column(String, default='typescript')
+    userId = Column(Integer, ForeignKey('users.id'), nullable=False)
+    
+    author = relationship("User", back_populates="snippets")

backend/models/snippet.py

@@ -0,0 +1,18 @@
+from sqlalchemy import Column, Integer, String, Enum
+from sqlalchemy.orm import relationship
+from enum import Enum as PyEnum
+from ..database import Base
+
+class Role(PyEnum):
+    USER = "user"
+    ADMIN = "admin"
+
+class User(Base):
+    __tablename__ = 'users'
+    
+    id = Column(Integer, primary_key=True, autoincrement=True)
+    username = Column(String, unique=True, nullable=False)
+    password = Column(String, nullable=False)
+    role = Column(Enum(Role), default=Role.USER)
+    
+    snippets = relationship("Snippet", back_populates="author")