PythonistaGuild
diff --git a/‎echo/Cargo.lock‎
Lines changed: 106 additions & 3 deletions b/‎echo/Cargo.lock‎
Lines changed: 106 additions & 3 deletions
diff --git a/‎echo/Cargo.toml‎
Lines changed: 1 addition & 1 deletion b/‎echo/Cargo.toml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎echo/example.config.json‎
Lines changed: 3 additions & 2 deletions b/‎echo/example.config.json‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎echo/src/config.rs‎
Lines changed: 4 additions & 0 deletions b/‎echo/src/config.rs‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎echo/src/database/pastes.rs‎
Lines changed: 13 additions & 4 deletions b/‎echo/src/database/pastes.rs‎
Lines changed: 13 additions & 4 deletions
diff --git a/‎echo/src/main.rs‎
Lines changed: 0 additions & 10 deletions b/‎echo/src/main.rs‎
Lines changed: 0 additions & 10 deletions
@@ -11,7 +11,7 @@ figment = { version = "0.10.19", features = ["json"] }
 once_cell = "1.20.2"
 rand = "0.8.5"
 regex = "1.11.1"
-reqwest = { version = "0.12.8", default-features = false, features = ["json", "native-tls-alpn", "native-tls-vendored"] }
+reqwest = { version = "0.12.8", features = ["json", "native-tls-alpn", "native-tls-vendored"] }
 rocket = { version = "0.5.1", features = ["json"] }
 rocket-validation = "0.2.0"
 rocket_db_pools = { version = "0.2.0", features = ["sqlx_postgres"] }
 
@@ -1,7 +1,8 @@
 {
   "allowed_hosts": ["http://localhost:1234", "https://mystb.in"],
+  "github_token": "github_pat_KOBfYbSdPtOGcvSMdkoUye_IWEadGCSJxVffBVHZZRSCXBqvhKzKTaddmyBaZcHxWLdJQIOhJbpsbiEWx",
   "extra_scanners": [
-    { "name": "PyPi", "pattern": "pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{70,}" },
-    { "name": "GitHub", "pattern": "((ghp|gho|ghu|ghs|ghr)_[A-Za-z0-9_]{36})" }
+    { "name": "PyPi", "pattern": "pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{70,}", "invalidate": true },
+    { "name": "GitHub", "pattern": "((ghp|gho|ghu|ghs|ghr)_[A-Za-z0-9_]{36})", "invalidate": true }
   ]
 }
@@ -6,10 +6,14 @@ use serde::{Deserialize, Serialize};
 pub struct ScannerConfig {
     pub name: Arc<String>,
     pub pattern: String,
+    pub invalidate: bool,
 }
 
 #[derive(Debug, Deserialize, Serialize)]
 pub struct Config {
+    // CORS
     pub allowed_hosts: Vec<String>,
+    // Secret Scanning
+    pub github_token: String,
     pub extra_scanners: Vec<ScannerConfig>,
 }
@@ -121,8 +121,10 @@ impl Paste {
             }
         };
 
+        let invalidate_secrets = data.password().is_none();
+
         for file in data.files() {
-            let file = File::create(&mut tx, paste.id(), file).await?;
+            let file = File::create(&mut tx, paste.id(), file, invalidate_secrets).await?;
             paste.add_file(file);
         }
 
@@ -178,6 +180,7 @@ impl File {
         tx: &mut Transaction<'_, Postgres>,
         paste_id: &str,
         file: &'r CreateFile<'r>,
+        invalidate_secrets: bool,
     ) -> Result<Self> {
         let result = sqlx::query(
             "
@@ -196,7 +199,8 @@ impl File {
         match result {
             Ok(row) => {
                 let id: i64 = row.get("id");
-                let annotations = Annotation::create(tx, id, file.content()).await?;
+                let annotations =
+                    Annotation::create(tx, id, file.content(), invalidate_secrets).await?;
 
                 return Ok(File::from_row(row, annotations));
             }
@@ -240,12 +244,17 @@ impl Annotation {
         tx: &mut Transaction<'_, Postgres>,
         file_id: i64,
         content: &str,
+        invalidate_secrets: bool,
     ) -> Result<Vec<Self>> {
-        let scans = scan_file(content);
+        let scans = scan_file(content, invalidate_secrets).await;
         let mut annotations = Vec::with_capacity(scans.len());
 
         for scan in scans {
-            let content = format!("Contains potentially sensitive data from {}.", scan.service);
+            let mut content = format!("Mystb.in found a secret for {}.", scan.service);
+
+            if invalidate_secrets {
+                content += " This secret has been invalidated.";
+            }
 
             let result = sqlx::query(
                 "
 
@@ -33,20 +33,10 @@ fn rocket() -> _ {
         security::delete_security,
     ];
 
-    let version = env!("CARGO_PKG_VERSION");
-    let user_agent = format!("Echo/{} (+https://mystb.in)", version);
-
-    let client = reqwest::Client::builder()
-        .https_only(true)
-        .user_agent(user_agent)
-        .build()
-        .unwrap();
-
     let path = env::var("ECHO_CONFIG").expect("ECHO_CONFIG not set");
     let provider = rocket::Config::figment().merge(Json::file(path));
 
     rocket::custom(provider)
-        .manage(client)
         .mount("/", routes)
         .attach(AdHoc::config::<Config>())
         .attach(PgDatabase::init())
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,8 @@`
`1`	`1`	`{`
`2`	`2`	`"allowed_hosts": ["http://localhost:1234", "https://mystb.in"],`
	`3`	`+ "github_token": "github_pat_KOBfYbSdPtOGcvSMdkoUye_IWEadGCSJxVffBVHZZRSCXBqvhKzKTaddmyBaZcHxWLdJQIOhJbpsbiEWx",`
`3`	`4`	`"extra_scanners": [`
`4`		`- { "name": "PyPi", "pattern": "pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{70,}" },`
`5`		`- { "name": "GitHub", "pattern": "((ghp\|gho\|ghu\|ghs\|ghr)_[A-Za-z0-9_]{36})" }`
	`5`	`+ { "name": "PyPi", "pattern": "pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{70,}", "invalidate": true },`
	`6`	`+ { "name": "GitHub", "pattern": "((ghp\|gho\|ghu\|ghs\|ghr)_[A-Za-z0-9_]{36})", "invalidate": true }`
`6`	`7`	`]`
`7`	`8`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,10 +6,14 @@ use serde::{Deserialize, Serialize};`
`6`	`6`	`pub struct ScannerConfig {`
`7`	`7`	`pub name: Arc<String>,`
`8`	`8`	`pub pattern: String,`
	`9`	`+ pub invalidate: bool,`
`9`	`10`	`}`
`10`	`11`
`11`	`12`	`#[derive(Debug, Deserialize, Serialize)]`
`12`	`13`	`pub struct Config {`
	`14`	`+ // CORS`
`13`	`15`	`pub allowed_hosts: Vec<String>,`
	`16`	`+ // Secret Scanning`
	`17`	`+ pub github_token: String,`
`14`	`18`	`pub extra_scanners: Vec<ScannerConfig>,`
`15`	`19`	`}`