feat: enhance paste editing with token authentication and partial updates

Author: Pdzly

backend/app/api/dto/paste_dto.py

@@ -7,6 +7,13 @@
 from app.config import config
 
 
+class _Unset(BaseModel):
+    pass
+
+
+UNSET = _Unset()
+
+
 class PasteContentLanguage(str, Enum):
     plain_text = "plain_text"
 
@@ -48,26 +55,32 @@ def validate_expires_at(cls, v):
 
 
 class EditPaste(BaseModel):
-    title: str = Field(
+    title: str | None = Field(
+        None,
         min_length=1,
         max_length=255,
         description="The title of the paste",
     )
-    content: str = Field(
+    content: str | None = Field(
+        None,
         min_length=1,
         max_length=config.MAX_CONTENT_LENGTH,
         description="The content of the paste",
     )
-    content_language: PasteContentLanguage = Field(
+    content_language: PasteContentLanguage | None = Field(
+        None,
         description="The language of the content",
         examples=[PasteContentLanguage.plain_text],
     )
-    expires_at: datetime | None = Field()
-
-    edit_token: str = Field(
-        description="The token to edit the paste",
+    expires_at: datetime | None | _Unset = Field(
+        default=UNSET,
+        description="The expiration datetime. Explicitly set to null to remove expiration.",
     )
 
+    def is_expires_at_set(self) -> bool:
+        """Check if expires_at was explicitly provided (including None)."""
+        return not isinstance(self.expires_at, _Unset)
+
 
 class PasteResponse(BaseModel):
     id: UUID4 = Field(

backend/app/api/subroutes/pastes.py

@@ -3,6 +3,8 @@
 from aiocache.serializers import PickleSerializer
 from dependency_injector.wiring import Provide, inject
 from fastapi import APIRouter, Depends, Header, HTTPException
+from fastapi.params import Security
+from fastapi.security import APIKeyHeader
 from pydantic import UUID4
 from starlette.requests import Request
 from starlette.responses import Response
@@ -27,6 +29,9 @@
     max_size=config.CACHE_SIZE_LIMIT,
 )
 
+edit_token_key_header = APIKeyHeader(name="Authorization", scheme_name="Edit Token")
+delete_token_key_header = APIKeyHeader(name="Authorization", scheme_name="Delete Token")
+
 
 def get_exempt_key(request: Request) -> str:
     auth_header = request.headers.get("Authorization")
@@ -149,9 +154,10 @@ async def edit_paste(
     request: Request,
     paste_id: UUID4,
     edit_paste_body: EditPaste,
+    edit_token: str = Security(edit_token_key_header),
     paste_service: PasteService = Depends(Provide[Container.paste_service]),
 ):
-    result = await paste_service.edit_paste(paste_id, edit_paste_body)
+    result = await paste_service.edit_paste(paste_id, edit_paste_body, edit_token)
     if not result:
         raise HTTPException(
             status_code=404,
@@ -169,7 +175,7 @@ async def edit_paste(
 async def delete_paste(
     request: Request,
     paste_id: UUID4,
-    delete_token: str = Header(...),
+    delete_token: str = Security(delete_token_key_header),
     paste_service: PasteService = Depends(Provide[Container.paste_service]),
 ):
     result = await paste_service.delete_paste(paste_id, delete_token)

backend/app/services/cleanup_service.py

@@ -27,16 +27,16 @@ def __init__(
     def start_cleanup_worker(self):
         """Start the background cleanup worker"""
         self.logger.info("Starting cleanup worker")
-        if self._cleanup_task is not None or self._lock_file.exists():
+        if self._cleanup_task is not None:
             return  # Already running
-        _ = self._acquire_lock()
+
         self._cleanup_task = asyncio.create_task(self._cleanup_loop())
         self.logger.info("Background cleanup worker started")
 
     async def stop_cleanup_worker(self):
         """Stop the background cleanup worker"""
         if self._cleanup_task is not None:
-            _ = self._cleanup_task.cancel()
+            self._cleanup_task.cancel()
             try:
                 await self._cleanup_task
             except asyncio.CancelledError:
@@ -46,7 +46,11 @@ async def stop_cleanup_worker(self):
             self.logger.info("Background cleanup worker stopped")
 
     async def _cleanup_loop(self):
-        """Main cleanup loop that runs every 10 minutes"""
+        """Main cleanup loop that runs every 5 minutes"""
+        # Wait for 5 minutes and retry
+        while not self._acquire_lock():
+            await asyncio.sleep(300)
+
         while True:
             self._touch_lock()
             try:
@@ -58,7 +62,7 @@ async def _cleanup_loop(self):
                     await self._cleanup_deleted_pastes()
 
                 # Wait 5 minutes before next run
-                await asyncio.sleep(300)
+                await asyncio.sleep(600)
             except Exception as exc:
                 self.logger.error("Error in cleanup loop: %s", exc)
                 await asyncio.sleep(60)  # Retry after 1 minute on error

backend/app/services/paste_service.py

@@ -150,14 +150,14 @@ async def get_paste_by_id(self, paste_id: UUID4) -> PasteResponse | None:
             )
 
     async def edit_paste(
-        self, paste_id: UUID4, edit_paste: EditPaste
+        self, paste_id: UUID4, edit_paste: EditPaste, edit_token: str
     ) -> PasteResponse | None:
         async with self.session_maker() as session:
             stmt = (
                 select(PasteEntity)
                 .where(
                     PasteEntity.id == paste_id,
-                    PasteEntity.edit_token == edit_paste.edit_token,
+                    PasteEntity.edit_token == edit_token,
                     or_(
                         PasteEntity.expires_at > datetime.now(tz=timezone.utc),
                         PasteEntity.expires_at.is_(None),
@@ -170,27 +170,41 @@ async def edit_paste(
             ).scalar_one_or_none()
             if result is None:
                 return None
-            content = edit_paste.content
 
-            # Update content file
-            new_content_path = await self._save_content(
-                str(paste_id),
-                content,
-            )
-            if not new_content_path:
-                return None
+            # Update only the fields that are provided (not None)
+            if (
+                edit_paste.title is not None
+            ):  # Using ellipsis as sentinel for "not provided"
+                result.title = edit_paste.title
+            if edit_paste.content_language is not None:
+                result.content_language = edit_paste.content_language.value
+            if edit_paste.is_expires_at_set():
+                result.expires_at = edit_paste.expires_at
+
+            # Handle content update separately
+            if edit_paste.content is not None:
+                new_content_path = await self._save_content(
+                    str(paste_id), edit_paste.content
+                )
+                if not new_content_path:
+                    return None
+                result.content_path = new_content_path
+                result.content_size = len(edit_paste.content)
 
-            # Update database entity
-            result.title = edit_paste.title
-            result.content_language = edit_paste.content_language.value
-            result.expires_at = edit_paste.expires_at
-            result.content_path = new_content_path
-            result.content_size = len(content)
             result.last_updated_at = datetime.now(tz=timezone.utc)
 
             await session.commit()
             await session.refresh(result)
 
+            # Re-read content if updated
+            content = (
+                edit_paste.content
+                if edit_paste.content is not None
+                else await self._read_content(
+                    path.join(self.paste_base_folder_path, result.content_path)
+                )
+            )
+
             return PasteResponse(
                 id=result.id,
                 title=result.title,