diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..df663e1 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,20 @@ +# Git and IDE files +.git +.gitignore +.idea +*.iml + +# Docker files +Dockerfile + +# GitHub Actions workflow +.github + +# Node.js modules (these will be installed inside the container) +node_modules + +# Logs +npm-debug.log + +# Documentation +README.md \ No newline at end of file diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 0000000..83b2dbc --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,40 @@ +name: Publish Docker Image to GitHub Packages + +# Run this workflow on every push to the main branch +on: + push: + branches: [ main ] + +jobs: + build-and-publish: + runs-on: ubuntu-latest + + # Grant permissions for the GITHUB_TOKEN to push to the GitHub Container Registry + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Log in to the GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository }} + + - name: Build and push Docker image + uses: docker/build-push-action@v5 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }}``` diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..e10dcdd --- /dev/null +++ b/Dockerfile @@ -0,0 +1,48 @@ +# --- Base Stage --- +# Use a lightweight and secure Node.js base image +FROM node:20-alpine AS base + +# Set the working directory in the container +WORKDIR /usr/src/app + +# Copy package files and install dependencies +# This leverages Docker's layer caching +COPY package*.json ./ +RUN npm install --only=production + + +# --- Build Stage --- +# This stage builds the static assets +FROM base AS build + +# Install all dependencies (including devDependencies) to run the build script +COPY package*.json ./ +RUN npm install + +# Copy the rest of the application source code +COPY . . + +# Run the build script to minify CSS and JS +RUN npm run build + + +# --- Production Stage --- +# This is the final, lean image that will be run +FROM base AS production + +# Set a non-root user for security +RUN addgroup -S appgroup && adduser -S appuser -G appgroup +USER appuser + +# Copy only the necessary files from the previous stages +COPY --from=build /usr/src/app/node_modules ./node_modules +COPY --from=build /usr/src/app/static ./static +COPY --from=build /usr/src/app/lib ./lib +COPY --from=build /usr/src/app/server.js . +COPY --from=build /usr/src/app/config.json . + +# Expose the port the app runs on +EXPOSE 8080 + +# The command to start the application +CMD [ "node", "server.js" ] \ No newline at end of file diff --git a/README.md b/README.md index 362f6f5..2e611cb 100644 --- a/README.md +++ b/README.md @@ -1,43 +1,129 @@ +// README.md # unknownBIN -unknownBIN is a secure and modern open-source Pastebin software written in node.js. -It is a fork of the original Hastebin and Hastebin Plus, modernized for security and performance. -## Features -* Paste code, logs and ... almost everything! -* Syntax-Highlighting -* Add static documents -* Duplicate & edit pastes -* Raw paste-view -* Secure, unpredictable paste IDs -* Modernized backend with security enhancements +unknownBIN is a secure and modern open-source Pastebin software written in Node.js. It is a fork of the original Hastebin, completely modernized for security, performance, and easy deployment via Docker. -## Installation -1. Install Git and node.js (a recent LTS version is recommended). -2. Clone this repository: `git clone https://github.com/MrUnknownDE/unknownbin.git unknownbin` -3. Change into the directory: `cd unknownbin` -4. Install dependencies: `npm install` -5. Build static assets: `npm run build` -6. Open `config.json` and change the settings (if you want to). -7. Start the application: `npm start` +![unknownBIN Screenshot](https://raw.githubusercontent.com/MrUnknownDE/unknownbin/main/screenshot.png) -## Update -1. Pull changes from the repository: `git pull` -2. Install new dependencies: `npm install` -3. Re-build static assets: `npm run build` -4. Restart the application. +## ✨ Features -## Settings -| Key | Description | Default value | -| ---------------------- | ----------------------------------------------- | ------------- | -| `host` | The host the server runs on | `0.0.0.0` | -| `port` | The port the server runs on | `8080` | -| `dataPath` | The directory where all pastes are stored | `./data` | -| `keyLength` | The length of the pastes' key | `10` | -| `maxLength` | Maximum chars in a paste | `500000` | -| `createKey` | Needs to be in front of paste to allow creation | `""` | -| `documents` | Static documents to serve | See below | +* **Modern & Clean Interface:** A simple, classic design that focuses on the content. +* **Syntax Highlighting:** Automatic language detection and highlighting for dozens of languages. +* **Security First:** + * Uses cryptographically-strong random generation for secure, unpredictable paste IDs. + * Includes security headers via Helmet to protect against common web vulnerabilities. + * Protects against path traversal attacks. +* **Docker-Ready:** Deploy in seconds using the pre-built Docker image from GitHub Packages. +* **Automated CI/CD:** Docker images are automatically built and published with GitHub Actions. +* **Core Functionality:** + * View raw paste content. + * Duplicate and edit existing pastes easily. + * Lightweight and fast. -### Default Config +--- + +## 🚀 Deployment (Recommended) + +The easiest and recommended way to deploy unknownBIN is by using the pre-built Docker image from the GitHub Container Registry (GHCR). + +### Prerequisites + +* [Docker](https://docs.docker.com/get-docker/) installed on your system. + +### Running the Container + +1. **Pull the latest image:** + ```bash + docker pull ghcr.io/mrunknownde/unknownbin:main + ``` + +2. **Run the container:** + To ensure your pastes are saved even if the container is removed or updated, you must mount a volume for the data directory. + + ```yml + services: + mrunknownde: + image: 'ghcr.io/mrunknownde/unknownbin:main' + container_name: my-unknownbin + volumes: + - '/path/to/your/data:/usr/src/app/data' + ports: + - '8080:8080' + ``` + + ```bash + docker run -d \ + -p 8080:8080 \ + -v /path/to/your/data:/usr/src/app/data \ + --name my-unknownbin \ + ghcr.io/mrunknownde/unknownbin:main + ``` + + **Explanation:** + * `-d`: Runs the container in the background (detached mode). + * `-p 8080:8080`: Maps port 8080 on your host to port 8080 in the container. You can change the first number (e.g., `-p 3000:8080`) to use a different host port. + * `-v /path/to/your/data:/usr/src/app/data`: **(Important!)** Mounts a directory from your host machine into the container to persist paste data. **Replace `/path/to/your/data`** with an actual path on your server (e.g., `/opt/unknownbin/data`). + * `--name my-unknownbin`: Gives the container a memorable name. + +Your unknownBIN instance is now running and accessible at `http://localhost:8080`. + +--- + +## 🛠️ Manual Installation + +If you prefer not to use Docker, you can install and run the application directly with Node.js. + +### Prerequisites + +* [Node.js](https://nodejs.org/) (LTS version recommended) +* [Git](https://git-scm.com/) + +### Steps + +1. **Clone the repository:** + ```bash + git clone https://github.com/MrUnknownDE/unknownbin.git + cd unknownbin + ``` + +2. **Install dependencies:** + ```bash + npm install + ``` + +3. **Build static assets:** + This step minifies the CSS and JavaScript files. + ```bash + npm run build + ``` + +4. **Configure the application:** + Open `config.json` in a text editor and adjust the settings to your needs. + +5. **Start the application:** + ```bash + npm start + ``` + +The application will be available at `http://localhost:8080` (or as configured in `config.json`). + +--- + +## ⚙️ Configuration + +Configuration is managed via the `config.json` file in the root directory. + +| Key | Description | Default Value | +| ----------- | ------------------------------------------------- | --------------- | +| `host` | The host address the server binds to. | `"0.0.0.0"` | +| `port` | The port the server listens on. | `8080` | +| `dataPath` | The directory where paste files are stored. | `"./data"` | +| `keyLength` | The length of the randomly generated paste keys. | `10` | +| `maxLength` | The maximum number of characters allowed in a paste. | `500000` | +| `createKey` | A secret key that must be prepended to a paste to allow its creation. | `""` (disabled) | +| `documents` | A map of static documents to serve from files. | `{}` | + +### Example `config.json` ```json { "host": "0.0.0.0", @@ -49,4 +135,24 @@ It is a fork of the original Hastebin and Hastebin Plus, modernized for security "documents": { "about": "./README.md" } -} \ No newline at end of file +} +``` + +### 🔄 Updating +**Docker Installation** +1. Pull the latest image: +`docker pull ghcr.io/mrunknownde/unknownbin:main` +2. Stop and remove the old container: +`docker stop my-unknownbin` +`docker rm my-unknownbin` +3. Start a new container with the same docker run command you used initially (including the volume mount). Your data will be preserved. +Manual Installation + +**Pull the latest changes:** +`git pull` +Install/update dependencies and rebuild assets: +``` +npm install +npm run build +``` +Restart the application (e.g., using npm start or your process manager). \ No newline at end of file