-
Notifications
You must be signed in to change notification settings - Fork 0
Home
I'm Stread. I love developing tiny, useful things. If it's functional and just a few hundred lines of code, I get goosebumps. That's what tinypaste is: a simple, no-nonsense pastebin.
The workflow is dead simple:
- Enter a title and content
- Choose a TTL (time-to-live)
- Click the button and share the link.
No database, no bloat. I'm just storing pastes as plain text files. To avoid file system exhaustion, they're categorized into 256 buckets using the first two characters of the paste's ID. The TTL is encoded in the filename for efficient cleanup, while the title and content are stored in the file itself, which makes it fast and simple. A background job cleans up expired files, but to keep it optimized, it only scans 16 buckets at a time and remembers where it left off.
It's secure by design. By using a simple file-based system instead of a database, the project's complexity is kept to a minimum. This design choice sidesteps the need to manage, configure, or secure a separate database service, which is where many vulnerabilities can hide. Its security comes from its simplicity. I also added basic checks for things like paste size (max 1MB) and ID format to prevent any shady business with file paths. The attack surface is tiny because the whole app is tiny.
Go and Dokku. I'm really happy with how this turned out in Go. To make deployment dead simple, I'm using Go's embed package to bake all the static files right into the executable. For deployment, I chose Dokku because you shouldn't need a whole VPS for something this small. The repo has an app.json so just push the repo, and Dokku handles the rest.
Built-in Rate Limiting. The project includes a custom nginx.conf.sigil that Dokku automatically uses to configure Nginx with intelligent rate limiting. It's designed specifically for pastebin usage patterns:
-
Save endpoint (
/save): 2 requests per minute - heavily restricted to prevent spam -
Paste viewing (
/[id]): 30 requests per minute - moderate limits for legitimate viewing -
General browsing (
/): 60 requests per minute - lenient for homepage and static assets
The limits use nodelay for immediate enforcement and include small burst allowances. This prevents abuse while keeping the service responsive for normal users.
Post-Deploy Recommendations. After deploying, there are a couple of things I recommend for a stable and secure setup. First, since the app is so lightweight, you should limit its resources in Dokku to keep your server happy: dokku resource:limit tinypaste --memory 256m --memory-swap 256m --cpu 0.1. The built-in rate limiting handles abuse prevention automatically, but you can adjust the limits in nginx.conf.sigil if needed.