You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
Mia Herkt afb5811879
README: Warn users about URL fetch network security implications
1 month ago
migrations Add NSFW detection 5 years ago
nsfw_model Add NSFW detection 5 years ago
templates Use template responses 1 year ago
tests Add tests 1 year ago
.gitignore Support instance config 1 year ago
.mailmap Add mailmap 1 year ago
LICENSE Change license to EUPL 2 years ago
README.rst README: Warn users about URL fetch network security implications 1 month ago
cleanup.py Fix some flake8 errors in cleanup and nsfw_detect 1 year ago
fhost.py Fix non-seekable file handles 2 months ago
nsfw_detect.py Fix some flake8 errors in cleanup and nsfw_detect 1 year ago
pyproject.toml Add tests 1 year ago
requirements.txt remove short_url and add in-tree URLencoder (#53) 10 months ago

README.rst

The Null Pointer
================

This is a no-bullshit file hosting and URL shortening service that also runs
`0x0.st <https://0x0.st>`_. Use with uWSGI.

Configuration
-------------

To change settings, modify ``instance/config.py``. For more information on
instance configuration, see `the Flask documentation <https://flask.palletsprojects.com/en/2.0.x/config/#instance-folders>`_.

To customize the home and error pages, simply create a ``templates`` directory
in your instance directory and copy any templates you want to modify there.

If you are running nginx, you should use the ``X-Accel-Redirect`` header.
To make it work, include this in your nginx config’s ``server`` block::

location /up {
internal;
}

where ``/up`` is whatever you’ve configured as ``FHOST_STORAGE_PATH``.

For all other servers, set ``FHOST_USE_X_ACCEL_REDIRECT`` to ``False`` and
``USE_X_SENDFILE`` to ``True``, assuming your server supports this.
Otherwise, Flask will serve the file with chunked encoding, which sucks and
should be avoided at all costs.

To make files expire, simply create a cronjob that runs ``cleanup.py`` every
now and then.

Before running the service for the first time, run ``FLASK_APP=fhost flask db upgrade``.


NSFW Detection
--------------

0x0 supports classification of NSFW content via Yahoo’s open_nsfw Caffe
neural network model. This works for images and video files and requires
the following:

* Caffe Python module (built for Python 3)
* ``ffmpegthumbnailer`` executable in ``$PATH``


Network Security Considerations
-------------------------------

Keep in mind that 0x0 can fetch files from URLs. This includes your local
network! You should take precautions so that this feature cannot be abused.
0x0 does not (yet) have a way to filter remote URLs, but on Linux, you can
use firewall rules and/or namespaces. This is less error-prone anyway.

For instance, if you are using the excellent `FireHOL <https://firehol.org/>`_,
it’s very easy to create a group on your system and use it as a condition
in your firewall rules. You would then run the application server under that
group.