Malin/paste.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: rebrand Hemmelig to paste.es for cloudhost.es

Browse Source 
- Set Spanish as default language with ephemeral/encrypted privacy focus
- Translate all user-facing strings and legal pages to Spanish
- Replace Norwegian flag with Spanish flag in footer
- Remove Hemmelig/terces.cloud links, add cloudhost.es sponsorship
- Rewrite PrivacyPage: zero data collection, ephemeral design emphasis
- Rewrite TermsPage: Spanish law, RGPD, paste.es/CloudHost.es references
- Update PWA manifest, HTML meta tags, package.json branding
- Rename webhook headers to X-Paste-Event / X-Paste-Signature
- Update API docs title and contact to paste.es / cloudhost.es

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Malin
2026-02-24 09:30:19 +01:00
commit bc9f96cbd4
268 changed files with 45773 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

186
docs/env.md Normal file
View File

@@ -0,0 +1,186 @@
# Environment Variables
Complete reference for all environment variables supported by Hemmelig.
## Required Variables
| Variable | Description | Default |
| -------------------- | -------------------------------------------------------- | ------------------------- |
| `DATABASE_URL` | SQLite connection string | `file:./data/hemmelig.db` |
| `BETTER_AUTH_SECRET` | Secret key for authentication sessions | - |
| `BETTER_AUTH_URL` | Public URL of your instance (for proper cookie handling) | - |
## Server Configuration
| Variable | Description | Default |
| ------------------------- | ------------------------------------------------ | ------------- |
| `NODE_ENV` | Environment mode (`production` or `development`) | `development` |
| `HEMMELIG_PORT` | Port the server listens on | `3000` |
| `HEMMELIG_BASE_URL` | Public URL of your instance (required for OAuth) | - |
| `HEMMELIG_TRUSTED_ORIGIN` | Additional trusted origin for CORS | - |
## General Settings
| Variable | Description | Default |
| ------------------------------- | --------------------------------------------- | ------- |
| `HEMMELIG_INSTANCE_NAME` | Custom name for your instance | - |
| `HEMMELIG_INSTANCE_DESCRIPTION` | Custom description for your instance | - |
| `HEMMELIG_ALLOW_REGISTRATION` | Allow new user registrations (`true`/`false`) | `true` |
## Security Settings
| Variable | Description | Default |
| ---------------------------------------- | ------------------------------------------------------------- | ------- |
| `HEMMELIG_ALLOW_PASSWORD_PROTECTION` | Allow password-protected secrets | `true` |
| `HEMMELIG_ALLOW_IP_RESTRICTION` | Allow IP range restrictions on secrets | `true` |
| `HEMMELIG_ALLOW_FILE_UPLOADS` | Allow users to attach files to secrets | `true` |
| `HEMMELIG_DISABLE_EMAIL_PASSWORD_SIGNUP` | Disable email/password registration (social login only) | `false` |
| `HEMMELIG_MAX_ENCRYPTED_PAYLOAD_SIZE` | Hard ceiling for encrypted payloads in KB (parsed at startup) | `1024` |
## Analytics
| Variable | Description | Default |
| -------------------------------- | --------------------------------------- | -------------- |
| `HEMMELIG_ANALYTICS_ENABLED` | Enable privacy-focused analytics | `true` |
| `HEMMELIG_ANALYTICS_HMAC_SECRET` | HMAC secret for anonymizing visitor IDs | auto-generated |
## Social Login Providers
See [Social Login Documentation](./social-login.md) for detailed setup instructions.
### GitHub
| Variable | Description |
| ----------------------------- | ------------------------------ |
| `HEMMELIG_AUTH_GITHUB_ID` | GitHub OAuth App Client ID |
| `HEMMELIG_AUTH_GITHUB_SECRET` | GitHub OAuth App Client Secret |
### Google
| Variable | Description |
| ----------------------------- | -------------------------- |
| `HEMMELIG_AUTH_GOOGLE_ID` | Google OAuth Client ID |
| `HEMMELIG_AUTH_GOOGLE_SECRET` | Google OAuth Client Secret |
### Microsoft (Azure AD)
| Variable | Description |
| ----------------------------------- | --------------------------------------------------- |
| `HEMMELIG_AUTH_MICROSOFT_ID` | Microsoft Application (client) ID |
| `HEMMELIG_AUTH_MICROSOFT_SECRET` | Microsoft Client Secret |
| `HEMMELIG_AUTH_MICROSOFT_TENANT_ID` | Azure AD Tenant ID (optional, defaults to "common") |
### Discord
| Variable | Description |
| ------------------------------ | --------------------------------- |
| `HEMMELIG_AUTH_DISCORD_ID` | Discord Application Client ID |
| `HEMMELIG_AUTH_DISCORD_SECRET` | Discord Application Client Secret |
### GitLab
| Variable | Description |
| ----------------------------- | ------------------------- |
| `HEMMELIG_AUTH_GITLAB_ID` | GitLab Application ID |
| `HEMMELIG_AUTH_GITLAB_SECRET` | GitLab Application Secret |
### Apple
| Variable | Description |
| ---------------------------- | ------------------- |
| `HEMMELIG_AUTH_APPLE_ID` | Apple Services ID |
| `HEMMELIG_AUTH_APPLE_SECRET` | Apple Client Secret |
### Twitter/X
| Variable | Description |
| ------------------------------ | ------------------------------- |
| `HEMMELIG_AUTH_TWITTER_ID` | Twitter OAuth 2.0 Client ID |
| `HEMMELIG_AUTH_TWITTER_SECRET` | Twitter OAuth 2.0 Client Secret |
### Generic OAuth
Hemmelig supports any OAuth 2.0 / OpenID Connect provider through generic OAuth configuration.
| Variable | Description |
| ----------------------------- | ------------------------------------------------------------------------------------------------------------ |
| `HEMMELIG_AUTH_GENERIC_OAUTH` | JSON array of generic OAuth provider configurations. See [Social Login docs](./social-login.md) for details. |
**Example**:
```bash
HEMMELIG_AUTH_GENERIC_OAUTH='[{"providerId":"authentik","discoveryUrl":"https://auth.example.com/.well-known/openid-configuration","clientId":"client-id","clientSecret":"secret","scopes":["openid","profile","email"]}]'
```
Supported generic providers include: Authentik, Authelia, Keycloak, Zitadel, Ory Hydra, and any OAuth 2.0 / OIDC-compatible identity provider.
## Example Configuration
### Minimal Setup
```bash
# Required
DATABASE_URL=file:./data/hemmelig.db
BETTER_AUTH_SECRET=your-secret-key-min-32-chars-long
BETTER_AUTH_URL=https://secrets.example.com
```
### Production Setup
```bash
# Required
DATABASE_URL=file:./data/hemmelig.db
BETTER_AUTH_SECRET=your-very-secure-secret-key-here
BETTER_AUTH_URL=https://secrets.example.com
# Server
NODE_ENV=production
HEMMELIG_PORT=3000
HEMMELIG_TRUSTED_ORIGIN=https://secrets.example.com
# Instance
HEMMELIG_INSTANCE_NAME=Company Secrets
HEMMELIG_INSTANCE_DESCRIPTION=Secure secret sharing for our team
# Security
HEMMELIG_ENABLE_RATE_LIMITING=true
# Analytics
HEMMELIG_ANALYTICS_ENABLED=true
HEMMELIG_ANALYTICS_HMAC_SECRET=your-analytics-hmac-secret
# Social Login (optional)
HEMMELIG_AUTH_GITHUB_ID=your-github-client-id
HEMMELIG_AUTH_GITHUB_SECRET=your-github-client-secret
```
### Docker Compose Example
```yaml
version: '3.8'
services:
hemmelig:
image: hemmelig/hemmelig:latest
ports:
- '3000:3000'
environment:
- DATABASE_URL=file:/data/hemmelig.db
- BETTER_AUTH_SECRET=change-this-to-a-secure-secret
- BETTER_AUTH_URL=https://secrets.example.com
- NODE_ENV=production
- HEMMELIG_PORT=3000
- HEMMELIG_ANALYTICS_ENABLED=true
volumes:
- hemmelig_data:/data
volumes:
hemmelig_data:
```
## Notes
- Boolean values accept `true` or `false` (case-insensitive)
- All `HEMMELIG_AUTH_*` variables require both `_ID` and `_SECRET` to enable a provider
- `BETTER_AUTH_URL` is required when using social login providers
- Generate secure secrets using: `openssl rand -base64 32`