feat: rebrand Hemmelig to paste.es for cloudhost.es

- Set Spanish as default language with ephemeral/encrypted privacy focus - Translate all user-facing strings and legal pages to Spanish - Replace Norwegian flag with Spanish flag in footer - Remove Hemmelig/terces.cloud links, add cloudhost.es sponsorship - Rewrite PrivacyPage: zero data collection, ephemeral design emphasis - Rewrite TermsPage: Spanish law, RGPD, paste.es/CloudHost.es references - Update PWA manifest, HTML meta tags, package.json branding - Rename webhook headers to X-Paste-Event / X-Paste-Signature - Update API docs title and contact to paste.es / cloudhost.es Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-24 09:30:19 +01:00
commit bc9f96cbd4
268 changed files with 45773 additions and 0 deletions
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@@ -0,0 +1,237 @@
+datasource db {
+    provider = "sqlite"
+}
+
+generator client {
+    provider = "prisma-client"
+    output   = "./generated/prisma"
+}
+
+model Secrets {
+    id            String         @id @default(uuid())
+    secret        Bytes
+    title         Bytes
+    views         Int?           @default(1)
+    password      String?
+    salt          String
+    isBurnable    Boolean?       @default(false) @map("is_burnable")
+    createdAt     DateTime       @default(now()) @map("created_at")
+    expiresAt     DateTime       @map("expires_at")
+    ipRange       String?        @default("") @map("ip_range")
+    userId        String?
+    user          User?          @relation(fields: [userId], references: [id])
+    files         File[]         @relation
+    secretRequest SecretRequest?
+
+    @@index([expiresAt])
+    @@index([userId])
+    @@map("secrets")
+}
+
+model File {
+    id        String    @id @default(uuid())
+    filename  String
+    path      String
+    createdAt DateTime  @default(now())
+    secrets   Secrets[] @relation
+
+    @@map("files")
+}
+
+model User {
+    id            String    @id
+    name          String
+    username      String    @unique
+    email         String
+    emailVerified Boolean
+    image         String?
+    createdAt     DateTime
+    updatedAt     DateTime
+    sessions      Session[]
+    accounts      Account[]
+
+    displayUsername  String?
+    role             String?         @default("user")
+    banned           Boolean?        @default(false)
+    banReason        String?
+    banExpires       DateTime?
+    inviteCodeUsed   String?
+    twoFactorEnabled Boolean?        @default(false)
+    Secrets          Secrets[]
+    apiKeys          ApiKey[]
+    twoFactor        TwoFactor[]
+    secretRequests   SecretRequest[]
+
+    @@unique([email])
+    @@map("user")
+}
+
+model TwoFactor {
+    id          String @id @default(uuid())
+    secret      String
+    backupCodes String
+    userId      String
+    user        User   @relation(fields: [userId], references: [id], onDelete: Cascade)
+
+    @@map("twoFactor")
+}
+
+model Session {
+    id        String   @id
+    expiresAt DateTime
+    token     String
+    createdAt DateTime
+    updatedAt DateTime
+    ipAddress String?
+    userAgent String?
+    userId    String
+    user      User     @relation(fields: [userId], references: [id], onDelete: Cascade)
+
+    @@unique([token])
+    @@map("session")
+}
+
+model Account {
+    id                    String    @id
+    accountId             String
+    providerId            String
+    userId                String
+    user                  User      @relation(fields: [userId], references: [id], onDelete: Cascade)
+    accessToken           String?
+    refreshToken          String?
+    idToken               String?
+    accessTokenExpiresAt  DateTime?
+    refreshTokenExpiresAt DateTime?
+    scope                 String?
+    password              String?
+    createdAt             DateTime
+    updatedAt             DateTime
+
+    @@map("account")
+}
+
+model Verification {
+    id         String    @id
+    identifier String
+    value      String
+    expiresAt  DateTime
+    createdAt  DateTime?
+    updatedAt  DateTime?
+
+    @@map("verification")
+}
+
+model InstanceSettings {
+    id                         String   @id @default(uuid())
+    instanceName               String?  @default("")
+    instanceDescription        String?  @default("")
+    instanceLogo               String?  @default("") // Base64 encoded logo image
+    allowRegistration          Boolean? @default(true)
+    requireEmailVerification   Boolean? @default(false)
+    defaultSecretExpiration    Int?     @default(72) // hours
+    maxSecretSize              Int?     @default(1024) // KB
+    allowPasswordProtection    Boolean? @default(true)
+    allowIpRestriction         Boolean? @default(true)
+    enableRateLimiting         Boolean? @default(true)
+    rateLimitRequests          Int?     @default(100)
+    rateLimitWindow            Int?     @default(60) // minutes
+    // Organization features
+    requireInviteCode          Boolean? @default(false)
+    allowedEmailDomains        String?  @default("") // comma-separated list of allowed email domains
+    requireRegisteredUser      Boolean? @default(false) // only registered users can create secrets
+    disableEmailPasswordSignup Boolean? @default(false) // disable email/password registration (social login only)
+    // Webhook notifications
+    webhookEnabled             Boolean? @default(false)
+    webhookUrl                 String?  @default("")
+    webhookSecret              String?  @default("") // HMAC secret for signing webhook payloads
+    webhookOnView              Boolean? @default(true) // send webhook when secret is viewed
+    webhookOnBurn              Boolean? @default(true) // send webhook when secret is burned/deleted
+    // Important message alert
+    importantMessage           String?  @default("") // Message to display to all users
+    // Prometheus metrics
+    metricsEnabled             Boolean? @default(false)
+    metricsSecret              String?  @default("") // Bearer token for /metrics endpoint
+    // File uploads
+    allowFileUploads           Boolean? @default(true)
+    createdAt                  DateTime @default(now())
+    updatedAt                  DateTime @updatedAt
+
+    @@map("instance_settings")
+}
+
+model InviteCode {
+    id        String    @id @default(uuid())
+    code      String    @unique
+    uses      Int       @default(0)
+    maxUses   Int?      @default(1)
+    expiresAt DateTime?
+    createdBy String
+    createdAt DateTime  @default(now())
+    isActive  Boolean   @default(true)
+
+    @@map("invite_codes")
+}
+
+model VisitorAnalytics {
+    id        String   @id @default(uuid())
+    path      String
+    uniqueId  String
+    timestamp DateTime @default(now())
+
+    @@index([timestamp])
+    @@index([uniqueId])
+    @@map("visitor_analytics")
+}
+
+model ApiKey {
+    id         String    @id @default(uuid())
+    name       String
+    keyHash    String    @unique @map("key_hash")
+    keyPrefix  String    @map("key_prefix")
+    userId     String
+    user       User      @relation(fields: [userId], references: [id], onDelete: Cascade)
+    lastUsedAt DateTime? @map("last_used_at")
+    expiresAt  DateTime? @map("expires_at")
+    createdAt  DateTime  @default(now()) @map("created_at")
+
+    @@map("api_keys")
+}
+
+model SecretRequest {
+    id          String  @id @default(uuid())
+    title       String // Displayed to Creator
+    description String? // Optional additional context
+
+    // Pre-configured secret settings
+    maxViews    Int     @default(1) @map("max_views")
+    expiresIn   Int     @map("expires_in") // Seconds until secret expires after creation
+    password    String? // Optional password protection (hashed)
+    allowedIp   String? @map("allowed_ip") // Optional IP restriction
+    preventBurn Boolean @default(false) @map("prevent_burn")
+
+    // Request security
+    token String @unique // Secure token for Creator Link
+
+    // Webhook configuration
+    webhookUrl    String? @map("webhook_url") // Optional webhook URL
+    webhookSecret String? @map("webhook_secret") // HMAC secret for webhook signature
+
+    // Status tracking
+    status String @default("pending") // pending | fulfilled | expired | cancelled
+
+    // Relationships
+    userId   String   @map("user_id") // Requester's user ID
+    user     User     @relation(fields: [userId], references: [id], onDelete: Cascade)
+    secretId String?  @unique @map("secret_id") // Created secret (once fulfilled)
+    secret   Secrets? @relation(fields: [secretId], references: [id], onDelete: SetNull)
+
+    // Timestamps
+    createdAt   DateTime  @default(now()) @map("created_at")
+    expiresAt   DateTime  @map("expires_at") // When the Creator Link expires
+    fulfilledAt DateTime? @map("fulfilled_at") // When secret was created
+
+    @@index([userId])
+    @@index([token])
+    @@index([status])
+    @@map("secret_requests")
+}