Remove container image override, no longer needed.

Signed-off-by: Kellen Renshaw <kellen@bluequartz.xyz>

.dockerignore

@@ -0,0 +1 @@
+target

.gitea/workflows/docker.yaml

@@ -0,0 +1,33 @@
+name: Docker Image Creation
+run-name: ${{ gitea.actor }} building Docker image
+on: [push]
+
+jobs:
+  build-docker:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout the repo
+        uses: actions/checkout@v4
+
+      - name: Login to Gitea Docker Registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.bluequartz.xyz
+          username: ${{ gitea.actor }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Extract metadata for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: git.bluequartz.xyz/kellen/bin
+
+      - name: Build and Push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+

.github/dependabot.yml

@@ -0,0 +1,12 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+
+updates:
+  - package-ecosystem: "cargo"
+    directory: "/"
+    schedule:
+      interval: "monthly"

.github/workflows/audit.yml

@@ -0,0 +1,16 @@
+name: Security audit
+
+on:
+  push:
+    paths:
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+
+jobs:
+  security_audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/audit_cron.yml

@@ -0,0 +1,14 @@
+name: Security audit (cron)
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/ci.yml

@@ -0,0 +1,62 @@
+on: [push, pull_request]
+
+name: CI
+
+jobs:
+  check:
+    name: Check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          override: true
+      - uses: actions-rs/cargo@v1
+        with:
+          command: check
+
+  test:
+    name: Test Suite
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          override: true
+      - uses: actions-rs/cargo@v1
+        with:
+          command: test
+
+  fmt:
+    name: Rustfmt
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          override: true
+      - run: rustup component add rustfmt
+      - uses: actions-rs/cargo@v1
+        with:
+          command: fmt
+
+  clippy:
+    name: Clippy
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          override: true
+      - run: rustup component add clippy
+      - uses: actions-rs/cargo@v1
+        with:
+          command: clippy

.github/workflows/docker-publish.yml

@@ -0,0 +1,93 @@
+name: Docker
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+  schedule:
+    - cron: '45 20 * * *'
+  push:
+    branches: [ master ]
+    # Publish semver tags as releases.
+    tags: [ 'v*.*.*' ]
+  pull_request:
+    branches: [ master ]
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      # Install the cosign tool except on PR
+      # https://github.com/sigstore/cosign-installer
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@1e95c1de343b5b0c23352d6417ee3e48d5bcd422
+        with:
+          cosign-release: 'v1.4.0'
+
+
+      # Workaround: https://github.com/docker/build-push-action/issues/461
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      # Sign the resulting Docker image digest except on PRs.
+      # This will only write to the public Rekor transparency log when the Docker
+      # repository is public to avoid leaking data.  If you would like to publish
+      # transparency data even for private images, pass --force to cosign below.
+      # https://github.com/sigstore/cosign
+      - name: Sign the published Docker image
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          COSIGN_EXPERIMENTAL: "true"
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}

.gitignore

@@ -7,3 +7,4 @@
 
 # These are backup files generated by rustfmt
 **/*.rs.bk
+result

.travis.yml

@@ -25,7 +25,7 @@ matrix:
     os: osx
 
   # *BSD
-  - env: TARGET=x86_64-unknown-freebsd DISABLE_TESTS=1
+  # - env: TARGET=x86_64-unknown-freebsd DISABLE_TESTS=1
   - env: TARGET=x86_64-unknown-netbsd DISABLE_TESTS=1
 
   # Windows
@@ -33,6 +33,7 @@ matrix:
 
 before_install:
 - set -e
+- command -v apt-get && sudo apt-get install -y libclang-dev
 - rustup self update
 
 install:
@@ -53,7 +54,7 @@ deploy:
   # - Encrypt it: `travis encrypt 0123456789012345678901234567890123456789
   # - Paste the output down here
   api_key:
-    secure: "VRWAaqZi3ttaVfvgaSK0hQAIYDFUvPdOhhHxQESNO5qoexjc9wioDe7qfi2PcIKEMcEnXgVlmqKEyd0K4Cur9gWKDCfVPUEDTlph+Xdx+p5ViB+9Bz1z9qFSJchZtqqPGqfaq4Fk5HjBr6V31JFV0pjDfy2dHJzjQke+CGG8Zk/1n4H0dYqxZ4EyxcmuIxAnplyUDNdOrbwkuRKEGXLg94Ayk/OmLqHwvCJGYsa3jSgS2ySDT3nRaM9CG5WxKaEQMW4uEWJLbgmqFaxCWh1sOYt+brDWXc9aIJIFsR4b8wdHdHVL0C34dW/0xjxSQPN3PK3jKZYduiu49XgHtpKF9fvsFQSeQwMsAizucJtVKaJr1LfjKk3WwKPuiRotrPVwggdm9/zjXn1POerLR1TMNZr2fxI2iqkXA2sjpRJiDL7sBDg+glY09lGZazyCRIMszxuthoxjw38ZqwYzU4iM7mCkQQHFzVObZdanDtsCH6sM0FDfb7LmJ9uAdDHnzKwTKk23w0hEmdQJHkYimwCQR8Yp7jAhRyxNxYuWtdpuWP4WXDRmLypqMszNqFkZymvVFmMAm0hcSRxwkup4eUWY4yVuHch8/sl51zKXAFk35P2/gZyfoD7+yhiBY5j6dN4s6VBuePc9knRAUP3vWxdTjVg+PoQuWFEC5pHUvsUm/yk="
+    secure: "I1pMvhljeuqXkQDtaktLAcC0VFwlHZIXiM81f+FI+m8pWBV6eAy4alD9+tBSl808g8VIyv1nTbw/UGxVlKALqhR0iT9eCCxvVrgJuWKawJYuzrKxYnKf82t3RjTO1qh6Uf3LeCuZ+ReGbFeR4wTlxC9CQLwdBg3xUA+8bNNJigrEECmNjrUigmRdnKb1R1KXCNW9AwXMlVv+4I1me50/dFLdnhlaAjpsWFXKb2vAk/xoyob1WMEZbInrD/NX1kOz0UPiIX/K8Qjsgp6SAFxjhWGu9jk7VnzvEGPUmTS7OJ4tols2Lhde1AC0y/pElt3YFjA3qfKJfk4B8bUAizomeR+GwJ5YD/CEqhopa8b34SuxeHUOkX9GxPoba08qAmqPAeWcO2hlS0aBiiIUMIOgUqjGDy3MiMqg7VdalkiNtRsr2iCXXSe9p2FPWFsYW1bjGCbIYGBrmWZZEIVYJk2laSmIng27MBvlJFdDkX5Nf3d75Y5U/ZAUwfhpA8ZxwVbddKjYs1S8x09s5yhVOjxJzK2G0aJIg94wMflYEsygrZxjpMkOI79HMZrKArY2S6N6wqgKIdFM2kCmk0ps9DM9pn2o9h91EpnAi7PUd8RIB8yOh9g/K4K9ClvScUqagLR+DvjPoMh68F7Y5XnbuZkIgQ7fKB0cBtB+JnrIE3b3icI="
   file_glob: true
   file: $CRATE_NAME-$TRAVIS_TAG-$TARGET.*
   on:

.woodpecker.yml

@@ -0,0 +1,21 @@
+# Pushes a Docker image without needing access to the Docker daemon
+# 
+# Pushing an image to a container registry authenticated:
+#   DOCKER_USERNAME - Woodpecker CI Secret which is the container registry username
+#   DOCKER_PASSWORD - Woodpecker CI Secret which is container registry password
+#
+#   Adjust branches to test things.
+#
+pipeline:
+  publish-docker-image:
+    image: plugins/kaniko
+    settings:
+      registry: core.harbor.0.tus.us.bluequartz.xyz
+      repo: core.harbor.0.tus.us.bluequartz.xyz/k8s/bin
+      tags: latest,v2.0.0-${CI_COMMIT_SHA:0:8}
+      dockerfile: Dockerfile
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
+branches: master

Cargo.toml

@@ -1,22 +1,31 @@
 [package]
 name = "bin"
-version = "1.0.2"
+version = "2.0.0"
 description = "a paste bin."
 repository = "https://github.com/w4/bin"
 license = "WTFPL OR 0BSD"
 authors = ["Jordan Doyle <jordan@doyle.la>"]
-edition = "2018"
+edition = "2021"
 
 [dependencies]
-owning_ref = "0.4"
+argh = "0.1"
+log = "0.4"
+pretty_env_logger = "0.4"
 linked-hash-map = "0.5"
-rocket = { version = "0.4", default-features = false }
-askama = "0.8"
-lazy_static = "1.2"
-rand = { version = "0.6", features = ["nightly"] }
+once_cell = "1.14"
+parking_lot = "0.12"
+bytes = { version = "1.2", features = ["serde"] }
+serde = { version = "1.0", features = ["derive"] }
+rand = { version = "0.8" }
 gpw = "0.1"
-syntect = "3.0"
-serde_derive = "1.0"
+actix = "0.13"
+actix-web = "4.0"
+htmlescape = "0.3"
+askama = "0.11"
+bat = "0.20"
+syntect = "4.6"
+tokio = { version = "1.20", features = ["sync"] }
+futures = "0.3"
 
 [profile.release]
 lto = true

Dockerfile

@@ -0,0 +1,15 @@
+FROM rust:1-slim-bookworm AS builder
+
+RUN apt update && apt install -y libclang-dev
+
+COPY . /sources
+WORKDIR /sources
+RUN cargo build --release
+RUN chown nobody:nogroup /sources/target/release/bin
+
+FROM gcr.io/distroless/cc-debian12
+COPY --from=builder /sources/target/release/bin /pastebin
+
+USER nobody
+EXPOSE 8000
+ENTRYPOINT ["/pastebin", "0.0.0.0:8000"]

README.md

@@ -1,9 +1,9 @@
 # bin
 a paste bin.
 
-A paste bin that's actually minimalist. No database requirement, no commenting functionality, no self-destructing or time bomb messages and no social media integration—just an application to quickly send snippits of text to people.
+A paste bin that's actually minimalist. No database requirement, no commenting functionality, no self-destructing or time bomb messages and no social media integration—just an application to quickly send snippets of text to people.
 
-[bin](https://bin.doyle.la/) is written in Rust in around 200 lines of code. It's fast, it's simple, there's code highlighting and you can ⌘+A without going to the 'plain' page. It's revolutionary in the paste bin industry, disrupting markets and pushing boundaries never seen before.
+[bin](https://bin.gy/) is written in Rust in around 300 lines of code. It's fast, it's simple, there's code highlighting and you can ⌘+A without going to the 'plain' page. It's revolutionary in the paste bin industry, disrupting markets and pushing boundaries never seen before.
 
 ##### so how do you get bin?
 
@@ -29,16 +29,29 @@ $ ./bin
 
 ##### funny, what settings are there?
 
-bin uses [rocket](https://rocket.rs) so you can add a [rocket config file](https://api.rocket.rs/v0.3/rocket/config/) if you like. You can set `ROCKET_PORT` in your environment if you want to change the default port (8820).
+```
+$ ./bin
 
-bin's only configuration value is `BIN_BUFFER_SIZE` which defaults to 2000. Change this value if you want your bin to hold more pastes.
+Usage: bin [<bind_addr>] [--buffer-size <buffer-size>] [--max-paste-size <max-paste-size>]
+
+a pastebin.
+
+Positional Arguments:
+  bind_addr         socket address to bind to (default: 127.0.0.1:8820)
+
+Options:
+  --buffer-size     maximum amount of pastes to store before rotating (default:
+                    1000)
+  --max-paste-size  maximum paste size in bytes (default. 32kB)
+  --help            display usage information
+```
 
 ##### is there curl support?
 
 ```bash
-$ curl -X PUT --data 'hello world' bin.doyle.la
-https://bin.doyle.la/cateettary
-$ curl https://bin.doyle.la/cateettary
+$ curl -X PUT --data 'hello world' https://bin.gy
+https://bin.gy/cateettary
+$ curl https://bin.gy/cateettary
 hello world
 ```
 

ci/before_deploy.sh

@@ -19,8 +19,8 @@ main() {
 
     cross rustc --bin bin --target $TARGET --release -- -C lto
 
-    [ "$TARGET" == "arm-unknown-linux-gnueabi" ] || [ "$TARGET" == "x86_64-pc-windows-gnu" ] || strip target/$TARGET/release/bin
-    cp target/$TARGET/release/bin $stage/
+    [ "$TARGET" = "arm-unknown-linux-gnueabi" ] || [ "$TARGET" = "x86_64-pc-windows-gnu" ] || strip target/$TARGET/release/bin
+    cp target/$TARGET/release/* $stage/
 
     cd $stage
     tar czf $src/$CRATE_NAME-$TRAVIS_TAG-$TARGET.tar.gz *

ci/script.sh

@@ -4,7 +4,7 @@ set -ex
 
 # TODO This is the "test phase", tweak it as you see fit
 main() {
-    cross build --target $TARGET
+    cross check
     cross build --target $TARGET --release
 
     if [ ! -z $DISABLE_TESTS ]; then
@@ -12,7 +12,6 @@ main() {
     fi
 
     cross test --target $TARGET
-    cross test --target $TARGET --release
 }
 
 # we don't run the "test phase" when doing deploys

docker-compose.yml

@@ -0,0 +1,8 @@
+version: '3'
+services:
+  bin:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    ports:
+      - "8000:8000"

flake.lock

@@ -0,0 +1,77 @@
+{
+  "nodes": {
+    "naersk": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1662220400,
+        "narHash": "sha256-9o2OGQqu4xyLZP9K6kNe1pTHnyPz0Wr3raGYnr9AIgY=",
+        "owner": "nix-community",
+        "repo": "naersk",
+        "rev": "6944160c19cb591eb85bbf9b2f2768a935623ed3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "master",
+        "repo": "naersk",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1670118144,
+        "narHash": "sha256-tdh9H4oomljZaKpCkZox8jmwt8p78oGLpK9cjFBy3Qk=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "95f1ec721652d91a2993311d6cf537d3724690be",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1670118144,
+        "narHash": "sha256-tdh9H4oomljZaKpCkZox8jmwt8p78oGLpK9cjFBy3Qk=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "95f1ec721652d91a2993311d6cf537d3724690be",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "naersk": "naersk",
+        "nixpkgs": "nixpkgs_2",
+        "utils": "utils"
+      }
+    },
+    "utils": {
+      "locked": {
+        "lastModified": 1667395993,
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,83 @@
+{
+  inputs = {
+    naersk.url = "github:nix-community/naersk/master";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs = { self, nixpkgs, utils, naersk }:
+    utils.lib.eachDefaultSystem (system:
+      let
+        pkgs = import nixpkgs { inherit system; };
+        naersk-lib = pkgs.callPackage naersk { };
+      in
+      {
+        defaultPackage = naersk-lib.buildPackage ./.;
+        devShell = with pkgs; mkShell {
+          buildInputs = [ cargo rustc rustfmt pre-commit rustPackages.clippy ];
+          RUST_SRC_PATH = rustPlatform.rustLibSrc;
+        };
+
+        nixosModules.default = { config, lib, pkgs, ... }:
+          with lib;
+          let
+            cfg = config.services.paste-bin;
+          in
+          {
+            options.services.paste-bin = {
+              enable = mkEnableOption "paste-bin";
+              bindAddress = mkOption {
+                default = "[::]:8000";
+                description = "Address and port to listen on";
+                type = types.str;
+              };
+              maxPasteSize = mkOption {
+                default = 32768;
+                description = "Max allowed size of an individual paste";
+                type = types.int;
+              };
+              bufferSize = mkOption {
+                default = 1000;
+                description = "Maximum amount of pastes to store at a time";
+                type = types.int;
+              };
+            };
+
+            config = mkIf cfg.enable {
+              systemd.services.bin = {
+                enable = true;
+                wantedBy = [ "multi-user.target" ];
+                after = [ "network-online.target" ];
+                serviceConfig = {
+                  Type = "exec";
+                  ExecStart = "${self.defaultPackage."${system}"}/bin/bin --buffer-size ${toString cfg.bufferSize} --max-paste-size ${toString cfg.maxPasteSize} ${cfg.bindAddress}";
+                  Restart = "on-failure";
+
+                  CapabilityBoundingSet = "";
+                  NoNewPrivileges = true;
+                  PrivateDevices = true;
+                  PrivateTmp = true;
+                  PrivateUsers = true;
+                  PrivateMounts = true;
+                  ProtectHome = true;
+                  ProtectClock = true;
+                  ProtectProc = "noaccess";
+                  ProcSubset = "pid";
+                  ProtectKernelLogs = true;
+                  ProtectKernelModules = true;
+                  ProtectKernelTunables = true;
+                  ProtectControlGroups = true;
+                  ProtectHostname = true;
+                  RestrictSUIDSGID = true;
+                  RestrictRealtime = true;
+                  RestrictNamespaces = true;
+                  LockPersonality = true;
+                  RemoveIPC = true;
+                  RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
+                  SystemCallFilter = [ "@system-service" "~@privileged" ];
+                };
+              };
+            };
+          };
+      });
+}

shell.nix

@@ -2,9 +2,9 @@ with import <nixpkgs> {};
 let src = fetchFromGitHub {
       owner = "mozilla";
       repo = "nixpkgs-mozilla";
-      # commited 12/2/2019
-      rev = "37f7f33ae3ddd70506cd179d9718621b5686c48d";
-      sha256 = "0cmvc9fnr38j3n0m4yf0k6s2x589w1rdby1qry1vh435v79gp95j";
+      # commited 19/2/2020
+      rev = "e912ed483e980dfb4666ae0ed17845c4220e5e7c";
+      sha256 = "08fvzb8w80bkkabc1iyhzd15f4sm7ra10jn32kfch5klgl0gj3j3";
    };
 in
 with import "${src.out}/rust-overlay.nix" pkgs pkgs;
@@ -14,6 +14,9 @@ stdenv.mkDerivation {
     buildInputs = [
         latest.rustChannels.nightly.cargo
         latest.rustChannels.nightly.rust
+        stdenv.cc.libc
     ] ++
     pkgs.lib.optional pkgs.stdenv.isDarwin pkgs.darwin.apple_sdk.frameworks.Security;
+
+    LIBCLANG_PATH="${llvmPackages.libclang}/lib";
 }

src/errors.rs

@@ -0,0 +1,56 @@
+use actix_web::{body::BoxBody, http::header, http::StatusCode, web, HttpResponse, ResponseError};
+
+use std::fmt::{Formatter, Write};
+
+macro_rules! impl_response_error_for_http_resp {
+    ($ty:ty, $path:expr, $status:expr) => {
+        impl ResponseError for $ty {
+            fn error_response(&self) -> HttpResponse {
+                HtmlResponseError::error_response(self)
+            }
+        }
+
+        impl std::fmt::Display for $ty {
+            fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
+                write!(f, "{}", include_str!($path))
+            }
+        }
+
+        impl HtmlResponseError for $ty {
+            fn status_code(&self) -> StatusCode {
+                $status
+            }
+        }
+    };
+}
+
+#[derive(Debug)]
+pub struct NotFound;
+
+impl_response_error_for_http_resp!(NotFound, "../templates/404.html", StatusCode::NOT_FOUND);
+
+#[derive(Debug)]
+pub struct InternalServerError(pub Box<dyn std::error::Error>);
+
+impl_response_error_for_http_resp!(
+    InternalServerError,
+    "../templates/500.html",
+    StatusCode::INTERNAL_SERVER_ERROR
+);
+
+pub trait HtmlResponseError: ResponseError {
+    fn status_code(&self) -> StatusCode {
+        StatusCode::INTERNAL_SERVER_ERROR
+    }
+
+    fn error_response(&self) -> HttpResponse {
+        let mut resp = HttpResponse::new(HtmlResponseError::status_code(self));
+        let mut buf = web::BytesMut::new();
+        let _ = write!(&mut buf, "{}", self);
+        resp.headers_mut().insert(
+            header::CONTENT_TYPE,
+            header::HeaderValue::from_static("text/html; charset=utf-8"),
+        );
+        resp.set_body(BoxBody::new(buf))
+    }
+}

src/highlight.rs

@@ -1,26 +1,45 @@
-extern crate syntect;
+use bat::assets::HighlightingAssets;
+use once_cell::sync::Lazy;
+use syntect::{
+    html::{ClassStyle, ClassedHTMLGenerator},
+    parsing::SyntaxSet,
+};
 
-use syntect::easy::HighlightLines;
-use syntect::highlighting::ThemeSet;
-use syntect::html::{styled_line_to_highlighted_html, IncludeBackground};
-use syntect::parsing::SyntaxSet;
+thread_local!(pub static BAT_ASSETS: HighlightingAssets = HighlightingAssets::from_binary());
 
 /// Takes the content of a paste and the extension passed in by the viewer and will return the content
 /// highlighted in the appropriate format in HTML.
 ///
 /// Returns `None` if the extension isn't supported.
 pub fn highlight(content: &str, ext: &str) -> Option<String> {
-    lazy_static! {
-        static ref SS: SyntaxSet = SyntaxSet::load_defaults_newlines();
-        static ref TS: ThemeSet = ThemeSet::load_defaults();
-    }
+    static SS: Lazy<SyntaxSet> = Lazy::new(SyntaxSet::load_defaults_newlines);
 
-    let syntax = SS.find_syntax_by_extension(ext)?;
-    let mut h = HighlightLines::new(syntax, &TS.themes["base16-ocean.dark"]);
-    let regions = h.highlight(content, &SS);
-
-    Some(styled_line_to_highlighted_html(
-        &regions[..],
-        IncludeBackground::No,
-    ))
+    BAT_ASSETS.with(|f| {
+        let ss = f.get_syntax_set().ok().unwrap_or(&SS);
+        let syntax = ss.find_syntax_by_extension(ext)?;
+        let mut html_generator =
+            ClassedHTMLGenerator::new_with_class_style(syntax, ss, ClassStyle::Spaced);
+        for line in LinesWithEndings(content.trim()) {
+            html_generator.parse_html_for_line_which_includes_newline(line);
+        }
+        Some(html_generator.finalize())
+    })
+}
+
+pub struct LinesWithEndings<'a>(&'a str);
+
+impl<'a> Iterator for LinesWithEndings<'a> {
+    type Item = &'a str;
+
+    #[inline]
+    fn next(&mut self) -> Option<Self::Item> {
+        if self.0.is_empty() {
+            None
+        } else {
+            let split = self.0.find('\n').map_or(self.0.len(), |i| i + 1);
+            let (line, rest) = self.0.split_at(split);
+            self.0 = rest;
+            Some(line)
+        }
+    }
 }

src/io.rs

@@ -1,39 +1,21 @@
-extern crate gpw;
-extern crate linked_hash_map;
-extern crate owning_ref;
-extern crate rand;
-
-use rand::distributions::Alphanumeric;
-use rand::{thread_rng, Rng};
-
+use actix_web::web::Bytes;
 use linked_hash_map::LinkedHashMap;
-
-use owning_ref::RwLockReadGuardRef;
-
+use once_cell::sync::Lazy;
+use parking_lot::RwLock;
+use rand::{distributions::Alphanumeric, thread_rng, Rng};
 use std::cell::RefCell;
-use std::env;
-use std::sync::{PoisonError, RwLock};
 
-lazy_static! {
-    static ref ENTRIES: RwLock<LinkedHashMap<String, String>> = RwLock::new(LinkedHashMap::new());
-    static ref BUFFER_SIZE: usize = env::var("BIN_BUFFER_SIZE")
-        .map(|f| f
-            .parse::<usize>()
-            .expect("Failed to parse value of BIN_BUFFER_SIZE"))
-        .unwrap_or(1000usize);
-}
+pub type PasteStore = RwLock<LinkedHashMap<String, Bytes>>;
+
+static BUFFER_SIZE: Lazy<usize> = Lazy::new(|| argh::from_env::<crate::BinArgs>().buffer_size);
 
 /// Ensures `ENTRIES` is less than the size of `BIN_BUFFER_SIZE`. If it isn't then
 /// `ENTRIES.len() - BIN_BUFFER_SIZE` elements will be popped off the front of the map.
 ///
 /// During the purge, `ENTRIES` is locked and the current thread will block.
-fn purge_old() {
-    let entries_len = ENTRIES.read().unwrap_or_else(PoisonError::into_inner).len();
-
-    if entries_len > *BUFFER_SIZE {
-        let to_remove = entries_len - *BUFFER_SIZE;
-
-        let mut entries = ENTRIES.write().unwrap_or_else(PoisonError::into_inner);
+fn purge_old(entries: &mut LinkedHashMap<String, Bytes>) {
+    if entries.len() > *BUFFER_SIZE {
+        let to_remove = entries.len() - *BUFFER_SIZE;
 
         for _ in 0..to_remove {
             entries.pop_front();
@@ -44,32 +26,29 @@ fn purge_old() {
 /// Generates a 'pronounceable' random ID using gpw
 pub fn generate_id() -> String {
     thread_local!(static KEYGEN: RefCell<gpw::PasswordGenerator> = RefCell::new(gpw::PasswordGenerator::default()));
+
     KEYGEN.with(|k| k.borrow_mut().next()).unwrap_or_else(|| {
         thread_rng()
             .sample_iter(&Alphanumeric)
             .take(6)
-            .collect::<String>()
+            .map(char::from)
+            .collect()
     })
 }
 
 /// Stores a paste under the given id
-pub fn store_paste(id: String, content: String) {
-    purge_old();
-    ENTRIES
-        .write()
-        .unwrap_or_else(PoisonError::into_inner)
-        .insert(id, content);
+pub fn store_paste(entries: &PasteStore, id: String, content: Bytes) {
+    let mut entries = entries.write();
+
+    purge_old(&mut entries);
+
+    entries.insert(id, content);
 }
 
 /// Get a paste by id.
 ///
 /// Returns `None` if the paste doesn't exist.
-pub fn get_paste(id: &str) -> Option<RwLockReadGuardRef<LinkedHashMap<String, String>, String>> {
-    let or = RwLockReadGuardRef::new(ENTRIES.read().unwrap_or_else(PoisonError::into_inner));
-
-    if or.contains_key(id) {
-        Some(or.map(|x| x.get(id).unwrap()))
-    } else {
-        None
-    }
+pub fn get_paste(entries: &PasteStore, id: &str) -> Option<Bytes> {
+    // need to box the guard until owning_ref understands Pin is a stable address
+    entries.read().get(id).map(Bytes::clone)
 }

src/main.rs

@@ -1,123 +1,193 @@
-#![feature(proc_macro_hygiene, decl_macro)]
-#![feature(type_alias_enum_variants)]
-
-#[macro_use]
-extern crate lazy_static;
-
-#[macro_use]
-extern crate rocket;
-
-extern crate askama;
+#![deny(clippy::pedantic)]
+#![allow(clippy::unused_async)]
 
+mod errors;
 mod highlight;
 mod io;
 mod params;
 
-use highlight::highlight;
-use io::{generate_id, get_paste, store_paste};
-use params::{HostHeader, IsPlaintextRequest};
+use crate::{
+    errors::{InternalServerError, NotFound},
+    highlight::highlight,
+    io::{generate_id, get_paste, store_paste, PasteStore},
+    params::{HostHeader, IsPlaintextRequest},
+};
 
+use actix_web::{
+    http::header,
+    web::{self, Bytes, Data, FormConfig, PayloadConfig},
+    App, Error, HttpRequest, HttpResponse, HttpServer, Responder,
+};
 use askama::{Html as AskamaHtml, MarkupDisplay, Template};
+use log::{error, info};
+use once_cell::sync::Lazy;
+use std::{
+    borrow::Cow,
+    net::{IpAddr, Ipv4Addr, SocketAddr},
+};
+use syntect::html::{css_for_theme_with_class_style, ClassStyle};
 
-use rocket::http::{ContentType, Status};
-use rocket::request::Form;
-use rocket::response::content::{Content, Html};
-use rocket::response::Redirect;
-use rocket::Data;
+#[derive(argh::FromArgs, Clone)]
+/// a pastebin.
+pub struct BinArgs {
+    /// socket address to bind to (default: 127.0.0.1:8820)
+    #[argh(
+        positional,
+        default = "SocketAddr::new(IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1)), 8820)"
+    )]
+    bind_addr: SocketAddr,
+    /// maximum amount of pastes to store before rotating (default: 1000)
+    #[argh(option, default = "1000")]
+    buffer_size: usize,
+    /// maximum paste size in bytes (default. 32kB)
+    #[argh(option, default = "32 * 1024")]
+    max_paste_size: usize,
+}
 
-use std::borrow::Cow;
-use std::io::Read;
+#[actix_web::main]
+async fn main() -> std::io::Result<()> {
+    if std::env::var_os("RUST_LOG").is_none() {
+        std::env::set_var("RUST_LOG", "INFO");
+    }
+    pretty_env_logger::init();
 
-///
-/// Homepage
-///
+    let args: BinArgs = argh::from_env();
+
+    let store = Data::new(PasteStore::default());
+
+    let server = HttpServer::new({
+        let args = args.clone();
+
+        move || {
+            App::new()
+                .app_data(store.clone())
+                .app_data(PayloadConfig::default().limit(args.max_paste_size))
+                .app_data(FormConfig::default().limit(args.max_paste_size))
+                .wrap(actix_web::middleware::Compress::default())
+                .route("/", web::get().to(index))
+                .route("/", web::post().to(submit))
+                .route("/", web::put().to(submit_raw))
+                .route("/", web::head().to(HttpResponse::MethodNotAllowed))
+                .route("/highlight.css", web::get().to(highlight_css))
+                .route("/{paste}", web::get().to(show_paste))
+                .route("/{paste}", web::head().to(HttpResponse::MethodNotAllowed))
+                .default_service(web::to(|req: HttpRequest| async move {
+                    error!("Couldn't find resource {}", req.uri());
+                    HttpResponse::from_error(NotFound)
+                }))
+        }
+    });
+
+    info!("Listening on http://{}", args.bind_addr);
+
+    server.bind(args.bind_addr)?.run().await
+}
 
 #[derive(Template)]
 #[template(path = "index.html")]
 struct Index;
 
-#[get("/")]
-fn index() -> Result<Html<String>, Status> {
-    Index
-        .render()
-        .map(Html)
-        .map_err(|_| Status::InternalServerError)
+async fn index(req: HttpRequest) -> Result<HttpResponse, Error> {
+    render_template(&req, &Index)
 }
 
-///
-/// Submit Paste
-///
-
-#[derive(FromForm)]
+#[derive(serde::Deserialize)]
 struct IndexForm {
-    val: String,
+    val: Bytes,
 }
 
-#[post("/", data = "<input>")]
-fn submit(input: Form<IndexForm>) -> Redirect {
+async fn submit(input: web::Form<IndexForm>, store: Data<PasteStore>) -> impl Responder {
     let id = generate_id();
-    let uri = uri!(show_paste: &id);
-    store_paste(id, input.into_inner().val);
-    Redirect::to(uri)
+    let uri = format!("/{}", &id);
+    store_paste(&store, id, input.into_inner().val);
+    HttpResponse::Found()
+        .append_header((header::LOCATION, uri))
+        .finish()
 }
 
-#[put("/", data = "<input>")]
-fn submit_raw(input: Data, host: HostHeader) -> std::io::Result<String> {
-    let mut data = String::new();
-    input.open().take(1024 * 1000).read_to_string(&mut data)?;
-
+async fn submit_raw(
+    data: Bytes,
+    host: HostHeader,
+    store: Data<PasteStore>,
+) -> Result<String, Error> {
     let id = generate_id();
-    let uri = uri!(show_paste: &id);
+    let uri = if let Some(Ok(host)) = host.0.as_ref().map(|v| std::str::from_utf8(v.as_bytes())) {
+        format!("https://{}/{}", host, id)
+    } else {
+        format!("/{}", id)
+    };
 
-    store_paste(id, data);
+    store_paste(&store, id, data);
 
-    match *host {
-        Some(host) => Ok(format!("https://{}{}", host, uri)),
-        None => Ok(format!("{}", uri)),
-    }
+    Ok(uri)
 }
 
-///
-/// Show paste page
-///
-
 #[derive(Template)]
 #[template(path = "paste.html")]
 struct ShowPaste<'a> {
     content: MarkupDisplay<AskamaHtml, Cow<'a, String>>,
 }
 
-#[get("/<key>")]
-fn show_paste(key: String, plaintext: IsPlaintextRequest) -> Result<Content<String>, Status> {
+async fn show_paste(
+    req: HttpRequest,
+    key: actix_web::web::Path<String>,
+    plaintext: IsPlaintextRequest,
+    store: Data<PasteStore>,
+) -> Result<HttpResponse, Error> {
     let mut splitter = key.splitn(2, '.');
-    let key = splitter.next().ok_or_else(|| Status::NotFound)?;
+    let key = splitter.next().unwrap();
     let ext = splitter.next();
 
-    // get() returns a read-only lock, we're not going to be writing to this key
-    // again so we can hold this for as long as we want
-    let entry = &*get_paste(key).ok_or_else(|| Status::NotFound)?;
+    let entry = get_paste(&store, key).ok_or(NotFound)?;
 
     if *plaintext {
-        Ok(Content(ContentType::Plain, entry.to_string()))
+        Ok(HttpResponse::Ok()
+            .content_type("text/plain; charset=utf-8")
+            .body(entry))
     } else {
-        let content = match ext {
-            Some(extension) => match highlight(&entry, extension) {
-                Some(html) => MarkupDisplay::new_safe(Cow::Owned(html), AskamaHtml),
-                None => return Err(Status::NotFound),
+        let data = std::str::from_utf8(entry.as_ref())?;
+
+        let code_highlighted = match ext {
+            Some(extension) => match highlight(data, extension) {
+                Some(html) => html,
+                None => return Err(NotFound.into()),
             },
-            None => MarkupDisplay::new_unsafe(Cow::Borrowed(entry), AskamaHtml),
+            None => htmlescape::encode_minimal(data),
         };
 
-        let template = ShowPaste { content };
-        match template.render() {
-            Ok(html) => Ok(Content(ContentType::HTML, html)),
-            Err(_) => Err(Status::InternalServerError),
-        }
+        // Add <code> tags to enable line numbering with CSS
+        let html = format!(
+            "<code>{}</code>",
+            code_highlighted.replace('\n', "</code><code>")
+        );
+
+        let content = MarkupDisplay::new_safe(Cow::Borrowed(&html), AskamaHtml);
+
+        render_template(&req, &ShowPaste { content })
     }
 }
 
-fn main() {
-    rocket::ignite()
-        .mount("/", routes![index, submit, submit_raw, show_paste])
-        .launch();
+async fn highlight_css() -> HttpResponse {
+    static CSS: Lazy<Bytes> = Lazy::new(|| {
+        highlight::BAT_ASSETS.with(|s| {
+            Bytes::from(css_for_theme_with_class_style(
+                s.get_theme("OneHalfDark"),
+                ClassStyle::Spaced,
+            ))
+        })
+    });
+
+    HttpResponse::Ok()
+        .content_type("text/css")
+        .body(CSS.clone())
+}
+
+fn render_template<T: Template>(req: &HttpRequest, template: &T) -> Result<HttpResponse, Error> {
+    match template.render() {
+        Ok(html) => Ok(HttpResponse::Ok().content_type("text/html").body(html)),
+        Err(e) => {
+            error!("Error while rendering template for {}: {}", req.uri(), e);
+            Err(InternalServerError(Box::new(e)).into())
+        }
+    }
 }

src/params.rs

@@ -1,7 +1,11 @@
 use std::ops::Deref;
 
-use rocket::request::{FromRequest, Outcome};
-use rocket::Request;
+use actix_web::{
+    dev::Payload,
+    http::header::{self, HeaderValue},
+    FromRequest, HttpMessage, HttpRequest,
+};
+use futures::future::ok;
 
 /// Holds a value that determines whether or not this request wanted a plaintext response.
 ///
@@ -17,25 +21,22 @@ impl Deref for IsPlaintextRequest {
     }
 }
 
-impl<'a, 'r> FromRequest<'a, 'r> for IsPlaintextRequest {
-    type Error = ();
+impl FromRequest for IsPlaintextRequest {
+    type Error = actix_web::Error;
+    type Future = futures::future::Ready<Result<Self, Self::Error>>;
 
-    fn from_request(request: &'a Request<'r>) -> Outcome<IsPlaintextRequest, ()> {
-        if let Some(format) = request.format() {
-            if format.is_plain() {
-                return Outcome::Success(IsPlaintextRequest(true));
-            }
+    fn from_request(req: &HttpRequest, _payload: &mut Payload) -> Self::Future {
+        if req.content_type() == "text/plain" {
+            return ok(IsPlaintextRequest(true));
         }
 
-        match request
+        match req
             .headers()
-            .get_one("User-Agent")
-            .and_then(|u| u.splitn(2, '/').next())
+            .get(header::USER_AGENT)
+            .and_then(|u| u.to_str().unwrap().split('/').next())
         {
-            None | Some("Wget") | Some("curl") | Some("HTTPie") => {
-                Outcome::Success(IsPlaintextRequest(true))
-            }
-            _ => Outcome::Success(IsPlaintextRequest(false)),
+            None | Some("Wget" | "curl" | "HTTPie") => ok(IsPlaintextRequest(true)),
+            _ => ok(IsPlaintextRequest(false)),
         }
     }
 }
@@ -44,20 +45,13 @@ impl<'a, 'r> FromRequest<'a, 'r> for IsPlaintextRequest {
 ///
 /// The inner value of this `HostHeader` will be `None` if there was no Host header
 /// on the request.
-pub struct HostHeader<'a>(pub Option<&'a str>);
+pub struct HostHeader(pub Option<HeaderValue>);
 
-impl<'a> Deref for HostHeader<'a> {
-    type Target = Option<&'a str>;
+impl FromRequest for HostHeader {
+    type Error = actix_web::Error;
+    type Future = futures::future::Ready<Result<Self, Self::Error>>;
 
-    fn deref(&self) -> &Option<&'a str> {
-        &self.0
-    }
-}
-
-impl<'a, 'r> FromRequest<'a, 'r> for HostHeader<'a> {
-    type Error = ();
-
-    fn from_request(request: &'a Request<'r>) -> Outcome<HostHeader<'a>, ()> {
-        Outcome::Success(HostHeader(request.headers().get_one("Host")))
+    fn from_request(req: &HttpRequest, _payload: &mut Payload) -> Self::Future {
+        ok(Self(req.headers().get(header::HOST).cloned()))
     }
 }

templates/404.html

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="utf-8">
+    <title>404 Not Found</title>
+</head>
+<body align="center">
+<div align="center">
+    <h1>404: Not Found</h1>
+    <p>The requested resource could not be found.</p>
+    <hr />
+    <small>bin.</small>
+</div>
+</body>
+</html>

templates/500.html

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="utf-8">
+    <title>500 Internal Server Error</title>
+</head>
+<body align="center">
+<div align="center">
+    <h1>500: Internal Server Error</h1>
+    <p>An error occurred while fetching the requested resource.</p>
+    <hr />
+    <small>bin.</small>
+</div>
+</body>
+</html>

templates/base.html

@@ -1,28 +1,28 @@
 <!DOCTYPE html>
-<html>
+<html lang="en">
 <head>
     <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
     <title>bin.</title>
-
+    <link rel="help" href="https://github.com/w4/bin">
     <style>
         * { box-sizing: border-box; }
-
         html, body { margin: 0; }
-
         body {
             height: 100vh;
             padding: 2rem;
             background: #263238;
             color: #B0BEC5;
-            font-family: 'Courier New', Courier, monospace;
             line-height: 1.1;
-
             display: flex;
         }
-
-        {% block styles %}
-        {% endblock styles %}
+        body, code, textarea { font-family: Monaco, Menlo, Courier, Courier New, Andale Mono, monospace; }
+        code {
+          display: block;
+        }
+        {% block styles %}{% endblock styles %}
     </style>
+    {% block head %}{% endblock head %}
 </head>
 <body>{% block content %}{% endblock content %}</body>
 </html>

templates/index.html

@@ -9,6 +9,7 @@
 
         background: none;
         border: none;
+        outline: 0;
 
         resize: none;
         overflow: auto;

templates/paste.html

@@ -9,7 +9,24 @@
         font-family: inherit;
         font-size: 1rem;
         line-height: inherit;
+        counter-reset: line;
+    }
+    code {
+        counter-increment: line;
+    }
+    code::before {
+        content: counter(line);
+        display: inline-block;
+        width: 2em; /* Fixed width */
+        padding: 0 1em 0.3em 0;
+        margin-right: .5em;
+        color: #888;
+        -webkit-user-select: none;
     }
 {% endblock styles %}
 
-{% block content %}<pre><code>{{ content|safe }}</code></pre>{% endblock content %}
+{% block head %}
+    <link rel="stylesheet" type="text/css" href="highlight.css" />
+{% endblock head %}
+
+{% block content %}<pre>{{ content|safe }}</pre>{% endblock content %}