A production-ready, secure pastebin built on Cloudflare Workers with one-time view capability, comprehensive analytics, and a beautiful modern UI. Perfect for sharing code snippets, logs, and sensitive data with automatic expiration.
π― Keywords: secure pastebin, code sharing, one-time view, Cloudflare Workers, TypeScript, edge computing, serverless, privacy-focused, auto-expiration, paste sharing
π Try it Live! π
Official Instance: https://1paste.dev - Ready to use right now!
- π Try it Live!
- β¨ Features
- π Quick Start
- π― Usage
- π API Documentation
- βοΈ Configuration
- π€ Contributing
- π License
- π Links
π΄ Forked this repo? Update the deploy button and links! See SETUP.md for quick customization.
- π₯ One-time view: Pastes are automatically deleted after being viewed once (optional)
- ποΈ Multi-view mode: Allow multiple views until expiration
- β° Auto-expiration: Configurable expiry times (5 minutes to 30 days)
- π‘οΈ Content validation: Suspicious pattern detection and content quality checks
- π« XSS protection: Full HTML escaping and secure rendering
- π¦ Rate limiting: Configurable limits to prevent abuse
- π Secure IDs: Cryptographically secure paste identifiers
- ποΈ Manual deletion: Recipients can delete pastes before expiration
- π One-click copy: Simple, reliable copy button that works everywhere
- πΎ Multiple download formats: Auto-detect, TXT, and Markdown with metadata
- π¨ Beautiful UI: Modern purple gradient design with responsive layout
- π± Mobile-friendly: Works perfectly on all device sizes
- β‘ Progressive enhancement: Full functionality with or without JavaScript
- π±οΈ Click-to-select: Click content area to select all text
- β¨οΈ Keyboard shortcuts: Quick actions for power users
- π― Auto-detection: Smart language detection from content patterns
- 25+ languages: JavaScript, Python, Java, Go, Rust, SQL, and more
- π Syntax highlighting: Beautiful code formatting (planned)
- π Language analytics: Track most popular programming languages
- π Usage tracking: Views, shares, and errors with privacy-focused hashing
- π Geographic insights: Optional IP-based location tracking
- π Time-based statistics: Hourly and daily usage patterns
- π Trend analysis: Growth metrics and popular usage times
- π Health monitoring: Built-in health checks and error tracking
- β‘ Edge computing: Cloudflare Workers for global performance
- ποΈ KV Storage: Distributed key-value storage with automatic TTL
- π¦ Zero dependencies: Minimal attack surface, maximum security
- π§ TypeScript: Full type safety and excellent developer experience
- 𧩠Modular design: Clean separation of concerns
- π API-first: RESTful API with beautiful web interface
- Node.js 18+
- npm or yarn
- Cloudflare account
- Wrangler CLI
Note: If you forked this repository, update the placeholders first! See SETUP.md for instructions.
- Clone the repository:
git clone https://github.com/YOUR_USERNAME/YOUR_REPO_NAME.git
cd secure-pastebin
npm install- Create Cloudflare KV namespaces:
# Create production namespaces
wrangler kv namespace create PASTES_KV
wrangler kv namespace create ANALYTICS_KV
# Create preview namespaces for development
wrangler kv namespace create PASTES_KV --preview
wrangler kv namespace create ANALYTICS_KV --preview- Update
wrangler.tomlwith your namespace IDs:
[[kv_namespaces]]
binding = "PASTES_KV"
id = "your-pastes-namespace-id"
preview_id = "your-pastes-preview-id"
[[kv_namespaces]]
binding = "ANALYTICS_KV"
id = "your-analytics-namespace-id"
preview_id = "your-analytics-preview-id"- Start development:
npm run dev
# Visit http://localhost:8787- Deploy to production:
npm run deploy- Visit your deployed URL
- Paste your content (code, text, logs, etc.)
- Choose settings:
- Title: Optional descriptive title
- Language: Auto-detected or manually selected
- Expiry: 5 minutes to 30 days
- View mode: One-time or multiple views
- Share the link - recipients can view and copy content
- One-click copy - Simple copy button that works everywhere
curl -X POST https://your-domain.workers.dev/create \
-H "Content-Type: application/json" \
-d '{
"title": "My Code Snippet",
"content": "console.log(\"Hello, World!\");",
"language": "javascript",
"expires": "24h",
"oneTimeView": false
}'curl https://your-domain.workers.dev/s/abc123def456 \
-H "Accept: application/json"| Method | Endpoint | Description |
|---|---|---|
GET |
/ |
Web interface |
POST |
/create |
Create new paste |
GET |
/s/{id} |
View paste |
POST |
/s/{id} |
Delete paste (form) |
DELETE |
/s/{id} |
Delete paste (API) |
GET |
/download/{id} |
Download paste |
HEAD |
/download/{id} |
Check download availability |
GET |
/api/stats |
Get analytics |
GET |
/api/health |
Health check |
interface CreatePasteRequest {
title?: string; // Optional title
content: string; // Paste content (required)
language?: string; // Programming language
expires?: string; // Expiry time (5m, 1h, 24h, 7d, 30d)
oneTimeView?: boolean; // One-time view mode (default: true)
}interface CreatePasteResponse {
success: true;
id: string; // Paste ID
shareUrl: string; // Full sharing URL
title?: string; // Paste title
language: string; // Detected/specified language
expiresAt: string; // ISO expiration date
size: number; // Content size in bytes
createdAt: string; // ISO creation date
oneTimeView: boolean; // View mode
}# wrangler.toml
[vars]
ENVIRONMENT = "production"
MAX_PASTE_SIZE = "1048576" # 1MB max paste size
MAX_TITLE_LENGTH = "200" # Maximum title length
DEFAULT_EXPIRY_HOURS = "24" # Default expiry time
RATE_LIMIT_CREATE = "10" # Max pastes per minute per IP
RATE_LIMIT_VIEW = "100" # Max views per minute per IP
ANALYTICS_ENABLED = "true" # Enable usage analytics| Option | Duration | Use Case |
|---|---|---|
5m |
5 minutes | Quick sharing |
1h |
1 hour | Temporary data |
24h |
24 hours | Daily sharing (default) |
7d |
7 days | Weekly projects |
30d |
30 days | Long-term storage |
25+ programming languages with auto-detection:
- Web: JavaScript, TypeScript, HTML, CSS, JSON
- Backend: Python, Java, Go, Rust, C/C++, C#, PHP, Ruby
- Data: SQL, YAML, XML, Markdown
- DevOps: Shell, Bash, PowerShell, Dockerfile
- And more: Swift, Kotlin, Scala, R
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
β Web UI β β REST API β β KV Storage β
β β β β β β
β β’ Form handling β β β’ Create paste β β β’ Paste data β
β β’ Copy buttons β β β’ View paste β β β’ Analytics β
β β’ Downloads β β β’ Delete paste β β β’ Auto-expiry β
β β’ Responsive β β β’ Analytics β β β’ TTL cleanup β
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
β β β
βββββββββββββββββββββββββΌββββββββββββββββββββββββ
β
βββββββββββββββββββ
β Cloudflare Edge β
β β
β β’ Rate limiting β
β β’ Security β
β β’ Caching β
β β’ Global CDN β
βββββββββββββββββββ
src/
βββ core/ # Core business logic
β βββ storage.ts # KV storage operations
β βββ security.ts # Security & validation
β βββ analytics.ts # Usage analytics
β βββ utils.ts # Utilities & helpers
βββ handlers/ # Request handlers
β βββ create.ts # Paste creation logic
β βββ view.ts # Paste viewing & deletion
βββ ui/templates/ # HTML templates
β βββ error.ts # Error pages
β βββ view.ts # Paste view template
βββ config/ # Configuration
β βββ constants.ts # App constants
βββ worker.ts # Main entry point
npm run dev # Start development server
npm run build # Build TypeScript
npm run deploy # Deploy to Cloudflare
npm run type-check # Run TypeScript checks- Start development:
npm run dev - Make changes to TypeScript files
- Test locally at
http://localhost:8787 - Build and deploy:
npm run build && npm run deploy
# Test paste creation
curl -X POST http://localhost:8787/create \
-H "Content-Type: application/json" \
-d '{"content": "test", "expires": "1h"}'
# Test paste viewing
curl http://localhost:8787/s/PASTE_ID
# Test analytics
curl http://localhost:8787/api/stats- HTML escaping: All user content is escaped to prevent XSS
- Content validation: Detects suspicious patterns and potential security issues
- Size limits: Configurable maximum paste size (default: 1MB)
- Rate limiting: Per-IP limits to prevent abuse
- Automatic cleanup: Expired pastes are automatically deleted
- IP hashing: IP addresses are hashed for analytics (not stored raw)
- No tracking: No cookies or persistent tracking
- Minimal logging: Only essential error information is logged
- Secure IDs: Cryptographically secure paste identifiers
- One-time view: Optional automatic deletion after first view
- Manual deletion: Recipients can delete pastes before expiration
- No enumeration: Paste IDs cannot be guessed or enumerated
Access analytics at /api/stats:
{
"totalShares": 1250,
"totalViews": 3780,
"uniqueVisitors": 892,
"languages": {
"javascript": 425,
"python": 380,
"text": 210
},
"topLanguages": [
{"language": "javascript", "count": 425, "percentage": 34}
],
"trends": {
"sharesGrowth": 15,
"viewsGrowth": 8,
"popularHours": [14, 15, 16]
}
}Health check endpoint at /api/health:
{
"status": "healthy",
"timestamp": "2024-01-01T12:00:00.000Z",
"version": "1.0.0",
"features": {
"storage": true,
"analytics": true,
"security": true
}
}- Create KV namespaces (see Quick Start)
- Configure
wrangler.tomlwith your settings - Deploy:
npm run deploy - Add custom domain (optional) in Cloudflare dashboard
# Install Wrangler CLI
npm install -g wrangler
# Login to Cloudflare
wrangler login
# Deploy
npm run deploy- Go to Workers & Pages β Your Worker β Settings β Triggers
- Add Custom Domain
- Update base URL in your application if needed
We welcome contributions! Here's how to get started:
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Make your changes
- Test thoroughly
- Commit:
git commit -m 'Add amazing feature' - Push:
git push origin feature/amazing-feature - Open a Pull Request
- β TypeScript: Use strict typing
- β Testing: Test your changes locally
- β Documentation: Update docs for new features
- β Code style: Follow existing patterns
- β Security: Consider security implications
- π¨ Syntax highlighting with Prism.js
- π Search functionality
- π₯ User accounts and paste management
- π Paste collections and folders
- π§ Email notifications
- π Password protection
- π± Mobile app
This project is licensed under the MIT License - see the LICENSE file for details.
- Cloudflare Workers - Edge computing platform
- TypeScript - Type safety and developer experience
- Wrangler - Development and deployment tools
- Open source community - For inspiration and best practices
- π Bug Reports: GitHub Issues
- π‘ Feature Requests: GitHub Discussions
- π Documentation: This README and inline code comments
- π Deployment Help: Cloudflare Workers Docs
If you find this project useful, please consider giving it a star! β
- π Live Demo: https://1paste.dev
- π GitHub Repository: https://github.com/viralburst/pastebin
- β‘ Cloudflare Workers: https://workers.cloudflare.com/
- π§ TypeScript: https://www.typescriptlang.org/
- π οΈ Wrangler CLI: https://developers.cloudflare.com/workers/wrangler/
- π Documentation: DEPLOYMENT.md | CONTRIBUTING.md | SECURITY.md
Made with β€οΈ using Cloudflare Workers and TypeScript
Secure, fast, and beautiful paste sharing for developers
β Star this repo if you find it useful! β