Closed superguest closed 7 years ago
Can you augment the API to support UUID lookup
I don't understand your use-case. The UUID is supposed to be the "secret" you use to manipulate the paste after creation.
If you don't know any paste metadata because you used ?u=1
, what's your expected new behavior?
How are you going to get a non-uuid URL, if you're only capable of parsing single strings?
I understand what you mean. Simply put, don't use ?u=1 if the author intends on making changes to it. Sorry, I got confused b/c I was trying to have it both ways: have it spit out only the url and still have the ability to make changes to it afterwards.
On a digression, this is still possible if ptpb supports user accounts then the user can submit user account credentials along with the paste. Just an idea.
P.S. Alternatively, I'll just write my own shell script to parse the UUID from the output, and store it locally, then only write the url to standard output.
On a digression, this is still possible if ptpb supports user accounts then the user can submit user account credentials along with the paste. Just an idea.
Yeah, I was experimenting with a similar idea with the under-documented namespace
feature actually. https://ptpb.pw/#namespaces
I actually don't see why I shouldn't add something like X-Namespace-Auth
for pastes--X-Paste-Auth
. What do you think? (or maybe I could actually make namespaces work properly, ahem #143).
I might be hijacking this issue but it would be nice if you could lookup shortid/sha1/etc from an uuid.
it would be nice if you could lookup shortid/sha1/etc from an uuid.
What's the use case? I'd like to point out again that uuid
should really be called secret_key
or similar, and isn't supposed to be an "identifier" for the paste. The API could have also been designed like this:
GET https://ptpb.pw/XYZA
Authorization: bearer 07ae3a3f-70c7-4190-aa53-7dbe2e2ee767
This is like almost like saying, "I have my digital ocean API key, and I want to use it to look up my droplet ID", except there is no concept of an account or user in pb so "list the droplets that belong to this account" shouldn't be a thing.
I think doing this requires a complete redesign and re-thinking of the API. If anything this would be a LIST pastes
operation, and uuid/secret_key
would not necessarily correspond 1-to-1 with each paste.
On Mon, 2017-10-02 at 21:33:55 +0000, Zachary Buhman wrote:
it would be nice if you could lookup shortid/sha1/etc from an uuid.
What's the use case?
Only having to store the uuid instead of both it and and any other. Every other key can be used as id except the uuid.
Only having to store the uuid instead of both it and and any other.
In other authorization systems you'd need to store both an identifier and a secret anyway--this is no different (except arguably poorly designed).
Every other key can be used as id except the uuid.
Because it isn't an id, it's a secret.
Updates and deletions require the UUID, but often times pastes are created using:
_cmd_ | curl -F c=@- https://ptpb.pw/?u=1
, where only the url is returned.As a result, I will not be able to make any changes to this paste. Can you augment the API to support UUID lookup and/or updates/deletions by paste ID?