Added PrivateBin secure temporary storage accessible with bin() and API [done]

[kensoh]

I have a VPS server running on tebel.org which is being used now for the following 4 services -

• RPA for Python telegram() function to send Telegram notifications
• TagUI RPA software telegram step to send Telegram notifications
• nightly run to generate total download count from GitHub data
• hosting tebel.org website with info on these open-source tools

Creating an issue to explore and hear feedback from users if anything else interesting can be added to benefit rpa package users. This is a vendor VPS with a 99.9% uptime and a fixed monthly bill. Thus unused bandwidth, CPU and memory cycles are a waste of money. The cloud server is my personal VPS and is quite under-utilised.

Thought to find meaningful ways to use it, after not using it to its maximum capacity for past 7-8 years.

PS - Though not impossible, unlikely to consider supporting Telegram attachments for now, this has a chance of reducing reliability for most users if some users abuse the feature.

---

Feature is now completed, added a 5th service to above list

• hosting secure temporary storage for RPA for Python users

[kensoh]

After brainstorming and also asking on Telegram group, and my LinkedIn network,

I have shortlisted to consider a new CRUD feature. Create + Read + Update + Delete

More specifically, something like a temporary URL of data that user can create for sharing, thus meeting the C and R.

For Update, it is not viable because to ensure that only the owner of a post has write access to update it, it means I will have to start collecting user data and authenticating user emails. That is not something I would like to do, and is more complex both architecturally and process-wise to do well.

For Delete, probably the most efficient and user friendly way is to expire the URL after some time. 7 days seems like a popular timeframe for online paste bins.

The 2 candidates shortlisted are Hastebin and PrivateBin. Both are open-source and actively maintained. To dig more.

• https://github.com/toptal/haste-server
• https://github.com/PrivateBin/PrivateBin

[kensoh]

Adding notes that Hastebin API can be done through the curl command that comes packaged with TagUI https://www.toptal.com/developers/hastebin/about.md

And PrivateBin API can be done https://github.com/PrivateBin/PrivateBin/wiki/API but seems to be dependent on JSON-LD https://github.com/digitalbazaar/pyld

[kensoh]

Privatebin API package - https://github.com/Pioverpie/privatebin-api

[kensoh]

Using curl packaged with TagUI to access Hastebin API, or using privatebinapi package to access PrivateBin both introduces dependencies which leaves some room to be desired. There must be a better way...

[kensoh]

One way is to host the privatebinapi package as a service. That removes local dependency, but, adds internet dependency.

[kensoh]

Internet dependency is ok, since storage is done through the internet anyway.

Unless solution is designed to work also for local intranet storage.

[kensoh]

Selected PrivateBin over HasteBin

[kensoh]

Added in RPA for Python v1.48 and available with pip install rpa --upgrade

A dedicated PrivateBin server is now live at https://tebel.org/bin/ and accessible in 2 ways

1. bin() function which uploads through the web browser without any other dependency

# securely share files up to 100 MB which will self-destruct after 1 week
# on a dedicated PrivateBin server with zero knowledge of shared files
bin_url = r.bin('rpa_report.pdf', 'password (optional)')
r.telegram(1234567890, 'Download RPA Report at ' + bin_url)

2. PrivateBin API which requires pip install privatebinapi and its dependencies

import privatebinapi
send_response = privatebinapi.send('https://tebel.org/bin/', text = 'rpa_report.pdf', file = 'rpa_report.pdf', password = 'optional')
r.telegram(1234567890, 'Download RPA Report at ' + send_response['full_url'])

This means Python rpa package users can now securely store file attachments as part of their automation, and share URLs to someone. For eg through Telegram using telegram() function, or through email with Python's email packages. I have capped the file size limit to 100 MB, this should be a good trade-off for types of user files and server storage capacity. But if your use case requires more than 100 MB, raise an issue and let me know. I'll see if something can be done.

I've hardened the server to achieve A+ on Mozilla Observatory web security standards. Encryption is done end-to-end, so even if evil hackers breach the server, or good governments ask me for your data, it's impossible. And obviously, even if you are not using it through automation, you are also welcome to use it manually to share files or text data securely.

Note - PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES. More info on its GitHub page. If you would like to, you can also host your own PrivateBin instance and set the server parameter in bin() to use your server instead.