safe-paste/README.md

# SafePaste

A minimal, encrypted pastebin built with PHP, MySQL, and Redis.

## Features

- **AES-256-CBC encryption** — all pastes are encrypted at rest using a master key
- **Optional password protection** — bcrypt-hashed passwords per paste
- **TTL expiry via Redis** — short-lived pastes live only in Redis; permanent pastes use MySQL
- **Clean dark UI** — responsive, accessible, no external dependencies

## Project Structure

```
safe-paste/
├── app/
│   ├── config/config.php       # Loads .env settings
│   ├── core/
│   │   ├── db.php              # PDO connection
│   │   ├── redis.php           # Redis singleton
│   │   └── security.php        # Encrypt/decrypt helpers
│   ├── controllers/
│   │   ├── SaveController.php  # POST handler: create paste
│   │   └── ViewController.php  # GET/POST handler: view paste
│   └── models/Paste.php        # Save/get paste (Redis + MySQL)
└── public/
    ├── index.php               # Home page + save action
    ├── view.php                # View paste page
    ├── error.php               # Error page
    ├── .htaccess               # URL routing
    └── assets/
        ├── css/style.css
        └── js/app.js
```

## Setup

1. Copy `.env.example` to `.env` and fill in your values
2. Create the MySQL database and table:

```sql
CREATE DATABASE paste CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
USE paste;
CREATE TABLE pastes (
    id            CHAR(32)     PRIMARY KEY,
    encrypted_text TEXT        NOT NULL,
    iv            VARCHAR(64)  NOT NULL,
    expire_time   INT          DEFAULT NULL,
    password_hash VARCHAR(255) DEFAULT NULL,
    created_at    TIMESTAMP    DEFAULT CURRENT_TIMESTAMP
);
```

3. Point your web server document root to `public/`
4. Ensure `mod_rewrite` is enabled (Apache) or configure your nginx equivalent

## .env

```ini
MASTER_KEY=your-random-secret-key
DB_HOST=localhost
DB_NAME=paste
DB_USER=root
DB_PASS=secret
REDIS_HOST=127.0.0.1
REDIS_PORT=6379
APP_URL=https://yourdomain.com
```