Binks

Another pastebin

Features

• Multiple privacy levels (public, password-protected, end-to-end encrypted)
• Configurable expiration duration, and view expiration (burn)
• File attachments
• URL shortener
• Human-readable URLs
• Password protection
• Admin/management panel

Quick Start

Configuration

Binks looks for a binks.toml file in the files path, but will create one with default values if not present. Environment variables can be used to overwrite the config. Configuration is split into two planes:

• Boot config (restart required): env > binks.toml > built-in defaults
• Runtime policy (admin settings): env lock > DB setting > boot default > built-in default

Default Config

# Binks Config
bind_addr = "0.0.0.0:7878"
db_path = "binks.db"
upload_path = "./uploads"
enable_docs = true
# slug_id_strategy = "petname" # petname | uuid
# max_file_size = 5120 # 5GB in MB
# max_paste_size = 1 # 1 MB
# max_override_id_length = 32 # characters
# max_filename_length = 255 # characters
# csp_allow_unsafe_inline_style = true
# session_key = "base64-encoded-64-byte-key"
# session_timeout_minutes = 1440 # 24 hours
# cookie_secure = false
# worker_threads = 4 # defaults to num_cpus
# trusted_proxies = ["127.0.0.1", "::1"]

[admin]
# Initial superadmin credentials (required on first startup)
# initial_username = "admin"
# initial_password = "set-a-strong-password"

# [locks]
# Lock runtime settings so they cannot be changed via the admin UI or API.
# Priority: BINKS_LOCK_* env vars > [locks] section > DB > boot defaults.
# Keys match the runtime setting keys (see GET /api/admin/settings).
# max_file_size_mb = 5120
# encrypted_mode_enabled = true
# anonymous_uploads_enabled = false
# slug_id_strategy = "petname" # petname | uuid
# rate_limit_uploads_per_hour = 100
# rate_limit_downloads_per_hour = 500
# upload_transport_mode = "auto" # auto | tus_only | multipart_only
# tus_chunk_size_mb = 16

session_key can be obtained through: openssl rand -base64 64

Runtime policy keys (admin panel)

• anonymous_uploads_enabled
• anonymous_text_enabled
• encrypted_mode_enabled
• rate_limit_uploads_per_hour
• rate_limit_downloads_per_hour
• default_expiration_days (allowed: 0, 1, 7, 30, 365)
• max_file_size_mb
• max_paste_size_mb
• slug_id_strategy (petname, uuid)
• max_filename_length
• max_override_id_length
• upload_transport_mode (auto, tus_only, multipart_only)
• tus_chunk_size_mb
• enable_docs (restart required)

Runtime env locks

Set one of these environment variables to force and lock a runtime setting:

• BINKS_LOCK_ANONYMOUS_UPLOADS_ENABLED
• BINKS_LOCK_ANONYMOUS_TEXT_ENABLED
• BINKS_LOCK_ENCRYPTED_MODE_ENABLED
• BINKS_LOCK_RATE_LIMIT_UPLOADS_PER_HOUR
• BINKS_LOCK_RATE_LIMIT_DOWNLOADS_PER_HOUR
• BINKS_LOCK_DEFAULT_EXPIRATION_DAYS
• BINKS_LOCK_MAX_FILE_SIZE_MB
• BINKS_LOCK_MAX_PASTE_SIZE_MB
• BINKS_LOCK_SLUG_ID_STRATEGY
• BINKS_LOCK_MAX_FILENAME_LENGTH
• BINKS_LOCK_MAX_OVERRIDE_ID_LENGTH
• BINKS_LOCK_UPLOAD_TRANSPORT_MODE
• BINKS_LOCK_TUS_CHUNK_SIZE_MB
• BINKS_LOCK_ENABLE_DOCS

When a lock variable is present and valid, admin updates for that key are rejected.

Startup validation

Startup fails if the settings table contains unknown runtime keys. Remove unsupported keys from settings before starting.

On startup, Binks now requires:

• a valid 64-byte session_key (base64 or 128-char hex)
• a non-default admin password (BINKS_ADMIN_PASSWORD or [admin].initial_password)

For local development only, you can bypass this with:

• BINKS_ALLOW_INSECURE_DEFAULTS=true

Optional CSP hardening:

• set csp_allow_unsafe_inline_style = false (or BINKS_CSP_ALLOW_UNSAFE_INLINE_STYLE=false) to remove 'unsafe-inline' from style-src.

API Docs

If enable_docs is enabled, then Scalar API docs will be available at /docs