Scrolljar is a pastebin-style backend service where users create Jars (collections) containing multiple Scrolls (📜 pastes). This repository contains the API server, storage integration, and cleanup tooling.
- Jar: A collection of scrolls. Can be public or private and optionally password-protected.
- Scroll: A single paste belonging to a jar.
- User: Authenticated users can manage jars and scrolls.
- Anonymous users: Can create jars without signing in.
- Client sends jar/scroll metadata (name, password, expiry, etc.) to a create endpoint.
- API:
- Generates unique Base62 IDs for jars and scrolls
- Stores metadata in PostgreSQL
- Issues a short-lived upload token
- Client uploads scroll content using
PUT /uploadwith the upload token. - API streams the request body directly to S3:
- No in-memory storage
- Enforces size and encoding restrictions
- Returns immediate errors on validation failure
- Client sends a
GETrequest with the jar or scroll ID. - API fetches metadata from the database.
- If password-protected, the password is provided via the
X-Paste-Passwordheader and verified. - API returns a presigned S3 URL for direct content access.
- Bearer token–based authentication
- Required for:
- Deleting jars and scrolls
- Updating scrolls
- Accessing user and user-owned resources
- Global rate limit applied to all requests
- IP-based limits:
- Strict: user registration, activation
- Medium: create, update, delete operations
- General: read operations (jar / scroll)
