Skip to content

feat: implement one-time view gists #126

Open
Open
feat: implement one-time view gists#126
Labels
featureNew feature implementationpriority: highShould be done soonsecuritySecurity and encryption related
@nullcoder

Description

@nullcoder
nullcoder
opened on Jun 8, 2025

Description

Create single-view gists that auto-delete after viewing.

Priority

HIGH - Critical security feature for sensitive code sharing.

Tasks

  • Add one-time option to create form
  • Implement warning modal before viewing
  • Create secure deletion after decryption
  • Add download before view option
  • Handle concurrent access attempts
  • Implement view tracking
  • Add visual indicators
  • Create audit logging

Technical Requirements

  • One-time flag must be stored in gist metadata
  • Implement atomic read-and-delete operation
  • Handle race conditions for concurrent access
  • Ensure complete deletion from R2
  • Add clear warnings before viewing
  • Support "download without viewing" option
  • Implement view attempt logging

Acceptance Criteria

  • One-time gists delete after viewing
  • Warning is clear and prominent
  • Download option works before deletion
  • Concurrent access is handled
  • Deletion is immediate and complete
  • No data remnants remain in R2
  • User understands consequences before viewing
  • Audit trail exists for security

Dependencies

Security Considerations

  • Implement server-side view tracking
  • Use database transactions or R2 conditional requests
  • Ensure idempotent deletion
  • Add rate limiting to prevent abuse
  • Consider adding view token for extra security
  • Log all access attempts (success and failure)

Implementation Details

// API endpoint modification
async function getGist(id: string) {
  const gist = await fetchGist(id);
  
  if (gist.oneTime) {
    // Atomic operation
    await Promise.all([
      deleteGist(id),
      deleteBlobs(gist.files),
      logViewEvent(id)
    ]);
  }
  
  return gist;
}

UI Flow

  1. User navigates to one-time gist
  2. Warning modal appears
  3. Options: "View and Delete" or "Download Only"
  4. If view: decrypt, display, then delete
  5. If download: provide files without displaying
  6. Show deletion confirmation

Estimated Time

3-4 days

References

Metadata

Metadata

Assignees

No one assigned

    Labels

    featureNew feature implementationpriority: highShould be done soonsecuritySecurity and encryption related

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions