Open
Description
Description
Create single-view gists that auto-delete after viewing.
Priority
HIGH - Critical security feature for sensitive code sharing.
Tasks
- Add one-time option to create form
- Implement warning modal before viewing
- Create secure deletion after decryption
- Add download before view option
- Handle concurrent access attempts
- Implement view tracking
- Add visual indicators
- Create audit logging
Technical Requirements
- One-time flag must be stored in gist metadata
- Implement atomic read-and-delete operation
- Handle race conditions for concurrent access
- Ensure complete deletion from R2
- Add clear warnings before viewing
- Support "download without viewing" option
- Implement view attempt logging
Acceptance Criteria
- One-time gists delete after viewing
- Warning is clear and prominent
- Download option works before deletion
- Concurrent access is handled
- Deletion is immediate and complete
- No data remnants remain in R2
- User understands consequences before viewing
- Audit trail exists for security
Dependencies
- Issue feat: implement R2 storage foundation #111 (View Flow)
- Existing components:
- Dialog (for warning modal)
- Button (for actions)
- Badge (for one-time indicator)
Security Considerations
- Implement server-side view tracking
- Use database transactions or R2 conditional requests
- Ensure idempotent deletion
- Add rate limiting to prevent abuse
- Consider adding view token for extra security
- Log all access attempts (success and failure)
Implementation Details
// API endpoint modification
async function getGist(id: string) {
const gist = await fetchGist(id);
if (gist.oneTime) {
// Atomic operation
await Promise.all([
deleteGist(id),
deleteBlobs(gist.files),
logViewEvent(id)
]);
}
return gist;
}UI Flow
- User navigates to one-time gist
- Warning modal appears
- Options: "View and Delete" or "Download Only"
- If view: decrypt, display, then delete
- If download: provide files without displaying
- Show deletion confirmation
Estimated Time
3-4 days
References
- Phase 6 Tracking:
docs/PHASE_6_ISSUE_TRACKING.md(Issue feat: create comprehensive content pages and update navigation #116) - Security Guidelines:
docs/SECURITY.md - API error handling patterns