hushline
hushline copied to clipboard
scidsg
A lightweight, secure, and anonymous whistleblowing platform.
This containerizes Hush Line. Follow the new `DEV.md` instructions to try it out: https://github.com/micahflee/hushline/blob/containerize/docs/DEV.md The dev instructions are now the same for all platforms since it's all just running in...
We need a threat model to determine whether row-level security like following makes sense https://github.com/scidsg/hushline/blob/2c89aa633d6ee2eaeb4eeb1e76e349e65a648e2d/app.py#L223-L229 My general suspicion is that the model we come up with will not have a...
It would be very helpful to use `docker compose` to create a fully containerized development setup, at least for the database and Redis. We are going to want to specify...
We're storing the encryption key in environment variables, but a more secure method might be beneficial in case of server compromise. Some options: - AWS Secrets Manager - HashiCorp Vault...
To improve the availability and accessibility of our Hush Line project and reduce the risk of a single point of failure, we should set up repository mirroring from GitHub to...
https://github.com/scidsg/hushline/blob/75ee6e0e58e71f014aedf4381dbd377d38691de7/app.py#L63-L66 We can directly create the `Flask-SqlAlchemy` config from env vars rather than creating temporary vars. We can also just set the config directly via an env var called `DB_URI`...
## Tasks - [ ] Integrate `generate_invite_codes.py` with `click` - [x] Remove `generate_codes.sh` - [x] Integrate `init_db.py` with `click` - [ ] Integrate `admin.py` with `click`
For example: https://github.com/scidsg/hushline/blob/75ee6e0e58e71f014aedf4381dbd377d38691de7/app.py#L1192-L1205 This should catch an `IntegrityError` and check that the violated unique key matches what we expect. The current broad exception catch will make it more difficult to...
To further enhance the security of our application and leverage our existing Cloudflare account, we should integrate Cloudflare Captcha in key areas where user input is accepted. By implementing Captcha,...
- Model the work in main and personal-server - Implement Flask-Limiter - Use Redis - Create page for fail state