Minecon724/anonsubmit
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
26 commits 1 branch 0 tags 350 KiB
Find a file
Minecon724 12d5c02203
 Sentry support
2025-04-03 18:46:49 +02:00
docs Initial commit 2025-04-02 06:46:59 +02:00
src/anonchat Sentry support 2025-04-03 18:46:49 +02:00
tests Initial commit 2025-04-02 06:46:59 +02:00
.dockerignore Initial commit 2025-04-02 06:46:59 +02:00
.gitignore Initial commit 2025-04-02 06:46:59 +02:00
docker-compose.yml Make delete delay tweakable 2025-04-02 19:42:09 +02:00
Dockerfile Initial commit 2025-04-02 06:46:59 +02:00
entrypoint.sh Inquiry closing 2025-04-02 18:40:57 +02:00
fly.toml Improve deployment config 2025-04-02 17:04:21 +02:00
LICENSE.txt Relicense 2025-04-02 19:53:22 +02:00
pyproject.toml Sentry support 2025-04-03 18:46:49 +02:00
README.md Sentry support 2025-04-03 18:46:49 +02:00

README.md

AnonChat

An anonymous chat application built with Flask.

Features

  • Anonymous inquiries and messaging
  • Admin dashboard to manage inquiries
  • Customizable site title
  • Redis-based session storage for improved scalability
  • Integrated error tracking with Sentry

Development Approach

AnonChat was created using "vibe coding" - a programming approach where developers leverage AI tools to generate code through natural language prompts rather than writing code manually. This modern development method allows focusing on high-level problem-solving and design while letting AI handle implementation details.

Rest assured though, I know what I'm (or the AI is) doing. Here's what would happen if I didn't:

  1. my saas was built with Cursor, zero hand written code
    AI is no longer just an assistant, it's also the builder
    Now, you can continue to whine about it or start building.
  2. random thing are happening, maxed out usage on api keys, people bypassing the subscription, creating random shit on db
    there are just some weird ppl out there

Configuration

AnonChat can be configured using environment variables:

  • SECRET_KEY: Secret key for session management
  • DATABASE_URL: Database connection string (defaults to SQLite)
  • ADMIN_USERNAME: Admin username for admin dashboard
  • ADMIN_PASSWORD: Admin password for admin dashboard
  • ADMIN_FORCE_RESET: When set to "true", forces a reset of the admin password to the value in ADMIN_PASSWORD (defaults to "false")
  • SITE_TITLE: Customizable site title (defaults to "AnonChat")
  • BEHIND_PROXY: Set to "true" when running behind a reverse proxy to properly handle client IP addresses (defaults to "false")
  • RATELIMIT_STORAGE_URL: Storage backend for rate limiting (defaults to memory storage)
  • REDIS_URL: Redis connection URL for session storage (defaults to "redis://localhost:6379/0")
  • AUTO_DELETE_HOURS: Number of hours after which closed inquiries are automatically deleted (defaults to 48)
  • SENTRY_DSN: Sentry Data Source Name for error tracking and monitoring (optional)

You can set these variables in a .env file:

SECRET_KEY=your_secret_key_here
FLASK_APP=src/anonchat
FLASK_ENV=development
SITE_TITLE=My Custom Chat
BEHIND_PROXY=true
REDIS_URL=redis://redis:6379/0
AUTO_DELETE_HOURS=72
SENTRY_DSN=https://your-sentry-dsn

Reverse Proxy Configuration

When running AnonChat behind a reverse proxy (like Nginx or Apache), set the BEHIND_PROXY environment variable to "true" to ensure rate limiting works correctly. This enables the application to use the X-Forwarded-For header to determine the client's real IP address.

Your reverse proxy should be configured to pass the client IP address in the X-Forwarded-For header:

Nginx Example

server {
    listen 80;
    server_name your-domain.com;

    location / {
        proxy_pass http://localhost:5000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Error Tracking with Sentry

AnonChat includes integration with Sentry for error tracking and performance monitoring. This helps identify and diagnose issues in production environments.

Features

  • Automatic error capturing and reporting
  • Performance monitoring
  • Contextual information for better debugging
  • Real-time alerts for critical issues

Configuration

To enable Sentry integration:

  1. Sign up for a free Sentry account at sentry.io
  2. Create a new project and get your DSN (Data Source Name)
  3. Set the SENTRY_DSN environment variable in your .env file or deployment environment:
SENTRY_DSN=https://your-sentry-project-key@sentry.io/your-project-id

When the SENTRY_DSN variable is set, error tracking will be automatically enabled when the application starts.

Installation

  1. Clone the repository
  2. Install dependencies with Poetry: poetry install
  3. Create .env file with your configuration
  4. Run the application: poetry run start

Development

This project uses Poetry for dependency management.

  • Install dependencies: poetry install
  • Run tests: poetry run pytest
  • Run the application: poetry run start

Database Migrations

AnonChat includes a custom database migration system to handle schema changes. When you make changes to the database models, you should create a migration script to apply these changes to existing databases.

Running Migrations

  • Run all pending migrations: poetry run flask --app src/anonchat run-migrations
  • The migrations are also automatically run when using the init-db command or when starting the application with the entrypoint script.

Creating New Migrations

To create a new migration:

  1. Create a new Python file in the src/anonchat/migrations directory with a descriptive name (e.g., add_new_column.py)
  2. Implement a run_migration(db) function that performs the necessary schema changes
  3. The migration script should be idempotent (safe to run multiple times)

Example migration script:

from sqlalchemy import inspect
from sqlalchemy.sql import text
from flask import current_app

def run_migration(db):
    """Add a new column to a table."""
    # Check if the column already exists
    inspector = inspect(db.engine)
    columns = [col['name'] for col in inspector.get_columns('your_table')]
    
    # Only apply changes if needed
    if 'your_new_column' not in columns:
        current_app.logger.info("Adding new column to table")
        with db.engine.connect() as conn:
            conn.execute(text("ALTER TABLE your_table ADD COLUMN your_new_column TEXT"))
            conn.commit()
        return True
    
    return False  # Return True if changes were made, False otherwise

Migrations are run in alphabetical order, so you may want to prefix migration filenames with a timestamp or sequence number for more complex projects.

Admin Authentication

AnonChat includes a secure admin authentication system that protects administrative routes and functions. This ensures that only authorized users can access the admin dashboard, manage inquiries, and configure system settings.

Security Features

  • Secure Password Storage: Admin passwords are securely hashed using SHA-256 with the application's secret key as salt
  • Session-Based Authentication: Uses Flask sessions to maintain admin login state
  • Protected Routes: All admin routes are protected by middleware that verifies authentication
  • Password Management: Admins can change their password through the Admin Settings page
  • Logout Functionality: Secure logout to clear session data

Setting Admin Credentials

Admin credentials are set using environment variables:

ADMIN_USERNAME=admin
ADMIN_PASSWORD=your-secure-password
ADMIN_FORCE_RESET=false

These values should be set in your .env file or server environment. The default admin user is created automatically when the application first runs.

Password Reset

You can force a reset of the admin password by setting ADMIN_FORCE_RESET=true in your environment variables. This is useful when:

  • You need to recover from a forgotten admin password
  • You're deploying to a new environment and want to ensure the admin credentials are set correctly
  • You want to update the admin password during deployment without accessing the admin interface

When enabled, the application will update the admin user's password to match the value in ADMIN_PASSWORD during initialization or when running the init-db command.

Admin Functions

  • View and respond to user inquiries
  • Delete inquiries
  • Configure webhook settings
  • Change admin password

Security Best Practices

  • Always use a strong, unique password for the admin account
  • Keep your SECRET_KEY secure and unique for each deployment
  • In production, ensure you're using HTTPS to protect admin credentials during transmission
  • Change the default admin password immediately after deployment

TODO: Security Improvements

The following security enhancements are planned for future releases:

  • Implement CAPTCHA protection for admin login
    • Add CAPTCHA verification to prevent brute force attacks
    • Support multiple CAPTCHA providers (reCAPTCHA, hCaptcha)
    • Implement rate limiting for failed login attempts
    • Add IP-based blocking after multiple failed attempts

Authentication Methods

  • Add OAuth 2.0 support for admin authentication
    • Integrate with common providers (Google, GitHub, Microsoft)
    • Implement proper PKCE flow for added security
    • Support for custom OAuth providers for enterprise deployments
    • Add multi-factor authentication options

Read-Only Links

  • Implement read-only sharing links for inquiries
    • Generate unique, cryptographically secure sharing links
    • Allow users to create links that provide view-only access
    • Set optional expiration times for sharing links
    • Allow users to revoke sharing links at any time