franklindyer / agora-app Goto Github PK
View Code? Open in Web Editor NEWSimple and (hopefully) secure social media application. Also a project for spring 2024 CS 444 cybersecurity class at UNM.
Simple and (hopefully) secure social media application. Also a project for spring 2024 CS 444 cybersecurity class at UNM.
Account deletion isn't supported on the frontend yet. However, it's supported on the backend by POSTing to /leave
.
There should be a suite of automated tests to run on new versions of the site before pushing to deployment. This could be as simple as a shell script performing each possible essential API call to the site, though ideally we would get more advanced with this in the future.
Blocked by #97. This isn't feasible with captcha protection turned on.
The hypothesis is that the character limit of the bug report is being calculated on the client side via unicode, and on the server side via ascii. This is causing an issue when sending a bug report of maximum length (currently 5,000 characters) if the report has any characters that are encoded more compactly on the frontend vs the backend.
For example, sending 5,000 characters "Moby Dick" (with some unicode characters) is allowed through the frontend but is rejected on the backend. However, sending 5,000 letter "a"s is allowed through both the frontend and the backend.
When visiting a post, a user should be able to see whether they currently like or dislike that post.
I think that this is currently missing support both on the backend and the frontend. That is, this info isn't being passed to the templates at all right now.
Email reset is broken because the form doesn't take into account the new password requirement.
I'm working on fixing this now, but this issue is for posterity.
This is done by specifying an image file extension in the uploaded file title (e.g., uploading my-script.js
as my-script.png
). The browser still processes this as the given file extension (e.g., .png
), so it's not actually executing any code. However, the file is able to be hosted, which feels like a vulnerability.
There should be more captchas to limit certain interactions like logging in, writing posts/comments, etc.
The site needs some defense mechanisms against CSRF. These include:
Referer
-based blocking of malicious POST requests.Same-Site: Strict
for session cookiesAfter a certain number of requested password reset emails, a person should have to put in their recovery code to get another email. This is to prevent DoS attacks on a user with a known email.
Anywhere where there is a timestamp, the formatting could be more readable, and also a user should be able to select their preferred time zone.
Session token expiration isn't implemented yet. This won't be hard to implement, so this issue will just serve as a reminder that it needs to get done before the end of the development phase.
This is a bad practice! Need to figure out how to allow non-root user inside of the Docker image to still be able to access the contents of volumes.
I have to implement this feature with javascript.
There is no reason for the pfp
column of the users
database table to refer to images by their imgid
rather than their accessid
. This just makes everything more confusing. The whole AgoraDatabaseManager
and the database schema should be refactored so that pfp
refers to images by their accessid
instead. Some tweaks may also need to be made to templates.
It would be nice to be able to confirm your password during account creation or password resetting.
AgoraDatabaseManager should not open a brand new connection for each command. A new connection for each thread (responding to a web request) would be reasonable. Alternatively, we could use a single connection (or a small finite fixed number of them) and use an async task queue.
You should be able to specify the size of an image at upload time.
To prevent users from writing their own bots to abuse the API, some sort of rate limiting needs to be implemented for actions that require users to be logged in. This could be as simple as keeping track of the user's last write action, and preventing any further write action that occurs before a (short) delay has passed.
Users should not be required to copy the link in the address bar of one of their uploaded images to embed it in a post. There should be a shortcut for copying a relative link to your image (e.g. /userimg/abc123
) to the clipboard, so that users can easily attach images to their posts.
Python's markdown.markdown
will not clean <script>
elements from users' posts. Maybe we can use something like the bleach
package to remediate this.
Some things I would like to change about the post writing page:
(Ironically)
Attempting to submit a bug report redirects to login, so it's not possible to actually submit a report.
Links to incorrect page.
Right now, when a user deletes their account or deletes a post, the account/post is completely erased. This is inconvenient for triaging suspicious events by looking at the logs: logs refer to users/posts by their IDs, but the logs may refer to a user or post that no longer exists. Even worse, the log might refer to a deleted user by their ID, and a newer user might currently possess that ID, meaning that the log event might be misattributed.
Not sure yet how to fix this. Thoughts?
One idea is that we might not exactly "delete" users/posts, but rather "archive" them, so that they appear deleted to all other users but are still available for forensic purposes.
The app should be decoupled from some of the external APIs upon which it relies, namely Mailgun and reCaptcha.
Ideally, the following things should be changed:
AgoraEmailer
should be made into an interface, of which the Mailgun emailer is only one implementationWhen not logged in, following a confirmemail
link leads users to the login page. This is confusing behavior, and users should be notified that their email has been successfully confirmed rather than taken to /login
.
There is a workaround for a none type error when doing preprocessing in the database manager. The method is getPfp()
.
Images load slowly (with a significant flash of alt text), and sometimes don't load at all (and only show alt text).
Delivering recovery codes to users' inboxes in plaintext is a security weakness. Instead, a one time link should be delivered to users' inboxes, through which they can visit a page on the site that will show them their recovery code only once. After leaving that page, it is up to the user to have stored the recovery code in a safe place.
When a user is on their own profile, the info box to update their status does not wrap. It can be fixed by changing the input
element to a textarea
element, but that solution requires js. Therefore, I am keeping this as an open issue until I decide to go back and set up js for our various features that require it. In the meantime, this behavior works (it's just bad looking) and is clean.
Right now, browsing users or posts just lists all the posts and users on the site. Really, we want to show the X latest posts, and possibly something similar for the users.
Some sort of "are you sure you want to change your password/email?" alert should exist.
Cosmetic / low importance:
@franklindyer Please feel free to add a comment to this issue if you notice any additional TODO items that aren't listed here, and I'll add them.
When you are logged in and looking at your own profile, the "status" editable text box cuts off in a weird way that often makes it impossible to read your entire status.
As I work on the account creation login I'm realizing that it would be easy for a user to spam-create + verify accounts and block off a lot of usernames that way, e.g. using email aliasing to have a bunch of unique email addresses. It occurs to me that we should probably incorporate captchas into the site somehow, at the very least for account creation.
The email sent for verifying an account has an extra https://
prepended to it, removing this gives the proper URL.
It looks like the form on the user account page by which one edits their account info is POSTing to the wrong path. In my server logs it's showing a POST request to /user/account
, but I think it should just POST to /account
. This results in a "method not allowed" message being displayed to the client when they press enter to save their usernames/status/whatever.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.