diff --git a/README.md b/README.md index 5f2dc00..71befb9 100644 --- a/README.md +++ b/README.md @@ -1,47 +1,57 @@ -# wirechan +# WireChan - Anonymous ImageBoard -imageboard written in python(flask) +## Description +WireChan is an anonymous imageboard built using the Flask framework and MongoDB as its database. It allows users to communicate on various topics without the risk of being identified, offering both anonymous and logged-in posting options. -# overview +### Features +- Anonymous and logged-in posting +- Admin dashboard for moderation +- Minimal dependencies +- Minimalistic design -wirechan is an anonymous(optional registration) imageboard written in Flask framework using MongoDB as a database. It's designed to be used -as a way of communication for various topics without the fear of being recogniszed, if the user wishes to remain unknown. - -# features - ->Both logged-in and anonymous posting - ->Admin dashboard for moderation - ->No Javascript whatsoever - ->Minimal dependencies - ->Minimalistic design - -# installation +## Installation Instructions 1. Clone the repository: -``` + +```bash git clone https://git.lainlounge.xyz/hornet/wirechan ``` -2. Create and activate virtual environment: -``` -python3 -m venv venv && source venv/bin/activate + Create a virtual environment using venv: + +```bash +python3 -m venv env ``` -3. Install the dependencies: -``` -python3 -m pip install -r requirements.txt +## Install the required dependencies: + +```bash + python3 -m pip install -r requirements.txt ``` -4. Initialize the MongoDB server: -``` -mongo #or systemctl enable mongod && systemctl start mongod -``` +## Initialize MongoDB -5. Start the server -``` -python3 app.py -``` \ No newline at end of file + Start MongoDB by creating a new database via the MongoDB shell. + Ensure the mongod service is running (for Windows, use mongo). + Start the Flask application in development mode: + + ```bash + flask run + ``` + Open your browser to view the created page at the specified URL. + +## How To Use + + Log in to your Dashboard instance with valid credentials at http://localhost:5000. + Create a new post by clicking the "Add a new post" button. + View or manage your posts by logging out and creating a new account if needed. + +## Additional Features + + Admin Dashboard: View profiles, posts, history, and moderation statuses. + Minimal Dependencies: Built-in Flask and MongoDB for ease of use. + +Please note that WireChan is a work in progress, and there may be issues with the database or server configurations. Documentation will be updated as the project evolves. + +## Important to know! + Wirechan doesnt provide the database to the project (yet). \ No newline at end of file diff --git a/app.py b/app.py index 5738328..4bf43f3 100644 --- a/app.py +++ b/app.py @@ -1,11 +1,25 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- +# +# ------------------------------------ +# Wirechan was written by @hornet +# and represents a University project +# for his legitable proof of coding. +# (c) by hornetmaiden(hornet) +# Written in 2024 +# ------------------------------------ +import os from flask import Flask, url_for, redirect, render_template, request, session, Response +from flask_wtf.csrf import CSRFProtect from pymongo import MongoClient from datetime import datetime from bson.objectid import ObjectId from werkzeug.security import generate_password_hash, check_password_hash + app = Flask(__name__) -app.secret_key = 'secret_key' #change this to a random string +app.secret_key = os.getenv('SECRET_KEY', 'fallback_secret_key') #change this to a random string +csrf = CSRFProtect(app) #initialize the databases client = MongoClient('localhost', 27017) #change this if you are using a different host/port @@ -13,7 +27,10 @@ db = client.flask_db posts_collection = db.posts_collection users_collection = db.users_collection nuke_counter = db.nuke_counter -isAdmin = False +if session.get('username') == 'admin': # Safely check if the user is an admin + isAdmin = True # Set isAdmin based on session +else: + isAdmin = False #app routes @app.route('/', methods=['GET']) @@ -36,37 +53,35 @@ def board(board_name): posts = posts_collection.find({'board_name': board_name}).sort('timestamp', -1) display_name = next((link['display_name'] for link in links if link['name'] == board_name), board_name) - if isAdmin == True or ('username' in session and session['username'] == 'admin'): - return render_template('board.html', title=board_name, header=display_name, links=links, posts=posts, admin=admin) + if session.get('username') == 'admin': + return render_template('board.html', title=board_name, header=display_name, links=links, posts=posts, admin=True) else: return render_template('board.html', title=board_name, header=display_name, links=links, posts=posts, admin=None) + #posting API @app.route('/post', methods=['POST']) def post(): - board_name = request.form['board_name'] - content = request.form['content'] - if 'image' in request.files: - image = request.files['image'] - else: - image = None + board_name = bleach.clean(request.form['board_name']) # Sanitize input + content = bleach.clean(request.form['content']) + + image = request.files['image'] if 'image' in request.files else None timestamp = datetime.now() - if 'user_id' not in session: - username = 'Anonymous' - else: - username = session['username'] + username = session.get('username', 'Anonymous') # Use session for username - #insert the post into MongoDB post_data = { 'board_name': board_name, 'content': content, 'timestamp': timestamp, - 'username' : username + 'username': username } - if image != None: + if image and allowed_file(image.filename): post_data['image'] = image.read() - posts_collection.insert_one(post_data) + try: + posts_collection.insert_one(post_data) + except Exception as e: + return f"Error inserting post: {e}", 500 return redirect(url_for('board', board_name=board_name)) #image API @@ -89,10 +104,12 @@ def login_post(): user = users_collection.find_one({'username': username}) if user and check_password_hash(user['password'], password): + session.clear() session['user_id'] = str(user['_id']) session['username'] = username return redirect(url_for('index')) elif user == 'admin' and check_password_hash(user['password'], password): + session.clear() session['user_id'] = str(user['_id']) session['username'] = 'admin' isAdmin = True @@ -109,7 +126,7 @@ def register(): def register_post(): username = request.form['username'] password = request.form['password'] - hashed_password = generate_password_hash(password, method='pbkdf2:sha256') + hashed_password = generate_password_hash(password, method='argon2') regalert = '' if users_collection.find_one({'username': username}): diff --git a/requirements.txt b/requirements.txt index c7735da..55e4d48 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,6 @@ FlasK -pymongo +Flask-WTF +bleach bson +pymongo werkzeug \ No newline at end of file diff --git a/templates/login.html b/templates/login.html index 6e4286e..1fe5af0 100644 --- a/templates/login.html +++ b/templates/login.html @@ -8,6 +8,7 @@

login

+ {{ csrf_token() }}
diff --git a/templates/register.html b/templates/register.html index d62d877..1a6a213 100644 --- a/templates/register.html +++ b/templates/register.html @@ -9,6 +9,7 @@

register

{{ regalert }}

+ {{ csrf_token() }}