diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..129aa8b --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,128 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, religion, or sexual identity +and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +* Demonstrating empathy and kindness toward other people +* Being respectful of differing opinions, viewpoints, and experiences +* Giving and gracefully accepting constructive feedback +* Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +* Focusing on what is best not just for us as individuals, but for the + overall community + +Examples of unacceptable behavior include: + +* The use of sexualized language or imagery, and sexual attention or + advances of any kind +* Trolling, insulting or derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or email + address, without their explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official e-mail address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement at +Github Issues. +All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series +of actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or +permanent ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within +the community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.0, available at +https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. + +Community Impact Guidelines were inspired by [Mozilla's code of conduct +enforcement ladder](https://github.com/mozilla/diversity). + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see the FAQ at +https://www.contributor-covenant.org/faq. Translations are available at +https://www.contributor-covenant.org/translations. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..63f9dd6 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,269 @@ +# 🦀 Unyunddit - Anonymous Reddit Clone + +Unyunddit is a completely anonymous Reddit clone designed for the Tor network. It features automatic post deletion after 72 hours and is built with **SvelteKit** and **Supabase**. The app uses **server-side rendering only** (no client-side JavaScript) to ensure maximum privacy and security. + +--- + +## ✨ Features + +- **Complete Anonymity**: No user accounts, registration, or tracking +- **Auto-Deletion**: All posts and comments are automatically deleted after 72 hours +- **Tor-Optimized**: Designed for .onion websites +- **Server-Side Only**: No client-side JavaScript for enhanced security +- **Anonymous Voting**: IP-based voting with hashed IPs for privacy +- **Nested Comments**: Supports threaded discussions up to 10 levels deep +- **Security Headers**: Strict CSP and privacy-focused HTTP headers + +--- + +## πŸ› οΈ Tech Stack + +- **Frontend**: SvelteKit (SSR-only mode) +- **Backend**: Node.js 20+ (ESM modules) +- **Database**: Supabase (PostgreSQL) +- **Package Manager**: pnpm +- **Security**: Strict Content Security Policy, no client-side JS + +--- + +## πŸš€ Quick Start + +### Prerequisites + +- Node.js 20+ +- pnpm 8+ +- Supabase account and project + +### Installation + +1. **Clone the repository** + +```bash +git clone +cd unyunddit +``` + +2. **Install dependencies** + +```bash +pnpm install +``` + +3. **Set up environment variables** + +```bash +cp .env.example .env +``` + +Edit `.env` with your Supabase credentials: + +```env +SUPABASE_URL=your_supabase_url +SUPABASE_ANON_KEY=your_supabase_anon_key +SUPABASE_SERVICE_ROLE_KEY=your_supabase_service_role_key +``` + +4. **Run database migrations** + +```bash +pnpx supabase db reset +``` + +5. **Start the development server** + +```bash +pnpm run dev +``` + +--- + +## πŸ—„οΈ Database Schema + +### Posts + +- `id`: Unique identifier +- `title`: Post title (max 300 chars) +- `content`: Post text (max 10,000 chars, optional) +- `url`: External link (max 2,000 chars, optional) +- `upvotes` / `downvotes`: Vote counts +- `comment_count`: Number of comments +- `created_at` / `expires_at`: Timestamps + +### Comments + +- `id`: Unique identifier +- `post_id`: Parent post reference +- `parent_id`: Parent comment reference (for nesting) +- `content`: Comment text (max 5,000 chars) +- `upvotes` / `downvotes`: Vote counts +- `depth`: Nesting level (max 10) +- `created_at` / `expires_at`: Timestamps + +### Votes + +- `id`: Unique identifier +- `ip_hash`: SHA256 hash of voter’s IP +- `post_id` / `comment_id`: Reference to voted item +- `vote_type`: `up` or `down` +- `created_at` / `expires_at`: Timestamps + +--- + +## πŸ”’ Security Features + +### Privacy Protection + +- No user accounts or personal data collection +- IP addresses hashed with SHA256 for voting +- Strict Content Security Policy blocks all JavaScript +- No referrer headers sent to external sites +- Server identification headers removed + +### Tor Network Optimization + +- Server-side rendering only +- Minimal external dependencies +- Privacy-focused HTTP headers +- No tracking or analytics + +### Automatic Cleanup + +- Posts and comments auto-delete after 72 hours +- Automated cleanup via PostgreSQL cron jobs +- Cascading deletes for related data + +--- + +## πŸ“‘ API Endpoints + +### Pages + +- `/` β€” Home page (posts sorted by score) +- `/new` β€” New posts (sorted by creation time) +- `/submit` β€” Submit new post +- `/post/[id]` β€” Individual post with comments + +### Actions + +- `POST /?/upvote` β€” Upvote a post +- `POST /?/downvote` β€” Downvote a post +- `POST /submit?/submit` β€” Create new post +- `POST /post/[id]?/comment` β€” Add comment +- `POST /post/[id]?/upvoteComment` β€” Upvote comment +- `POST /post/[id]?/downvoteComment` β€” Downvote comment + +--- + +## 🧩 Development + +### Project Structure + +``` +src/ +β”œβ”€β”€ lib/ +β”‚ └── supabase.js # Database client +β”œβ”€β”€ routes/ +β”‚ β”œβ”€β”€ +layout.svelte # Base layout +β”‚ β”œβ”€β”€ +page.svelte # Home page +β”‚ β”œβ”€β”€ +page.server.js # Home page logic +β”‚ β”œβ”€β”€ new/ # New posts page +β”‚ β”œβ”€β”€ submit/ # Submit post page +β”‚ └── post/[id]/ # Individual post page +β”œβ”€β”€ hooks.server.js # Security headers +└── app.html # HTML template +``` + +### Commands + +```bash +pnpm run dev # Start development server +pnpm run build # Build for production +pnpm run preview # Preview production build +pnpm run test # Run tests +pnpm run lint # Lint code +pnpm run format # Format code +``` + +### Database Management + +```bash +pnpx supabase db reset # Reset database +pnpx supabase migrations new # Create new migration +pnpm run db:migrate # Alias for migration +``` + +--- + +## 🚒 Deployment + +### Docker + +```bash +docker build -t unyunddit . +docker run -p 3000:3000 unyunddit +``` + +### Railway + +```bash +pnpm run deploy:railway +``` + +### DigitalOcean + +```bash +pnpm run deploy:digitalocean +``` + +--- + +## βš™οΈ Configuration + +### Environment Variables + +- `SUPABASE_URL` β€” Your Supabase project URL +- `SUPABASE_ANON_KEY` β€” Supabase anonymous key +- `SUPABASE_SERVICE_ROLE_KEY` β€” Supabase service role key (admin operations) + +### Security Headers + +Configured via `hooks.server.js`: + +- Content Security Policy (blocks all JavaScript) +- Referrer Policy (no-referrer) +- X-Frame-Options (DENY) +- X-Content-Type-Options (nosniff) +- Permissions Policy (blocks geolocation, camera, microphone) + +--- + +## 🀝 Contributing + +1. Fork the repository +2. Create a feature branch +3. Make your changes +4. Run tests and linting +5. Submit a pull request + +--- + +## πŸ“œ License + +This project is licensed under the **WTFPL License** β€” see the [LICENSE](LICENSE) file for details. + +--- + +## πŸ•΅οΈ Privacy Notice + +- No personal data is collected or stored +- IP addresses are only used for voting (hashed with SHA256) +- All content auto-deletes after 72 hours +- No tracking, analytics, or third-party services +- Designed for use on the Tor network + +--- + +## πŸ› οΈ Support + +For issues and questions, please use the **GitHub issue tracker**. + diff --git a/README.md b/README.md index b285aed..63f9dd6 100644 --- a/README.md +++ b/README.md @@ -1,136 +1,163 @@ -# Unyunddit - Anonymous Reddit Clone +# 🦀 Unyunddit - Anonymous Reddit Clone -A completely anonymous Reddit clone designed for the Tor network with automatic post deletion after 72 hours. Built with SvelteKit and Supabase, featuring server-side rendering only (no client-side JavaScript) for maximum privacy and security. +Unyunddit is a completely anonymous Reddit clone designed for the Tor network. It features automatic post deletion after 72 hours and is built with **SvelteKit** and **Supabase**. The app uses **server-side rendering only** (no client-side JavaScript) to ensure maximum privacy and security. -## Features +--- + +## ✨ Features - **Complete Anonymity**: No user accounts, registration, or tracking -- **Auto-Deletion**: All posts and comments automatically delete after 72 hours -- **Tor-Optimized**: Designed specifically for .onion websites +- **Auto-Deletion**: All posts and comments are automatically deleted after 72 hours +- **Tor-Optimized**: Designed for .onion websites - **Server-Side Only**: No client-side JavaScript for enhanced security -- **Anonymous Voting**: IP-based voting system with hashed IPs for privacy -- **Nested Comments**: Support for threaded discussions up to 10 levels deep +- **Anonymous Voting**: IP-based voting with hashed IPs for privacy +- **Nested Comments**: Supports threaded discussions up to 10 levels deep - **Security Headers**: Strict CSP and privacy-focused HTTP headers -## Tech Stack +--- + +## πŸ› οΈ Tech Stack - **Frontend**: SvelteKit (SSR-only mode) -- **Backend**: Node.js 20+ with ESM modules +- **Backend**: Node.js 20+ (ESM modules) - **Database**: Supabase (PostgreSQL) - **Package Manager**: pnpm - **Security**: Strict Content Security Policy, no client-side JS -## Quick Start +--- + +## πŸš€ Quick Start ### Prerequisites -- Node.js 20 or newer -- pnpm 8 or newer +- Node.js 20+ +- pnpm 8+ - Supabase account and project ### Installation -1. Clone the repository: +1. **Clone the repository** + ```bash git clone cd unyunddit ``` -2. Install dependencies: +2. **Install dependencies** + ```bash pnpm install ``` -3. Set up environment variables: +3. **Set up environment variables** + ```bash cp .env.example .env ``` Edit `.env` with your Supabase credentials: + ```env SUPABASE_URL=your_supabase_url SUPABASE_ANON_KEY=your_supabase_anon_key SUPABASE_SERVICE_ROLE_KEY=your_supabase_service_role_key ``` -4. Run database migrations: +4. **Run database migrations** + ```bash pnpx supabase db reset ``` -5. Start the development server: +5. **Start the development server** + ```bash pnpm run dev ``` -## Database Schema +--- -The application uses three main tables: +## πŸ—„οΈ Database Schema ### Posts + - `id`: Unique identifier - `title`: Post title (max 300 chars) -- `content`: Post text content (max 10,000 chars, optional) +- `content`: Post text (max 10,000 chars, optional) - `url`: External link (max 2,000 chars, optional) -- `upvotes`/`downvotes`: Vote counts +- `upvotes` / `downvotes`: Vote counts - `comment_count`: Number of comments -- `created_at`/`expires_at`: Timestamps +- `created_at` / `expires_at`: Timestamps ### Comments + - `id`: Unique identifier -- `post_id`: Reference to parent post -- `parent_id`: Reference to parent comment (for nesting) +- `post_id`: Parent post reference +- `parent_id`: Parent comment reference (for nesting) - `content`: Comment text (max 5,000 chars) -- `upvotes`/`downvotes`: Vote counts +- `upvotes` / `downvotes`: Vote counts - `depth`: Nesting level (max 10) -- `created_at`/`expires_at`: Timestamps +- `created_at` / `expires_at`: Timestamps ### Votes + - `id`: Unique identifier -- `ip_hash`: SHA256 hash of voter's IP address -- `post_id`/`comment_id`: Reference to voted item -- `vote_type`: 'up' or 'down' -- `created_at`/`expires_at`: Timestamps +- `ip_hash`: SHA256 hash of voter’s IP +- `post_id` / `comment_id`: Reference to voted item +- `vote_type`: `up` or `down` +- `created_at` / `expires_at`: Timestamps + +--- -## Security Features +## πŸ”’ Security Features ### Privacy Protection + - No user accounts or personal data collection -- IP addresses are hashed with SHA256 for voting +- IP addresses hashed with SHA256 for voting - Strict Content Security Policy blocks all JavaScript - No referrer headers sent to external sites - Server identification headers removed ### Tor Network Optimization -- Server-side rendering only (no client-side JS) + +- Server-side rendering only - Minimal external dependencies - Privacy-focused HTTP headers - No tracking or analytics ### Automatic Cleanup + - Posts and comments auto-delete after 72 hours - Automated cleanup via PostgreSQL cron jobs - Cascading deletes for related data -## API Endpoints +--- + +## πŸ“‘ API Endpoints ### Pages -- `/` - Home page (posts sorted by score) -- `/new` - New posts (sorted by creation time) -- `/submit` - Submit new post -- `/post/[id]` - Individual post with comments + +- `/` β€” Home page (posts sorted by score) +- `/new` β€” New posts (sorted by creation time) +- `/submit` β€” Submit new post +- `/post/[id]` β€” Individual post with comments ### Actions -- `POST /?/upvote` - Upvote a post -- `POST /?/downvote` - Downvote a post -- `POST /submit?/submit` - Create new post -- `POST /post/[id]?/comment` - Add comment -- `POST /post/[id]?/upvoteComment` - Upvote comment -- `POST /post/[id]?/downvoteComment` - Downvote comment -## Development +- `POST /?/upvote` β€” Upvote a post +- `POST /?/downvote` β€” Downvote a post +- `POST /submit?/submit` β€” Create new post +- `POST /post/[id]?/comment` β€” Add comment +- `POST /post/[id]?/upvoteComment` β€” Upvote comment +- `POST /post/[id]?/downvoteComment` β€” Downvote comment + +--- + +## 🧩 Development ### Project Structure + ``` src/ β”œβ”€β”€ lib/ @@ -147,6 +174,7 @@ src/ ``` ### Commands + ```bash pnpm run dev # Start development server pnpm run build # Build for production @@ -157,46 +185,59 @@ pnpm run format # Format code ``` ### Database Management + ```bash pnpx supabase db reset # Reset database pnpx supabase migrations new # Create new migration -pnpm run db:migrate # Create migration (alias) +pnpm run db:migrate # Alias for migration ``` -## Deployment +--- + +## 🚒 Deployment ### Docker + ```bash docker build -t unyunddit . docker run -p 3000:3000 unyunddit ``` ### Railway + ```bash pnpm run deploy:railway ``` ### DigitalOcean + ```bash pnpm run deploy:digitalocean ``` -## Configuration +--- + +## βš™οΈ Configuration ### Environment Variables -- `SUPABASE_URL`: Your Supabase project URL -- `SUPABASE_ANON_KEY`: Supabase anonymous key -- `SUPABASE_SERVICE_ROLE_KEY`: Supabase service role key (for admin operations) + +- `SUPABASE_URL` β€” Your Supabase project URL +- `SUPABASE_ANON_KEY` β€” Supabase anonymous key +- `SUPABASE_SERVICE_ROLE_KEY` β€” Supabase service role key (admin operations) ### Security Headers -The application sets strict security headers via `hooks.server.js`: + +Configured via `hooks.server.js`: + - Content Security Policy (blocks all JavaScript) - Referrer Policy (no-referrer) - X-Frame-Options (DENY) - X-Content-Type-Options (nosniff) - Permissions Policy (blocks geolocation, camera, microphone) -## Contributing +--- + +## 🀝 Contributing 1. Fork the repository 2. Create a feature branch @@ -204,21 +245,25 @@ The application sets strict security headers via `hooks.server.js`: 4. Run tests and linting 5. Submit a pull request -## License +--- + +## πŸ“œ License + +This project is licensed under the **WTFPL License** β€” see the [LICENSE](LICENSE) file for details. -This project is licensed under the WTFPL License - see the [LICENSE](LICENSE) file for details. +--- -## Privacy Notice +## πŸ•΅οΈ Privacy Notice -This application is designed for maximum privacy: - No personal data is collected or stored - IP addresses are only used for voting (hashed with SHA256) -- All content automatically deletes after 72 hours +- All content auto-deletes after 72 hours - No tracking, analytics, or third-party services - Designed for use on the Tor network -## Support +--- -For issues and questions, please use the GitHub issue tracker. +## πŸ› οΈ Support +For issues and questions, please use the **GitHub issue tracker**.