Documentation Changes

CODE_OF_CONDUCT.md

@@ -0,0 +1,128 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+Github Issues.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.

CONTRIBUTING.md

@@ -0,0 +1,269 @@
+# 🦤 Unyunddit - Anonymous Reddit Clone
+
+Unyunddit is a completely anonymous Reddit clone designed for the Tor network. It features automatic post deletion after 72 hours and is built with **SvelteKit** and **Supabase**. The app uses **server-side rendering only** (no client-side JavaScript) to ensure maximum privacy and security.
+
+---
+
+## ✨ Features
+
+- **Complete Anonymity**: No user accounts, registration, or tracking
+- **Auto-Deletion**: All posts and comments are automatically deleted after 72 hours
+- **Tor-Optimized**: Designed for .onion websites
+- **Server-Side Only**: No client-side JavaScript for enhanced security
+- **Anonymous Voting**: IP-based voting with hashed IPs for privacy
+- **Nested Comments**: Supports threaded discussions up to 10 levels deep
+- **Security Headers**: Strict CSP and privacy-focused HTTP headers
+
+---
+
+## 🛠️ Tech Stack
+
+- **Frontend**: SvelteKit (SSR-only mode)
+- **Backend**: Node.js 20+ (ESM modules)
+- **Database**: Supabase (PostgreSQL)
+- **Package Manager**: pnpm
+- **Security**: Strict Content Security Policy, no client-side JS
+
+---
+
+## 🚀 Quick Start
+
+### Prerequisites
+
+- Node.js 20+
+- pnpm 8+
+- Supabase account and project
+
+### Installation
+
+1. **Clone the repository**
+
+```bash
+git clone <repository-url>
+cd unyunddit
+```
+
+2. **Install dependencies**
+
+```bash
+pnpm install
+```
+
+3. **Set up environment variables**
+
+```bash
+cp .env.example .env
+```
+
+Edit `.env` with your Supabase credentials:
+
+```env
+SUPABASE_URL=your_supabase_url
+SUPABASE_ANON_KEY=your_supabase_anon_key
+SUPABASE_SERVICE_ROLE_KEY=your_supabase_service_role_key
+```
+
+4. **Run database migrations**
+
+```bash
+pnpx supabase db reset
+```
+
+5. **Start the development server**
+
+```bash
+pnpm run dev
+```
+
+---
+
+## 🗄️ Database Schema
+
+### Posts
+
+- `id`: Unique identifier
+- `title`: Post title (max 300 chars)
+- `content`: Post text (max 10,000 chars, optional)
+- `url`: External link (max 2,000 chars, optional)
+- `upvotes` / `downvotes`: Vote counts
+- `comment_count`: Number of comments
+- `created_at` / `expires_at`: Timestamps
+
+### Comments
+
+- `id`: Unique identifier
+- `post_id`: Parent post reference
+- `parent_id`: Parent comment reference (for nesting)
+- `content`: Comment text (max 5,000 chars)
+- `upvotes` / `downvotes`: Vote counts
+- `depth`: Nesting level (max 10)
+- `created_at` / `expires_at`: Timestamps
+
+### Votes
+
+- `id`: Unique identifier
+- `ip_hash`: SHA256 hash of voter’s IP
+- `post_id` / `comment_id`: Reference to voted item
+- `vote_type`: `up` or `down`
+- `created_at` / `expires_at`: Timestamps
+
+---
+
+## 🔒 Security Features
+
+### Privacy Protection
+
+- No user accounts or personal data collection
+- IP addresses hashed with SHA256 for voting
+- Strict Content Security Policy blocks all JavaScript
+- No referrer headers sent to external sites
+- Server identification headers removed
+
+### Tor Network Optimization
+
+- Server-side rendering only
+- Minimal external dependencies
+- Privacy-focused HTTP headers
+- No tracking or analytics
+
+### Automatic Cleanup
+
+- Posts and comments auto-delete after 72 hours
+- Automated cleanup via PostgreSQL cron jobs
+- Cascading deletes for related data
+
+---
+
+## 📡 API Endpoints
+
+### Pages
+
+- `/` — Home page (posts sorted by score)
+- `/new` — New posts (sorted by creation time)
+- `/submit` — Submit new post
+- `/post/[id]` — Individual post with comments
+
+### Actions
+
+- `POST /?/upvote` — Upvote a post
+- `POST /?/downvote` — Downvote a post
+- `POST /submit?/submit` — Create new post
+- `POST /post/[id]?/comment` — Add comment
+- `POST /post/[id]?/upvoteComment` — Upvote comment
+- `POST /post/[id]?/downvoteComment` — Downvote comment
+
+---
+
+## 🧩 Development
+
+### Project Structure
+
+```
+src/
+├── lib/
+│   └── supabase.js          # Database client
+├── routes/
+│   ├── +layout.svelte       # Base layout
+│   ├── +page.svelte         # Home page
+│   ├── +page.server.js      # Home page logic
+│   ├── new/                 # New posts page
+│   ├── submit/              # Submit post page
+│   └── post/[id]/           # Individual post page
+├── hooks.server.js          # Security headers
+└── app.html                 # HTML template
+```
+
+### Commands
+
+```bash
+pnpm run dev          # Start development server
+pnpm run build        # Build for production
+pnpm run preview      # Preview production build
+pnpm run test         # Run tests
+pnpm run lint         # Lint code
+pnpm run format       # Format code
+```
+
+### Database Management
+
+```bash
+pnpx supabase db reset                    # Reset database
+pnpx supabase migrations new <name>       # Create new migration
+pnpm run db:migrate                       # Alias for migration
+```
+
+---
+
+## 🚢 Deployment
+
+### Docker
+
+```bash
+docker build -t unyunddit .
+docker run -p 3000:3000 unyunddit
+```
+
+### Railway
+
+```bash
+pnpm run deploy:railway
+```
+
+### DigitalOcean
+
+```bash
+pnpm run deploy:digitalocean
+```
+
+---
+
+## ⚙️ Configuration
+
+### Environment Variables
+
+- `SUPABASE_URL` — Your Supabase project URL
+- `SUPABASE_ANON_KEY` — Supabase anonymous key
+- `SUPABASE_SERVICE_ROLE_KEY` — Supabase service role key (admin operations)
+
+### Security Headers
+
+Configured via `hooks.server.js`:
+
+- Content Security Policy (blocks all JavaScript)
+- Referrer Policy (no-referrer)
+- X-Frame-Options (DENY)
+- X-Content-Type-Options (nosniff)
+- Permissions Policy (blocks geolocation, camera, microphone)
+
+---
+
+## 🤝 Contributing
+
+1. Fork the repository
+2. Create a feature branch
+3. Make your changes
+4. Run tests and linting
+5. Submit a pull request
+
+---
+
+## 📜 License
+
+This project is licensed under the **WTFPL License** — see the [LICENSE](LICENSE) file for details.
+
+---
+
+## 🕵️ Privacy Notice
+
+- No personal data is collected or stored
+- IP addresses are only used for voting (hashed with SHA256)
+- All content auto-deletes after 72 hours
+- No tracking, analytics, or third-party services
+- Designed for use on the Tor network
+
+---
+
+## 🛠️ Support
+
+For issues and questions, please use the **GitHub issue tracker**.
+