This repository contains the code for a discussion application, which facilitates the creation and interaction within various discussion areas based on different topics. Each area contains threads consisting of messages. Users can either be administrators or basic users, with administrators having additional privileges.
The live project can be accessed at https://nikoweb.eu/projects/webchat/
Minimal Setup
This setup is for quickly getting the application running with a basic configuration. It is not a secure configuration and for a real deployment the settings should be customized.
-
Clone the Repository:
git clone https://github.com/Roar1ngDuck/webchat -
Configure Environment:
Copy
.env.exampleto.env:cp .env.example .env -
Run Docker Compose:
Use Docker Compose to start the application:
docker compose up -
Access
The app will be accessible at http://127.0.0.1:8001/ by default
Advanced Setup
Detailed setup steps for a more customized configuration:
-
Clone the Repository:
git clone https://github.com/Roar1ngDuck/webchat -
Configure Environment Variables:
Set up the environment variables by copying the example files:
.envfor running the application. Copy.env.exampleto.env..env.testfor running tests. Copy.env.test.exampleto.env.test.
cp .env.example .env cp .env.test.example .env.test- SECRET_KEY: Flask secret key.
- ADMIN_PASSWORD: Default admin user password.
- DB_URL: External database URL (if not using Docker with predefined value in Dockerfile).
- USE_TURNSTILE:
True/Falseto toggle Cloudflare CAPTCHA (Turnstile) - TURNSTILE_SECRET: Turnstile secret key.
- TURNSTILE_SITEKEY: Turnstile site key.
- ENV: Environment setting, which affects certain application behaviors:
- PROD: Sets secure cookie attributes (SECURE, HTTP_ONLY, SAMESITE) for enhanced security.
- DEV: Does not set secure cookie attributes, suitable for development environments.
- TEST: Used for pytest; does not set secure cookie attributes and resets the database with each execution.
-
Run Docker Compose:
Start the application with Docker Compose:
docker compose up -
Access
The app will be accessible at http://127.0.0.1:8001/ by default
-
Running Tests:
For running tests the app needs to be executed without Docker. For this, make sure you have a postgres database which corresponds to the name in ".env.test", which by default is "webchat_test".
To run the test suite, execute pytest:
pytest
- User Registration: Allows new users to create an account.
- Login/Logout: Users can log in to access the application and log out after they're done.
- Admin Users: Administrator users with additional privileges.
- Area Creation: Administrators can create new discussion areas.
- Secret Areas: Administrators can create secret areas with restricted user access.
- Viewing Areas: Users can see a list of all discussion areas on the homepage along with the number of threads and messages in each area, and when the last message was sent.
- Thread Creation: Users can create a new thread in an area by providing a thread title and the content of the initial message.
- Search: Users can search area topics, thread titles, and message content for given text.
- Subscriptions: Users can subscribe to threads and they will receive a notification when another user posts a message.
- Posting Messages: Users can write a new message in an existing thread and edit previously sent ones. Messages can optionally include images.
- Message Deletion and Editing: Users can delete their messages and threads they have created.
- Thread and Area Deletion: Administrators can delete threads and areas.
- Database Schema: Defined and initialized in
utils/db.py, including the creation of tables and an admin user. The Database class is implemented as a singleton. - Password Hashing: User passwords are securely hashed using bcrypt.
- CAPTCHA Verification: Cloudflare Turnstile is integrated to prevent automated spam and bot registrations
- Password Strength Measurement: Password strength is evaluated using the zxcvbn library, which estimates password crack times based on various factors such as dictionary words, predictable patterns, and password length.
- Gunicorn: Gunicorn is used as the WSGI HTTP server, enhancing the ability to handle concurrent requests efficiently compared to the default Flask server.