bunker-admin 91db29402c Add Gitea SSO, fix security audit findings, harden production defaults

Gitea SSO: cookie-based single sign-on via nginx auth_request — sets
cml_session cookie on login/refresh, validates via /api/auth/gitea-sso-validate,
injects X-WEBAUTH-USER header for reverse proxy auth. Dedicated GITEA_SSO_SECRET
and SERVICE_PASSWORD_SALT env vars isolate secret rotation.

Security fixes from March 30 audit: IDOR on ticketed events (requireEventOwnership
middleware), IDOR on action items (admin/assignee/creator check), path traversal
on photos (resolve-based validation), CSV upload size limit (5MB), shared calendar
email exposure removed.

Gitea provisioner: auto-sync docs repo collaborator access based on role
(CONTENT_ROLES get write, SUPER_ADMIN gets admin). Gitea client extended
with collaborator management API methods.

Production hardening: NODE_ENV defaults to production in docker-compose.prod.yml,
Grafana anonymous auth disabled, install.sh branch ref updated to main.

Admin UI: moved docs reset from toolbar to MkDocs Settings danger zone,
improved collab Ctrl+S to explicitly save + cache-bust preview.

MkDocs site rebuild with updated repo data, upgrade screenshots, and content.

Bunker Admin

2026-03-31 11:20:01 -06:00

3.1 KiB

Raw Permalink Blame History

date, authors, categories, tags

date

authors

Introducing Changemaker Lite v2

Changemaker Lite v2 is a ground-up rebuild of the platform — same mission, entirely new architecture. After 14 phases of development, the platform is ready for production use.

What Changed

V1 was two independent Express apps stitched together with NocoDB as a data layer. It worked, but scaling features meant fighting the architecture at every turn.

V2 is a unified TypeScript stack:

Dual API architecture — Express.js for the main platform, Fastify for the media library, sharing a single PostgreSQL 16 database via Prisma ORM
React admin GUI — Vite + Ant Design + Zustand, serving admin, public, and volunteer interfaces from one build
30+ Docker services — from core infrastructure to monitoring, communication, and developer tools
JWT authentication with refresh token rotation, role-based access control (11 roles), and a comprehensive security audit

What's New

The feature set has grown substantially:

Advocacy campaigns with postal code → representative lookup, email sending, response walls, and moderation
Map & canvassing with multi-provider geocoding, polygon territories, GPS-tracked volunteer sessions, and walking route generation
Media manager with video upload, FFprobe metadata extraction, scheduled publishing, analytics, and a public gallery
Landing page builder powered by GrapesJS with drag-and-drop editing
Payments via encrypted Stripe integration — products, donations, and subscription plans
SMS campaigns via a Termux Android bridge
Team communication with self-hosted Rocket.Chat and Jitsi Meet
People CRM aggregating contacts across all modules with duplicate detection and merge
Volunteer social features — friend system, achievements, leaderboards, and a personal calendar
One-command install — curl | bash pulls a release tarball and runs the config wizard

Why Self-Hosted

Every subscription to corporate campaign software funds infrastructure you don't control. Your voter lists, canvassing outcomes, and communication patterns become assets on someone else's balance sheet.

Changemaker Lite costs roughly the price of a VPS — often under $50/month for the full stack. But the real value isn't cost savings. It's control. No vendor can cut off your access. No acquisition can change your terms.

Get Started

curl -fsSL https://gitea.bnkops.com/admin/changemaker.lite/raw/branch/main/scripts/install.sh | bash

3.1 KiB Raw Permalink Blame History