bunker-admin
1bf19fff0e
Comprehensive 6-domain security audit addressing 8 Critical, 17 Important,
and 5 Low findings. Key fixes:
Critical:
- Strip PII from unauthenticated ticket lookup (IDOR)
- Add role+permission checks to event check-in routes
- Validate tier-to-event ownership on update/delete (IDOR)
- Fix path traversal in video replace (resolve + prefix check)
- Enable MongoDB authentication for Rocket.Chat
- Disable Grafana anonymous access
- Sanitize CSV exports against formula injection (payments)
- Apply DOMPurify to richDescription on public event page (XSS)
Important:
- Require current password for self-service password changes
- Atomic password reset token consumption (race condition fix)
- Scope postMessage to specific origin (not wildcard)
- Validate redirect parameter against open redirect
- Replace weak temp passwords (5760 values → crypto.randomBytes)
- Move shift capacity check inside transaction (TOCTOU fix)
- Fix EVENTS_ADMIN privilege inversion in ticketed events
- Make ENCRYPTION_KEY required (remove optional fallback)
- Add internal Prometheus metrics endpoint for Docker scraping
- Add nginx-level rate limiting (limit_req_zone)
- Fix X-Forwarded-For to use $remote_addr (prevents spoofing)
- Replace CSP stripping with frame-ancestors in embed proxies
- Remove error.message from Fastify 500 responses
- Strip PII from volunteer canvass address data
- Wrap GrapesJS output in {% raw %} to prevent Jinja2 SSTI
- Scope SSE token query param to /sse path only
- Sanitize Listmonk email query against injection
Bunker Admin
campaign_connector @ d9be9c961d
Changemaker Lite
A self-hosted political campaign platform that consolidates advocacy email campaigns, geographic mapping, volunteer canvassing, media management, and administration into a single TypeScript stack. Built for organizers who want to own their data.
What Is This?
Changemaker Lite gives community organizers the tools they need to:
- Run advocacy campaigns — let supporters look up their elected representatives by postal code and send emails in a few clicks
- Manage canvassing — map locations, draw canvassing areas, schedule volunteer shifts, and track door-to-door visits with GPS
- Host media — upload campaign videos, share them publicly, and track engagement analytics
- Build landing pages — drag-and-drop page builder for campaign microsites
- Send newsletters — integrated with Listmonk for opt-in mailing lists
- Monitor everything — Prometheus + Grafana observability stack included
The entire platform runs on Docker Compose with a single .env file for configuration.
Quick Start
# Clone and switch to the v2 branch
git clone <repo-url> changemaker.lite
cd changemaker.lite
git checkout v2
# Create your environment file
cp .env.example .env
# Edit .env — at minimum set:
# V2_POSTGRES_PASSWORD, REDIS_PASSWORD,
# JWT_ACCESS_SECRET, JWT_REFRESH_SECRET, ENCRYPTION_KEY
# INITIAL_ADMIN_EMAIL, INITIAL_ADMIN_PASSWORD
# Start core services
docker compose up -d v2-postgres redis api admin
# Run database migrations and seed
docker compose exec api npx prisma migrate deploy
docker compose exec api npx prisma db seed
Then open http://localhost:3000 and log in with the admin credentials from your .env.
Architecture
| Component | Technology | Port |
|---|---|---|
| API | Express.js + Prisma + PostgreSQL | 4000 |
| Media API | Fastify + Prisma (shared DB) | 4100 |
| Admin GUI | React + Vite + Ant Design + Zustand | 3000 |
| Reverse Proxy | Nginx (subdomain routing) | 80 |
| Database | PostgreSQL 16 | 5433 |
| Cache / Queue | Redis + BullMQ | 6379 |
| Newsletter | Listmonk | 9001 |
| Monitoring | Prometheus + Grafana + Alertmanager | 9090, 3001 |
See CLAUDE.md for comprehensive architecture documentation, module reference, and troubleshooting.
Feature Flags
Enable optional modules in .env:
ENABLE_MEDIA_FEATURES=true # Video library + gallery
LISTMONK_SYNC_ENABLED=true # Newsletter subscriber sync
EMAIL_TEST_MODE=true # Route emails to MailHog (dev)
Production Deployment
Changemaker Lite uses Pangolin tunnels for production access (Cloudflare alternative). See the Tunnel page in the admin panel (/app/tunnel) for setup instructions.
Documentation
CLAUDE.md— Full project reference (architecture, modules, ports, patterns)V2_PLAN.md— Development roadmap (Phases 1-14 complete)SECURITY_AUDIT_2025-02-11.md— Security audit findings and remediations.env.example— All 100+ environment variables with descriptions
Licensing
This project is licensed under the Apache License 2.0.
AI Disclaimer
AI tools were used to assist in the creation of this project. All generated code has been reviewed. Users should test all functionality to ensure it meets their requirements.