admin/changemaker.lite
1
0
Fork 0
Code Issues Packages Projects Releases 31 Wiki Activity
changemaker.lite/mkdocs/docs/blog/posts/introducing-changemaker-lite-v2.md
bunker-admin 91db29402c Add Gitea SSO, fix security audit findings, harden production defaults 
Gitea SSO: cookie-based single sign-on via nginx auth_request — sets
cml_session cookie on login/refresh, validates via /api/auth/gitea-sso-validate,
injects X-WEBAUTH-USER header for reverse proxy auth. Dedicated GITEA_SSO_SECRET
and SERVICE_PASSWORD_SALT env vars isolate secret rotation.

Security fixes from March 30 audit: IDOR on ticketed events (requireEventOwnership
middleware), IDOR on action items (admin/assignee/creator check), path traversal
on photos (resolve-based validation), CSV upload size limit (5MB), shared calendar
email exposure removed.

Gitea provisioner: auto-sync docs repo collaborator access based on role
(CONTENT_ROLES get write, SUPER_ADMIN gets admin). Gitea client extended
with collaborator management API methods.

Production hardening: NODE_ENV defaults to production in docker-compose.prod.yml,
Grafana anonymous auth disabled, install.sh branch ref updated to main.

Admin UI: moved docs reset from toolbar to MkDocs Settings danger zone,
improved collab Ctrl+S to explicitly save + cache-bust preview.

MkDocs site rebuild with updated repo data, upgrade screenshots, and content.

Bunker Admin
2026-03-31 11:20:01 -06:00

72 lines
3.1 KiB
Markdown
Raw Blame History

---
date: 2026-03-22
authors:
- admin
categories:
- Announcements
- Platform
tags:
- v2
- release
- self-hosted
- FOSS
---
# Introducing Changemaker Lite v2
Changemaker Lite v2 is a ground-up rebuild of the platform — same mission, entirely new architecture. After 14 phases of development, the platform is ready for production use.
<!-- more -->
## What Changed
V1 was two independent Express apps stitched together with NocoDB as a data layer. It worked, but scaling features meant fighting the architecture at every turn.
V2 is a unified TypeScript stack:
- **Dual API architecture** — Express.js for the main platform, Fastify for the media library, sharing a single PostgreSQL 16 database via Prisma ORM
- **React admin GUI** — Vite + Ant Design + Zustand, serving admin, public, and volunteer interfaces from one build
- **30+ Docker services** — from core infrastructure to monitoring, communication, and developer tools
- **JWT authentication** with refresh token rotation, role-based access control (11 roles), and a comprehensive security audit
## What's New
The feature set has grown substantially:
- **Advocacy campaigns** with postal code → representative lookup, email sending, response walls, and moderation
- **Map & canvassing** with multi-provider geocoding, polygon territories, GPS-tracked volunteer sessions, and walking route generation
- **Media manager** with video upload, FFprobe metadata extraction, scheduled publishing, analytics, and a public gallery
- **Landing page builder** powered by GrapesJS with drag-and-drop editing
- **Payments** via encrypted Stripe integration — products, donations, and subscription plans
- **SMS campaigns** via a Termux Android bridge
- **Team communication** with self-hosted Rocket.Chat and Jitsi Meet
- **People CRM** aggregating contacts across all modules with duplicate detection and merge
- **Volunteer social features** — friend system, achievements, leaderboards, and a personal calendar
- **One-command install** — `curl | bash` pulls a release tarball and runs the config wizard
## Why Self-Hosted
Every subscription to corporate campaign software funds infrastructure you don't control. Your voter lists, canvassing outcomes, and communication patterns become assets on someone else's balance sheet.
Changemaker Lite costs roughly the price of a VPS — often under $50/month for the full stack. But the real value isn't cost savings. It's **control.** No vendor can cut off your access. No acquisition can change your terms.
Read more in our [Philosophy](../../docs/phil.md) page.
## Get Started
```bash
curl -fsSL https://gitea.bnkops.com/admin/changemaker.lite/raw/branch/main/scripts/install.sh | bash
```
Or follow the [Getting Started guide](../../docs/getting-started/index.md) for a walkthrough.
## What's Next
Phase 15 (Testing & Polish) is underway. We're also working on:
- Social Calendar Phase B (shared views, availability finder)
- Expanded test coverage
- Performance optimization for large location datasets
Follow this blog for updates, or subscribe to the [newsletter](https://listmonk.bnkops.com/subscription/form).
Reference in New Issue View Git Blame Copy Permalink