Cete/sipher
1
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
No description
43 commits 3 branches 0 tags 3 MiB
Find a file
Nixyan 75f3a0ed04 feat: enhance security and testing for federation routes. Added routes for uploading files to posts and initial logic of handling it client-side. 
- Added a new test suite for attack vectors targeting the /discover federation routes, ensuring (known) vulnerabilities are addressed.
- Implemented a proxy function to check for blacklisted servers, enhancing security measures.
- Introduced URL validation to prevent SSRF attacks by blocking internal addresses.
- Updated package.json with a new test command for the attack tests.
- Refactored server and route handling to improve type safety and error handling.
- Added new middleware for blacklist checks and URL validation to prevent unauthorized access.
2026-03-11 11:48:38 -03:00
.vscode Restarting the project once again. 2026-03-05 18:52:46 -03:00
drizzle Restarting the project once again. 2026-03-05 18:52:46 -03:00
public/logo feat: added auth page and the whole functionallity surrounding it. 2026-03-06 16:21:42 -03:00
src feat: enhance security and testing for federation routes. Added routes for uploading files to posts and initial logic of handling it client-side. 2026-03-11 11:48:38 -03:00
tests feat: enhance security and testing for federation routes. Added routes for uploading files to posts and initial logic of handling it client-side. 2026-03-11 11:48:38 -03:00
.env.local.example feat: added auth page and the whole functionallity surrounding it. 2026-03-06 16:21:42 -03:00
.gitignore feat: added auth page and the whole functionallity surrounding it. 2026-03-06 16:21:42 -03:00
bun.lock fix: fix federation key generation and update dependencies 2026-03-10 18:26:31 -03:00
components.json feat: added auth page and the whole functionallity surrounding it. 2026-03-06 16:21:42 -03:00
drizzle.config.ts Restarting the project once again. 2026-03-05 18:52:46 -03:00
LICENSE Restarting the project once again. 2026-03-05 18:52:46 -03:00
next.config.ts Restarting the project once again. 2026-03-05 18:52:46 -03:00
package-lock.json feat: added auth page and the whole functionallity surrounding it. 2026-03-06 16:21:42 -03:00
package.json feat: enhance security and testing for federation routes. Added routes for uploading files to posts and initial logic of handling it client-side. 2026-03-11 11:48:38 -03:00
playwright.config.ts feat: enhance security and testing for federation routes. Added routes for uploading files to posts and initial logic of handling it client-side. 2026-03-11 11:48:38 -03:00
postcss.config.mjs Restarted the project. 2025-12-03 09:41:21 -03:00
README.md docs: add security section to README 2026-03-10 14:17:54 -03:00
tsconfig.json feat: implement server discovery and key rotation functionality 2026-03-09 21:37:59 -03:00

README.md

SiPher

Silent Whisper — A federated social network built for the modern age.

License Version Status

SiPher is a federated social network. Each server is independent — no central authority, no single point of failure.

Your identity is you@yourserver.com. Your server, your data, your rules.

Roadmap

  • Phase 1 — Core federation. Two servers can follow each other, post, and see each other's posts.
    • — Two servers can follow each other, trust their keys and rotate them.
    • — One server can create posts, have users following each other and dms (unencrypted for now) works.
    • — Two servers can fetch posts, follows and other data from their users, including DMs.
  • Phase 2 — Server trust scoring and a public vouch ledger.
  • Phase 3 — Opt-in relay network for censorship resistance.
  • Phase 4 — End-to-end encryption via TBD.

Author

Marcello Brito (Tocka) — tockanest.com

Security

SiPher implements custom federation and cryptographic protocols. I am not a professional cryptographer or security researcher — this system has not been audited and almost certainly contains multiple vulnerabilities I am not aware of.

If you find one, please open an issue or contact me directly at tocka@tockanest.com. Responsible disclosure is appreciated.

Contributions from people with security or cryptography experience are especially welcome, even if just pure criticism.

Do not use SiPher in any context where your physical safety depends on it — not yet.

License

AGPL-3.0