Receive confessions and messages anonymously! (Under development)

Related tags

Learning resource umamin
Overview

logo

About

⚠️ This project is under heavy development! ⚠️

umamin is an ad-free and open-source platform for sending and receiving anonymous confessions! Each user can create a unique link to which others could send anonymous messages! Start receiving confessions and messages →

Contributing

If you like this project, please consider giving it a star! Want to contribute? Make sure to review our code of conduct.

ko-fi

Contributor List

Contributing Guide

  1. Fork this repository and clone your fork.
  2. Create a new branch for your changes:
$ cd your_cloned_fork
$ git checkout dev
$ git checkout -b my-new-branch
  1. Create a .env file with this content:

Adjust the DATABASE_URL to your local MySQL database. Guide →

DATABASE_URL="mysql://johndoe:randompassword@localhost:3306/mydb"
NEXT_PUBLIC_GQL_ENDPOINT="http://localhost:3000/api/graphql"

NEXTAUTH_URL="http://localhost:3000"
NEXTAUTH_SECRET="mysupersecretkey"
  1. (optional) MySQL image with docker:
yarn docker:up # start up a MySQL image
yarn docker:down # stop MySQL image
  1. Sync database schema:
npx prisma db push

Or run a migration. Guide →

  1. To run locally:
# Only use yarn as your package manager
$ yarn
$ yarn dev
  1. Commit your changes and push your branch:
$ git add .
$ git commit -m "chore: some changes"
$ git push origin HEAD
  1. Submit a pull request on the dev branch. (resolve conflicts if present)

License

Licensed under the GPL-3.0 license.

Comments
  • feat: add swipe delete on messages

    feat: add swipe delete on messages

    This pull request resolve the delete button on messages #51 feature request. But instead of a delete button, I've used a swipe-to-delete method for a cleaner UI.

    Sample screenshot. Screenshot 2022-07-28 161834

    Also, I've updated the UI for when there are no messages in the inbox. Screenshot 2022-07-28 151620

    All test has passed. Screenshot 2022-07-28 162257

    feature 
    opened by isaacdarcilla 12
  • I can read anyone's private Umamin inbox with a little tinkering to the original GraphQL request

    I can read anyone's private Umamin inbox with a little tinkering to the original GraphQL request

    Describe the bug This vulnerability/bug is also known as Insecure Direct Object References (IDOR) Bug. This bug allows unauthorized users to view anyone's Private Messages by obtaining the target user's receiverId/userId

    To Reproduce Steps to reproduce the behavior:

    1. the endoint /api/graphql is the one vulnerable to this attack
    2. My POST request data is as follows:
    {"query":"mutation sendMessage($input: SendMessageInput!) {\n  sendMessage(input: $input) {\n     id\n    receiverId\n    content\n  }\n}\n","variables":{"input":{"receiverUsername":"TARGET_USERNAME","content":"CONTENT_HERE","receiverMsg":"Send me an anonymous message!"}},"operationName":"sendMessage"}
    1. (Explanation to the request above) I just added receiverId variable to the original graphQL request.
    2. The endpoint will unexpectedly respond with the private receiverId value like below:
    {"data":{"sendMessage":{"id":"yyyyy-yyy-yyyy-yyyy-yyyyyy","receiverId":"xxxxxx-xxx-xxxx-xxxx-xxxxxx","content":"CONTENT_HERE"}}}
    1. Now , send another POST request to the same endpoint /api/graphql
    {"query":"query getMessages($userId: ID!) {\n  messages(userId: $userId) {\n    id\n    content\n    isOpened\n    receiverMsg\n  }\n}\n","variables":{"userId":"THE_RECEIVERID_YOU_OBTAINED_EARLIER"},"operationName":"getMessages"}
    1. The endpoint will respond with the private messages corresponding to the userId you obtained
    {"data":{"messages":[{"id":"yyyyy-yyy-yyyy-yyyy-yyyyyy","content":"vvvvvvvvvv","isOpened":false,"receiverMsg":"Send me an anonymous message!"},{"id":"yyyyy-yyy-yyyy-yyyy-yyyyyy","content":"vvvvvvvvvv","isOpened":true,"receiverMsg":"Send me an anonymous message!"}]}}

    Expected behavior This endpoint should return an error and not allow anyone to just grab other's private userId AND/OR the endpoint should not allow the use of any valid userId to non-authorized users

    bug 
    opened by jmrcsnchz 4
  • where to host database?

    where to host database?

    Currently using railway.app in production for a PostgreSQL database.

    railway (left) vs planetscale (right)

    Railway will be nerfing free tier Read more

    Platnetscale has 1 billion row reads a month + 10 million row writes a month for free. Should we move to a Vitess/MySQL database w/ planetscale @princejoogie ?

    PS: umamin will be free and ad-free so I want to use free tiers.

    question 
    opened by joshxfi 3
  • Bug report

    Bug report

    Describe the bug i cant read anonymous message. It’s disappearing when Im trying to open it.

    To Reproduce Steps to reproduce the behavior:

    1. Go to '...'
    2. Click on '....'
    3. Scroll down to '....'
    4. See error

    Expected behavior I expected it will be fixed as soon as possible. I reported it earlier but its not working.

    Screenshots 16F5E5E1-FB2D-4FF3-9AD3-6BCAFD907E7E AFE07608-5D60-41FC-9D06-2679C8C95DAC

    Desktop (please complete the following information):

    • OS: [e.g. iOS]
    • Browser [e.g. chrome, safari]
    • Version [e.g. 22]

    Smartphone (please complete the following information):

    • Device: [e.g. iPhone 11 pro max]
    • OS: [e.g. iOS15.6]
    • Browser [e.g. safari]
    • Version [e.g. 15.6]

    Additional context Its keeping disappearing

    bug 
    opened by Kinyaomiii 2
  • Messages problem

    Messages problem

    Describe the bug I cannot see what anonymous messages me.

    To Reproduce Steps to reproduce the behavior:

    1. Go to '...'
    2. Click on '....'
    3. Scroll down to '....'
    4. See error

    Expected behavior Nothing much

    Screenshots 7D527EE3-5CC3-4C5F-8C33-AC0DA54C8D0E

    Desktop (please complete the following information):

    • OS: [e.g. iOS]
    • Browser [e.g. chrome, safari]
    • Version [e.g. 22]

    Smartphone (please complete the following information):

    • Device: [e.g. iPhone6]
    • OS: [e.g. iOS8.1]
    • Browser [e.g. stock browser, safari]
    • Version [e.g. 22]

    Additional context Add any other context about the problem here.

    bug duplicate 
    opened by Kinyaomiii 2
  • umamin bug

    umamin bug

    Describe the bug it shows that i have 3 umamin messages but i can't view any of them. all of them starts disappearing in a split second after refreshing.

    To Reproduce Steps to reproduce the behavior:

    1. Go to '...'
    2. Click on '....'
    3. Scroll down to '....'
    4. See error

    Expected behavior i expect to see my umamin messages after this.

    Screenshots Screenshot_20220730-222535_Chrome Screenshot_20220730-222537_Chrome

    Desktop (please complete the following information):

    • OS: [e.g. iOS]
    • Browser [e.g. chrome, safari]
    • Version [e.g. 22]

    Smartphone (please complete the following information):

    • Samsung Galaxy j4 plus
    • Android
    • Chrome
    • ver. 9

    Additional context Add any other context about the problem here.

    bug 
    opened by dxzvy 2
  • user in inbox not changing on first render

    user in inbox not changing on first render

    Describe the bug Account/user's inbox does not change after signing out and then logging in with a different account but only changes after a reload.

    To Reproduce Steps to reproduce the behavior:

    1. Login
    2. Logout
    3. Login with a different account
    4. You'll see that the user in the unique link was from the one you previously logged in

    Expected behavior The user in the inbox should be the one that is currently logged in on first render

    Screenshots

    • logged in as test but previously logged in as testuser. image
    bug 
    opened by joshxfi 2
  • share button

    share button

    image

    • add a share button in each message card
    • will export an image of the message card (used to post in ig story etc.)

    if possible,

    • a share button that directly creates a story instance in instagram
    feature 
    opened by princejoogie 2
  • release: v0.3.2

    release: v0.3.2

    • Update to Next 13
      • (temp): Use legacy Image & Link
    • Fix PWA
    • Move before interactive script to _document.tsx
    • Pass session ID in ApolloServer context
    chore fix release 
    opened by joshxfi 1
  • Show location

    Show location

    My problem is I’m always wondering who the person who messaged me is or if it is still the same person who messaged me yesterday. Yes, I know this is anonymous for messages, so it really needs to be hidden, but I would like to suggest a solution to avoid confusion.

    The solution I would like to request is that when someone visits this site to confess, then their device location or the location of the person who sent me an anonymous message will be detected and notified to my notifications. Like, for example, the same thing with the Wix site app. If you visit the site, the location of those who visit my site can be detected and it will notify me. I mean, it is still anonymous because the real identity and username are still hidden, but the location is not hidden to avoid confusion and to be notified. It would be better if their location could be detected because then you would know if the person who messaged you yesterday is still the person who messaged you today.

    I will send screenshots of an example of this kind of solution and what it looks like. Trust me, this is better and will lead to a safer environment, especially since people nowadays love to message rude and mean confessions, so I hope this request will be processed soon.

    Screenshot_20220731-185111~2

    #request #safer

    feature request 
    opened by grei-19 3
Releases(v0.3.4)

  • v0.3.4(Dec 9, 2022)

    What's Changed

    • Disable PWA on dev
    • Show warning if current user is unauthenticated
    • Disable some buttons when session is loading

    Full Changelog: https://github.com/omsimos/umamin/compare/v0.3.3...v0.3.4

    Source code(tar.gz)
    Source code(zip)

  • v0.3.3(Dec 9, 2022)

    What's Changed

    • Add Download App button to install PWA
    • Implement updated next/link & next/image
    • Show Go to Inbox on /to if authenticated

    Full Changelog: https://github.com/omsimos/umamin/compare/v0.3.2...v0.3.3

    Source code(tar.gz)
    Source code(zip)

  • v0.3.2(Nov 21, 2022)

    What's Changed

    • Update to Next 13
      • (temp): Use legacy Image & Link
    • Fix PWA service worker
    • Move before interactive script to _document.tsx
    • Pass session ID in ApolloServer context
    • Use useRef for downloading images

    Full Changelog: https://github.com/omsimos/umamin/compare/v0.3.1...v0.3.2

    Source code(tar.gz)
    Source code(zip)

  • v0.3.1(Oct 21, 2022)

    What's Changed

    • Add credentials option for creating an account
    • Login attempts before giving the CAPTCHA
    • Update ad position
    • Add loaders on other pages

    Full Changelog: https://github.com/omsimos/umamin/compare/v0.3.0...v0.3.1

    Source code(tar.gz)
    Source code(zip)

  • v0.3.0(Sep 27, 2022)

    What's Changed

    • Add Discord & Google Authentication
    • Update ad positions
    • Add rate limiter using lru-cache
    • Implement new UI
    • Add reply feature
    • Add message tabs (recent, seen, sent)
    • Optimizations

    Full Changelog: https://github.com/omsimos/umamin/compare/v0.2.4...v0.3.0

    Source code(tar.gz)
    Source code(zip)

  • v0.2.4(Aug 17, 2022)

    What's Changed

    • Use edge for cache-control by @joshxfi in https://github.com/joshxfi/umamin/pull/97
    • Add maintenance title by @joshxfi in https://github.com/joshxfi/umamin/pull/98
    • Use different ad-slot id by @joshxfi in https://github.com/joshxfi/umamin/pull/99
    • Add Discord and Facebook button on the maintenance page
    • Update footer links

    Full Changelog: https://github.com/joshxfi/umamin/compare/v0.2.3...v0.2.4

    Source code(tar.gz)
    Source code(zip)

  • v0.2.3(Aug 7, 2022)

    What's Changed

    • Run ads only in production by @edmer664 in https://github.com/joshxfi/umamin/pull/92
    • Delete message button by @joshxfi in https://github.com/joshxfi/umamin/pull/94
    • Delete account button (under settings) by @joshxfi in https://github.com/joshxfi/umamin/pull/94
    • Remove Share to Instagram button
    • Fix flicker on settings

    New Contributors

    • @edmer664 made their first contribution in https://github.com/joshxfi/umamin/pull/92

    Full Changelog: https://github.com/joshxfi/umamin/compare/v0.2.2...v0.2.3

    Source code(tar.gz)
    Source code(zip)

  • v0.2.2(Aug 3, 2022)

    What's Changed

    • Add ad container by @joshxfi in https://github.com/joshxfi/umamin/pull/89
    • Change password by @joshxfi in https://github.com/joshxfi/umamin/pull/91
    • Fix empty custom message (add minLength)
    • Move toast at the bottom center

    Full Changelog: https://github.com/joshxfi/umamin/compare/v0.2.1...v0.2.2

    Source code(tar.gz)
    Source code(zip)

  • v0.2.1(Aug 2, 2022)

    What's Changed

    • Add origin to CORS by @joshxfi in https://github.com/joshxfi/umamin/pull/87
    • Replace dummy cards with loader to avoid confusion
    • Display time on the message card
    • Add Discord links
    • Add generate script

    Full Changelog: https://github.com/joshxfi/umamin/compare/v0.2.0...v0.2.1

    Source code(tar.gz)
    Source code(zip)

  • v0.2.0(Aug 1, 2022)

    What's Changed

    • Fix: update inbox pagination by @joshxfi in https://github.com/joshxfi/umamin/pull/71
    • Chores by @joshxfi in https://github.com/joshxfi/umamin/pull/74
      • Update next (12.2.3)
      • Add cache control (max-age: 60)
      • Extract PWA config
      • Update privacy policy
    • Security patches by @joshxfi in https://github.com/joshxfi/umamin/pull/83
      • CSRF prevention
      • CORS
      • Captcha
    • Migrate to turborepo by @princejoogie in https://github.com/joshxfi/umamin/pull/76

    Full Changelog: https://github.com/joshxfi/umamin/compare/v0.1.4...v0.2.0

    Source code(tar.gz)
    Source code(zip)

  • v0.1.4(Jul 30, 2022)

    What's Changed

    • Pagination by @joshxfi in https://github.com/joshxfi/umamin/pull/66
    • Change message min length to 3
    • Update email URL in footer
    • Convert fonts to woff2
    • Add NEXT_PUBLIC_MAINTENANCE_INFO on maintenance page

    Full Changelog: https://github.com/joshxfi/umamin/compare/v0.1.3...v0.1.4

    Source code(tar.gz)
    Source code(zip)

  • v0.1.3(Jul 29, 2022)

    What's Changed

    • Add maintenance page by @joshxfi in https://github.com/joshxfi/umamin/pull/61
    • Setup AdSense by @joshxfi in https://github.com/joshxfi/umamin/pull/63
    • Patch GraphQL endpoint vulnerability https://github.com/joshxfi/umamin/issues/59

    Full Changelog: https://github.com/joshxfi/umamin/compare/v0.1.2...v0.1.3

    Source code(tar.gz)
    Source code(zip)

  • v0.1.1(Jul 28, 2022)

    What's Changed

    • Optimizations v0.1.1 by @princejoogie in https://github.com/joshxfi/umamin/pull/52
      • Initialized migration folder
      • Add indexes on user and message model
      • Add github workflow to run prisma migrate deploy
    • Add schema migration CI @joshxfi in https://github.com/joshxfi/umamin/pull/56

    Full Changelog: https://github.com/joshxfi/umamin/compare/v0.1.0...v0.1.1

    Source code(tar.gz)
    Source code(zip)

  • v0.1.0(Jul 27, 2022)

    What's Changed

    • feat/add-user by @joshxfi in https://github.com/joshxfi/umamin/pull/2
    • copy link to clipboard feature by @hyamero in https://github.com/joshxfi/umamin/pull/4
    • feat/login-page by @hyamero in https://github.com/joshxfi/umamin/pull/6
    • fix ui issues by @hyamero in https://github.com/joshxfi/umamin/pull/7
    • login feature by @joshxfi in https://github.com/joshxfi/umamin/pull/8
    • dev to main by @joshxfi in https://github.com/joshxfi/umamin/pull/9
    • fix(readme): change URL to umamin by @joshxfi in https://github.com/joshxfi/umamin/pull/12
    • send message page ui by @hyamero in https://github.com/joshxfi/umamin/pull/13
    • send message feature by @joshxfi in https://github.com/joshxfi/umamin/pull/14
    • chore: add issue template by @joshxfi in https://github.com/joshxfi/umamin/pull/16
    • implement loader by @joshxfi in https://github.com/joshxfi/umamin/pull/15
    • fix: alignment issue by @hyamero in https://github.com/joshxfi/umamin/pull/17
    • feat: use next-auth by @princejoogie in https://github.com/joshxfi/umamin/pull/18
    • chores by @joshxfi in https://github.com/joshxfi/umamin/pull/20
    • dev to main by @joshxfi in https://github.com/joshxfi/umamin/pull/21
    • add footer by @joshxfi in https://github.com/joshxfi/umamin/pull/22
    • feat: message sent ui by @hyamero in https://github.com/joshxfi/umamin/pull/24
    • menu on mobile view by @joshxfi in https://github.com/joshxfi/umamin/pull/25
    • add SEO & PWA by @joshxfi in https://github.com/joshxfi/umamin/pull/27
    • add register page by @joshxfi in https://github.com/joshxfi/umamin/pull/26
    • add receiver message by @joshxfi in https://github.com/joshxfi/umamin/pull/28
    • update inbox ui by @hyamero in https://github.com/joshxfi/umamin/pull/29
    • save image & share to instagram by @joshxfi in https://github.com/joshxfi/umamin/pull/36
    • add analytics using firebase by @joshxfi in https://github.com/joshxfi/umamin/pull/37
    • seen indicator by @joshxfi in https://github.com/joshxfi/umamin/pull/38
    • feat: custom message by @joshxfi in https://github.com/joshxfi/umamin/pull/40
    • update message ui by @joshxfi in https://github.com/joshxfi/umamin/pull/41
    • add privacy policy by @joshxfi in https://github.com/joshxfi/umamin/pull/42
    • fix: message dialog padding css conflict by @hyamero in https://github.com/joshxfi/umamin/pull/44
    • add help center by @joshxfi in https://github.com/joshxfi/umamin/pull/45
    • minor changes by @joshxfi in https://github.com/joshxfi/umamin/pull/47
    • release: v0.1.0 by @joshxfi in https://github.com/joshxfi/umamin/pull/46

    New Contributors

    • @joshxfi made their first contribution in https://github.com/joshxfi/umamin/pull/2
    • @hyamero made their first contribution in https://github.com/joshxfi/umamin/pull/4
    • @princejoogie made their first contribution in https://github.com/joshxfi/umamin/pull/18

    Full Changelog: https://github.com/joshxfi/umamin/commits/v0.1.0

    Source code(tar.gz)
    Source code(zip)
Owner
Josh Daniel
18 | TypeScript React Developer
Josh Daniel
GitHub https://umamin.vercel.app
Blobernize your pictures with this all-new tool! Still under development, but it works for now.

Still under development, but in a usable state image-blobernizer A very simple image-blobernizer made for the webbrowser using p5.js Live demo Require

Sen van der Heide 3 Mar 23, 2022
This blog is still under development! I present a project scope for science articles, it can now be used in production! But there are some details that need to be put up front.

Science-Blog ?? Attention! This blog is still under development! I present a project scope for science articles, it can now be used in production! But

Raissadev 2 Sep 19, 2022
A chat logs online saver for discord bots to save messages history & cleared messages online

Chat Logs NPM package that saves messages online to view it later Useful for bots where users can save messages history & cleared messages online Supp

TARIQ 8 Dec 28, 2022
This branch is created to make receive and send data to api using async and await methods

Microverse-Leader-Board Project from module 2 week 4 This branch is created to make receive and send data to api using async and await methods Screens

Akshitha Reddy 6 Apr 22, 2022
The leaderboard website displays scores submitted by different players. It also allows you to send and receive data from API. Build with JavaScript, CSS and HTML.

Leadboard The leaderboard website displays scores submitted by different players. It also allows you to submit your score. All data is preserved using

Fatima Ezzahra elmenoun 4 Jan 31, 2022
Under the Sea is an official AWS workshop delivered by AWS SAs and AWS Partners to help customers and partners to learn about AIOps with serverless architectures on AWS.

Under the Sea - AIOps with Serverless Workshop Under the Sea is an exciting MMORPG developed by the famous entrepreneur behind Wild Rydes, the most po

AWS Samples 4 Nov 16, 2022
Front-end for FireNearby service. View recent fires and sign up to receive alerts: caseymm.github.io/fire-nearby

fire-nearby (firenearby service front-end) This application is composed of three pages: Map of recent fires Sign up form to receive alerts About this

Casey Miller 4 Mar 30, 2022
useOverlay uses floating-ui and framer-moting under the hood, giving you an API that provides great usability.

Create floating things easily useOverlay uses floating-ui and framer-moting under the hood, giving you an API that provides great usability. Warning D

Nedim Arabacı 8 Oct 24, 2022
Project to manage multiple emails at once with lots of customization. You can send and receive emails. Desktop notifications can be modified.

Technologies Used React Redux Tailwind CSS Features Admin dashboard User settings and or user dashboard send emails recive emails Connections through

Multi Email 9 Dec 17, 2022
Receive crypto payments from anywhere around the world, options including native tokens (MATIC, ETHER,BUSD), Tokens (USDT,BUSD), NFTs and more.

Receive payments for service rendered in crypto using different options. Go borderless with bonpay, gain access to varities of crypto assets, safe and

Johnson awah Alfred 6 Nov 11, 2022
Subscribe to rss feeds from anywhere, receive notifications from anywhere.

INK RSS 管理订阅,接收通知 示例网页 · 示例群组 · 报告Bug 介绍 特点 项目背景 TODO 注意事项 部署 额外附赠 使用建议 调查 贡献 作者 协议 介绍 INK RSS 提供及时且多样的 rss 通知服务,借助现有的接口你可以在任意位置订阅,并使用任意方式接收通知,并且所有服务均

null 253 Dec 28, 2022
convert markdown to html in under 5kb

convert markdown to HTML in under 5kb take a look at the to PHP translated version: https://github.com/SimonWaldherr/micromarkdown.php about License:

Simon Waldherr 201 Dec 8, 2022
Here are the projects I completed under freeCodeCamp courses

freeCodeCamp Projects Here are the projects I completed under freeCodeCamp courses. For an overview of the course certifications, please visit my free

Quỳnh Vương 0 Mar 1, 2022
API client to test endpoints over HTTP. Uses superagent under the hood

@japa/client API client to test endpoints over HTTP. Uses superagent under the hood The API client plugin of Japa makes it super simple to test your A

Japa.dev 8 Apr 13, 2022
A smart city community centered application I am building for the Hackers In Residence under the Nkwashi program

A smart city community centered application I am building for the Hackers In Residence under the Nkwashi program. Implementing solutions and automation for potential future problems in the city.

Blessed Jason Mwanza 4 Apr 25, 2022
Website for HKU NLP group (under construction)

hkunlp.github.io A new website for HKU NLP group (under construction). For now this page will host our blog posts (get more info at this week's group

HKU NLP Group 8 Nov 1, 2022
Slack Integration to receive incoming webhooks from openpix.com.br

Slack Integration This is a aws lambda function to receive new transaction informations from OpenPix @ your company's slack workspace. Getting Started

Leandro Alencar 6 Sep 19, 2022
This is a bot for Telegram that can be used to receive webhook notifications from Gitlab. It is built with the Next.js API.

Telegram Bot for Gitlab Webhook ?? Note This project is still in development. Just relax ?? This is a bot for Telegram that can be used to receive web

M. Zakiyuddin Munziri 2 Oct 22, 2022
The project integrates workflow engine, report engine and organization authority management background, which can be applied to the development of OA, HR, CRM, PM and other systems. With tlv8 IDE, business system development, testing and deployment can be realized quickly.

介绍 项目集成了工作流引擎、报表引擎和组织机构权限管理后台,可以应用于OA、HR、CRM、PM等系统开发。配合使用tlv8 ide可以快速实现业务系统开发、测试、部署。 后台采用Spring MVC架构简单方便,前端使用流行的layui界面美观大方。 采用组件开发技术,提高系统的灵活性和可扩展性;采

Qian Chen 38 Dec 27, 2022