Anonpost allows users to anonymously post messages.

###Demo

A demo of this application can be found here. All admin functions are unlocked (without the need for a passcode), and all IPs and user-agents are hashed for a level of privacy.

###Flow/How this works

1. User submits message on homepage (/)
2. Message is sent for approval by the site owner (posts go to /admin)
3. Message is checked by a regex filter (can be set by an admin at /filter)
4. Message is actioned upon by the owner and posted in the intended location

###Example uses

• Complaint/feedback box
• Anonymous posting to social media (shared Facebook account/page, shared twitter account)

###Config

Once you get this app up and running, there are still a few things that have to be done in order to make this app operational.

####Google Authenticator Setup

1. Download Google Authenticator from the App Store (iOS | Android)
2. Go to /getga and scan the QR code from within the app
3. Login to the admin console at /adminon with one of the codes generated by Google Authenticator

Warning: Once this QR code is used to login, it is inaccessible to the public. To generate another code, login to the admin console, go to the Dashboard (/dashboard), and generate the new code. Note that the new code is the only code that works effective immediately.

####General Flask Settings

1. Set the environment variable SECRET_KEY to the secret key of your choice. Note that it should be fairly complex.
2. Add the environment variable PRODUCTION and set its value to "TRUE"

####POSTing/IFTTT

Note: use of IFTTT is recommended for this application as it allows access to a large number of external services

1. Create an account at IFTTT.com, and create a recipe.
2. Make the trigger channel the Maker Channel. The event name can be anything.
3. Make the post channel anything of your chosing. Note that the body of the text is posted as the variable value1.
4. Add the URL generated by IFTTT to the environment variable POST_URL
5. Remember to enable the recipe and test it.

###Admin Functions

This webapp includes several tools for administrators in order to prevent abuse.

####Filter

The filter found at /filter is set using regex. Any post that matches the regex will be prefiltered. (The filter is completely optional - it was made to prevent tedious actions if a certain word will always result in a removal)

####Approval Screen

Incoming posts can be approved/rejected at /admin. Approved posts will be posted to the POST_URL, removed posts just stay there (the status changes though). To view only unactioned posts, go to /admin?status=unset

####IP Ban Screen

IPs can be banned at /banip. Note that IPs should only be banned if an overwhelming amount of abuse is coming from one IP, as one IP can represent large groups of people.

There are 2 types of bans - quiet and public. Quiet bans will be invisible to the user. The only change is that on submission, submissions will be marked (and also hidden from the "unmoderated" view). Public bans will be very clear to the user (the view can be seen here in the demo).

If the ban is public, a custom ban message will be displayed on the ban page. A private ban note field is also available for more sensitive info.

The duration is entered in seconds. For a permanent ban, enter -1.

####Additional Config

On the dashboard (/dashboard), the Google Authenticator token can be reset. Note that only 1 token can be active at a time. When a new token is issued, the old one no longer works.

###Future Expansion

Some possible things that could be added in the future:

• An actual admin account (instead of relying on Google Authenticator's passcode)
• An option to post directly if the post passes the filter
• Better CSS

Other ideas can be suggested in the Github issue tracker :)