Hello everyone, We built clubsall, a frontend for federated content. Since the goal is to help build a reddit competitor, open sourcing is the logical next step.
However, without a review, I am afraid website could get hacked quickly.
Does someone with experience in scanning code for security issues or white hat hacking wants to help increase confidence so I can open source it?
Why another reddit competitor? There is already Lemmy.
Well there are in fact other options than Lemmy already, like Mbin and Piefed. This is good - more options means users have more choices and they all still interoperate so everyone can choose what they want without being separated.
Update on this request: A developer approached me and is not only helping me with review and fix security issues. We found quite concerning security issues, so I think the decision to have another person look at this was right one.
We discussed and found that we need to do following work
- Redo backend/api so it is more robust, while doing that it will also become Lemmy API compatible
- Fix client so it adapt to any API changes
- Move from cloudflare workers to docker, so it can be self hosted
- Move from D1 to postgres (D1 has 10GB limit, ClubsAll db is already 5GB), so it is scalable
- Move production to a VM or k8s cluster so we can host our own DB, backend and frontend instead of CF workers
We have some work to do but will have a good product at the end of it. We will update further once we get this work done. Thanks to everyone to your thoughts and offers to help.
