Skip to content

Latest commit

 

History

History
83 lines (56 loc) · 4.27 KB

README.md

File metadata and controls

83 lines (56 loc) · 4.27 KB

Security Rating Maintainability Rating Reliability Rating Code Smells Technical Debt Vulnerabilities Bugs FOSSA Status CII Best Practices

Gender Equality Community Whatsapp Bot

The GEC Bot does two things:

  1. It receives WhatsApp messages from people who want to talk to the GEC anonymously
  2. It sends responses back to people anonymously too

Infrastructure diagram showing how GEC components talk to one another

Configuration

Required environment variables

$ export REDIS_ADDR=redis:6379
$ export DATABASE=/tmp/database.db   # Created if it doesn't exist

Auto-responses

This bot provides some default messages, defined in config.go

  1. Greeting response is sent when a recipient sends a message sends us a greeting
  2. Thank You response is sent when a recipient sends us a message and is capped at a max of 1 per 30 mins
  3. Disclaimer response is sent to ensure recipients don't send us stuff we can't deal with.

These can be overrided with the following respective environment variables:

$ export GREETING="Hello <3"
$ export THANK_YOU="Thanks! We'll get back to you"
$ export DISCLAIMER="Be aware that there's stuff we can't do!"

Anonymisation

For each new recipient we generate a random code name using the Diceware Password Generator, as per:

l, err = diceware.Generate(3)
if err != nil {
    return
}

id = strings.Join(l, "-")

We then check whether this ID is already present in our database. This gives keys like:

overhand-subdivide-thaw
promotion-basically-unreal
clumsily-tag-gizmo

These are used to group messages from a recipient later on, through slack.

However

The process of generating an ID and assigning it to a WhatsApp recipient is not a one-way transformation. With access to either the burner phone driving this app, or the underlying database, its possible to figure out who sent what message. This is unavoidable, and good security practice is necessary.

On Redis Streams

This application passes messages along via redis streams; these are lightweight, as quick as we need them, and can be run in cluster. This is important; by segregating as much as possible from the outside world/ outside users we can keep user data secure.

Deployment

See the Gender Equality Community kubernetes operator

License

FOSSA Status