Server for the tweasel.org platform, allowing users to analyse Android and iOS apps for data protection violations and send complaints about them to the data protection authorities.
Tweasel is a project building infrastructure for detecting and complaining about tracking and privacy violations in mobile apps on Android and iOS. The platform lies at the heart of the project, providing an accessible web interface for end users.
It uses Astro in SSR mode as the web framework and EdgeDB as the database. For our integration tests, we use Cypress.
Many of the specific functions of the platform have been intentionally built as separate tools and libraries that can also be used indepentently. The platform server does not run the actual analyses itself. It instead delegates that to separate runners. This not only allows for more flexibility in deploying the platform, but also provides security isolation benefits. Currently, only analysis-runner-local
is implemented, which runs the analyses on locally connected devices/emulators.
To run the project locally for development, follow these steps:
yarn
in the root directory of the repo to fetch all required dependencies.edgedb project init
to set up the database. You can refer to the EdgeDB documentation for more details.You will need to set a few environment variables that are required for the server. You can do that by copying the file .env.sample
to .env
and editing it accordingly. The variables set there will be automatically picked up by the server. Alternatively, you can also set them interactively in your terminal.
A few notes on what you need to set:
*_RUNNER_API_URL
and *_RUNNER_TOKEN
configure the connection to the analysis runner described above. Check out the documentation of analysis-runner-local
on how to set that up.
Depending on what you want to work on, you may not need to set up a full analysis runner, which can be a little cumbersome and resource-intensive. As part of our test suite, we also have a mock analysis runner that accepts all analysis requests for any platform but never actually processes them. You can start it by running yarn mock-analysis-runner
. It will listen on http://localhost:3000
and accept any token.
RATELIMIT_POINTS
configures the ratelimit, as the name implies. In production, this is set to 50 points. But unless you are working on ratelimiting, you probably want to set this much higher, lest you constantly hit the ratelimit during development. Hint: If you do, you can just restart the server to reset it.yarn dev
to start the server in development mode. It will be available at http://localhost:4321
and automatically reload for any changes you make.If you need to change the schema of the database, you will need to create a migration using EdgeDB.
During development, you will likely iteratively work towards the final schema changes and having to create a migration for each step is quite annoying. Additionally, we also prefer to not have those effectively useless migrations in the repository.
Luckily, EdgeDB has a solution for this. You can run edgedb watch
while developing. This will automatically apply all schema changes to your local development database as you make them. Once you are done, run edgedb migration create
and edgedb migrate --dev-mode
to actually create and commit the migration. Check out the EdgeDB docs on migrations for more details.
First of all, thank you very much for your interest in contributing! Contributions are incredibly valuable for a project like ours.
We warmly welcome issues and pull requests through GitHub. You can also chat with us through Matrix, either through the Tweasel room or the space for datarequests.org. Feel free to ask questions, pitch your ideas, or just talk with the community.
Please be aware that by contributing, you agree for your work to be released under the MIT license, as specified in the LICENSE
file.
If you are interested in contributing to Tweasel and datarequests.org in other ways besides coding, we can also really use your help. Have a look at our contribute page for more details.
The code for this site is licensed under the MIT license. See the LICENSE
file for details.