Fuxle/fedi2fax
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Fedi2Fax - Lauscht im Fediverse auf Erwähnungen und schickt ein Fax via Asterisk los
4 commits 1 branch 0 tags 52 KiB
Find a file
Exact
Moritz Hofmann b09e700e82 Fix security vulnerabilities and code quality issues 
api/app.py:
- Add MAX_CONTENT_LENGTH (20 MB) to prevent OOM from large uploads
- Add channel validation regex to prevent callfile injection via newlines
- Wrap temp directory cleanup in try/finally to prevent leaks on exceptions

bot/bot_fax.py:
- Add item_id validation (_ITEM_ID_RE) to all 5 routes to prevent path traversal
- Set Image.MAX_IMAGE_PIXELS = 4MP to prevent decompression bomb attacks
- Extract _flatten_to_greyscale helper to eliminate duplicate RGBA conversion code
- Add logging for expired pending items in pending_watcher
- Add logging for corrupted meta.json in load_meta

.gitignore:
- Add standard Python exclusions (__pycache__/, *.pyc, .pytest_cache/, etc.)

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
2026-02-28 20:47:52 +01:00
api Fix security vulnerabilities and code quality issues 2026-02-28 20:47:52 +01:00
asterisk/etc/asterisk Split API service and improve bot resilience 2026-02-22 14:19:40 +01:00
bot Fix security vulnerabilities and code quality issues 2026-02-28 20:47:52 +01:00
.gitignore Fix security vulnerabilities and code quality issues 2026-02-28 20:47:52 +01:00
docker-compose.yml Split API service and improve bot resilience 2026-02-22 14:19:40 +01:00
README.md Split API service and improve bot resilience 2026-02-22 14:19:40 +01:00

README.md

Fedi2Fax Bot

TL;DR Fritz!Box auf Telefonnummer 1000 mit Passwort 1000 als Fax-Gerät anmelden. Fax an Box hängen und sollte funzen. Ggf. IP-Bereich in pjsip.conf ändern.

Services

  • fax-api: REST API for sending faxes (POST /fax).
  • masto-bot: Mastodon listener that renders posts and sends them to fax-api.

REST API

POST /fax expects multipart/form-data with:

  • endpoint: phone endpoint/channel (e.g. PJSIP/1000)
  • tiff: black/white TIFF file

Optional webhook: set FAX_WEBHOOK_URL to receive the TIFF and phone number as a POST payload.

Notes

masto-bot must use FAX_API_URL and does not write to the Asterisk spool directly.

Migration: on first start, masto-bot copies legacy queue data from LEGACY_FAX_QUEUE_DIR into its local queue if the target is empty, so previously sent/seen items are preserved.