mirror of
https://github.com/btouchard/ackify.git
synced 2025-12-30 17:39:44 -06:00
da1f300d2d
Backend changes:
- Add SMTPEnabled flag to distinguish SMTP service from MagicLink authentication
- Fix URL-encoded email decoding in DELETE /signers/{email} endpoint
- Add detailed error logging for expected signer removal operations
- Initialize ReminderAsync and MagicLink services unconditionally
- Update config tests to reflect new MagicLink requires explicit enabling
Frontend changes:
- Add ACKIFY_SMTP_ENABLED window variable for feature detection
- Hide delete button for expected signers who have already signed
- Show email reminders card only when SMTP enabled or history exists
- Display informative alert when SMTP disabled but reminder history present
- Add i18n translations for email service disabled message (5 languages)
These changes improve admin experience by preventing invalid operations
(deleting signers who signed, sending emails without SMTP) and providing
clear feedback about feature availability.
🔐 Ackify
Proof of Read. Compliance made simple.
Secure document reading validation with cryptographic signatures and irrefutable proof.
Website: https://www.ackify.eu
🎯 Why Ackify?
Prove that collaborators have read and acknowledged important documents with Ed25519 cryptographic signatures.
Use Cases:
- Security policy validation
- Training attestations
- GDPR acknowledgment
- Contractual agreements
- Compliance procedures
Key Features:
- ✅ Ed25519 cryptographic signatures
- ✅ Flexible authentication: OAuth2 (Google, GitHub, GitLab, custom) or MagicLink (passwordless email)
- ✅ One signature per user/document (database enforced)
- ✅ Immutable audit trail
- ✅ Expected signers tracking with email reminders
- ✅ Document checksum verification (SHA-256/512, MD5)
- ✅ Public embeddable widgets (Notion, Outline, etc.)
- ✅ Admin dashboard (Vue.js 3 + dark mode)
- ✅ Multilingual (fr, en, es, de, it)
⚡ Quick Start
Prerequisites
- Docker & Docker Compose
- At least ONE authentication method:
- OAuth2 credentials (Google, GitHub, or GitLab), OR
- SMTP server for MagicLink (passwordless email authentication)
Installation
Option 1: Automated Installation Script (Recommended)
# Download and run installation script
curl -fsSL https://raw.githubusercontent.com/btouchard/ackify-ce/main/install/install.sh | bash
# Navigate to installation directory
cd ackify-ce
# Edit configuration with your OAuth2 credentials
nano .env
# Start services
docker compose up -d
# Access web interface
open http://localhost:8080
What the script does:
- Downloads
compose.ymland.env.example - Generates secure secrets automatically:
ACKIFY_OAUTH_COOKIE_SECRET(AES-256 session encryption)POSTGRES_PASSWORD(database password)
- Creates ready-to-use
.envfile - You only need to add your OAuth2 credentials
Option 2: Manual Installation
# Clone repository
git clone https://github.com/btouchard/ackify-ce.git
cd ackify-ce
# Configure
cp .env.example .env
nano .env # Edit with your OAuth2 credentials and generate secrets
# Start services
docker compose up -d
# Verify
curl http://localhost:8080/api/v1/health
# Expected: {"status":"healthy","database":"connected"}
# Access web interface
open http://localhost:8080
Required Environment Variables
# Application
APP_DNS=sign.your-domain.com
ACKIFY_BASE_URL=https://sign.your-domain.com
ACKIFY_ORGANISATION="Your Organization"
# Database
POSTGRES_USER=ackifyr
POSTGRES_PASSWORD=your_secure_password
POSTGRES_DB=ackify
# Security (generate with: openssl rand -base64 32)
ACKIFY_OAUTH_COOKIE_SECRET=your_base64_secret
# ============================================================================
# Authentication (choose AT LEAST ONE method)
# ============================================================================
# Option 1: OAuth2 (Google, GitHub, GitLab, custom)
ACKIFY_OAUTH_PROVIDER=google
ACKIFY_OAUTH_CLIENT_ID=your_client_id
ACKIFY_OAUTH_CLIENT_SECRET=your_client_secret
# Option 2: MagicLink (passwordless email authentication)
# ACKIFY_MAIL_HOST=smtp.example.com
# ACKIFY_MAIL_PORT=587
# ACKIFY_MAIL_USERNAME=your_smtp_username
# ACKIFY_MAIL_PASSWORD=your_smtp_password
# ACKIFY_MAIL_FROM=noreply@example.com
Auto-detection:
- OAuth is enabled automatically if
ACKIFY_OAUTH_CLIENT_IDandACKIFY_OAUTH_CLIENT_SECRETare set - MagicLink is enabled automatically if
ACKIFY_MAIL_HOSTis configured - You can use both methods simultaneously for maximum flexibility
See docs/en/configuration.md for all options.
📸 Screenshots
Home |
Signing |
Confirmed |
Confirmations |
Admin dashboard |
Admin document |
Outline |
📚 Documentation
Getting Started
- Getting Started - Installation & first steps
- Configuration - Environment variables
- OAuth Providers - Google, GitHub, GitLab, Custom
- Email Setup - SMTP configuration
Features
- Signatures - Ed25519 cryptographic flow
- Expected Signers - Tracking & reminders
- Checksums - Document integrity verification
- Embedding - oEmbed, iframes, integrations
- i18n - Internationalization (5 languages)
Technical
- Architecture - Tech stack & design principles
- Database - PostgreSQL schema & migrations
- API Reference - REST endpoints & examples
- Deployment - Production with Docker Compose
- Development - Contributing & setup
🚀 Usage
Request a Signature
https://your-domain.com/?doc=security_policy_2025
User authenticates (OAuth2 or MagicLink) and signs with one click.
Embed in Your Tools
iFrame:
<iframe src="https://your-domain.com/embed?doc=policy_2025"
width="600" height="200" frameborder="0"></iframe>
oEmbed (Notion, Outline, Confluence):
Paste the embed URL: https://your-domain.com/embed?doc=policy_2025
Automatic embed via oEmbed discovery
Open Graph (Slack, Teams):
Paste direct URL: https://your-domain.com/?doc=policy_2025
URL unfurls automatically with signature count
Important
: Use
/embed?doc=...for iframe integrations (Notion, Outline) and/?doc=...for direct links (emails, Slack).
See docs/en/features/embedding.md for details.
🛡️ Security
- Ed25519 - State-of-the-art elliptic curve signatures
- SHA-256 - Payload hashing for tampering detection
- PKCE - OAuth2 security (automatic)
- AES-256-GCM - Encrypted refresh tokens
- Immutable timestamps - PostgreSQL triggers
- Rate limiting - 5 auth/min, 100 req/min
- HTTPS enforced - Secure cookies only
See docs/en/architecture.md for full security details.
🔧 Tech Stack
Backend: Go 1.24.5, PostgreSQL 16, Chi Router, OAuth2, Ed25519
Frontend: Vue 3, TypeScript, Vite, Pinia, Tailwind CSS, shadcn/vue
DevOps: Docker, Multi-stage builds, Distroless image (< 30MB)
i18n: 5 languages (fr, en, es, de, it)
Coverage: 72.6% (180+ unit tests, 33 integration tests)
🤝 Support
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Email: contact@ackify.eu
📄 License
AGPLv3 - See LICENSE for details.
Developed with ❤️ by Benjamin TOUCHARD