• Stars
    star
    453
  • Rank 96,573 (Top 2 %)
  • Language
    Ruby
  • License
    GNU Affero Genera...
  • Created over 9 years ago
  • Updated 6 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

The EFF Action Center Platform

Build Status

Action Center Platform

The Action Center Platform is an online organizing tool maintained by EFF. Administrators can create targeted campaigns where users sign petitions, contact legislators, and engage on social media.

Setup

Follow these instructions to run the Action Center using Docker (recommended). To run the Action Center without Docker, see setup without Docker.

  1. Install Docker (instructions) and Docker Compose (instructions).
  2. git clone https://github.com/EFForg/action-center-platform.git
  3. Copy docker-compose.yml.example to docker-compose.yml, and .env.example to .env. Fill in the variables in .env according to the instructions in that file. See notable dependencies for hints.
  4. Build the docker image: sudo docker-compose build
  5. Run the application: sudo docker-compose up
  6. In a new tab, get a bash shell with access to your app: sudo docker-compose exec app bash.
    1. If you aren't running migrations automatically, run rake db:migrate to migrate the database.
    2. Run rake congress:update to populate CongressMember table.

Notable Dependencies

  • Amazon S3 secret key and key id
    • Allows admins to upload images for the ActionPages
  • SmartyStreets API key and id
    • Allows Congress members to be looked up for users
  • Phantom of the Capitol whitelisting on server side?
    • Allows users to submit e-messages to congress
  • Call Congress url and API key
    • Connects calls between citizens and their congress person using the Twilio API

Using the Action Center

Action Center administrators can create four types of actions:

  • Call Action
    • A user is connected to a political leader by phone, leaving a message or sometimes speaking to an aid.
    • The user is shown a script to read and enters their phone number and email
    • When they submit their info, they are called and the process begins.
  • Congress Action
    • A user stepped through a four-part form to submit their comments to their congress person.
    • Page 1 asks for the user's street address and zip code.
    • Based on this information, page 2 displays the user's representatives. User can select which representatives they wish to contact. Then they choose what to fill in for whatever required fields for each representative selected.
    • Page 3 asks the user to customize the message to be delivered.
    • Page 4 is the Thank You page with share links for social media.
    • When creating the action, admin can choose House, Senate, Both or specific legislators
  • Petition Action
    • A user signs a petition, leaving an email address and sometimes location data.
    • Optionally, users can petition local institutions (like universities) and see signatures by institution.
  • Tweet Action
    • A user is invited to join a tweet action using their twitter account.
  • Email Action

Shared Elements of All Actions

  • User is presented with a Thank You page at the end where they are invited to share the action via social media.
  • When creating an action, admin can add partner organizations.
  • Admin can also customize share messages and thank you email.
  • Admin chooses a banner image form the library
  • The title for the action form is always "Take Action".

Administering Users

To get started using the Action Center, create a user and grant them admin privileges. Administrators can create, track, and manage campaigns.

To create an admin user:

  1. If the user doesn't exist yet, create them through the web interface by following the register link in the top nav.
  2. Run the rake task to grant them admin access (including square brackets):
rake users:add_admin[[email protected]]

New users will need to complete an e-mail confirmation in order to log in. Administrators can access admin features by clicking admin in the nav.

To remove an admin user:

rake users:remove_admin[[email protected]]

To list all admin users:

rake users:list_admins

Delayed Jobs and Cron

Action Center uses DelayedJob to perform certain tasks outside of a web request context. See that repository for information regarding how to run a delayed job worker. If you are deploying with Docker, our docker-compose.yml.example shows how to create a service which processes the job queue indefinitely.

You may also want to automate certain other tasks (such as rake signatures:deduplicate and rake congress:update) to run occasionally. For those deploying with Docker, docker-compose.yml.example illustrates how to create a service which runs these commands periodically using cron.

Embedding Actions

Embedding actions is simple. Just include the following HTML on the page you want the action to be embedded:

<script type="text/javascript" src="https://act.eff.org/action/embed"></script>
<a class="action-center-widget" href="https://act.eff.org/action/shut-the-nsa-s-backdoor-to-the-internet">Take part in the action!</a>

The link href should point to the action page you wish to embed. You may add ?nosignup=1 to the URL to get newsletter signup fields omitted from the action.

If you want to get fancy, you can modify the embed code to include some of the following parameters, all of which are optional:

<script type="text/javascript">
    var ac_embed = {};
    ac_embed.css = "https://example.com/hello.css"; // specify a css file url. File must be globally available (i.e. on the Internet, not local or staging).
    ac_embed.width = 500; // specify a width manually
    ac_embed.no_css = true; // remove all default styles
    ac_embed.css_content = "#some_elem"; // specify an element which itself contains some styles
    ac_embed.bioguide_ids = ["ID1", "ID2"...] // bioguide IDs of congress members to target
</script>
<script id="some_div" type="text/x-css-content">
    body{
        background-color: blue;
    }
</script>
<script type="text/javascript" src="https://act.eff.org/action/embed"></script>
<a id="action-center-widget" href="https://act.eff.org/action/shut-the-nsa-s-backdoor-to-the-internet">Take part in the action!</a>

Testing

To run the full test suite, simply run rake with no arguments.

Rspec tests are used for unit testing the app, and some integration testing. Cucumber tests are used for testing API keys, javascript tests, and feature tests.

We use WebMock to stub backend requests to third party services and Puffing Billy to stub frontend (Ajax) requests. Puffing Billy will cache unrecognized requests and play them back during future test runs. To prevent Puffing Billy from making any new requests, set DISABLE_PUFFING_BILLY_REQUESTS=true.

Linting

rake will also run our linting:

Rubocop

Rubocop checks for consistent style across the Ruby areas of the codebase. We use a modified version of Rubocop-Github to stay consistent with SEC.

[Sass Lint] (https://github.com/sasstools/sass-lint)

Sass-lint checks for consistent style across the stylesheets. Our .sass-lint file is derived from SEC.

Deployment

For notes related to deploying Action Center in production, see the project wiki.

Acknowledgements

This project was created by Lilia Kai, Thomas Davis, and Sina Khanifar. Large portions of the codebase are directly attributable to them, while under the employ or contractorship of the Electronic Frontier Foundation in 2014. Thank you Lilia, Thomas, and Sina! The Action Center is currently maintained by the EFF Engineering and Design team.

Styling

The styling is done with SCSS. The partials files are in the stylesheets directory. Admin files are in their own subdirectory.

Bootstrap is also used for much of the styling. Please see the stylesheets/application/bootstrap-custom.scss for what styles may be used.

Bootstrap is used only for styling, not for javascript.

File Structure

  • The home page layout is in views/welcome/index.html.erb.
  • The main internal layout is in views/layouts/application.html.erb.
  • Individiual action views are in views/tools/.
  • User pages are in views/devise.
  • All admin layouts are in views/admin.

Licensing

See the LICENSE file for licensing information. This is applicable to the entire project, sans any 3rd party libraries that may be included.

More Repositories

1

https-everywhere

A browser extension that encrypts your communications with many websites that offer HTTPS but still allow unencrypted connections.
JavaScript
3,364
star
2

privacybadger

Privacy Badger is a browser extension that automatically learns to block invisible trackers.
JavaScript
3,172
star
3

crocodilehunter

Taking one back for Steve Irwin γ€€ γ€€ (๑‒̀ㅂ‒́)و
Python
968
star
4

apkeep

Rust
827
star
5

OpenWireless

The official home of the EFF OpenWireless Project
JavaScript
731
star
6

privacybadgerfirefox-legacy

LEGACY Privacy Badger for Firefox SEE README
JavaScript
408
star
7

starttls-everywhere

A system for ensuring & authenticating STARTTLS encryption between mail servers
Python
371
star
8

yaya

Yet Another Yara Automaton - Automatically curate open source yara rules and run scans
Go
264
star
9

cover-your-tracks

Is your browser safe against tracking?
JavaScript
193
star
10

phantom-of-the-capitol

181
star
11

dnt-guide

How to Implement DNT
132
star
12

badger-sett

Automated training for Privacy Badger. Badger Sett automates browsers to visit websites to produce fresh Privacy Badger tracker data.
Python
119
star
13

cryptolog

Cryptolog is a tool for anonymizing webserver logs.
Python
68
star
14

cryptobot-email

Python
61
star
15

actioncenter-mobile

2.0
JavaScript
60
star
16

dnt-policy

dnt-policy
44
star
17

sec

Security Education Companion
JavaScript
38
star
18

spot_the_surveillance

Spot the Surveillance is an open-source educational VR tool to help people identify street-level surveillance in their community. As each surveillance device is identified, the user is informed on how the device is used via text and narration. The experience is created with accessibility in mind, so is entirely gaze-based for people with mobility challenges. Audio is also used to assist low-vision users.
JavaScript
34
star
19

www-l10n

31
star
20

rayhunter

Rust tool to detect cell site simulators on an orbic mobile hotspot
Rust
31
star
21

pushserver

A server for sending push notifications to mobile apps
JavaScript
30
star
22

privacybadger-website

Code and content of https://privacybadger.org
SCSS
25
star
23

badger-swarm

Runs distributed Badger Sett scans on Digital Ocean.
Shell
24
star
24

design

Open Source product design resources
22
star
25

starttls-backend

STARTTLS Everywhere web backend and checker
Go
18
star
26

https-everywhere-lib-wasm

A library for HTTPS Everywhere which compiles to WASM
Rust
16
star
27

webrequest-tlsinfo-api

A proposed addition to the Web Extensions API for providing TLS and X.509 information to addons
15
star
28

smtp-tls-history

Produce graphs of the historical (in)security of SMTP transmissions by parsing mailboxes
Python
13
star
29

https-everywhere-lib-core

Core Rust library for HTTPS Everywhere
Rust
12
star
30

trackerlab

EFF's Tracker Blocking Laboratory is an experimental project to test heuristic blocking of non-consensual online tracking. It's based on AdBlock Plus.
D
11
star
31

https-everywhere-docker-base

The Dockerfile for installing all the system-level requirements for HTTPS Everywhere
Dockerfile
11
star
32

onlinecensorship

Ruby
11
star
33

eff_diceware

A ruby gem for creating secure passphrases using EFF's long wordlist.
Ruby
10
star
34

cyberspying

cyberspying.eff.org twitter tool
JavaScript
10
star
35

ssd-l10n

ssd-l10n
10
star
36

https-everywhere-atlas

Static site generator for the HTTPS-Everywhere atlas.
CSS
10
star
37

starttls-policy-cli

Python
9
star
38

stopwatchingus

StopWatching.us Site
HTML
9
star
39

sas

Stand Against Spying
HTML
9
star
40

https-everywhere-standalone

Transparently redirect insecure HTTP to secure HTTPS using HTTPS Everywhere and `mitmproxy`
Python
9
star
41

congress-forms-test

Way for volunteers to test EFF's congress-forms repo
JavaScript
8
star
42

observatory

Python
7
star
43

dayofaction-banner

User-installable banner for activism campaigns
CSS
7
star
44

generate-smarter-encryption-bloom-filter

Generates the bloom file needed for HTTPS Everywhere's DuckDuckGo Smarter Encryption update channel.
Rust
6
star
45

starttls-frontend

Static front end for the STARTTLS scanner
CSS
6
star
46

OpenWireless-WebUI

Open Wireless Web UI
6
star
47

tokio-dl-stream-to-disk

A micro-library for downloading from a URL and streaming it directly to the disk
Rust
6
star
48

congress_forms

Ruby
5
star
49

congress-forms.js

A javascript widget which can construct plain forms that submit to a contact-congress server.
JavaScript
5
star
50

aws_one_click_staging

Ruby
4
star
51

psi-tumblr-crawler

JavaScript
4
star
52

https-everywhere-full-fetch-test

A docker wrapper to generate a patch after a full fetch test
Dockerfile
4
star
53

projectsecretidentity

CSS
4
star
54

ow-python

stripped down implementation of python for openwireless
4
star
55

org.eff.optimizedautocomplete

CiviCRM extension: Optimize the autocomplete search box mysql queries so they're more efficient on large databases
PHP
4
star
56

congress-pics

Generate dynamic images for members of congress
4
star
57

congress_forms_api

Ruby
4
star
58

fight215

JavaScript
3
star
59

roaming-android-mitm

Shell
3
star
60

ngw-website

JavaScript
3
star
61

httpse-ruleset-tests

JavaScript
3
star
62

lemonhrm

Fork of orangehrm open source hr management tool. Adds e-mail notifications and additional fields to the recruitment module.
PHP
3
star
63

psi-tumblr-uploader

2
star
64

eff_fab

Ruby
2
star
65

digitalcitizen

2
star
66

SEC-LevelUp

This repository is for the Level Up community to report issues with the Security Educatoin Companion, which is currently maintained by EFF. EFF is not actively developing this site and is not accepting feature requests..
2
star
67

active_preview

Rails plugin to make previews of active record objects
Ruby
2
star
68

rails_response_headers

Configure ActionController response headers with YAML.
Ruby
2
star
69

actioncenter-feedback

Repo for getting feedback on the new actioncenter
2
star
70

tosback2

HTML
2
star
71

stop-sesta

CSS
2
star
72

find-aa-domains

Create a script to find domains in the PB pre-block list which are mentioned in the Acceptable Ads list as well
JavaScript
2
star
73

privacybadger-test-fixtures-subdomain

Test fixtures for Privacy Badger
HTML
1
star
74

https-everywhere-labeller

Alexa Labeller for HTTPS Everywhere Repo
JavaScript
1
star
75

eff_matomo

Matomo API in Ruby
Ruby
1
star
76

sovereign-keys

C++
1
star
77

privacybadger-test-fixtures

Test fixtures for Privacy Badger
HTML
1
star
78

dear_fcc

Dear FCC
Ruby
1
star
79

fingerprinting-list

1
star
80

https-docs

1
star
81

petition-widget

Boilerplate code for embedding petitions
CSS
1
star
82

apkeep-files

1
star
83

ruby-civicrm

Ruby client for CiviCRM REST interface
Ruby
1
star