{"id":15647593,"url":"https://github.com/drdaeman/firesync","last_synced_at":"2025-03-29T23:25:25.245Z","repository":{"id":139587183,"uuid":"108331162","full_name":"drdaeman/firesync","owner":"drdaeman","description":"Fully standalone self-hosted Firefox Accounts and Sync suite. Primary repo is on GitLab, this one is a mirror.","archived":false,"fork":false,"pushed_at":"2018-12-26T23:13:02.000Z","size":98,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-02-05T00:46:32.256Z","etag":null,"topics":["firefox","firefox-accounts","firefox-sync","python","self-hosted","sync","synchronization"],"latest_commit_sha":null,"homepage":"https://gitlab.com/drdaeman/firesync","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/drdaeman.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-10-25T22:05:17.000Z","updated_at":"2023-05-05T19:09:04.000Z","dependencies_parsed_at":null,"dependency_job_id":"b0145178-8991-4221-aeb5-c8ee3326b3da","html_url":"https://github.com/drdaeman/firesync","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drdaeman%2Ffiresync","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drdaeman%2Ffiresync/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drdaeman%2Ffiresync/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drdaeman%2Ffiresync/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/drdaeman","download_url":"https://codeload.github.com/drdaeman/firesync/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246258031,"owners_count":20748501,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["firefox","firefox-accounts","firefox-sync","python","self-hosted","sync","synchronization"],"created_at":"2024-10-03T12:20:04.414Z","updated_at":"2025-03-29T23:25:25.227Z","avatar_url":"https://github.com/drdaeman.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"FireSync\n========\n\nThis project is meant to be an as-small-as-possible completely\nstandalone server that replaces Firefox Accounts and Firefox Sync 1.5\nservices, allowing for completely self-hosted sync without\na single connection to Mozilla servers.\n\nCaveat emptor\n-------------\n\nThis project is currently **cannot be considered secure**.\nDo **not** use this for anything you need real security for.\nIf you or someone you know can audit this - I'd appreciate it.\n\nSome, but not all known security issues:\n\n1. Login page is server over the network and is prone to malicious adversary\n   injecting JS or spoofing HTML to leak your password. That said, the server\n   cannot be trusted to have \"zero-knowledge\".\n\n   This issue can only be fixed by Mozilla.\n\n   Current FireSync implementation *intentionally* sends password\n   *in plaintext* (still *using TLS*, but plaintext *inside*) over the network.\n   Better not rely on JS crypto, it'd only give a false sense of security.\n\n2. PyBrowserID library has broken RSA implementation that's silently used\n   if M2Crypto (or PyCryptodome as its drop-in replacement) is not available.\n   There's a hack in `settings.py` that forcibly prevents PyBrowserID from\n   even trying to work if M2Crypto is missing, but if you're embedding this\n   into some existing project, you should be aware of this issue.\n\n3. The whole Mozilla Services system is a complicated mess (in my personal\n   opinion). The particular issue is that documentation about how those\n   things are used is scarce in some areas - the general picture\n   is relatively well explained, but the devil's in the details,\n   and they're not always here.\n   \n   So I just cannot vouch my implementation is correct. It *seems* to work\n   *at the moment*, but that's all I can tell. But I can also tell that I've\n   suspended and resumed this project a few times, and every single time\n   I got back to my code, something that had worked before was broken.\n   So I can't think of this as anything but fragile.\n   \nWhat (hopefully) works\n----------------------\n\n- Firefox Accounts service implementation. One can log in.\n\n- Token Server also works. Not in a way it does on \"real\" Mozilla\n  services, but it issues tokens that are understood by our\n  Sync service and that should be enough, at least for starters.\n  \n- Some parts of Sync service are here. I was able to get two\n  Firefox instances sync with each other, although there were\n  some occasional problems (e.g. not seeing other browser's updates)\n  that I haven't debugged yet.\n\n- Profiles return username, email address and a static picture.\n  This uses very primitive OAuth2 token server implementation\n  that's not suitable for storing any really private data.\n  So, be sure to read the source code about the limitations.\n\nWhat doesn't (TODO)\n-------------------\n\n- Sync implementation is incomplete.\n\n- Profile editing is not implemented.\n\n- Signing up. Currently you have to use Django admin\n  (or `createsuperuser` command) for this.\n\n- This project needs an extensive test suite that can be ran both\n  against the official servers and this implementation.\n\n\nLicense\n-------\n\nThis program is free software: you can redistribute it and/or modify\nit under the terms of the GNU General Public License as published by\nthe Free Software Foundation, either version 3 of the License, or\n(at your option) any later version.\n\nThis program is distributed in the hope that it will be useful,\nbut *without any warranty*; without even the implied warranty of\n*merchantability* or *fitness for a particular purpose*.  See the\nGNU General Public License for more details.\n\nYou should have received a copy of the GNU General Public License\nalong with this program.  If not, see \u003chttp://www.gnu.org/licenses/\u003e.\n\nUser profile icon (janus/static/profile.png) was made by CreativeTail.com\nand is licensed under the Creative Commons Attribution 4.0\nInternational (CC BY 4.0) license. More information about this license\ncan be found at \u003chttps://creativecommons.org/licenses/by/4.0/\u003e.\nActual PNG file was downloaded from Wikimedia Commons website.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdrdaeman%2Ffiresync","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdrdaeman%2Ffiresync","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdrdaeman%2Ffiresync/lists"}