{"id":23814420,"url":"https://github.com/stuartpb/mellonine","last_synced_at":"2025-07-24T20:39:58.099Z","repository":{"id":8840467,"uuid":"10545248","full_name":"stuartpb/mellonine","owner":"stuartpb","description":"Dial friend and enter","archived":false,"fork":false,"pushed_at":"2014-01-06T09:03:09.000Z","size":2368,"stargazers_count":1,"open_issues_count":4,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-02T03:47:30.384Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://mellonine.herokuapp.com","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stuartpb.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-06-07T08:06:30.000Z","updated_at":"2019-07-26T10:30:17.000Z","dependencies_parsed_at":"2022-09-19T14:22:46.462Z","dependency_job_id":null,"html_url":"https://github.com/stuartpb/mellonine","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stuartpb%2Fmellonine","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stuartpb%2Fmellonine/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stuartpb%2Fmellonine/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stuartpb%2Fmellonine/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stuartpb","download_url":"https://codeload.github.com/stuartpb/mellonine/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240079640,"owners_count":19744726,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-02T03:47:32.863Z","updated_at":"2025-02-21T20:17:19.271Z","avatar_url":"https://github.com/stuartpb.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# mellonine\n\nMy apartment building's front door security system is designed so that each\ntenant's phone number is listed in the system, and, when a tenant has a guest,\nthe visitor can look up the tenant's name in the building directory and dial a\ncorresponding code for that tenant (usually the last four digits of that\ntenant's phone number). Once dialed, the system will call that tenant's phone,\nand, if the call is answered, it will connect the tenant's phone to the\nintercom in the antechamber where the visitor is standing, at which point the\ntenant can verify the visitor's identity and unlock the door by dialing '9' on\ntheir phone's keypad.\n\nIn practice, what I've found is that, half of the time, visitors bypass this\nsystem altogether (by being let in by another resident coming in the door, or\nby the concierge, or by walking in as a pizza delivery person is walking out).\nIn the cases where visitors do use the system to gain access, I'm indisposed,\nor my phone is across the room, or I need to wash my hands, and I can't answer\nthe call.\n\nThis app is designed to handle these calls for me, by prompting the visitor for\na passcode, then respoding with a '9' dialtone to let them in (or refusing them\nif the passcode is incorrect).\n\nThe name comes from \"mellon\", the Elvish word for friend that opens the doors\nto the Mines of Moria, and \"nine\", the DTMF digit that opens the doors to my\napartment building.\n\n## Configuration\n\nmellonine uses [envigor](https://github.com/stuartpb/envigor) configuration for\n**port** and **redis**.\n\n## Application security\n\nWhile most of the database security issues of the original application have\nbeen resolved by moving the configuration to stateless request parameters,\nthere are still two holes:\n\n1. Requests are logged, meaning configuration details can still be discovered\n   by gaining access to the logs (although the leaking of the passcodes can be\n   mitigated by submitting a bcrypted hash of the passcode as \"bcryptPasshash\"\n   instead of the plaintext \"passcode\" parameter).\n2. Unlock tokens are free to be read and set, meaning that, if you know a token\n   is currently in the system and its identifier is sufficiently weak, you may\n   find it via brute force and subsequently set it at will.\n\nI consider both of these acceptable risks.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstuartpb%2Fmellonine","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstuartpb%2Fmellonine","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstuartpb%2Fmellonine/lists"}