root
/
threadr.lostcave.ddnss.de
3
1
Fork 2
Code Issues 1 Pull Requests 1 Projects Releases Wiki Activity
The new home of the ThreadR Forum Engine https://threadr.lostcave.ddnss.de
1,221 Commits
3 Branches
0 Tags
16 MiB
Go 66.3%
HTML 24.4%
CSS 5.6%
Python 3.7%
 
 
 
 
Go to file
Joca f4bc5c925c
Remove CSRF, add password change, admin user management 
Stripped all CSRF token generation, injection, and validation since it
breaks behind Apache reverse proxy. Removed handlers/csrf.go, stripped
CSRFToken from PageData, removed validateCSRFToken from all POST handlers,
and cleaned up hidden inputs and JS CSRF references.

Added self-service password change at /password/ with current-password
verification and bcrypt update. New Password link in navbar.

Extended admin panel with user management: lists all users with join dates
and allows admins to delete other users (self-deletion blocked). Added
GetAllUsers() and DeleteUser() to models.

Co-authored-by: CommandCodeBot <noreply@commandcode.ai>
 		2026-05-09 20:02:41 -03:00
config update sample json 2026-02-20 14:47:24 -03:00
handlers Remove CSRF, add password change, admin user management 2026-05-09 20:02:41 -03:00
legacy everything: Delete everything, full project reset. Keep a copy of variable_grabbler in case we ever need it. 2025-06-15 02:25:56 +02:00
models Remove CSRF, add password change, admin user management 2026-05-09 20:02:41 -03:00
static Remove CSRF, add password change, admin user management 2026-05-09 20:02:41 -03:00
templates Remove CSRF, add password change, admin user management 2026-05-09 20:02:41 -03:00
.gitignore Remove binary and add it to .gitignore 2026-01-15 23:36:54 -03:00
DOCUMENTATION.md All: Enhance session management and security features 2025-12-21 21:26:02 -03:00
README.md update readme 2026-02-20 14:44:30 -03:00
go.mod All: Enhance session management and security features 2025-12-21 21:26:02 -03:00
go.sum All: Enhance session management and security features 2025-12-21 21:26:02 -03:00
main.go Remove CSRF, add password change, admin user management 2026-05-09 20:02:41 -03:00

README.md

Welcome to ThreadR Rewritten

This is the source code for the ThreadR Forum Engine, rewritten in Go. ThreadR is a free and open-source forum engine designed to allow users to host their own forum instances on personal web servers.

Project Overview

ThreadR was originally started as a school project in 2019 with the aim of creating a hybrid between a forum and a social media platform. It was built with PHP and (back then still) MySQL. After we finished school, it was temporarily abandoned. An attempt was made to revive it in 2020, open-sourcing the code and making some things configurable, but not much else happened. Here we are now, with a full rewrite in Go started in 2025.

Project Setup

This is for development only. Currently, ThreadR is not ready for production use.

Prerequisites

  • UNIX-like OS
  • Go (golang)
  • Mariadb

Setup Steps

  1. Create a mariadb user and database for ThreadR (the names can be changed):
CREATE USER threadr IDENTIFIED BY 'super secure password';
CREATE DATABASE `threadr`;
GRANT ALL PRIVILEGES ON `threadr`.* TO 'threadr';

Note: The config file contains secrets. Keep config/config.json out of version control and only commit config/config.json.sample. 2. Create a config file: In the config subdirectory, cp config.json.sample config.json and edit it to suit your needs. 3. Create an about page: Also in the config subdirectory, cp about_page.htmlbody.sample about_page.htmlbody and edit it to suit your needs.

Running the Application

After configuration, run the following command once to initialize the DB:

go run main.go --initialize

To start the ThreadR server, run this:

go run main.go

The server will start on port 8080 by default.

Contributing

We welcome contributions! Please join our Discord server to get in touch: discord.gg/r3w3zSkEUE.

License

ThreadR is licensed under the Apache 2.0 License. See LICENSE.md for details.

Authors: BodgeMaster, Jocadbz