GlobaLeaks

GlobaLeaks is a self‑hosted, open‑source whistleblowing platform that turns a generic web server into a secure reporting channel. At its core it exposes a set of RESTful endpoints for submission intake, user management, and administrative control while handling all the heavy lifting of encryption, anonymity, and audit logging. The system is intentionally modular: a thin front‑end served over HTTPS talks to a Python/Flask back‑end that orchestrates encryption, file storage, and notification workflows. This separation allows developers to replace or extend any layer—be it the templating engine, the storage backend, or the notification bus—without touching the core logic.

Architecture

• Language & Framework – Written in Python 3, the core uses Flask for routing and SQLAlchemy for ORM. The front‑end is a single‑page application built with Vue.js (or vanilla JS) and communicates via JSON over HTTPS.
• Database – PostgreSQL is the default relational store; schema migrations are managed by Alembic. The data model includes tables for SOURCES, SUBMISSIONS, NOTIFICATIONS, and a flexible META table that holds arbitrary JSON.
• Encryption & Anonymity – All submissions are encrypted on the client side using OpenPGP (via JavaScript libraries) before they hit the server. The back‑end stores only encrypted blobs and maintains a minimal audit trail (timestamps, source IDs).
• Message Bus – A lightweight Celery worker pool handles background tasks such as email notifications, PDF generation, and re‑keying. Workers communicate through a Redis broker, which can be swapped for RabbitMQ if required.
• Containerization – A Docker Compose stack is provided out of the box, exposing services for web, worker, db, and redis. The images are built from a single Dockerfile that layers Python dependencies, static assets, and configuration files.

Core Capabilities

• API – The platform exposes a well‑documented REST API for creating, retrieving, and deleting submissions. Endpoints are protected by JWT tokens issued during the whistleblower onboarding flow.
• Plugin System – Developers can drop custom Python modules into a plugins/ directory; GlobaLeaks auto‑discovers them via entry points. Plugins can hook into lifecycle events (on_submission, on_notify) and expose new routes or background jobs.
• Webhooks – External services can subscribe to submission events via configurable webhooks, enabling integration with SIEMs, ticketing systems, or custom analytics dashboards.
• Internationalization – All UI strings are extracted into .po files; developers can add new translations or override existing ones without touching the code base.

Deployment & Infrastructure

• Self‑hosting – Requires a Linux server with Python 3.8+, PostgreSQL, Redis, and an HTTPS reverse proxy (NGINX or Caddy). The application ships with a docker-compose.yml that can be deployed on any container‑orchestrator (Docker Swarm, Kubernetes).
• Scalability – The stateless web service can be horizontally scaled behind a load balancer. Workers are also stateless and can be increased to handle bursty submission loads or heavy PDF generation tasks.
• High Availability – PostgreSQL can be configured with streaming replication; Redis supports sentinel mode. The Docker images are built to run in a replicated environment, with health‑check endpoints that integrate with Kubernetes liveness probes.

Integration & Extensibility

• Custom Forms – The form builder is exposed as a JSON schema editor; developers can define new fields, validation rules, and conditional logic that are rendered on the client side.
• Authentication Backends – While the default uses email/password for admins, OAuth2 or LDAP can be plugged in by extending the authentication module.
• Notification Channels – Beyond email, plugins can push to Slack, Telegram, or custom webhook endpoints. The notification service is event‑driven and can be extended without modifying core logic.

Developer Experience

• Configuration – All settings are environment‑driven (.env files). The system auto‑generates a config.yaml from defaults, making it easy to override specific parameters.
• Documentation – The repository contains a comprehensive docs/ folder with architecture diagrams, API reference, and plugin development guides.
• Community – Active GitHub discussions, a dedicated Discord channel, and a Contributor Covenant ensure that developers can get help quickly. The project’s AGPLv3+ license encourages sharing improvements back to the community.

Use Cases

1. Corporate Whistleblowing – A multinational can deploy GlobaLeaks behind its internal firewall, integrate with Active Directory for admin access, and use the built‑in GDPR audit logs.
2. Journalistic Investigations – Media houses can host a public instance, provide a custom “source” form, and automatically generate PDF reports for journalists.
3. NGO Monitoring – NGOs operating in conflict zones can run a lightweight container stack on a low‑cost VPS, use the encryption features to protect source identities, and integrate with local SMS gateways for notifications.

Advantages

• End‑to‑End Encryption – Clients encrypt data before it leaves the browser, reducing server liability.
• Modular Architecture – Developers can swap components (e.g., replace PostgreSQL with MySQL) without touching the core.
• Open‑Source & Community‑Driven – AGPLv3+ ensures that