From GlobaLeaks wiki
Anonymous Python Application Framework (APAF)
The goal of the Anonymous Web Application Framework (APAF) is to give a container allowing anybody to build their web application in a way that it will automatically publish itself to the Tor network as a Tor Hidden Service.
The framework is designed to facilitate the creation of a Python Tornado-based Web Application and deliver it as a Desktop Application (Program.exe / Program.app) or as a Nix package. This drastically reduces the complexity of running a server anonymously even from a home PC.
Although we are creating this specifically for GlobaLeaks this could be applied to any web application. Think for example of a blog platform that can run directly from the home computer of the user. The creator the web application just needs to package it with AWAF and the user can download an application that bundles together all the required dependencies and starts a web server on his computer.
Since GlobaLeaks aim is that of reaching even the non technically proficient users and enabling them to run a whistleblowing initiative too, having a Desktop application that can be run by simply clicking on an executable drastically decreases the entrance barrier. Although GlobaLeaks will be packages as a Desktop Application for Windows and Mac OS X, we will still keep shipping, and recommending, the package for *nix to be run on a proper server.
The dependencies that will be packaged thanks to APAF are GLClient, GLBackend, the Python interpreter, the required python modules and Tor. The output will be an executable that includes security features such as sandboxing. The goal is to guarantee with the least effort on the users part the highest level of security and privacy possible.
Hopefully APAF will also be used by other developers that are interested in making their web application leverage the power of Tor Hidden Services (and of Tor2web), but do not want to go through the hassle of designing up their own build environment.
Spefication: A draft specification is available on https://piratenpad.de/p/AnonymousWebApplicationFramework The Tor Project description is available on: https://www.torproject.org/getinvolved/volunteer.html.en
Apaf make use of the following technologies and libraries
- Twisted as Python network and event handler.
- Tor tor provide anonymous internet exposure via Tor Hidden Service
- Py2exe to deliver win32 self-contained applications.
- Py2exe to deliver osx self-contained applications.
- Currently APAF handles Tor start/stop, start tornado application, have unit testing for anonymity functionalities
- Prototype code is on https://github.com/globaleaks/APAF, and is developed my mmaker under Tor Project's sponsored GSoc
- We made Python language fixes/tickets to support SSL server securely