90 lines
2.3 KiB
Markdown
90 lines
2.3 KiB
Markdown
# Machine Unlimited - Mobile Cheese POC
|
|
|
|
A mobile-optimized browsing interface for machine.unlimited.pizza with an interactive "cheese dragging" system.
|
|
|
|
## Features
|
|
|
|
- 🧀 Tap links to create cheese emojis
|
|
- 🖱️ Drag cheese to the machine
|
|
- 🔪 Sausage appears in the grater
|
|
- ⚙️ Click sausage to navigate + animated grinding
|
|
- 🎬 Levers and grater animate during navigation
|
|
- 🔒 Security: SSRF protection, localhost blocking
|
|
|
|
## Quick Start
|
|
|
|
### Requirements
|
|
- Python 3.7+
|
|
- An initial webpage URL
|
|
|
|
### Installation
|
|
|
|
```bash
|
|
git clone https://gitea.jpt.land/jpt/machine-unlimited-mobile.git
|
|
cd machine-unlimited-mobile
|
|
```
|
|
|
|
### Running
|
|
|
|
```bash
|
|
python3 server.py
|
|
```
|
|
|
|
Server runs on `http://localhost:9001`
|
|
|
|
Open in browser:
|
|
```
|
|
http://localhost:9001/?url=https://en.wikipedia.org/wiki/Cheese_grater
|
|
```
|
|
|
|
### Via ngrok (for sharing)
|
|
|
|
```bash
|
|
# In another terminal
|
|
ngrok http 9001
|
|
|
|
# Share the ngrok URL with friends
|
|
# https://your-ngrok-url.ngrok-free.app/?url=https://example.com
|
|
```
|
|
|
|
## How It Works
|
|
|
|
### Mobile Flow
|
|
1. **Cheese Creation** - Tap any link on the page → 🧀 emoji appears
|
|
2. **Dragging** - Touch and drag the cheese across the screen
|
|
3. **Grater Drop** - Release over the grater area → sausage button appears
|
|
4. **Navigation** - Tap the sausage → grater animates → new page loads
|
|
|
|
### Architecture
|
|
|
|
- **server.py** - Proxy server that:
|
|
- Fetches external URLs
|
|
- Injects click handlers for link detection
|
|
- Returns HTML with base tag for relative URLs
|
|
- Security checks (blocks localhost, file://, etc.)
|
|
|
|
- **js/machine.js** - Enhanced with:
|
|
- Mobile cheese dragging system
|
|
- Message listener for link taps from iframe
|
|
- Sausage creation and animations
|
|
- Lever/wheel movement during grinding
|
|
|
|
## Security
|
|
|
|
- ✅ No SSRF attacks (localhost/private IPs blocked)
|
|
- ✅ Only http/https protocols allowed
|
|
- ✅ 30s timeout per request
|
|
- ✅ Max 1MB response size
|
|
- ✅ All URLs URL-encoded in iframe src
|
|
|
|
## Technology
|
|
|
|
- Original: [machine.unlimited.pizza](https://git.sr.ht/~rbdr/machine.unlimited.pizza)
|
|
- Server: Python 3 SimpleHTTPServer
|
|
- Frontend: Vanilla JavaScript with CSS animations
|
|
|
|
## Mobile vs Desktop
|
|
|
|
- **Mobile**: Uses the new cheese dragging interface
|
|
- **Desktop**: Use the original [machine.unlimited.pizza](https://machine.unlimited.pizza) for the traditional wheel/lever experience
|