Privacy & Content Segregation
Overview
Freak-Flix is designed with a "Privacy First" philosophy. This ensures that sensitive content libraries—specifically Adult content—are segregated from general media like Movies, TV Shows, and Anime. The system utilizes hidden UI toggles, secure authentication, and proxy architectures to protect your data and viewing habits.
Content Segregation
The application provides a dedicated workflow for handling sensitive media. Content identified as "Adult" is not mixed with general libraries unless explicitly enabled by the user.
Enabling Adult Content
By default, Adult content features and metadata fetching are disabled and hidden from the primary navigation. To enable them:
- Navigate to Settings > Advanced.
- Locate the Adult Content toggle.
- Once enabled, a new category will appear in the library organization, and the StashDB integration options will become available.
Hidden UI Toggles
Freak-Flix supports "fast segregation." When the Adult Content toggle is switched off, all associated UI elements, library shortcuts, and metadata entries are immediately stripped from the view. This allows for quick library cleaning in shared environments or during demonstrations.
Metadata Privacy & Proxies
To prevent third-party services (like StashDB or Microsoft) from directly tracking your IP address or local library structure, Freak-Flix routes sensitive requests through specialized proxies.
StashDB Proxy
When fetching metadata for adult content, the app uses a proxy (stash_proxy.js) to handle GraphQL requests.
- Function: Acts as a buffer between your client and
stashdb.org. - Security: Your StashDB API Key is transmitted via secure headers and is never exposed in client-side logs or browser history.
Microsoft/OneDrive Proxy
For cloud-based streaming, the application utilizes an authentication proxy to manage OAuth2 tokens.
- Internal Path:
/api/ms_auth/* - Purpose: Prevents the exposure of your Azure App ID and client secrets during the token exchange process.
User Authentication & Security
Freak-Flix uses a robust authentication layer to ensure that library configurations and cloud access tokens remain private to the account holder.
JWT-Based Session Management
All communication with the backend (whether local or hosted on Netlify) is secured via JSON Web Tokens (JWT).
| Component | Logic |
| :--- | :--- |
| Password Hashing | Uses bcryptjs with a salt factor of 10 to store credentials securely. |
| Token Expiry | Tokens are valid for 7 days by default, minimizing the window of risk for intercepted sessions. |
| Authorization | Every library scan or metadata update requires a valid Bearer token in the request header. |
Data Isolation
Library data is strictly tied to your user_id. Even in a multi-user environment, your local folder paths, cloud provider IDs, and custom tags are isolated in the database:
-- Example of user-bound library data
SELECT * FROM library_folders WHERE user_id = 'your-unique-id';
Cloud Streaming Privacy
When using the OneDrive integration, Freak-Flix streams content directly to your device.
- No Local Sync: Files are not downloaded or cached permanently on the local disk unless explicitly requested.
- Token Scoping: The app requests the minimum required permissions (
Files.Read) to browse and stream media, ensuring it cannot access unrelated documents in your cloud storage.