This project is currently on hold. I do not need the software any longer (at least for now). If you somehow stumbled upon this, please feel free to carry on and improve it!
The hosted version is not longer available, but you can get the whole application containerized for self hosting at dockerhub.
If you are living in a flat share and have to manage expenses or other stuff and you want some just-working tool for that purpose, then you are at the right place here. This applicaiton is meant for diy hosting and development. Feel free to contribute!
You can create a 'WG' (flat share) with a login, then actually login with that. The app stores expenses and calculates the mean among all participants. It offers a human-usable interface for non-tech people. Currently under development, so basically anything may change from now to then!
The next most necessary step is exhaustive testing for frontend-side reducer and action creator logic. Then comes a user feature for custom settings and I want to work out some concept for automated security testing. Then all the things that are not already checkmarked below in this readme.
You may simply use the app for free or self host everything, compile sources or just run containers.
Simply use the hosted application here (registration does not require anything except a flatshare-name): wg-tools.de
You need a mongodb, python and nodejs.
Everything is setup for development; start the frontend with npm run dev
and the python server with script/devServer.sh
. Your mongodb should be running on localhost.
The python API expects a folder named secrets
in the python-backend directory, containing two files: salt
and secret
. These files should each contain a long random string sequence, used as basis for salting user entered passwords and JWT secret key. The app will not start without those files.
To start everything inside a container install docker-compose and start everything via 'up'.
[x] List header, select with dropdown
[x] Create lists
[x] Delete lists
[x] make list uneditable
[x] mobile header
[] automatically create new list per week/month?
[] make monthly/weekly lists uneditable on next month/week
[x] no editform on uneditable lists
[x] set new list as active after creation
[x] Graph for expenses
[] Graph for depts
[] Graph for direct borrows
[] List-types?
[x] db: store dispenses
[x] calculator: concept of dispense + calc
[x] fe: intuitive concept!
[x] fe: styling
[] UX: change element positioning
[] have some note panel
[] easy counter for stuff (eg. for series)
[x] static pages (faq, about, etc)
[x] navigation in header
[] 'custom space with settings'-button
[x] mobile header ==> hamburger
[] store wg settings (data model etc)
[] graph granularity
[] list clipping interval (requires list clipping in general)
[] colortheme?
[x] refactor 'old' concepts to match top level state-tree idea of redux
[x] adjust test
[x] actionCreators
[x] reducers
[x] remove old flux code, deps, everything
[x] switch to redux
[x] distinguish dev + prod
[x] redux + react-router
[x] redux call opt
[] use middleware (avoid double requests due to inaccurate state-change evaluation inside the components!)
[x] Confirm delete of items
[x] Confirm delete of lists
[x] Login
[x] Token in cookie
[x] Logout
[x] URL-Schema
[x] React-Router
[x] Create WG
[x] Header logout
[x] Tunnel FE --> BE (Container Setup)
[x] Tunnel expenses actions
[x] Tunnel login actions
[x] python cgi for production
[x] container setup
[x] configurable endpoints for py-backend and mongo
[x] message about backend-calls (eg. register already in use etc)
[x] Comments on items
[x] ssl on server (caddy)
[x] navigation, faq/about pages & link to github & homepage
[x] dont submit empty forms
[] general 'backend (un)reachable' error for frontend
[] server side rendering
[] field length restrictions everywhere
[] always two digits for amounts
[] routing: 404 page
[x] CSRF protection
[x] dont leak headers + hostname from FE-BE communication
[x] remove user enumeration endpoint
[] API Keys
[] clear react component states after logout (logout -- login -- old state visible)
[x] IDOR vulnerable, dont leak mongo IDs
[] generate random salt / user
[x] Test setup BE
[x] Test setup FE
[x] FE - render
[x] BE - calculator
[] BE - API
[] storage
[] FE reducer + action creator (finally decide for an architecture...)
[] automated security tests (XSS, CSRF, IDOR etc) --> concept!
[x] docker hub (fixel/wg-tools)
[x] layers.io in README
[x] travis ci
[x] build status in README