A hosted version can be found at: wg-tools.de.
You can get the whole application containerized for self hosting at dockerhub!
If you are living in a flat share and have to manage expenses or other stuff and you want some just-working tool for that purpose, then you are at the right place here. This applicaiton is meant for diy hosting and development. Feel free to contribute!
You can create a 'WG' (flat share) with a login, then actually login with that. The app stores expenses and calculates the mean among all participants. It offers a human-usable interface for non-tech people. Currently under development, so basically anything may change from now to then!
The next most necessary step is exhaustive testing for frontend-side reducer and action creator logic. Then comes a user feature for custom settings and I want to work out some concept for automated security testing. Then all the things that are not already checkmarked below in this readme.
You may simply use the app for free or self host everything, compile sources or just run containers.
Simply use the hosted application here (registration does not require anything except a flatshare-name): wg-tools.de
You need a mongodb, python and nodejs.
Everything is setup for development; start the frontend with
npm run dev and the python server with
script/devServer.sh. Your mongodb should be running on localhost.
The python API expects a folder named
secrets in the python-backend directory, containing two files:
secret. These files should each contain a long random string sequence, used as basis for salting user entered passwords and JWT secret key. The app will not start without those files.
To start everything inside a container install docker-compose and start everything via 'up'.
[x] List header, select with dropdown [x] Create lists [x] Delete lists [x] make list uneditable [x] mobile header
 automatically create new list per week/month?  make monthly/weekly lists uneditable on next month/week [x] no editform on uneditable lists [x] set new list as active after creation
[x] Graph for expenses  Graph for depts
 Graph for direct borrows  List-types?
[x] db: store dispenses [x] calculator: concept of dispense + calc [x] fe: intuitive concept! [x] fe: styling  UX: change element positioning
 have some note panel  easy counter for stuff (eg. for series)
Header & Static Pages:
[x] static pages (faq, about, etc) [x] navigation in header  'custom space with settings'-button [x] mobile header ==> hamburger
Custom space for configuring WG settings
 store wg settings (data model etc)  graph granularity  list clipping interval (requires list clipping in general)  colortheme?
flux -> redux
[x] refactor 'old' concepts to match top level state-tree idea of redux [x] adjust test [x] actionCreators [x] reducers [x] remove old flux code, deps, everything [x] switch to redux [x] distinguish dev + prod [x] redux + react-router [x] redux call opt  use middleware (avoid double requests due to inaccurate state-change evaluation inside the components!)
[x] Confirm delete of items [x] Confirm delete of lists [x] Login [x] Token in cookie [x] Logout [x] URL-Schema [x] React-Router [x] Create WG [x] Header logout [x] Tunnel FE --> BE (Container Setup) [x] Tunnel expenses actions [x] Tunnel login actions [x] python cgi for production [x] container setup [x] configurable endpoints for py-backend and mongo [x] message about backend-calls (eg. register already in use etc) [x] Comments on items [x] ssl on server (caddy) [x] navigation, faq/about pages & link to github & homepage [x] dont submit empty forms  general 'backend (un)reachable' error for frontend  server side rendering  field length restrictions everywhere  always two digits for amounts  routing: 404 page
[x] CSRF protection [x] dont leak headers + hostname from FE-BE communication [x] remove user enumeration endpoint  API Keys  clear react component states after logout (logout -- login -- old state visible) [x] IDOR vulnerable, dont leak mongo IDs  generate random salt / user
[x] Test setup BE [x] Test setup FE [x] FE - render [x] BE - calculator  BE - API  storage  FE reducer + action creator (finally decide for an architecture...)  automated security tests (XSS, CSRF, IDOR etc) --> concept!
Cool third party stuff
[x] docker hub (fixel/wg-tools) [x] layers.io in README [x] travis ci [x] build status in README