Public | Automated Build

Last pushed: 2 years ago
Short Description
Full Description


A hosted version can be found at:

You can get the whole application containerized for self hosting at dockerhub!


Docker Layer





If you are living in a flat share and have to manage expenses or other stuff and you want some just-working tool for that purpose, then you are at the right place here. This applicaiton is meant for diy hosting and development. Feel free to contribute!


You can create a 'WG' (flat share) with a login, then actually login with that. The app stores expenses and calculates the mean among all participants. It offers a human-usable interface for non-tech people. Currently under development, so basically anything may change from now to then!


The next most necessary step is exhaustive testing for frontend-side reducer and action creator logic. Then comes a user feature for custom settings and I want to work out some concept for automated security testing. Then all the things that are not already checkmarked below in this readme.


You may simply use the app for free or self host everything, compile sources or just run containers.

Plain Usage

Simply use the hosted application here (registration does not require anything except a flatshare-name):

DIY Hosting

You need a mongodb, python and nodejs.
Everything is setup for development; start the frontend with npm run dev and the python server with script/ Your mongodb should be running on localhost.

The python API expects a folder named secrets in the python-backend directory, containing two files: salt and secret. These files should each contain a long random string sequence, used as basis for salting user entered passwords and JWT secret key. The app will not start without those files.

To start everything inside a container install docker-compose and start everything via 'up'.


Expenses Header:

[x] List header, select with dropdown 
[x] Create lists
[x] Delete lists
[x] make list uneditable
[x] mobile header

List behavior:

[] automatically create new list per week/month?
[] make monthly/weekly lists uneditable on next month/week
[x] no editform on uneditable lists
[x] set new list as active after creation

General panels:

[x] Graph for expenses
[] Graph for depts

Direct depts:

[] Graph for direct borrows
[] List-types?


[x] db: store dispenses
[x] calculator: concept of dispense + calc
[x] fe: intuitive concept!
[x] fe: styling
[] UX: change element positioning

Group notes:

[] have some note panel
[] easy counter for stuff (eg. for series)

Header & Static Pages:

[x] static pages (faq, about, etc)
[x] navigation in header
[] 'custom space with settings'-button
[x] mobile header ==> hamburger

Custom space for configuring WG settings

[] store wg settings (data model etc)
[] graph granularity
[] list clipping interval (requires list clipping in general)
[] colortheme?

flux -> redux

[x] refactor 'old' concepts to match top level state-tree idea of redux 
[x] adjust test
[x] actionCreators
[x] reducers
[x] remove old flux code, deps, everything
[x] switch to redux
[x] distinguish dev + prod
[x] redux + react-router
[x] redux call opt
[] use middleware (avoid double requests due to inaccurate state-change evaluation inside the components!)

General behavior:

[x] Confirm delete of items
[x] Confirm delete of lists
[x] Login
[x] Token in cookie
[x] Logout
[x] URL-Schema
[x] React-Router
[x] Create WG
[x] Header logout
[x] Tunnel FE --> BE (Container Setup)
[x] Tunnel expenses actions
[x] Tunnel login actions 
[x] python cgi for production
[x] container setup
[x] configurable endpoints for py-backend and mongo
[x] message about backend-calls (eg. register already in use etc)
[x] Comments on items
[x] ssl on server (caddy)
[x] navigation, faq/about pages & link to github & homepage
[x] dont submit empty forms
[] general 'backend (un)reachable' error for frontend 
[] server side rendering
[] field length restrictions everywhere
[] always two digits for amounts
[] routing: 404 page


[x] CSRF protection
[x] dont leak headers + hostname from FE-BE communication
[x] remove user enumeration endpoint
[] API Keys
[] clear react component states after logout (logout -- login -- old state visible)
[x] IDOR vulnerable, dont leak mongo IDs
[] generate random salt / user


[x] Test setup BE
[x] Test setup FE
[x] FE - render 
[x] BE - calculator
[] BE - API
[] storage
[] FE reducer + action creator (finally decide for an architecture...)
[] automated security tests (XSS, CSRF, IDOR etc) --> concept!

Cool third party stuff

[x] docker hub (fixel/wg-tools)
[x] in README
[x] travis ci
[x] build status in README
Docker Pull Command
Source Repository