1
0
Fork 0
 
 
 
Go to file
dependabot[bot] c61fcda705
Bump node-fetch from 1.7.3 to 2.6.1
Bumps [node-fetch](https://github.com/bitinn/node-fetch) from 1.7.3 to 2.6.1.
- [Release notes](https://github.com/bitinn/node-fetch/releases)
- [Changelog](https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md)
- [Commits](https://github.com/bitinn/node-fetch/compare/1.7.3...v2.6.1)

Signed-off-by: dependabot[bot] <support@github.com>
2020-09-10 18:01:19 +00:00
app Add links to event 2017-04-16 17:59:44 +08:00
server Make consistent with report 2017-04-17 01:57:00 +08:00
.bootstraprc Added bootstrap v4.0.0-beta.6 and more scaffolding 2017-03-03 21:09:40 +08:00
.eslintrc Added bootstrap v4.0.0-beta.6 and more scaffolding 2017-03-03 21:09:40 +08:00
.gitignore Updated gitignore to include sample generator 2017-04-12 00:15:35 +08:00
Gruntfile.js Dump of changes 2017-04-12 00:14:51 +08:00
LICENSE Create LICENSE 2018-09-26 22:42:08 +08:00
README.md Make consistent with report 2017-04-17 01:57:00 +08:00
package.json Bump node-fetch from 1.7.3 to 2.6.1 2020-09-10 18:01:19 +00:00
postcss.config.js Dump of changes 2017-04-12 00:14:51 +08:00

README.md

Chronos

A school event planner and timetable

Todo

  • Migrations

  • Authentication

    • Global React user
    • OID auth client
    • jwt token provider
      • auth is a choice between oidc and pass, sends token/pass to /auth for validation
      • /auth verifies oid token or pass, generates signed jwt
        • jwt taken contains user role
        • hide/protect certain element
      • fake validator for jwt at protected endpoints
        • assume user is admin
    • Decide between email-validated OID or storing identity strictly
    • Additional email-based auth mechanism with tokens (like asciinema)
    • Redirect when not logged in
  • Create group

  • Create one-off events

    • Show event details
  • Create attachments

    • Description
    • File
  • Create group CCAs

    • Create CCA schedules
    • Differentiate CCAs from Mentor Groups
  • Create group mentor

    • Importable timetables
  • Display events as agenda

  • Display events as calendar

    • Drag one-time events around to modify
    • Hide weekly events in month view
  • Show heatmap of the availability of the users in a group when creating an event

    • This is the event planning feature
  • Create sample data

  • Create admin interface in JavaFX (requirement)

    • Manage schools
    • Manage users in schools
    • Bulk create groups
  • Refactor toolbar mutator for homepage pagination

Security Pitfalls

  • Auth mechanism not verified
  • Verification of OID tokens is done by upn being the email address
  • Succeptable to insecure direct object references