41 lines
1.0 KiB
Markdown
41 lines
1.0 KiB
Markdown
|
|
# Chronos
|
|
|
|
A school event planner and timetable
|
|
|
|
## Todo
|
|
|
|
- [x] Migrations
|
|
- [ ] Authentication
|
|
- [x] Global React `user`
|
|
- [x] OID auth client
|
|
- [ ] jwt token provider
|
|
- [x] auth is a choice between oidc and pass, sends token/pass to `/auth` for validation
|
|
- [ ] `/auth` verifies oid token or pass, generates signed jwt
|
|
- [ ] jwt taken contains user role
|
|
- [ ] hide/protect certain element
|
|
- [x] fake validator for jwt at protected endpoints
|
|
- [ ] assume user is admin
|
|
- [x] Create group
|
|
- [x] Create one-off events
|
|
- [ ] Create attachments
|
|
- [ ] Description
|
|
- [ ] File
|
|
- [x] Create group CCAs
|
|
- [x] Create CCA schedules
|
|
- [ ] Differentiate CCAs from Mentor Groups
|
|
- [x] Create group mentor
|
|
- [ ] Importable timetables
|
|
- [x] Display events as agenda
|
|
- [x] Display events as calendar
|
|
|
|
- [ ] Create sample data
|
|
|
|
- [ ] Refactor toolbar mutator for homepage pagination
|
|
|
|
## Security Pitfalls
|
|
|
|
- Auth mechanism not verified
|
|
- Verification of OID tokens is done by upn being the email address
|
|
- Succeptable to insecure direct object references
|