ambrose
/
chronos
mirror of https://github.com/serverwentdown/chronos.git
1
0
Fork 0
Code Releases Activity
10 Commits
2 Branches
0 Tags
82 KiB
JavaScript 82.6%
CSS 16.8%
HTML 0.6%
 
 
 
Go to file
Ambrose Chua d8b0554682 Add list of security holes 2017-04-06 21:20:23 +08:00
app Begin some React Toolbox UI 2017-03-30 20:55:54 +08:00
server Add list of security holes 2017-04-06 21:20:23 +08:00
.bootstraprc Added bootstrap v4.0.0-beta.6 and more scaffolding 2017-03-03 21:09:40 +08:00
.eslintrc Added bootstrap v4.0.0-beta.6 and more scaffolding 2017-03-03 21:09:40 +08:00
.gitignore Begin some React Toolbox UI 2017-03-30 20:55:54 +08:00
Gruntfile.js Added postcss and switched to react-toolbox 2017-03-30 20:54:45 +08:00
README.md Add list of security holes 2017-04-06 21:20:23 +08:00
package.json Added postcss and switched to react-toolbox 2017-03-30 20:54:45 +08:00
postcss.config.js Added postcss and switched to react-toolbox 2017-03-30 20:54:45 +08:00

README.md

Chronos

A school event planner and timetable

Todo

  • Migrations, default data

  • Authentication

    • Global React user
    • OID auth client
    • jwt token provider
      • auth is a choice between oidc and pass, sends token/pass to /auth for validation
      • /auth verifies oid token or pass, generates signed jwt
        • jwt taken contains user role
        • hide/protect certain element
      • fake validator for jwt at protected endpoints
        • assume user is admin

  • Create group

  • Create one-off events

  • Create attachments

    • Description
    • File

  • Create group CCAs

  • Create group mentor

  • Display events as agenda

  • Display events as calendar

  • Create sample data

Security Pitfalls

  • Auth mechanism not verified
  • Succeptable to insecure direct object references