TOSTI is a comprehensive web application designed for Tartarus to manage take-away orders and various other features for student associations at Radboud University.
- Order Management System: Online ordering system for take-away items (such as tostis)
- Financial Transactions: User balance tracking and transaction management
- User Authentication: SAML-based SSO integration (with Radboud University via SURFconext)
- Music Control: Spotify and Marietje integration for controlling music players
- Room Reservations: Venue reservation system with calendar integration
- Borrel Management: Event reservation system with inventory tracking
- Age Verification: Yivi-based age verification system
- Smart Fridge Access: Digital lock system for automated fridge access, using TOSTI-fridge-client
- QR Code Identification: Token-based user identification system
- Bookkeeping Integration: Synchronization with Silvasoft accounting system
- Multi-venue support with separate canteens (North/South)
- Real-time order status tracking
- Statistics and analytics dashboard
- OAuth2 API for third-party integrations
- iCal feeds for reservations
- Automated music scheduling
TOSTI is built using:
- Backend: Django 5.1 (Python)
- Frontend: Django templates with Bootstrap 5
- Database: PostgreSQL (production) / SQLite (development)
- Caching: File-based cache (production) / In-memory (development)
- Authentication: SAML2 (via djangosaml2)
- API: Django REST Framework with OAuth2
- Task Scheduling: Custom cron implementation
- Containerization: Docker & Docker Compose
website/
βββ age/ # Age verification module
βββ announcements/ # System announcements
βββ associations/ # Student associations management
βββ borrel/ # Event/borrel reservation system
βββ cron/ # Custom cron job implementation
βββ fridges/ # Smart fridge access control
βββ orders/ # Core ordering system
βββ qualifications/ # User qualifications (e.g., borrel brevet)
βββ silvasoft/ # Bookkeeping integration
βββ status_screen/ # Order status display
βββ thaliedje/ # Music player control
βββ tosti/ # Main application settings
βββ transactions/ # Financial transactions
βββ users/ # User management
βββ venues/ # Venue reservation system
βββ yivi/ # Yivi integration for age verification
-
Clone the repository
git clone https://github.com/KiOui/TOSTI.git cd TOSTI -
Install Poetry
curl -sSL https://install.python-poetry.org | python3 - -
Set up Python environment
poetry env use python3.13 poetry install
-
Activate virtual environment
poetry shell
-
Set up the database
cd website ./manage.py migrate -
Create a superuser
./manage.py createsuperuser
-
Load initial data (optional)
./manage.py loaddata tosti/fixtures/default.json
-
Run the development server
./manage.py runserver
The application will be available at http://localhost:8000.
- SAML authentication is disabled in development mode
- Use
/admin-loginin production for local authentication - API documentation is available at
/api/docs
TOSTI is deployed using Docker and Docker Compose in the PGO environment at CNCZ (Radboud University IT department).
-
Build and run with Docker Compose
docker-compose up -d
-
Environment Variables Create a
.envfile based on.env.example:YIVI_SERVER_TOKEN=your-yivi-token POSTGRES_PASSWORD=secure-password DJANGO_SECRET_KEY=your-secret-key SENTRY_DSN=your-sentry-dsn # ... other variables
For deployment on the CNCZ infrastructure:
# Deploy the application
pgoctl -i ~/.ssh/id_ed25519 -- dockervm02.science.ru.nl:tosti//up
# View logs
pgoctl -i ~/.ssh/id_ed25519 -- dockervm02.science.ru.nl:tosti//logs
# Stop the application
pgoctl -i ~/.ssh/id_ed25519 -- dockervm02.science.ru.nl:tosti//downNote: You must be connected to the CNCZ VPN and have your SSH key in the ssh directory.
Specific configuration is managed through Django Constance for runtime settings:
- General: Footer text, cleaning scheme URL
- Email: Notification recipients for reservations
- Shifts: Default maximum orders per shift
- Music (Thaliedje): Start/stop times, holiday mode
- Silvasoft: API credentials for bookkeeping
- Fridges: Daily opening requirements
TOSTI provides a RESTful API with OAuth2 authentication.
read: Read access to the APIwrite: Write access to the APIorders:order: Place ordersorders:manage: Manage all ordersthaliedje:request: Request songsthaliedje:manage: Control music playerstransactions:write: Create transactions
Interactive API documentation is available at /api/docs when running the application.
Run the test suite:
cd website
poetry run python manage.py testRun with coverage:
poetry run coverage run website/manage.py test website/
poetry run coverage reportpoetry run black website
poetry run flake8 website
poetry run pydocstyle websiteThe project uses GitHub Actions for automated testing and linting on every push.
Contributions are welcome!
- Fork the repository
- Create a feature branch
- Make your changes
- Run tests and linting
- Submit a pull request
- Follow PEP 8
- Use Black for formatting
- Write docstrings for all functions
- Maximum line length: 119 characters
- Maintainers: Website committee of Tartarus
- Email: tartaruswebsite@science.ru.nl
- Security Issues: www-tosti@science.ru.nl
For security vulnerabilities, please email www-tosti@science.ru.nl instead of creating a public issue.
This project is licensed under the MIT License - see the LICENSE file for details.
- Original developers: Lars van Rhijn, Job Doesburg
- All contributors who have helped improve TOSTI
-
- CNCZ for hosting infrastructure