A school event planner and timetable
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.



A school event planner and timetable


  • Migrations

  • Authentication

    • Global React user
    • OID auth client
    • jwt token provider
      • auth is a choice between oidc and pass, sends token/pass to /auth for validation
      • /auth verifies oid token or pass, generates signed jwt
        • jwt taken contains user role
        • hide/protect certain element
      • fake validator for jwt at protected endpoints
        • assume user is admin
    • Decide between email-validated OID or storing identity strictly
    • Additional email-based auth mechanism with tokens (like asciinema)
    • Redirect when not logged in
  • Create group

  • Create one-off events

    • Show event details
  • Create attachments

    • Description
    • File
  • Create group CCAs

    • Create CCA schedules
    • Differentiate CCAs from Mentor Groups
  • Create group mentor

    • Importable timetables
  • Display events as agenda

  • Display events as calendar

    • Drag one-time events around to modify
    • Hide weekly events in month view
  • Show heatmap of the availability of the users in a group when creating an event

    • This is the event planning feature
  • Create sample data

  • Create admin interface in JavaFX (requirement)

    • Manage schools
    • Manage users in schools
    • Bulk create groups
  • Refactor toolbar mutator for homepage pagination

Security Pitfalls

  • Auth mechanism not verified
  • Verification of OID tokens is done by upn being the email address
  • Succeptable to insecure direct object references