dorianim / money-balancer Goto Github PK

There is a draft of how unit tests could be implemented in the user routes. However, this is not perfect and needs some more thoughts.

The config is currently not handled properly. E.g. there is a panic when no JWT_SECRET is defined, but only when it is used in an authenticated route. The panic should occur on startup and prevent the server from starting.
I'd suggest using the config-rs lib for this.

Hi, thanks for the project, is there any possibility to delete a transaction from the UI ?

Hi,

I was launching money-balancer via docker-compose on Synology NAS.

And get this error when I attempt to register new user. Screenshot and container logs below.

Please advice.

22/11/2022 16:22:13
   >> No 409 catcher registered. Using Rocket default.
22/11/2022 16:22:22
   >> No 409 catcher registered. Using Rocket default.
22/11/2022 16:22:59
thread 'rocket-worker-thread' panicked at 'called `Result::unwrap()` on an `Err` value: NotPresent', src/guards/authentication.rs:83:12
22/11/2022 16:22:59
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
22/11/2022 16:22:59
   >> Handler token panicked.
22/11/2022 16:22:59
   >> A panic is treated as an internal server error.
22/11/2022 16:22:59
   >> No 500 catcher registered. Using Rocket default.
22/11/2022 16:23:11
   >> No 401 catcher registered. Using Rocket default.
22/11/2022 16:23:15
   >> No 401 catcher registered. Using Rocket default.
22/11/2022 16:23:16
   >> No 401 catcher registered. Using Rocket default.
22/11/2022 16:23:25
   >> No 401 catcher registered. Using Rocket default.
22/11/2022 16:23:27
   >> No 401 catcher registered. Using Rocket default.
22/11/2022 16:23:28
   >> No 401 catcher registered. Using Rocket default.
22/11/2022 16:23:29
   >> No 401 catcher registered. Using Rocket default.
22/11/2022 16:24:25
   >> No 409 catcher registered. Using Rocket default.
22/11/2022 16:24:37
   >> No 409 catcher registered. Using Rocket default.
22/11/2022 16:24:43
thread 'rocket-worker-thread' panicked at 'called `Result::unwrap()` on an `Err` value: NotPresent', src/guards/authentication.rs:83:12
22/11/2022 16:24:43
   >> Handler token panicked.
22/11/2022 16:24:43
   >> A panic is treated as an internal server error.
22/11/2022 16:24:43
   >> No 500 catcher registered. Using Rocket default.
22/11/2022 16:24:53
thread 'rocket-worker-thread' panicked at 'called `Result::unwrap()` on an `Err` value: NotPresent', src/guards/authentication.rs:83:12
22/11/2022 16:24:53
   >> Handler token panicked.
22/11/2022 16:24:53
   >> A panic is treated as an internal server error.
22/11/2022 16:24:53
   >> No 500 catcher registered. Using Rocket default.

Alice owes 10€ to Bob, Bob owes 5€ to Charlie and Charlie owes 7€ to Alice. In this case, all debts could be decreased by 5€.

The current design is basically as much as I can do with my limited css skills.

However, if someone would like to do a redesign I'd be happy to accept a PR, as long as it sticks to mui as the framework :)

When self-hosting multiple applications, you really want to have a single point for user management and authentication. It is annoying to login to each and every app seperately.

A pretty simple way to centralize authentication is achieved by deploying apps behind a reverse proxy, and use proxy auth. The proxy handles authentication in some way and sets http headers containing the username that was successfully logged-in. The apps read the headers and associate incoming requests to that user.

The perfect proxy auth feature for me would work like this:

1. Start the app with additional environment variables:

• containing the name of the initial admin user (e.g. admin=admin_user)
• enabling proxy auth (e.g. proxy_auth=true)
• setting the key of the http header that contains the username (e.g. auth_header=X-Authenticated-User)

2. Configure the reverse proxy to authenticate incoming requests in any way you like.
3. Let the reverse proxy set X-Authenticated-User to the authenticated username on every request.
4. The app treats the requests as if they belong to the appropriate user session.
5. Bonus: if the app does not know the username, it creates a new user with that name.

Other SSO methods like OIDC still require the user to login with each app, even it no credentials are required. It is still an additional step that is unneeded and hurting the user experience.

Additional context:
I am using the app for this product. Since this is a single-user platform, users really should see no login screen at all, not even for SSO.

I don't know the best approach, but at current, I'm entering USD ($) into the amount field, but the label specifies euros. I don't need to enable tracking of multiple currencies to each person, but you may want to go that direction in the future (assuming you want to avoid any stuff with currency conversion).

Maybe a simple ENV variable could define what currency symbol to use. Maybe get rid of a currency symbol altogether. Again, dunno.

Another option would be to still require them to have real account, but make it possible to designate who is paying for something. E.g. I can add a transaction on behalf of another user. It would show "purchased by" with the name of the person you select. And you would add another line for something like an "entered by" that would show my name.

Something like this:

You could then add a single-select box called "Payer" or "provider" or something down below Consumers to select which user is actually paying the money. A la:

Originally posted by @Szeraax in #4 (comment)

Hello,

Could the payer have some extra "mark as paid" buttons or checkmarks on his account ?
something like this :

Also, could we please change the "atom" favicon ? (maybe via a environment variable ?)

This needs the option to create a transaction not with one amount but with multiple debts. Once this is done, several ways to split the amount can be implemented in the client.
We might also need a new endpoint to get who overpaid how often for that.

It seems like right now, everyone participating in a group must have an account and register their own expenses. But often, there is a single user in a group whom everyone tells what they paid and who keeps track of everything. It would be great if money-balancer would support that.

It would mean adding participants not as users but only as names. And when registering an expense, select one of those names.