https://github.com/conjfrnk/charter-meals
Meal Signup for Princeton Charter Club
https://github.com/conjfrnk/charter-meals
css flask html httpd javascript openbsd python relayd shell sql website
Last synced: 3 months ago
JSON representation
Meal Signup for Princeton Charter Club
- Host: GitHub
- URL: https://github.com/conjfrnk/charter-meals
- Owner: conjfrnk
- Created: 2025-01-29T06:57:47.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-03-14T03:30:39.000Z (over 1 year ago)
- Last Synced: 2025-03-14T04:27:34.325Z (over 1 year ago)
- Topics: css, flask, html, httpd, javascript, openbsd, python, relayd, shell, sql, website
- Language: Python
- Homepage: https://chartermeals.com
- Size: 132 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Charter Meals
**Version:** 2.1.1
[Charter Meals](https://chartermeals.com) is a web application for managing meal sign-ups for the [Princeton Charter Club](https://charterclub.org). This project is built with Flask and includes many features, as detailed below:
## New in v2
### Security & Performance Improvements
- **Enhanced Input Validation**: All user inputs are now properly validated and sanitized
- **Session Security**: 8-hour session timeout with automatic logout
- **Database Security**: Improved error handling and connection management
- **Rate Limiting**: Enhanced protection against brute force attacks
- **Error Handling**: Comprehensive error handling with user-friendly messages
- **Performance**: Optimized database queries and caching strategies
### Future-Proofing Features
- **Version Pinning**: All dependencies are now version-pinned for stability
- **Database Migrations**: Improved migration system for schema updates
- **Logging**: Enhanced logging for better debugging and monitoring
- **Edge Case Handling**: Better handling of edge cases and error conditions
## Features
- **User Login:** Users sign in with their NetID and can reserve meals.
- **Guest Login:** Limited-access guest login is available.
- **Meal Sign-ups:** Users may sign up for meals (with limits to ensure fairness).
- **Admin Dashboard:** Comprehensive admin interface for managing users, reservations, settings, and website content.
- **Content Management:** Dynamic website content management through the admin interface.
- **Semester Purge:** One-click semester cleanup functionality.
- **CSV Downloads:** Reservation data is downloadable in CSV format.
- **Responsive Design:** The interface works well on both desktop and mobile devices.
- **Security & Performance:** Built-in CSRF protection, rate limiting, and a strict Content Security Policy.
## Security Features
### Authentication & Authorization
- **Session Management**: 8-hour session timeout with automatic logout
- **Input Validation**: All inputs are validated and sanitized
- **CSRF Protection**: Built-in CSRF protection on all forms
- **Rate Limiting**: Protection against brute force attacks
- **Secure Headers**: Content Security Policy and other security headers
### Data Protection
- **Password Hashing**: All passwords are hashed using pbkdf2:sha256
- **SQL Injection Protection**: Parameterized queries throughout
- **XSS Protection**: Input sanitization and output encoding
- **Session Security**: Secure, HTTP-only cookies with SameSite protection
## Admin Instructions
### Getting Started
1. **Default Admin Account:**
- Username: `admin`
- Password: `admin`
- **Important:** Change this password immediately after first login
2. **Accessing the Admin Dashboard:**
- Navigate to `/admin/login`
- Use your admin credentials to log in
### Admin Dashboard Tabs
#### 1. Reservations Tab
- **Download CSV:** Download reservation data for specific weeks or all reservations
- **Daily Management:** View and manage reservations for each day of the week
- **Manual Reservations:** Add users to meal slots manually (bypasses capacity limits)
#### 2. Users Tab
- **Upload Users:** Upload CSV files with NetID and name pairs
- **Bulk Operations:** Add or remove multiple users at once
- **Individual Management:** Add or remove individual users
- **User Overview:** View all users and their current reservations
#### 3. Admins Tab
- **Admin Management:** Add or remove admin accounts
- **Super Admin:** Only the default "admin" account can add/remove other admins
#### 4. Settings Tab
- **Reservation Mode:** Choose between automatic, manually open, or manually closed
- **Automatic Settings:** Configure when reservations open and close
- **Time Zones:** All times are in US Eastern Time
#### 5. Content Tab (NEW)
- **Website Content Management:** Edit all text content on the main meal signup page
- **Dynamic Content:** Change welcome messages, meal rules, contact info, and more
- **No Code Editing:** All content changes can be made through the admin interface
**Available Content Keys:**
- `welcome_header`: Main page header
- `welcome_message`: Welcome message below header
- `contact_info`: Contact information text
- `feedback_link`: Feedback form URL
- `feedback_text`: Feedback text with link
- `meal_rules_title`: Title for meal rules section
- `meal_rules`: Meal signup rules (one rule per line, separated by \n)
#### 6. Purge Tab (UPDATED)
- **Archive & Purge:** Archive all data before deletion for sentimental purposes
- **Download Archive:** Download a CSV file containing all archived data
- **Clear Archive:** Remove archived data to free up storage space
- **Fresh Start:** Use at the beginning of each semester
- **Safety Warnings:** Multiple confirmation dialogs prevent accidental purges
### Semester Management Workflow
1. **Start of Semester:**
- Use the **Purge** tab to archive and clear all old data
- Download the archive file for sentimental purposes (optional)
- Upload new user list via the **Users** tab
- Configure reservation settings in the **Settings** tab
- Update website content in the **Content** tab
2. **During Semester:**
- Monitor reservations in the **Reservations** tab
- Download CSV reports as needed
- Manage users as they join/leave
3. **End of Semester:**
- Download final CSV reports
- Use **Purge** to archive and prepare for next semester
- Consider downloading the archive file for sentimental purposes
### Content Management Best Practices
1. **Meal Rules:** Update rules in the Content tab when policies change
2. **Contact Info:** Keep kitchen manager contact information current
3. **Welcome Messages:** Customize messages for special events or announcements
4. **Feedback Links:** Update feedback form URLs as needed
### Security Notes
- **Password Security:** Use strong passwords for admin accounts
- **Access Control:** Limit admin access to trusted individuals
- **Data Backup:** Regularly download CSV reports for backup
- **Archive Safety:** Data is archived before deletion, but the purge function cannot be undone - use with caution
- **Session Timeout:** Sessions automatically expire after 8 hours for security
### Technical Support
- **Database Issues:** Use the `migrate-db` command to update schema
- **Cache Issues:** The system automatically clears cache during purge
- **Performance:** The system uses caching for optimal performance
- **Error Logs:** Check application logs for detailed error information
## Installation & Deployment
### Prerequisites
- Python 3.9 or higher (required for `zoneinfo` module)
- Redis server (for rate limiting and caching)
- SQLite (included with Python)
### Installation
1. **Clone the repository:**
```bash
git clone
cd charter-meals
```
2. **Create virtual environment:**
```bash
python -m venv .venv
source .venv/bin/activate # On Windows: .venv\Scripts\activate
```
3. **Install dependencies:**
```bash
pip install -r requirements.txt
```
4. **Create secret key:**
```bash
# Generate a secure secret key (at least 32 characters)
python -c "import secrets; print(secrets.token_urlsafe(32))"
```
Create a `secrets.txt` file with the generated key.
5. **Initialize the database:**
```bash
flask init-db
```
6. **Run the application:**
```bash
flask run
```
### Production Deployment
1. **Set up Redis:**
```bash
# Install Redis (Ubuntu/Debian)
sudo apt-get install redis-server
# Start Redis
sudo systemctl start redis-server
```
2. **Configure environment:**
```bash
export FLASK_ENV=production
export FLASK_APP=app.py
```
3. **Run with Gunicorn:**
```bash
gunicorn -w 4 -b 0.0.0.0:8000 app:app
```
### OpenBSD Deployment (chartermeals.com)
The production server runs on OpenBSD. An init script is provided:
1. **Copy the init script:**
```bash
doas cp rc.d/gunicorn_charter /etc/rc.d/
doas chmod 755 /etc/rc.d/gunicorn_charter
```
2. **Enable and start the service:**
```bash
doas rcctl enable gunicorn_charter
doas rcctl start gunicorn_charter
```
3. **Service management:**
```bash
doas rcctl restart gunicorn_charter # Restart after updates
doas rcctl stop gunicorn_charter # Stop service
```
**Production paths:**
- Application: `/var/www/htdocs/www.chartermeals.com`
- Database: `/var/www/data/meals.db`
- Virtual environment: `charter_env` (within application directory)
**Note:** If you rebuild the virtualenv on OpenBSD, reinstall `zstandard` from source:
```bash
pip install --no-binary :all: zstandard
```
### System Requirements
- **Memory:** Minimum 512MB RAM
- **Storage:** 1GB free space for database and logs
- **Network:** Internet access for external fonts and CDN resources
## Troubleshooting
### Common Issues
1. **Database Connection Errors:**
- Ensure the database directory has proper permissions
- Check if SQLite is properly installed
- Verify database file path in configuration
2. **Redis Connection Issues:**
- Ensure Redis server is running: `redis-cli ping`
- Check Redis configuration in app.py
- Verify Redis port (default: 6379)
3. **Session Issues:**
- Clear browser cookies and cache
- Check if secret key is properly set
- Verify session cookie settings
4. **Performance Issues:**
- Check Redis cache status
- Monitor database query performance
- Review application logs for errors
### Logging
The application logs important events and errors. Check logs for:
- Database connection issues
- Authentication failures
- Cache errors
- General application errors
### Maintenance
- **Regular Backups:** Download CSV reports weekly
- **Database Maintenance:** Run `flask migrate-db` after updates
- **Cache Clearing:** System automatically clears cache during purge
- **Log Rotation:** Implement log rotation for production deployments
## Dependencies
### Core Dependencies
- **Flask 2.3+**: Web framework
- **Flask-WTF 1.1+**: CSRF protection and form handling
- **Flask-Limiter 3.4+**: Rate limiting
- **Flask-Talisman 1.0+**: Security headers
- **Redis 4.5+**: Caching and rate limiting storage
- **Flask-Compress 1.13+**: Response compression
- **Flask-Caching 2.0+**: Application caching
- **Gunicorn 21.0+**: WSGI server for production
- **Werkzeug 2.3+**: WSGI utilities
### Security Features
- CSRF protection on all forms
- Rate limiting for login attempts
- Secure session management
- Input validation and sanitization
- Content Security Policy headers
## License
This project is proprietary software for the Princeton Charter Club.
## Contributing
For internal development and maintenance:
1. Follow the existing code style
2. Add comprehensive error handling
3. Update documentation for any new features
4. Test thoroughly before deployment
5. Consider security implications of changes
## Support
For technical support or questions:
- Check the troubleshooting section above
- Review application logs for error details
- Contact the development team for critical issues