tsumaru720 / conspectus Goto Github PK

Off the back of fe0e0ef

should strip spaces from the start and end of the description before comparing it with other items (And blank).

If you try to add things larger than the db schema will allow, it actually fails and doesnt tell you. Should probably validate the length

Mobile view sucks

The smaller graphs are too squashed and the layout just doesn't work properly.

Metrics for performance calculated based on January's input should probably count towards the previous year

theme.php is where custom routes are defined, but at present, it will only ever load the default theme.php and will completely ignore any custom theme set in the config.

The pageLoader constructor will load in theme.php but this class is loaded before the config is parsed, so we'll never get a custom theme.php :(

Documents should have the ability to provide custom URLs for either CSS or Javascript so that they get loaded in the correct place (controlled by the template)

via @ShaneMcC
related to #36

Could set a unique flag onto the desired field in our schema and allow SQL to enforce no duplication?

Would likely need to tweak our PDO/SQL code for this

When we're viewing graphs that have more than [6,12,24,26] etc months of data, offer to filter between them

so like
Show all
Show last 12 months
Show last 24 months, etc

Also show 2017, 2018, 2019 etc

The asset name is printed unescaped inside some javascript (ick) on the breakdown page.

Naming an asset '+alert('hi simon')+' results in:

// TOTALS CHART
var data = {
	labels: labels,
	datasets: [
		{
		label: ''+alert('hi simon')+'',
		backgroundColor: pastel_colour(''+alert('hi simon')+''),
		borderColor: pastel_colour(''+alert('hi simon')+''),
		borderWidth: 1,
		data: [
							'1.00',
					]
	},
		]
};

If an asset doesn't exist you get a really ugly single line error, instead of the normal 404 page. It should just show the 404 page?

Theme authors may wish to create a whole new page that the core does not correctly handle. Should be able to add new routes on a per-theme basis

Look into implementing Holt-Winters (ETS) Algorithm

Something like
https://machinelearningmastery.com/exponential-smoothing-for-time-series-forecasting-in-python/
http://phpir.com/smoothing-with-holt-winter
https://github.com/ianbarber/PHPIR/blob/master/holtwinters.php

Or ARIMA (or both!)

Via @csmith

If you try to edit an asset that doesn't exist, the edit seems to work and redirects you to the corresponding view page, which then errors. I'd expect the edit attempt to fail.

Repro steps:

1. Create an asset
2. Edit it
3. Change the value of the 'asset class' to some random text
4. Submit the form
5. Explosion:

Fatal error:
Uncaught Error: Call to a member function render() on null in /home/demomoney/public_html/themes/default/theme.php:14
Stack trace:
#0 /home/demomoney/public_html/app/PageLoader.php(74): Theme->render()
#1 /home/demomoney/public_html/app/Router.php(91): PageLoader->display('asset_manager')
#2 [internal function]: Router->{closure}('74')
#3 /home/demomoney/public_html/vendor/bramus/router/src/Bramus/Router/Router.php(379): call_user_func_array(Object(Closure), Array)
#4 /home/demomoney/public_html/vendor/bramus/router/src/Bramus/Router/Router.php(361): Bramus\Router\Router->invoke(Object(Closure), Array)
#5 /home/demomoney/public_html/vendor/bramus/router/src/Bramus/Router/Router.php(287): Bramus\Router\Router->handle(Array, true)
#6 /home/demomoney/public_html/app/Router.php(17): Bramus\Router\Router->run()
#7 /home/demomoney/public_html/app/Main.php(51): Router->run()
#8 /home/demomoney/public_html/public/index.php(5): Main->__construct()
#9 {main} thrown in /home/demomoney/public_html/themes/default/theme.php on line 14

First setup at the minute is a lot of guess work if you dont know what you're doing.

Havent properly decided how/what I want to do yet, but for the purposes of getting a proof-of-concept the current pages use PHP/Twig to write inline javascript for rendering graphs. 🤢

Ideally I want this to be something I can just hit and pull json from to populate the graphs. This would ultimately allow me a lot more flexibility with how the graphs work.

I think the simplest initial revision would be a basic API of sorts that would have a number of "views" defined - each view representing the data required to display one graph. The only issue with this method is 1 page view with say 30 graphs would result in 30 additional hits to the "graph api" which might hamper performance/usability a bit.

Will need some additional testing

Happy to take discussion/suggestions on this

Related kinda to #25

Seems assets that dont have any historic logs (not even a zero value one) also throw errors on Analytics/Projections

Undefined index: periodData

Undefined index: actual

Division by zero

Might be a good idea to have the ability to pin/unpin "favourites" in the left menu so they are duplicated near the top. Could be useful if you have a large list of things

related to #20

If you have a month-long or more gap in the data, this is not currently represented nicely. I think I want to fill in "blank" months to show the passage of time

Current behaviour:

Adding a class that has no assets allocated to it shows as invalid class when trying to view it

Assets that have 0 value currently throw division by zero errors when you view their 'projections' tab:

Warning: Division by zero in /var/www/html/themes/default/app/projections.php on line 15
Warning: Division by zero in /var/www/html/themes/default/app/projections.php on line 15
Warning: A non-numeric value encountered in /var/www/html/themes/default/app/projections.php on line 14

If you want other people to be able to use/contribute you should add some kind of licence :)

https://choosealicense.com/

MIT is nice.

(If you don't want other people doing that you should add an explicit copyright statement to that effect to avoid any confusion!)

Collapsible left menu
(via @dominicbr)

Per subject

At certain window sizes, the content is just long enough that the scroll bar is needed - chartjs will dutifully resize its width to accommodate which means it no longer needs the scroll bar - so resizes to fit... rinse .. repeat

Reproducable on Breakdown at
Window: 1920px x 1031px Viewport: 1920px x 927px

and Dashboard at
Window: 1917px x 1097px Viewport: 1917px x 993px

(via @ShaneMcC)

Themes ideally need to be able to ship their own static files (CSS/Javascript/Images) etc. Current "public" folder kinda gets in the way of that.

Should probably look at making the "All Asset" view pages be their own template files. Might look into splitting class/asset views also... if someone makes a template they might want the pages to be completely different

validation failures should indicate what the problem is to the user

Example: https://demo.money.agari.co/view/class/999

Notice: Undefined variable: last in /home/demomoney/public_html/themes/default/app/item_view.php on line 129

Notice: Undefined index: asset_total in /home/demomoney/public_html/themes/default/app/item_view.php on line 130

Notice: Undefined index: gain in /home/demomoney/public_html/themes/default/app/item_view.php on line 131

investigate making this work in docker

Please add percentages to the asset breakdown doughnuts alongside the actual values.

Create a new asset with something XSSy, eg:

<script>alert(document.cookie);</script>

Go to the 'input data' page and be greeted with an alert:

Kinda want to have a default config that is loaded in - but have a user-defined one that replaces variables

The navigation options on the side (Currently General, Classes and Assets) are all collapsible but there is no indicator as to their state

This becomes a problem with the additional search stuff added 9ec1d5c because if we collapse one of them, it may still find results when searched, but these wont be displayed and you wouldn't know the section is minimized

plugins for auto-updating values

Investigate removing feathericons in favour of fontawesome ones

Would be nice to have an option to add comments to a particular month to illustrate things nicely

Could change bar colour on graph or something to highlight its a "comment" month

I need to deal with accounts that have been closed or are otherwise no longer used. If we dont, then the list of assets will just keep growing.

We cant just delete the account because then the historic data for it wont make sense.

Example
https://demo.money.agari.co/view/asset/_22

Example: https://demo.money.agari.co/view/foo/bar

Notice: Undefined variable: dataQuery in /home/demomoney/public_html/themes/default/app/item_view.php on line 98

Fatal error: Uncaught Error: Call to a member function setFetchMode() on null in /home/demomoney/public_html/app/MySQL.php:36 Stack trace: #0 /home/demomoney/public_html/themes/default/app/item_view.php(98): MySQL->fetch(NULL) #1 /home/demomoney/public_html/app/PageLoader.php(55): Document->__construct(Object(Main), Object(Twig\Environment), Array) #2 /home/demomoney/public_html/app/Router.php(37): PageLoader->display('item_view') #3 [internal function]: Router->{closure}('foo', 'bar') #4 /home/demomoney/public_html/vendor/bramus/router/src/Bramus/Router/Router.php(379): call_user_func_array(Object(Closure), Array) #5 /home/demomoney/public_html/vendor/bramus/router/src/Bramus/Router/Router.php(361): Bramus\Router\Router->invoke(Object(Closure), Array) #6 /home/demomoney/public_html/vendor/bramus/router/src/Bramus/Router/Router.php(287): Bramus\Router\Router->handle(Array, true) #7 /home/demomoney/public_html/app/Router.php(16): Bramus\Router\Router->run() #8 /home/demomoney/public_html/app/Main.php(19): Router->run() #9 in /home/demomoney/public_html/app/MySQL.php on line 36

There doesn't seem to be anything standing in the way of a cross-site request forgery attack, from what I can see.

This means that a malicious user, knowing you use conspectus, could add some javascript to their own page and when you happen to visit it make your browser submit arbitrary requests to conspectus. (And because it comes from your browser, it'll have your cookies, send BASIC authentication if you're already logged in, etc, etc).

The general way to prevent it is to generate a random token and put it in both a server-side session var and a hidden form field, then when the form is submitted check that they're the same.

Loosely related to #40 in that I need to re-work generic error pages. I want to have the ability to display an error akin to if it was a page - That is to say, keep the navigation links etc visible, but show an error.

"New" assets currently show empty graphs and whilst thats fine - probably want to replace this with a "No Data" or something "Error" message until you add some values

Bramus router allows regex for digits - Should probably use this instead of rolling our own

01efcd5#r37475964

Repro steps:

1. Create an asset 'foo'
2. Try to create a second asset 'foo', it's not allowed
3. Create an asset 'bar'
4. Edit 'bar' and change its name to 'foo'

Allow CSV upload or something to bulk import

Add support for defining custom groups. These ideally should be handled similarly to when viewing a class, but obviously displayed as a separate menu item under groups

For example you could define "Emergency Fund"
and add assets "Current Account", "Easy Access Savings"

I think I want to provide a public demo of this, on the condition that the DB will reset every x amount of time.

May need to look at tweaking the template engine so i can have a proper demo template that mostly inherits from the parent.

I'd like the ability to host a read-only copy of the dashboard.

The read-only version would (ideally) present all of the same data, just remove the ability for the viewer to add any new data points.

Ideally this would be achieved through an auth mechanism of some sort, but I'm not opposed to hosting a separate "Read-only" instance of the dashboard either.

Should probably improve the docker-yness at some point once i have a better grasp of it.

Things like making it an image on dockerhub and general improvements