Define Tech Stack

[miawinter98]

• [x] backend
• [x] frontend
• [x] infrastructure
  • [x] Sqlite for data should be enough, maybe add postgress support later, can also assist with key storage
  • [x] Anything related to CalDav?
  • [x] Email Integration?
  • [x] Bot protection?

[uniqueNullptr2]

backend c#, go or rust is fine for backend. I have no strong preference

frontend blazor would be fine but I have not used it before if we go with something javascript I would opt for solidjs (seems lightweight but I have not used it before) or angular. although it would be really cool if we could create it in a way that does not require javascript to work. but my frontend expertise is to limited to say if we could make that look in any way pleasent.

infrastructure sqlite... I don't think it matters much which we implement first, but having support for at least sqlite and postgres down the line would be good

caldav seems not too trivial to implement. at the very least I have not found any libraries that make it easy to implement the server side but since there are a lot of client libs available maybe we can add it as an option to sync calendar events to an external calDav and just leave that configuration and calDAV choice to the end user otherwise going through the specs and implementing it could also be fun

email integration Is ther anything beside SMTP on your mind? But we should definitely be able to send emails in some way.

bot protection what options do you know besides captchas captchas would probably do the trick in our case but I dislike them greatly would rather have them as an option to configure and also have other measures to prevent or reduce the impact of abuse

[miawinter98]

For backend I think I would prefer c#, since minimal API and controllers are nice and this also offers the option of AOT once .net 9 is out (.net itself already supports it, but EF doesn't and has it planned for 9)

Frontend I think I would like to do some JS framework for easy client side stuff. Would probably prefer next.js because it's batteries included, least pain to support and maintain.

For bot protection a couple things can be done in theory, like an event only gets proper scheduled once you have confirmed it through a confirmation email link, and it's "reserved" for like 30 minutes otherwise. This does of course not cover a DOS, like through scheduling everything, here measures like rate limiting would be needed, but personally I'd say DOS is out of scope for now. Otherwise one can theoretically implement some kind of captcha mechanism oneself (the "Add these two numbers that you see on this low quality image" kind) but idk if they are worth it for how easy they can be broken, especially in the age of big LLMs.

[jan-leila]

I'm working on a similar ish project rn and what I will say about calDAV is make sure that if you do it client side that you are getting features out of that you can't get from doing it server side because of:

1. Storing credentials is a pain, this is an app with user generated content so we should expect that at some point a XXS will happen so it should be stored in a httpOnly cookie (I have not found a js lib that supports this so roll your own here ig)
2. When you do use httpOnly cookies to store your credentials you can only store one at a time per site so if a user has multiple accounts it becomes a nightmare to deal with logging into everything again if both acts use the same calDAV server
3. CORS is going to be the bane of your existence on the front end from both a user understanding of how things work perspective (I would imagine anyone self hosting shit would use NextCloud which requires you to use a plugin an config it just for calDAV cors things to work) but also if you want to support things like Digest access authentication getting the WWW-Authenticate header for your realm and nonce just isnt allowed

[uniqueNullptr2]

c# and next.js is fine.

yeah email verification is a good idea. further bot protection we can add down the line as well.

[miawinter98]

Thinking about the MVP, I got two more Ideas for consideration:

• Making the frontend compatible with embeds, simplest solution here would just make it fit in a 400x300 iframe or something
• I just forgot the second one while writing this

[4censord]

In addition to caldav, consider ical. On the access side its very simple, just have a path the client can regularly fetch an ical file from. No idea on the implementation/libary side though.