# SwiggyTix, in Common Lisp
SwiggyTix is a service that allows for minimal dependency, no mobile-app
event management. Event hosts can manage vendors and attendees, vendors
can scan attendee badges, and event hosts can provide lead retreival
services based on those scans.
## Required packages
- sbcl (`pkg_add sbcl`)
- QuickLisp (see https://www.quicklisp.org/beta/)
- fast cgi development kit (`pkg_add fcgi`)
## Running (OpenBSD)
1. Make sure the `swtx` user exists.
# groupadd swtx-dev
# useradd -s /bin/ksh -c "SwiggyTix" -m -G swtx-dev swtx
# mkdir -p /home/swtx/common-lisp
# chown swtx:swtx-dev /home/swtx/common-lisp
# openssl rand -base64 64
# passwd swtx
2. Make sure your user is able to execute the `doas` commands in
the reference file "files/doas.conf.entries".
3. Ensure there is an inclusion of "/etc/httpd.conf.swtx" in the host
/etc/httpd.conf file
4. install files: `make install`
5. Ensure the presence of "/home/swtx/secrets/{jwt.api-id jwt.app-id jwt.secret}"
6. "make run-on-host"
7. healthcheck: `curl 127.0.0.1/api/all-ok-p`
## Populating the database
0. Make sure the service is running: `curl 127.0.0.1/api/all-ok-p`
1. `cd tools`
2. `./bulk-create-vendors.sh`
3. `./bulk-create-attendees.sh`
## Setup Gotchas
1. Make sure acme-client has created the required certificate and keys
2. FCGI server type for clack
## TODO
1. Update endpoint protections to match security matrix:
2. Update auth documentation
- https://docs.google.com/document/d/1l2JnH5Rsm6ZfEmSfk3CVFP-XnjZGn2O2u0qIeqcRLDE/edit?usp=sharing
- https://docs.google.com/spreadsheets/d/1XW2-8ybUhc6QMFYqIUotqTnH51kwC_LbH9G5KuCBze8/edit
3. Consider handling multiple concurrent conferences
- maybe a separate domain with a separate instance?
tts23.tix.sw.gy ?
flts24.tix.sw.gy ?
4. Document requirements for PCI DSS
5. Capture details for Apple Pass format
6. Implement soft deletions:
Prefix keys with "x."
- Deletion action endpoint
- `delete-x.sh` tools
10. Audit db
- Endpoint actions
- access.log lacks the provided data, include that in the audit log (db?)