While anyone can be a Geek.Zone member regardless of their age, those under 18 years need oversight from their parent/guardian.

For MVP, only allow registration from those who are over 18 years old. Ask those under 18 to contact [email protected]

Thanks for your interest in joining Geek.Zone! We are eager to have you on board, however, as you are under 18 we need to speak to your parent or guardian. Please ask them to email [email protected] to request membership on your behalf. Thanks!

In the "Contributing" section of readme.md add link to

• https://www.firsttimersonly.com/
• http://opensource.guide/how-to-contribute/

Background

The test.geek.zone DNS entry is manually configured in Cloudflare against an AWS loadbalancer that is configured in kubernetes config.

It would be nice if the management of this DNS entry could be done in the Kubernetes cluster. This might also make it easier for us to deploy pull request branches to nice domain names in the future.

Resources

I came across this helm plugin for cloudflare DNS in kubernetes that might be helpful https://github.com/estafette/estafette-cloudflare-dns.

Impact

High

Urgency

Now

Background

We have chosen to use PostgreSQL as our database for this project. We will need to set up a pgsql database in AWS before we go live - and ideally early on in the development process.

Notes on approach

Two ways of deployment immediately come to mind:

• Use Amazon RDS
• Deploy to the kubernetes cluster

I would lean towards RDS for two reasons:

• It is a managed service that amazon secures, patches, and updates
• I believe it has high availability built in (fail over replication etc)
• I imagine that setting up a database in RDS would be rather tricky

Kubernetes does have some positives that come to mind though:

• We can install whatever extensions we want
• We can use whatever configuration we want
• If we moved to a different cloud provider the k8s configuration would likely require minimal changes

From a security, reliability, and performance perspective I believe it would be better to have a separate development and live database instance.

Impact

?

Urgency

?

Requires #39

Check if a Sand membership fee is due on each member.

If Sand membership fee not yet paid (new member)

• force payment process on login
• send a reminder email after 24 hours
• send a reminder email after 72 hours
• delete account after 120 hours and send email to notify.

If Sand membership fee is due soon, send member reminders to pay.

If Sand membership fee is not paid after six months,

• update their membership termination date
• The author on posts published by that member must be changed to "Anonymous [animal]"
• their member profile must be set to private.

If the former member does not re-join Geek.Zone in the 12 months following the membership termination date, delete their personal data. Posts and articles that the member published remain but personal data must be deleted.

Notes for the future
Each membership type (see #47) will need its own retention policy, including what happens to the member if they do not pay within the allotted time period. Not required at MVP but worth bearing in mind for the future.

It is also important to consider that this should be user editable by those in the the Trustees group, #47, in the future.

Requires further discussion and involvement from the Treasury and Trustees.

Background

There are two tiers of membership planned

• Sand - basic annual membership at a cost of £1 + donation per year
• Space - monthly membership that gives you access to https://geek.zone/01. Expected to cost £1 + donation per month

We need to implement Sand membership before the release of membership management as that is what all existing Geek.Zone members are currently paying.

We are planning to support multiple methods for payment so as to be as inclusive as possible. The first payment method we plan to support is UK Direct Debit via BACS.

• Password strength checking
• Throttling of login attempts

Not required on registration, should be included in user account as a "complete your membership" task.

Ask member for the following permissions.

• Photos, Audio & Video
• SMS Updates
• SMS System Messages
• Email Updates
• Constitutional Emails (required)
• Telephone
• Postal Updates
• Constitutional Post (required)

Impact

High

Urgency

Now

Make the site look goodish

Background

Currently all merges to master are automatically deployed to test.geek.zone using our circleci build. This is very useful - it allows anyone with commit access to get changes released without direct access to the Kubernetes cluster.

It would be great if we could deploy pull requests to the k8s cluster to allow for easier testing and review of pull requests. Right now this is possible if you have commit access as you can directly modify the circleci config and it will be run. The downside to this is that it deploys to test.geek.zone, removing what was there before.

I propose that we deploy all pull requests to a url like pr-number-branch-name.pr.geek.zone and then deploy to test.geek.zone on merge to master.

When we deploy this change to live merges to master would deploy to the home of this project instead of test.geek.zone.

Thoughts?

Impact

?

Urgency

?

Background

The current deployment of test.geek.zone introduced in #10 is only setup for HTTP. We should configure test.geek.zone to use HTTPS instead.

This might require using something other than a LoadBalancer service in Kubernetes. Setting this up fairly early on in the development cycle will make this process easier when we go to production with membership management.

Implement Google reCAPTCHA v3 to identify when a guest appears to be a bot, then challenge them if they might be a bot.

Split from #30

Allow member to opt-in to publish a public profile. User should select a URL with the format geek.zone/[username]

Members should be able to set their profile visibility to

• private only (default)
• other GZ members only
• public

If member leaves GZ, set profile to private. Retention policy will take care of member deletion.

Impact

High

Urgency

Later

We need to ensure that we have got the correct postal address for every member. Digital postal address validation is never 100% accurate, so the only way to be certain is to actually post a thing to the member.

1. Send member a physical welcome letter when they join Geek.Zone
2. In that letter, include a random validation code. Ask member to enter this in their account.
3. In the member account, create an area that checks to see if that code is correct. If code is correct, mark address as valid. If not, do not mark address as valid.
4. If user changes postal address, repeat validation

Originally logged in Trello card HCCw8goZ

Impact

High

Urgency

Now

• create account from member mojo information
• user sets a password on first login (maybe set a temp password for them)
• when the user logs in for the first time they will be prompted to setup a direct debit and confirm their yearly donation amount
• create a subscription for the member in stripe with a trial_end of the end of their membership in member mojo
• send a courtesy email a month before they are to be billed to allow them to cancel in time
• provide the member a way to delete their information and cancel their current membership?

Impact

High

Urgency

Later

Background

We will need some kind of logging and monitoring solution for our application hosted on kubernetes. We should be able to:

• Hoover logs into a central location such as Graylog or ELK in a GDPR compliant way
• Allow trusted members to search through those logs
• Gather metrics on the various aspects of our system eg: number of 5xx responses, sql query performance, etc
• Send alarms to certain members when serious errors that require investigation occur

Impact

High

Urgency

Now

I have created a wiki page, GitHub Sponsors Intro, so that we can all contribute to this together!

I have signed GZ up for GitHub Sponsors. Before they can accept our application, they need;

Short bio (250 characters)
This is used where your sponsorship is shared (e.g., social cards and github.com/sponsors if you opt-in to be featured).

Introduction
This is the main content that appears on the GeekZoneHQ GitHub Sponsors profile, so it is a great opportunity to help potential sponsors learn more about you, your work, and why their sponsorship is important to you.

Here are some ideas of what we can tell potential sponsors:

• Who are you, and where are you from?
• What are you working on?
• Why is their sponsorship important? How will you use the funds?

Impact

?

Urgency

?

Requirements

We require an easy way for contributors to test and deploy their work to testing and production environments.

• Pick a deployment method (elasticbeanstalk, kubernetes, EC2)
• Hand rolled kubernetes cluster in AWS (production-level setup can come at a later stage)
• Build and deploy changes to k8s on merge to master

In the future I would like trusted members to be able to deploy pull requests to a test environment. eg my-branch.test.geek.zone. This can be dealt with at a later date.

Need to ask users for consent to put cookies on their computer. GDPRify.

Suggestions
Potential soltuions might include,

• https://django-cookie-consent.readthedocs.io/en/latest/
• https://pypi.org/project/django-cookiebanner/

Avoid,

• https://pypi.org/project/django-cookie-law/

Impact

High

Urgency

Later

All links that lead to domains outside of geek.zone should have a trailing icon showing that it is an external site. For example, Wikipedia does this.

Brownie Points
Show a different icon for external links that lead to a site that Geek.Zone will be paid for the referral, such as an affiliate link. Could be activated by a tag in the link, perhaps.

Impact

High

Urgency

Now

Users should be able to join groups within Geek.Zone. For example, some people within Geek.Zone might be particularly interested in Anime, while others might be interested in Software Development. These member groups will help to organise the community and perform automated actions to improve the membership experience.

Each group should be able to define its own membership requirements and benefits, including but not limited to,

• email mailing list address - requires #48
• web page address - Geek.Zone/group
• web page content - requires #82
• membership onboarding requirements, for example
  • admin approval
  • community poll approval (eg Discord mods group)
  • take specified course(s), requires #506
  • pay a fee (should require Trustee approval)
• Contributor type - will group members perform work for Geek.Zone?
  • Volunteer
    Members of this group will perform unpaid work for Geek.Zone.
  • Staff
    Members of this group are paid Geek.Zone employees.
  • Participant
    Members of this group will participate in activities but will not perform work for Geek.Zone.
• membership period
  • until member leaves
  • Dead man's switch
  • x days/weeks/months/years
  • until date
• automated membership actions, reversed on group departure - for example,
  • added to our GitHub org - see #477
  • added to a Discord role
  • added to facebook page editors
• grace period
• chat channels

Members should be able to create new groups.

If a member is in >0 staff groups, their personal contribution status is staff. They can not count toward Geek.Zone volunteer numbers. They should count toward Geek.Zone staff numbers.

Impact

High

Urgency

Now

Geek.Zone is all about our members, so your contribution is important! Add your name to humans.txt

Add member minecraft username, see #55, to the Geek.Zone/Minecraft allow list. If member leaves Geek.Zone, remove member from Geek.Zone/Minecraft allow list.

Impact

High

Urgency

Now

Automate the process of providing all data that Geek.Zone holds on a user to that user.

Impact

High

Urgency

Now

Automate the process of deleting all user data under GDPR article 17, including on other platforms.

Provide user with the following warning.

This is the nuclear option. If you proceed, you will never have existed from our perspective. All your contact details will be erased, everything you have ever published at Geek.Zone will be attributed to "Anonymous" and you will be removed from all our social media channels. There is no way back from this.

If you have complaints or concerns, please discuss them with our Trustees on [email protected] first, as we will be able to address them for you. If you just want to leave Geek.Zone temporarily because, for example, you are going on holiday, do not do this.

If you do choose to proceed, Geek.Zone will always welcome you back in the future. You will, however, need to register an entirely new account, so you will never be able to reclaim attribution for anything you did previously.

Are you sure you want to continue?

Impact

High

Urgency

Now

Allow users to use the following methods of 2FA

Priority:

1. Auth app (eg google authenticator)
2. Physical key (eg Yubikey)
3. SMS (highly discouraged)

The 2FA settings page should link to the GZ blog post about 2FA (variable to be set by Trustees group). This will explain why one should avoid SMS auth.

Impact

High

Urgency

Now

ERD needs to show fields that can store the

• social media usernames of members; Facebook, Twitter, Instagram, tiktok, linkedin
• contact information confirmation flags for phone, email and postal address

First timers only please!

Add this shield to the top of readme.md

https://img.shields.io/github/license/geekzonehq/web

If you would like to, I would be happy to go through this with you together. Just select a time that works best for you.

Background

We have a basic deployment that will get this code base on to a Kubernetes cluster, but we need to be able to run database migrations before deployment.

As of writing this issue this isn't so much of a concern as we are using a sqlite database that could be committed to the repository with migrations run before merge - as soon as we move to a postgres database this will be essential.

If prospective member is under 18,

• request email address of parent of guardian
• send email to guardian to set a Geek.Zone account up for the child

Guardian must be

• over 18
• the children’s legal guardian

In guardian email, include button

"Set up a Geek.Zone account for the child"

1. Request child

• date of birth
• email address

2. Request payment details

Impact

High

Urgency

Later

Add the first-timers-only badge to the web repo readme

[![first-timers-only](https://img.shields.io/badge/first--timers--only-friendly-blue.svg?style=flat-square)](https://www.firsttimersonly.com/)

Allow member to add emergency contacts to their account. Required information:

• Emergency contact full name
• Emergency contact telephone number (mobile preferred)
• Emergency contact relationship
• Emergency contact priority - which order to call contacts in

Provide access to emergency contacts to those in Trustee group, see #47

Member should be encouraged to add at least one emergency contact. Member should be able to add infinite emergency contacts.

Impact

High

Urgency

Now

Requirements

We should think about the database schema before we write it in Django. This should result in a better design, act as documentation, and make it easier for others to contribute to building the membership management system.

It would be ideal if this schema lived in the git repository in a format that could be easily edited by others. This would give us the opportunity to update it over time, even if we choose not to take that opportunity.

Requirements

A basic user registration form that allows new people to sign up for Geek.Zone membership. This initial basic form should focus on the minimum required to register someone to Geek.Zone.

• full name
• preferred name
• email address
• date of birth (saved to the db in iso8601 format)
• a password (so they can log in to their account)
• Their agreement to the geek.zone constitution

This first pass does not include taking payments

Members should be able to upgrade their membership level to allow them to get more from GZ. For example, "Space" membership allows members to access Geek.Zone/01.

Allow Trustee group, see #47, to add and configure membership types. Trustees should be able to configure the membership type,

• name
• cost
• duration
• payment grace period (how long a member has after payment is due)
• what happens to a member after the grace period
  -- delete member
  -- downgrade to other membership type

Background

Before we go live we should ensure we are doing everything we can to keep this application secure and performant. Django has provided a nice checklist that we should follow which can be found at https://docs.djangoproject.com/en/3.0/howto/deployment/checklist/.

We should also ensure we follow the Stripe integration checklist before taking payments from real Geek.Zone members. The Stripe checklist can be found at https://stripe.com/docs/payments/checkout/live.

And finally we should ensure all requests and assets are served over HTTPS, and that certificate renewal is automated, or documented and delegated to a trusted individual.

Not specific to this repo but seems like as good a place as any to log this!

On 2020-11-30T19:00 I will turn on "Require two-factor authentication for everyone in the Geek.Zone organization." All those without 2FA enabled on their GitHub account will be removed from the Geek.Zone GitHub org and will need to be re-invited once they have 2FA activated. I don't want to boot people at all, let alone without giving you a chance to sort it first!

I would be most grateful if you could please,

• activate 2FA
• confirm completion in the comments, feel free to leave the ticket too

Activating 2FA not only helps to secure the Geek.Zone GitHub org but also your own GitHub account. It takes moments to set up but could prevent something dreadful, so its a great measure to take on all your accounts. Do it now!

Every Geek.Zone will need a door entry system that can check the "Members of Space" group, see #47, and allow Space Members to enter.

Initial version should use RFID card or one time QR code.

Future version could use host card emulation.

Scanning device will

1. Scan presented QR code
2. Translate QR code into string
3. Request OTP validity from server
4. If OTP is valid, scanning device will perform an action, if not, it will perform a different action.

If request is sent with invalid API key, 401 will be returned

For example, if OTP is valid, open the door.

Originally logged in Trello card vsAllEVQ

Impact

High

Urgency

Now

Blocks #628

GZ needs to confirm that we have the correct telephone number for the user.

Does not need to occur on registration. In the user account, show phone number as unverified and give the option to verify. During verification process

1. Ask user to select call or sms
2. Send unique code using call or sms
3. User to input code into account to verify number
4. If user changes telephone number, repeat validation

Could use Twilio or similar. If on a mobile device, app could read SMS to verify automatically.

Originally logged in Trello card eUcXLHOo

Impact

High

Urgency

Now

Create a member settings area so that members can manage their membership.

Allow member to add usernames for other accounts to their GZ account for display on the profile, see #54, and link to those providers.

Should include a list of suggested providers as well as allowing user to set custom sites. Suggested providers list should include,

• Facebook
• Twitter
• Instagram
• YouTube
• Minecraft
• Steam

Members should be able to add their own custom links.

Brownie points:

Providers that are added by many users should be added to the suggested list automatically. Trustees should have the ability to remove providers from the suggested list.

Bonus brownie points

Use the remote sites favicon as the link icon on the member profile. cache the favicon for a suitable period then dump and update it.

Impact

High

Urgency

Later

Allow member to opt-in for Gift Aid. Feature must,

• Check if postal address is validated - requries #49 - if not, remind user to validate
• Record datetimes that user opted in
• Record datetimes that user opted out

Impact

High

Urgency

Now

Background

I quickly created a kubernetes cluster in AWS using EKS so that we could have a reasonable testing environment whilst we build up the feature set for this project.

At some point we will need to spend some time creating a cluster that is ready for production. This new cluster should:

• Have all of its configuration in a git repository
• Follow available security guidance
• Make use of Kubernetes concepts such a namespaces to separate out different GeekZone projects

It is likely that the configuration for this new cluster will have to be split out into its own repository, but as the cluster originated from this work it makes sense to initially track this issue here.

We also need to be conscious of cost. The last time I tried to run up a Kubernetes cluster using EKS it ended up costing us ~$90 in a single month. This isn't a massive amount of money on its own but if left alone it could have easily taken out a big chunk of our AWS budget. Just something to be wary of

Impact

?

Urgency

?

create log in form and member settings area for existing members to manage their membership

Requirements

We have no documentation or instruction on how to contribute to this project. It's early days, so it's probably best to get something basic added early so that it's easier to build on later.

Some basic instructions on how to setup and run the project should be sufficient. I imagine we should test the instructions on Windows, Mac, and Linux if possible.

Original Trello Contents

JamesGeddes:

I would suggest the following.
* Ubuntu
* Python3
* Pycharm
* Pip3
* Git
* Github connection
* Django
* Dbeaver
* DB connection

Have I missed anything @carwynnelson? Will write something to automate this.
Puppet perhaps? Could build an ISO VM image so that people can download and
install it with ease? Puppet could then ensure it stays current.
What do you think is the best solution?

CarwynNelson:

I think it should be sufficient to mention:
* Python 3.x with pip3
* git
* github account

I would recommend virtualenv, and we can add documentation for that - but it's not
required. The dependencies for the project are currently in a requirements.txt
which pip can install from.

I would leave text editors and database clients up to individual preference,
but leaving some recommendations wouldn't be a bad idea.

If the project ends up being tied to postgres due to us using a specific feature
then we can put together a docker container that people can connect to on
their local machines.

EDIT: People should be able to run this on windows just fine. Using WSL
would probably be easier - but it shouldn't be a requirement.

Group leaders need to be able to send an email to [group-name]@geek.zone mailing lists as defined by #47

Membermojo provides built-in mailmerge functionality. If you include [first_name] in the email, it will automatically substitute the first name of that member.

Build a feature that

• accepts an email to [list name]@geek.zone
• replaces tags with member data, including but not limited to preferred name, full name...
• sends individual email to the member

Requires #147

Impact

High

Urgency

Later

Create a YML file to list us with "Up for Grabs"

• Our wiki page
• Up for Grabs instructions

Impact

High

Urgency

Later

Tikiwiki has "Trackers" which allows users to create and define a database structure within the site, with no database knowledge required. GZ has already used this to create the asset register.

Build a similar - but better - system that allows a user to

• define the data that they want to record
• define the relationships between that data
• record that data

Impact

High

Urgency

Later

create mechanism to log out