7.1 KiB
7.1 KiB
Timetracker
Overview
A multi-user web application for tracking time spent working on projects. Users authenticate via an external OIDC provider and manage their own clients, projects, and time entries.
Technical Requirements
Authentication
- OIDC Provider: Configurable via:
- Well-known endpoint (e.g.,
https://provider.com/.well-known/openid-configuration) - Client ID
- PKCE flow (public client, no client secret required)
- Well-known endpoint (e.g.,
- User Information: Username and email are sourced from the OIDC provider claims
- No local user management: The application does not store user credentials or manage passwords
Data Persistence
- Database: Relational database (e.g., PostgreSQL, MySQL)
- Time Format: DateTime with timezone offset (e.g.,
2024-01-15T09:00:00+01:00) - Display: Times are converted to the user's local timezone for display
Validation Rules
- End time must be after start time
- No overlapping time entries for the same user
Data Model
Entities
| Entity | Description | Ownership |
|---|---|---|
| Client | A client/customer the user works for | User |
| Project | A project belonging to a client | User, belongs to one Client |
| TimeEntry | A completed time tracking record | User (explicit), belongs to one Project |
| OngoingTimer | An active timer while tracking is in progress | User (explicit), belongs to one Project (optional) |
Relationships
User
├── Client (one-to-many)
│ └── Project (one-to-many)
│ └── TimeEntry (one-to-many, explicit user reference)
│
└── OngoingTimer (zero-or-one, explicit user reference)
Important: Both TimeEntry and OngoingTimer have explicit references to the user who created them. This is distinct from the project's ownership and is required for future extensibility (see Future Extensibility section).
Functional Requirements
1. Multi-User Support
- The application supports multiple concurrent users
- Each user sees and manages only their own data (clients, projects, entries)
- Users authenticate via an external OIDC provider
2. Client & Project Management
- Users can create, edit, and delete Clients
- Users can create, edit, and delete Projects
- Each project must be associated with exactly one client
- There is no admin user — all users manage their own data
3. Start / Stop Time Tracking
Starting a Timer
- User clicks a Start button in the web interface
- An
OngoingTimerentity is immediately saved to the database with:- Start time (current timestamp)
- User reference (explicit, required)
- Project reference (initially
null, can be added later)
- The UI displays a live timer showing elapsed time since start
While Timer is Running
- The timer remains active even if the user closes the browser
- User can add/select a project at any time while the timer is running
Stopping the Timer
-
User clicks a Stop button
-
Two scenarios:
Scenario Behavior Project already selected OngoingTimeris converted to aTimeEntryand saved immediatelyNo project selected UI prompts user to select a project before saving the entry -
The final
TimeEntrycontains:- Start time
- End time
- Project reference
- User reference (explicit, required)
4. Edit Time Tracking Entry
- User can view tracked entries in a list view or calendar view
- User can select an entry and edit:
- Start time
- End time
- Project (change to a different project)
- User can delete an entry
5. Adding Entries Manually
- User can add a time entry manually using a form
- Required fields:
- Start time
- End time
- Project
- The entry is validated against overlap rules before saving
API Endpoints (Suggested)
Authentication
GET /auth/login— Initiate OIDC login flowGET /auth/callback— OIDC callback handlerPOST /auth/logout— End session
Clients
GET /api/clients— List user's clientsPOST /api/clients— Create clientPUT /api/clients/{id}— Update clientDELETE /api/clients/{id}— Delete client
Projects
GET /api/projects— List user's projects (optionally filter by client)POST /api/projects— Create projectPUT /api/projects/{id}— Update projectDELETE /api/projects/{id}— Delete project
Time Entries
GET /api/time-entries— List user's entries (with pagination, date range filter)POST /api/time-entries— Create entry manuallyPUT /api/time-entries/{id}— Update entryDELETE /api/time-entries/{id}— Delete entry
Timer
POST /api/timer/start— Start timer (creates OngoingTimer)PUT /api/timer— Update ongoing timer (e.g., set project)POST /api/timer/stop— Stop timer (converts to TimeEntry)GET /api/timer— Get current ongoing timer (if any)
UI Requirements
Timer Widget
- Always visible when user is logged in
- Shows "Start" button when no timer is running
- Shows live elapsed time (HH:MM:SS) and "Stop" button when running
- Allows project selection while running
Views
- Dashboard: Overview with active timer widget and recent entries
- Time Entries: List/calendar view of all entries with filters (date range, client, project)
- Clients & Projects: Management interface for clients and projects
Future Extensibility
The following features are planned for future development. Consider these when designing the architecture:
Shared Projects
- Users will be able to track time for projects belonging to other users
- Rationale:
TimeEntryalready has an explicit user reference independent of the project's owner - Example: User A can log time on User B's project, but the entry is clearly associated with User A
- Requirements:
- Authorization checks must verify that a user has access to a project before allowing time tracking
- UI should distinguish between "My Projects" and "Shared With Me" projects
- Reporting/filtering by project owner vs. entry owner
Security Considerations
- All API endpoints require authentication (except auth routes)
- Users can only access/modify their own data
- OIDC PKCE flow for secure authentication without client secret
- Input validation on all endpoints
- Database-level constraints to enforce:
- End time > Start time
- No overlapping entries per user
Non-Functional Requirements
- Responsive web interface (works on desktop and mobile browsers)
- Timer updates in real-time (e.g., every second)
- Graceful handling of timer across browser sessions