schmidt1024/kashilo
1
0
Fork 0
Code Issues Pull Requests Releases Activity

docs: translate README to English

Browse Source
This commit is contained in:
Schmidt
2026-02-11 15:34:46 +01:00
parent 5cf04af7ab
commit bd25cc4ab6
1 changed files with 149 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

326
README.md
View File

@@ -1,99 +1,87 @@
# kashilo.com # kashilo.com
Eine anonyme, dezentrale Kleinanzeigen-Plattform mit Monero-Bezahlung. A privacy-first classifieds platform with Monero payments.
## 🎯 Vision ## 🎯 Vision
kashilo.com ermöglicht es Nutzern, Kleinanzeigen zu schalten und Waren/Dienstleistungen sicher über Monero (XMR) zu handeln. Besonderheiten: kashilo.com lets users post classifieds and trade goods/services securely via Monero (XMR).
- **Anonymität**: Nutzung ohne Account möglich - **Anonymous**: No personal data required
- **Direkte Zahlung**: Peer-to-Peer via Monero, keine Zahlungsvermittlung - **Direct payments**: Peer-to-peer via Monero, no payment intermediary
- **Privacy-First**: E2E-Verschlüsselung für Kommunikation - **Privacy-first**: End-to-end encrypted communication
--- ---
## 📊 Machbarkeitsanalyse ## 📊 Features
### Technisch realisierbar | Feature | Complexity | Status |
|---------|------------|--------|
| Feature | Komplexität | Status | | Listings CRUD | Low | ✅ Done |
|---------|-------------|--------| | Fiat/XMR price display | Low | ✅ Done |
| Anzeigen CRUD | Niedrig | ✅ Fertig | | Anonymous accounts (UUID + Hash) | Medium | ✅ Done |
| Fiat/XMR Preisanzeige | Niedrig | ✅ Fertig | | PWA | Medium | ✅ Done |
| Anonyme Nutzung (UUID + Hash) | Mittel | ✅ Fertig | | Light/Dark Mode | Low | ✅ Done |
| PWA | Mittel | ✅ Grundgerüst | | i18n (7 languages) | Low | ✅ Done |
| Light/Dark Mode | Niedrig | ✅ Fertig | | Image gallery | Low | ✅ Done |
| i18n (7 Sprachen) | Niedrig | ✅ Fertig | | E2E Chat (NaCl box.before + secretbox) | High | ✅ Done |
| Bildergalerie | Niedrig | ✅ Fertig | | PoW Captcha (server-side) | Medium | ✅ Done |
| E2E-Chat (NaCl box.before + secretbox) | Hoch | ✅ Fertig | | Rating & Reputation system | Medium | ✅ Done |
| PoW Captcha (Server-seitig) | Mittel | ✅ Fertig | | Verifiable Listings | Medium | ✅ Done |
| Rating-System | Mittel | ✅ Fertig | | Pseudonyms & Identicons | Low | ✅ Done |
| Verifiable Listings | Mittel | ✅ Fertig | | Invite code system (alpha) | Low | ✅ Done |
| Reputation-System | Mittel | ✅ Fertig | | 2FA | Medium | 🔲 Planned |
| 2FA | Mittel | 🔲 Offen |
### ⚠️ Kritische Punkte
1. **Rechtliche Aspekte**
- AGB, Datenschutz, Impressum erforderlich
- Kein Escrow → kein VASP → kein KYC
- Haftung bei Betrug klären
2. **E2E-Verschlüsselung**
- Key-Management für anonyme Nutzer
- Optionen: Signal-Protokoll, Matrix-Protokoll
--- ---
## 🛠️ Tech-Stack ## 🛠️ Tech Stack
### Frontend (aktuell) ### Frontend
- **Vanilla JavaScript** (ES Modules) - **Vanilla JavaScript** (ES Modules)
- **Web Components** (Custom Elements) - **Web Components** (Custom Elements)
- **CSS Custom Properties** (Theming) - **CSS Custom Properties** (Theming)
- **PWA** (Service Worker, Manifest) - **PWA** (Service Worker, Manifest)
### Backend ### Backend
- **Directus** (Headless CMS, selbst gehostet) - **Directus** (Headless CMS, self-hosted)
- REST API - REST API
- Auth, Rollen, Berechtigungen - Auth, roles, permissions
### Services ### Services
- **Directus** Backend: `api.kashilo.com` (Docker) - **Directus** backend: `api.kashilo.com` (Docker)
- **PoW Captcha + Payment Proxy**: `pow.kashilo.com` (PHP, HMAC-signierte Challenges, BTCPay Proxy + Webhook, OG Meta Proxy) - **PoW Captcha + Payment Proxy**: `pow.kashilo.com` (PHP, HMAC-signed challenges, BTCPay proxy + webhook, OG meta proxy)
- **BTCPay Server**: `pay.xmr.rocks` (Monero-Zahlungen, Trocador-Plugin) - **BTCPay Server**: `pay.xmr.rocks` (Monero payments, self-hosted)
- **TweetNaCl**: Self-hosted in `js/vendor/` (E2E-Verschlüsselung) - **TweetNaCl**: Self-hosted in `js/vendor/` (E2E encryption)
### Geplant ### Planned
- Push-Benachrichtigungen (Web Push API) - Push notifications (Web Push API)
--- ---
## 🚀 Setup ## 🚀 Setup
### Voraussetzungen ### Prerequisites
- Moderner Browser mit ES Module Support - Modern browser with ES Module support
- Python 3 (für lokalen Server) oder beliebiger HTTP-Server - Python 3 (for local server) or any HTTP server
### Installation ### Installation
```bash ```bash
# Repository klonen # Clone the repository
git clone https://gitea.pro/schmidt1024/kashilo.git git clone https://gitea.pro/schmidt1024/kashilo.git
cd kashilo cd kashilo
# Lokalen Server starten # Start local server
python3 -m http.server 8080 python3 -m http.server 8080
# Oder mit Live-Reload (Node.js erforderlich) # Or with live-reload (Node.js required)
npx live-server npx live-server
``` ```
Öffne http://localhost:8080 Open http://localhost:8080
### Deployment ### Deployment
Für Produktion werden nur diese Dateien benötigt: Production requires only these files:
``` ```
├── index.html ├── index.html
@@ -106,92 +94,92 @@ Für Produktion werden nur diese Dateien benötigt:
└── assets/ └── assets/
``` ```
**Nicht deployen:** `tests/`, `docs/`, `AGENTS.md`, `README.md`, `.git/`, `deploy.sh` **Do not deploy:** `tests/`, `docs/`, `AGENTS.md`, `README.md`, `.git/`, `deploy.sh`
#### Build (Minifizierung) #### Build (minification)
```bash ```bash
# Einmalig: Dependencies installieren # One-time: install dependencies
pip3 install rjsmin rcssmin pip3 install rjsmin rcssmin
# Build ausführen (erstellt dist/ mit minifizierten Dateien) # Run build (creates dist/ with minified files)
python3 build.py python3 build.py
``` ```
Das Build-Script minifiziert alle JS- und CSS-Dateien (~111 KiB Ersparnis) und kopiert alles nach `dist/`. The build script minifies all JS and CSS files (~111 KiB savings) and copies everything to `dist/`.
#### Deploy via Script #### Deploy via script
```bash ```bash
# Einmalig: SSH-User und Pfad anpassen # One-time: adjust SSH user and path
./deploy.sh user@kashilo.com /home/user/web/kashilo.com/public_html ./deploy.sh user@kashilo.com /home/user/web/kashilo.com/public_html
# Oder Defaults im Script setzen und einfach: # Or set defaults in the script and simply run:
./deploy.sh ./deploy.sh
``` ```
Das Script führt automatisch `python3 build.py` aus, dann `rsync` von `dist/` zum Server. The script automatically runs `python3 build.py`, then `rsync` from `dist/` to the server.
**Voraussetzungen:** **Requirements:**
- Python 3 + `rjsmin` + `rcssmin` (für Build) - Python 3 + `rjsmin` + `rcssmin` (for build)
- SSH-Key-Authentifizierung zum Server - SSH key authentication to server
- `rsync` lokal und auf dem Server installiert - `rsync` installed locally and on the server
### Tests ausführen ### Running tests
```bash ```bash
# Server starten # Start server
python3 -m http.server 8080 python3 -m http.server 8080
# Im Browser öffnen # Open in browser
# http://localhost:8080/tests/ # http://localhost:8080/tests/
``` ```
Die Tests laufen im Browser und nutzen einen minimalen Test-Runner ohne externe Dependencies. Tests run in the browser using a minimal test runner without external dependencies.
### Projektstruktur ### Project structure
``` ```
kashilo/ kashilo/
├── index.html # Entry Point ├── index.html # Entry point
├── manifest.json # PWA Manifest ├── manifest.json # PWA Manifest
├── service-worker.js # Offline-Support ├── service-worker.js # Offline support
├── css/ ├── css/
│ ├── fonts.css # Web Fonts (Inter, Space Grotesk) │ ├── fonts.css # Web Fonts (Inter, Space Grotesk)
│ ├── variables.css # Theming (Light/Dark) │ ├── variables.css # Theming (Light/Dark)
│ ├── base.css # Reset, Grundstyles │ ├── base.css # Reset, base styles
│ └── components.css # UI-Komponenten │ └── components.css # UI components
├── js/ ├── js/
│ ├── app.js # App-Initialisierung │ ├── app.js # App initialization
│ ├── router.js # Hash-basiertes Routing │ ├── router.js # Hash-based routing
│ ├── i18n.js # Übersetzungssystem │ ├── i18n.js # Translation system
│ ├── services/ │ ├── services/
│ │ ├── directus.js # Directus API Client │ │ ├── directus.js # Directus API client
│ │ ├── auth.js # UUID-Auth (SHA-256 Hash) │ │ ├── auth.js # UUID auth (SHA-256 hash)
│ │ ├── listings.js # Listings-Service │ │ ├── listings.js # Listings service
│ │ ├── categories.js # Kategorien-Service │ │ ├── categories.js # Categories service
│ │ ├── locations.js # Standorte-Service │ │ ├── locations.js # Locations service
│ │ ├── conversations.js# Zero-Knowledge Chat │ │ ├── conversations.js# Zero-knowledge chat
│ │ ├── crypto.js # NaCl Encryption (box.before + secretbox) │ │ ├── crypto.js # NaCl encryption (box.before + secretbox)
│ │ ├── currency.js # XMR/Fiat Umrechnung │ │ ├── currency.js # XMR/fiat conversion (Kraken + CoinGecko)
│ │ ├── pow-captcha.js # PoW Captcha (Server-first, lokaler Fallback) │ │ ├── pow-captcha.js # PoW captcha (server-first, local fallback)
│ │ ├── btcpay.js # BTCPay Server Integration (Invoice, Checkout) │ │ ├── btcpay.js # BTCPay Server integration
│ │ ├── favorites.js # Favoriten (localStorage + Directus Sync) │ │ ├── favorites.js # Favorites (localStorage + Directus sync)
│ │ ├── notifications.js# Benachrichtigungen (Polling, Badge) │ │ ├── notifications.js# Notifications (polling, badge)
│ │ ├── reputation.js # Reputation (Deals, Ratings, Level) │ │ ├── reputation.js # Reputation (deals, ratings, levels)
│ │ ├── verification.js # Verifiable Listings (Proof of Possession) │ │ ├── verification.js # Verifiable listings (proof of possession)
│ │ └── identity.js # Pseudonyme & Identicon-Avatare │ │ └── identity.js # Pseudonyms & identicon avatars
│ ├── vendor/ │ ├── vendor/
│ │ ├── nacl-fast.min.js # TweetNaCl (self-hosted) │ │ ├── nacl-fast.min.js # TweetNaCl (self-hosted)
│ │ ├── nacl-util.min.js # TweetNaCl Utils │ │ ├── nacl-util.min.js # TweetNaCl Utils
│ │ └── cropper.min.js # Image Cropper │ │ └── cropper.min.js # Image Cropper
│ └── components/ │ └── components/
│ ├── app-shell.js # Layout-Container │ ├── app-shell.js # Layout container
│ ├── app-header.js # Header mit Navigation │ ├── app-header.js # Header with navigation
│ ├── app-footer.js # Footer │ ├── app-footer.js # Footer
│ ├── auth-modal.js # Login/Register Modal │ ├── auth-modal.js # Login/Register modal
│ ├── chat-widget.js # E2E Chat Widget │ ├── chat-widget.js # E2E chat widget
│ └── pages/ # Seiten-Komponenten │ └── pages/ # Page components
├── locales/ ├── locales/
│ ├── de.json # Deutsch │ ├── de.json # Deutsch
│ ├── en.json # English │ ├── en.json # English
@@ -201,120 +189,104 @@ kashilo/
│ ├── pt.json # Português (BR) │ ├── pt.json # Português (BR)
│ └── ru.json # Русский │ └── ru.json # Русский
├── tests/ ├── tests/
│ ├── index.html # Test-Runner UI │ ├── index.html # Test runner UI
│ ├── test-runner.js # Test-Framework │ ├── test-runner.js # Test framework
│ └── *.test.js # Unit Tests │ └── *.test.js # Unit tests
└── assets/ └── assets/
└── fonts/ # Self-hosted Fonts └── fonts/ # Self-hosted fonts
``` ```
--- ---
## 📋 Offene Punkte / Roadmap ## 📋 Roadmap
### Phase 1: MVP Frontend ### Phase 1: Frontend
- [x] Projektstruktur - [x] Project structure, routing, i18n (7 languages)
- [x] Routing - [x] Light/Dark mode, PWA shell
- [x] i18n (DE/EN/FR) - [x] Home page with search, categories, listings grid
- [x] Light/Dark Mode - [x] Listing detail page with image gallery
- [x] PWA Grundgerüst - [x] Create/edit listing form
- [x] Startseite mit Suche, Kategorien, Listings-Grid - [x] Skeleton loading, error boundary, offline indicator
- [x] Typografie (Inter + Space Grotesk)
- [x] Such-Komponente mit Accordion-Kategorien
- [x] Anzeige-Detailseite mit Bildergalerie
- [x] Anzeige-Erstellen-Formular
- [x] Suchseite mit Filtern (merged in Home)
- [x] Skeleton Loading, Error Boundary, Offline Indicator
- [x] Lazy Loading für Bilder
- [ ] Responsive Optimierungen
### Phase 2: Backend-Integration ⬅️ **Aktuell** ### Phase 2: Backend integration
- [x] Directus aufsetzen (`api.kashilo.com`) - [x] Directus setup (`api.kashilo.com`)
- [x] Listings-Collection (CRUD) - [x] Listings, categories, locations collections
- [x] Categories mit Übersetzungen - [x] Anonymous auth (UUID + SHA-256 hash)
- [x] User-Auth (UUID + SHA-256 Hash, anonym) - [x] Image upload, favorites, my listings, messages, settings pages
- [x] Bilder-Upload (Junction-Table)
- [x] API-Services (`directus.js`, `listings.js`, `categories.js`, `locations.js`)
- [x] Directus Public-Berechtigungen (siehe `docs/DIRECTUS-SCHEMA.md`)
- [x] Neue Seiten: Favoriten, Meine Anzeigen, Nachrichten, Einstellungen
- [x] Listings bearbeiten (Edit-Modus für eigene Anzeigen)
### Phase 3: Kommunikation & Sicherheit ### Phase 3: Communication & Security ✅
- [x] Chat-System (E2E-verschlüsselt mit NaCl box.before + secretbox) - [x] E2E encrypted chat (NaCl box.before + secretbox)
- [x] Conversations/Messages Services - [x] Favorites with Directus sync (union merge on login)
- [x] Merkliste (Favoriten-Seite) - [x] PoW captcha (server-side via pow.kashilo.com)
- [x] Favoriten Directus-Sync (Union-Merge bei Login, localStorage-Fallback) - [x] TweetNaCl self-hosted (no CDN)
- [x] PoW Captcha (server-seitig via pow.kashilo.com, HMAC-signiert) - [x] In-app notifications (polling, badge)
- [x] TweetNaCl self-hosted (kein CDN) - [x] Open Graph & X Card meta tags
- [x] In-App Benachrichtigungen (Notifications-Service, Glocke mit Badge)
- [x] Open Graph & X Card Meta-Tags (dynamisch pro Listing)
- [ ] Push-Benachrichtigungen (Web Push API)
### Phase 4: Payments ### Phase 4: Payments
- [x] XMR-Kursabfrage API (Kraken primary, CoinGecko fallback) - [x] XMR rate API (Kraken primary, CoinGecko fallback)
- [x] Fiat ↔ XMR Umrechnung (Dual-Preis-Anzeige) - [x] Fiat ↔ XMR conversion (dual price display)
- [x] BTCPay Server Integration (`pay.xmr.rocks`, Proxy auf `pow.kashilo.com`) - [x] BTCPay Server integration (self-hosted)
- [x] Listing-Gebühr: 1 USD via Monero - [x] Listing fee: $1 via Monero
- [x] Webhook für Auto-Publish nach Blockchain-Confirmation - [x] Webhook for auto-publish after blockchain confirmation
- [x] Expired Listings (Directus Flow, Status-Badges auf Cards) - [x] Expired listings (Directus flow, status badges)
- [x] Token-Refresh bei Tab-Visibility-Change
### Phase 5: Trust & Safety ### Phase 5: Trust & Safety
- [x] Rating-System - [x] Rating & reputation system (deals, levels, badges)
- [x] Reputation-System (Deals, Levels, Badges) - [x] Verifiable listings (proof of possession)
- [x] Verifiable Listings (Proof of Possession) - [x] Pseudonyms & identicon avatars
- [x] Pseudonyme & Identicon-Avatare - [x] Terms of service, privacy policy, legal notice (7 languages)
- [ ] 2FA - [ ] 2FA
- [ ] Reporting/Moderation - [ ] Reporting/moderation
- [x] AGB, Datenschutz, Impressum (Entwürfe in 7 Sprachen) - [ ] Push notifications (Web Push API)
--- ---
## 🎨 Design-Entscheidungen ## 🎨 Design
### Typografie ### Typography
- **Headlines**: Space Grotesk (Medium, Bold) - **Headlines**: Space Grotesk (Medium, Bold)
- **Body**: Inter (Regular, Medium, SemiBold, Bold) - **Body**: Inter (Regular, Medium, SemiBold, Bold)
- Self-hosted Fonts (SIL Open Font License) - Self-hosted fonts (SIL Open Font License)
### Farbpalette ### Color palette
- **Warm Teal Theme** - **Warm Teal Theme**
- **Light Mode**: BG #FAFAF9, Text #1C1917, Accent #0D9488 (Teal) - **Light Mode**: BG #FAFAF9, Text #1C1917, Accent #0D9488
- **Dark Mode**: BG #171717, Text #F5F5F4, Accent #2DD4BF (Teal light) - **Dark Mode**: BG #171717, Text #F5F5F4, Accent #2DD4BF
### Mobile-First ### Mobile-first
- Responsive Grid (2 Spalten Mobile, 5 Spalten Desktop) - Responsive grid (2 columns mobile, 5 columns desktop)
- Touch-optimierte Buttons - Touch-optimized buttons
- Icon-only Buttons auf kleinen Screens - Icon-only buttons on small screens
--- ---
## 🤝 Contributing ## 🤝 Contributing
1. Feature-Branch erstellen 1. Create a feature branch
2. Änderungen committen 2. Commit your changes
3. Pull Request öffnen 3. Open a pull request
### Code-Konventionen ### Code conventions
- ES Modules verwenden - ES Modules
- Web Components für UI-Komponenten - Web Components for UI
- CSS Custom Properties für Theming - CSS Custom Properties for theming
- Übersetzungsschlüssel für alle Texte - Translation keys for all user-facing text
- Keine Semikolons in JavaScript (außer for-loops, CSS) - No semicolons in JavaScript (except for-loops, CSS)
- Englische Kommentare im Code - English comments in code
--- ---
## 📄 Lizenz ## 📄 License
Dieses Projekt steht unter der [GNU Affero General Public License v3.0 (AGPL-3.0)](LICENSE). This project is licensed under the [GNU Affero General Public License v3.0 (AGPL-3.0)](LICENSE).
Der Quellcode ist frei verfügbar. Forks und Modifikationen müssen ebenfalls unter AGPL-3.0 veröffentlicht werden. Source code is freely available. Forks and modifications must also be published under AGPL-3.0.
**kashilo** ist eine eingetragene Marke. Der Name und das Logo dürfen nicht ohne Genehmigung für abgeleitete Projekte verwendet werden. **kashilo** is a registered trademark. The name and logo may not be used for derivative projects without permission.
--- ---
## 📞 Kontakt ## 📞 Contact
- **Issues:** [gitea.pro/schmidt1024/kashilo/issues](https://gitea.pro/schmidt1024/kashilo/issues) - **Issues:** [gitea.pro/schmidt1024/kashilo/issues](https://gitea.pro/schmidt1024/kashilo/issues)
- **Website:** [kashilo.com](https://kashilo.com) - **Website:** [kashilo.com](https://kashilo.com)