schmidt1024/kashilo
1
0
Fork 0
Code Issues Pull Requests Releases Activity
Files
5dfe9c2427ef895209000b9853c01bac09447322
kashilo/README.md

8.8 KiB
Raw Blame History

kashilo.com

A privacy-first classifieds platform with Monero payments.

🎯 Vision

kashilo.com lets users post classifieds and trade goods/services securely via Monero (XMR).

  • Anonymous: No personal data required
  • Direct payments: Peer-to-peer via Monero, no payment intermediary
  • Privacy-first: End-to-end encrypted communication

📊 Features

Feature Complexity Status
Listings CRUD Low Done
Fiat/XMR price display Low Done
Anonymous accounts (UUID + Hash) Medium Done
PWA Medium Done
Light/Dark Mode Low Done
i18n (7 languages) Low Done
Image gallery Low Done
E2E Chat (NaCl box.before + secretbox) High Done
PoW Captcha (server-side) Medium Done
Rating & Reputation system Medium Done
Verifiable Listings Medium Done
Pseudonyms & Identicons Low Done
Invite code system (alpha) Low Done
2FA Medium 🔲 Planned

🛠️ Tech Stack

Frontend

  • Vanilla JavaScript (ES Modules)
  • Web Components (Custom Elements)
  • CSS Custom Properties (Theming)
  • PWA (Service Worker, Manifest)

Backend

  • Directus (Headless CMS, self-hosted)
    • REST API
    • Auth, roles, permissions

Services

  • Directus backend: api.kashilo.com (Docker)
  • PoW Captcha + Payment Proxy: pow.kashilo.com (PHP, HMAC-signed challenges, BTCPay proxy + webhook, OG meta proxy)
  • BTCPay Server: pay.xmr.rocks (Monero payments, self-hosted)
  • TweetNaCl: Self-hosted in js/vendor/ (E2E encryption)

Planned

  • Push notifications (Web Push API)

🚀 Setup

Prerequisites

  • Modern browser with ES Module support
  • Python 3 (for local server) or any HTTP server

Installation

# Clone the repository
git clone https://gitea.pro/schmidt1024/kashilo.git
cd kashilo

# Start local server
python3 -m http.server 8080

# Or with live-reload (Node.js required)
npx live-server

Open http://localhost:8080

Deployment

Production requires only these files:

├── index.html
├── manifest.json
├── service-worker.js
├── favicon.png
├── js/
├── css/
├── locales/
└── assets/

Do not deploy: tests/, docs/, AGENTS.md, README.md, .git/, deploy.sh

Build (minification)

# One-time: install dependencies
pip3 install rjsmin rcssmin

# Run build (creates dist/ with minified files)
python3 build.py

The build script minifies all JS and CSS files (~111 KiB savings) and copies everything to dist/.

Deploy via script

# One-time: adjust SSH user and path
./deploy.sh user@kashilo.com /home/user/web/kashilo.com/public_html

# Or set defaults in the script and simply run:
./deploy.sh

The script automatically runs python3 build.py, then rsync from dist/ to the server.

Requirements:

  • Python 3 + rjsmin + rcssmin (for build)
  • SSH key authentication to server
  • rsync installed locally and on the server

Running tests

# Start server
python3 -m http.server 8080

# Open in browser
# http://localhost:8080/tests/

Tests run in the browser using a minimal test runner without external dependencies.

Project structure

kashilo/
├── index.html              # Entry point
├── manifest.json           # PWA Manifest
├── service-worker.js       # Offline support
├── css/
│   ├── fonts.css           # Web Fonts (Inter, Space Grotesk)
│   ├── variables.css       # Theming (Light/Dark)
│   ├── base.css            # Reset, base styles
│   └── components.css      # UI components
├── js/
│   ├── app.js              # App initialization
│   ├── router.js           # Hash-based routing
│   ├── i18n.js             # Translation system
│   ├── services/
│   │   ├── directus.js     # Directus API client
│   │   ├── auth.js         # UUID auth (SHA-256 hash)
│   │   ├── listings.js     # Listings service
│   │   ├── categories.js   # Categories service
│   │   ├── locations.js    # Locations service
│   │   ├── conversations.js# Zero-knowledge chat
│   │   ├── crypto.js       # NaCl encryption (box.before + secretbox)
│   │   ├── currency.js     # XMR/fiat conversion (Kraken + CoinGecko)
│   │   ├── pow-captcha.js  # PoW captcha (server-first, local fallback)
│   │   ├── btcpay.js       # BTCPay Server integration
│   │   ├── favorites.js    # Favorites (localStorage + Directus sync)
│   │   ├── notifications.js# Notifications (polling, badge)
│   │   ├── reputation.js   # Reputation (deals, ratings, levels)
│   │   ├── verification.js # Verifiable listings (proof of possession)
│   │   └── identity.js     # Pseudonyms & identicon avatars
│   ├── vendor/
│   │   ├── nacl-fast.min.js    # TweetNaCl (self-hosted)
│   │   ├── nacl-util.min.js    # TweetNaCl Utils
│   │   └── cropper.min.js      # Image Cropper
│   └── components/
│       ├── app-shell.js    # Layout container
│       ├── app-header.js   # Header with navigation
│       ├── app-footer.js   # Footer
│       ├── auth-modal.js   # Login/Register modal
│       ├── chat-widget.js  # E2E chat widget
│       └── pages/          # Page components
├── locales/
│   ├── de.json             # Deutsch
│   ├── en.json             # English
│   ├── fr.json             # Français
│   ├── it.json             # Italiano
│   ├── es.json             # Español
│   ├── pt.json             # Português (BR)
│   └── ru.json             # Русский
├── tests/
│   ├── index.html          # Test runner UI
│   ├── test-runner.js      # Test framework
│   └── *.test.js           # Unit tests
└── assets/
    └── fonts/              # Self-hosted fonts

📋 Roadmap

Phase 1: Frontend

  • Project structure, routing, i18n (7 languages)
  • Light/Dark mode, PWA shell
  • Home page with search, categories, listings grid
  • Listing detail page with image gallery
  • Create/edit listing form
  • Skeleton loading, error boundary, offline indicator

Phase 2: Backend integration

  • Directus setup (api.kashilo.com)
  • Listings, categories, locations collections
  • Anonymous auth (UUID + SHA-256 hash)
  • Image upload, favorites, my listings, messages, settings pages

Phase 3: Communication & Security

  • E2E encrypted chat (NaCl box.before + secretbox)
  • Favorites with Directus sync (union merge on login)
  • PoW captcha (server-side via pow.kashilo.com)
  • TweetNaCl self-hosted (no CDN)
  • In-app notifications (polling, badge)
  • Open Graph & X Card meta tags

Phase 4: Payments

  • XMR rate API (Kraken primary, CoinGecko fallback)
  • Fiat ↔ XMR conversion (dual price display)
  • BTCPay Server integration (self-hosted)
  • Listing fee: $1 via Monero
  • Webhook for auto-publish after blockchain confirmation
  • Expired listings (Directus flow, status badges)

Phase 5: Trust & Safety

  • Rating & reputation system (deals, levels, badges)
  • Verifiable listings (proof of possession)
  • Pseudonyms & identicon avatars
  • Terms of service, privacy policy, legal notice (7 languages)
  • 2FA
  • Reporting/moderation
  • Push notifications (Web Push API)

🎨 Design

Typography

  • Headlines: Space Grotesk (Medium, Bold)
  • Body: Inter (Regular, Medium, SemiBold, Bold)
  • Self-hosted fonts (SIL Open Font License)

Color palette

  • Warm Teal Theme
  • Light Mode: BG #FAFAF9, Text #1C1917, Accent #0D9488
  • Dark Mode: BG #171717, Text #F5F5F4, Accent #2DD4BF

Mobile-first

  • Responsive grid (2 columns mobile, 5 columns desktop)
  • Touch-optimized buttons
  • Icon-only buttons on small screens

🤝 Contributing

  1. Create a feature branch
  2. Commit your changes
  3. Open a pull request

Code conventions

  • ES Modules
  • Web Components for UI
  • CSS Custom Properties for theming
  • Translation keys for all user-facing text
  • No semicolons in JavaScript (except for-loops, CSS)
  • English comments in code

📄 License

This project is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0).

Source code is freely available. Forks and modifications must also be published under AGPL-3.0.

kashilo is a registered trademark. The name and logo may not be used for derivative projects without permission.

📞 Contact

Reference in New Issue View Git Blame Copy Permalink