An interactive banking and classroom management platform for teaching students about money while tracking classroom participation.
Release Track: Active development β see CHANGELOG.md for current version
Important
Classroom Token Hub v1.x will be deprecated by June 30, 2026 with v2.0 entering active testing phase soon after. v2.0 represents a breaking change with schema and routes overhaul. Data migration from v1.x to v2.0 is not recommended due to complexity and risk of data corruption.
Classroom Token Hub is an educational banking simulation that helps students learn financial literacy through hands-on experience. Students earn tokens by attending class, which they can spend in a classroom store, use for hall passes, or manage through savings and checking accounts.
License: PolyForm Noncommercial License 1.0.0 - Free for educational and nonprofit use, not for commercial applications.
Project Status: Actively maintained classroom-economy platform with ongoing security hardening, documentation cleanup, and feature work. For the current release history, see CHANGELOG.md. For the canonical system and feature docs, start at docs/README.md.
Classroom Token Hub is built around a small set of architectural principles that guide both feature development and operational decisions.
Minimal Personal Data
The system intentionally stores as little personally identifiable information as possible. Student identities are encrypted at rest, verification data is purged after account setup, and the platform avoids unnecessary linkage to realβworld identity systems.
Strong Classroom Isolation
Each classroom operates as its own isolated economic environment. Join codes act as the boundary for data access, ensuring that teachers and students only interact with records belonging to their own class context.
Transparent Economic Systems
All financial activity is logged and auditable within the scope of a classroom. Students can see how balances change over time, reinforcing transparency and helping the platform function as a teaching tool rather than a black box.
Operational Simplicity
The platform favors simple, reliable technologies and predictable infrastructure. This keeps the system understandable for educators, maintainable for developers, and resilient in real classroom environments where networks, devices, and usage patterns can be unpredictable.
- System Admin Portal β Manage teachers, review error logs, and adjust student ownership
- Teacher Dashboard β Manage students, run payroll, configure rent/insurance/banking settings
- Analytics Dashboard β System health metrics, CWI analysis, participation tracking, and trend monitoring
- Student Portal β View balances, redeem store items, track attendance, and manage hall passes
- Join-Code Rosters β Upload rosters and let students self-claim seats securely
- Shared Students β Link multiple teachers to the same student via
student_teachers - Attendance Tracking β Start Work/Break Done system with automatic time logging
- Automated Payroll β Configurable pay rates, schedules, and rewards/fines
- Transaction Logging β Complete audit trail of all financial activities scoped by teacher
- Classroom Store β Virtual/physical items with bundles, expirations, and redemption tracking
- Rent Itemization β Specify what rent covers with store alternatives and privilege tracking
- Hall Pass System β Time-limited passes with automatic tracking
- Insurance System β Policies, enrollments, and claims managed in-app
- Rent & Fees β Optional recurring rent with waivers and late-fee configuration
- TOTP Authentication β Secure admin access with two-factor authentication
- Passkey Support β Passwordless sign-in for admins and system admins via Passwordless.dev
- Optimized Student Roster β N+1 query elimination reduces roster page queries from ~1225 to ~10 for a class of 60 students
- Read-Only Balance Properties β Removed write-on-read side effects from balance calculations, eliminating race conditions
- Scoped Balance Calculations β All balance aggregations correctly scoped to the current class period
- Batch Processing β Daily limit enforcement and dashboard balance calculations use batched queries instead of per-student iteration
- Progressive Web App β Install as mobile app on iOS and Android devices
- Offline Support β Intelligent caching with offline fallback page
- Mobile-Optimized UI β Responsive design with hamburger menu navigation
- Full Navigation Access β Slide-out sidebar provides complete menu access on mobile
- Touch-Friendly β Larger buttons and improved touch targets throughout
- Unified Templates β Same responsive layout works for desktop, mobile, and PWA
- Fast Performance β Aggressive caching for quick load times
- Home Screen Installation β Add to home screen for app-like experience
- Enhanced Accessibility β Improvements following WCAG 2.1 AA guidelines
- Screen Reader Support β Optimized for NVDA, JAWS, and VoiceOver
- Keyboard Navigation β Full keyboard accessibility throughout
- ARIA Labels β Comprehensive labeling for assistive technologies
- High Contrast β Improved color contrast ratios for better readability
- Responsive Design β Works seamlessly across all device sizes
Important
While the app is designed to be accessible and meet WCAG 2.1 guidelines, no claims of compliance of any kind is being made or implied. It is not recommended to deploy this app without external audits or validations if compliance is required by law.
- PII Encryption β All student names encrypted at rest
- Post-Setup PII Cleanup β DOB-derived values and last-name-part hashes automatically purged after account setup completes; only irreversible credential hashes retained
- DOB-Free Usernames β Generated usernames contain no date-of-birth-derived component and may include limited name-derived initials; existing students with legacy usernames are migrated on next login
- TOTP for Admins β Time-based one-time passwords required
- Teacher Account Recovery Model β Teachers recover access through student-assisted recovery, or create a new account; inactive legacy accounts self-delete after 6 months
- CSRF Protection β Protection against cross-site request forgery
- Credential Hashing β Salted and peppered password hashing
- Deletion Confirmation Gates β Timed in-app confirmation dialogs for destructive operations (class/period deletion, account removal)
- Hall Pass & Admin Identity Boundaries β Hardened authorization checks prevent cross-admin data access in hall pass flows
- Class Deletion Audit β Audited and patched all deletion paths; fixed BalanceCache orphaning (P1), scoping bugs (P2), and orphaned settings cleanup (P3)
- Runtime Invariant Health Checks β Continuous deterministic verification of economic and ledger correctness across six invariant categories (ledgerβBalanceCache consistency, idempotency uniqueness, balance rules, transaction state validity, temporal integrity, money supply). Exposed via
GET /health/invariantsfor uptime monitoring and Grafana alerting - Cloudflare Turnstile β Bot protection on login forms
- Database Error Logging β Automatic error tracking and monitoring
- Custom Error Pages β User-friendly error handling (400, 401, 403, 404, 500, 503)
- Python 3.10+
- PostgreSQL database
- Virtual environment (recommended)
-
Clone the repository
git clone <repository-url> cd classroom-economy
-
Set up virtual environment
python3 -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate pip install -r requirements.txt
-
Configure environment variables
Create a
.envfile in the root directory:SECRET_KEY=<long-random-string> DATABASE_URL=postgresql://user:password@host:port/dbname FLASK_ENV=development ENCRYPTION_KEY=<32-byte-base64-key> # Generate with: openssl rand -base64 32 PEPPER_KEY=<secret-pepper-string> CSRF_SECRET_KEY=<random-string> # Cloudflare Turnstile (CAPTCHA) - Optional for development/testing # Leave unset to bypass Turnstile verification in testing environments TURNSTILE_SITE_KEY=<your-turnstile-site-key> TURNSTILE_SECRET_KEY=<your-turnstile-secret-key> # Optional maintenance mode banner (503 page) MAINTENANCE_MODE=false MAINTENANCE_MESSAGE="We're applying updates." MAINTENANCE_EXPECTED_END="Back online by <time>" MAINTENANCE_CONTACT="ops@example.com"
Getting Turnstile Keys (Optional):
Turnstile keys are optional for development and testing. If not configured, CAPTCHA verification will be automatically bypassed.
For production deployment:
- Visit Cloudflare Turnstile
- Create a new site widget
- Copy the Site Key and Secret Key
For testing with CAPTCHA enabled, you can use Turnstile's test keys (always pass):
- Site Key:
1x00000000000000000000AA - Secret Key:
1x0000000000000000000000000000000AA
-
Initialize the database
flask db upgrade
-
Create your first system admin
flask create-sysadmin
Follow the prompts and scan the QR code with your authenticator app.
-
Run the application
flask run
Navigate to
http://localhost:5000
After cloning, configure git to use the versioned hooks/ directory:
./scripts/setup-hooks.shThis enables the repo-managed hooks used by the local development workflow, including migration safety checks on push. See CONTRIBUTING.md for workflow details.
- Use
student_upload_template.csvas a reference for CSV roster uploads - Run
python scripts/seed_dummy_students.pyto seed the database with sample students - For operational script details, see docs/LOGS/AUDITS/LOG-DEP-022_Scripts_Operations_Reference.md
π Complete Documentation β
- Student Guide for students using the platform
- Teacher Manual for teacher facilitating the platform
- Sysadmin Manual for local maintainer
- Architecture Guide for complete explanation of system design and patterns
- Database Schema for current database tables and columns
- API Reference for complete API used by this platform
- Development Priorities for current priorities, roadmap, and tasks
- Changelog for most up-to-date version history and notable changes
- Deployment Guide used for production deployment
- Operations Guides with practical operational procedures and troubleshooting
- Contributing Guide for essential know-hows when contributing to the project
Backend:
- Flask with blueprint architecture and application factory
- SQLAlchemy ORM with Alembic migrations
- PostgreSQL database
- Gunicorn WSGI server
Frontend:
- Jinja2 templates
- Bootstrap 5 with Material Symbols icons
- Minimal JavaScript for real-time attendance and admin UX
Security:
- Flask-WTF (CSRF protection)
- pyotp (TOTP authentication)
- cryptography (PII encryption)
Testing:
- pytest and pytest-flask
Deployment:
- GitHub Actions CI/CD pipeline
- Production-ready for Linux servers (tested on Ubuntu/Debian)
- Compatible with major cloud providers
classroom-economy/
βββ app/ # Application package
β βββ __init__.py # Application factory and global filters
β βββ extensions.py # Flask extensions
β βββ models.py # Database models (students, tenancy, payroll, rent, insurance)
β βββ auth.py # Authentication decorators and scoped queries
β βββ routes/ # Blueprint-based routes (admin, student, system_admin, api, main, analytics, docs, recovery)
β βββ utils/ # Utilities (encryption, helpers, constants)
βββ templates/ # Jinja2 templates
βββ static/ # CSS, JS, images
βββ tests/ # Test suite
βββ migrations/ # Database migrations
βββ docs/ # Documentation
βββ scripts/ # Utility scripts
βββ deploy/ # Deployment configuration (nginx, etc.)
βββ tools/ # Editor/tooling helpers
βββ wsgi.py # WSGI entry point
βββ requirements.txt # Python dependencies
pytest tests/ # Run all tests
pytest tests/test_payroll.py # Run specific test
pytest -v # Verbose outputflask db migrate -m "Description" # Create migration
flask db upgrade # Apply migrations
flask db downgrade # Rollbackflask run # Run development server
flask create-sysadmin # Create system admin
python scripts/create_admin.py # Create teacher account
python scripts/manage_invites.py # Manage admin invites
python scripts/seed_dummy_students.py # Seed test dataOperational script behavior and arguments are documented in docs/LOGS/AUDITS/LOG-DEP-022_Scripts_Operations_Reference.md.
Active development priorities, architectural follow-up work, and operational tasks are tracked in DEVELOPMENT.md.
This repository is under active maintenance. Current capability and release history are reflected in CHANGELOG.md and the canonical docs under docs/.
v2.0 is under active development with brand new join-code centric schema design, complete API rework, and with even more privacy invariants and even less PII stored.
Note
v2.0 is on track to begin testing by June 2026. Until then, v1.x remains under active maintenance with occasional feature push.
Deploy behind a production web server (e.g., NGINX).
| Endpoint | Purpose |
|---|---|
GET /health |
Returns 200 when the database is reachable. Use for basic uptime checks. |
GET /health/invariants |
Returns 200 when all economic invariants pass; 500 with a sanitized failure report on any violation. Use for Pulsetic / Grafana alerting. |
curl http://your-domain/health
curl http://your-domain/health/invariantsWe welcome contributions! Please see CONTRIBUTING.md for guidelines.
Before contributing:
- Review the Architecture Guide
- Check DEVELOPMENT.md for current priorities
- Ensure all tests pass
- Follow the existing code style
This project is licensed under the PolyForm Noncommercial License 1.0.0.
- Use in classrooms, clubs, and nonprofit educational settings
- Modify for school use, assignments, or personal learning
- Share with students or other educators
- Use for research or academic presentations (non-commercial)
- Use as part of a commercial product or SaaS platform
- Host a paid service or subscription
- Incorporate into revenue-generating offerings
- Use internally within for-profit businesses
Full License: See LICENSE for complete terms
Commercial Use Policy: See docs/user-guides/legal/commercial.md for detailed guidance on permitted and prohibited commercial activities
Third-Party Attributions: See docs/user-guides/legal/third-party-notices.md for open-source dependencies and services
Project Philosophy: See docs/user-guides/legal/attribution.md for the project's ethical foundations
Documentation: docs/README.md
Issues: Use GitHub Issues for bug reports and feature requests
Security: Report security issues privately to project maintainers
This project is dedicated to all of the young pentesters who are relentless in testing the stability of the system and validating the invariants embedded in all the features.
