Skip to content

feat: Add REST API and Web UI for remote time tracking #373

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

feat: Add REST API and Web UI for remote time tracking #373

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions app/build.gradle.kts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,12 +128,14 @@ dependencies {
implementation(project(":feature_change_goals"))
implementation(project(":feature_change_goals:api"))
implementation(project(":feature_change_goals:views"))
implementation(project(":wear_api"))
"playImplementation"(project(":feature_wear"))

implementation(libs.androidx.room)
implementation(libs.ktx.navigationFragment)
implementation(libs.ktx.navigationUi)
implementation(libs.google.dagger)
implementation(libs.nanohttpd)

ksp(libs.kapt.dagger)
kspAndroidTest(libs.kapt.dagger)
Expand Down
2 changes: 2 additions & 0 deletions app/src/main/AndroidManifest.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools">

<uses-permission android:name="android.permission.INTERNET" />
Copy link
Owner

@Razeeman Razeeman Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you very much for this PR, looks very cool!

Unfortunately the only guarantee of data privacy is not having an internet permission. Is it possible to implement this feature without adding it?

Copy link

@fchedemail fchedemail Nov 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @Razeeman,

I don't want to reply in place of @av1m, but I don't think this kind of feature is realistically doable without this permission. I'm no Android dev, but the documentation states that this permission is required to open a network socket, so any LAN communication would require this permission (unless using bluetooth or some other exotic communication channel I guess).

However, as this PR currently is, this feature would only be available in the play flavor of the app which nicely solves this "data privacy guarantee" conundrum. In my opinion, in the same way Wear OS support was handled & merged, this feature could be play flavor only. "Privacy wary" people could use or keep using the F-Droid version (which they probably already use), without this feature nor the internet permission in the manifest.

As far as I'm concerned, I understand how not asking for this permission is a quick and easy way to "guarantee" no data leakage over the internet. However, there are other ways to guarantee this (reviewing the source code, sandboxing the app, using something akin to https://reports.exodus-privacy.eu.org, etc.) and other way the data could be poorly handled / leaked. In my opinion, my data in this app is far from critical anyway, so I'm not asking for the highest level of security guarantees anyway. The usefulness of a very convenient feature like this one outweighs the potential privacy concerns. I also understand that as a maintainer and being the creator of the app, you may disagree :)

Cheers,
Florian

Copy link
Owner

@Razeeman Razeeman Nov 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is one workaround, although not looked into it much, but could be possible. Is to have a separate app, like a plugin, that would be installed separately and would have internet permission, it work with time tracker app and pass data to it. If I'm not mistaken, if both apps signed with the same signing key, they are basically the same app, and can share data without permissions. So it would work like this: time tracker pass data to plugin app, plugin app calls web api. Hope this makes sense.

The downside is that it probably wouldn't be possible to publish this plugin app on google play (I saw apps like this removed). It could be possible to publish it on f-droid and it will be available as an apk on github.


<application
android:name=".TimeTrackerApp"
android:allowBackup="true"
Expand Down
23 changes: 23 additions & 0 deletions app/src/main/java/com/example/util/simpletimetracker/TimeTrackerApp.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,18 +4,30 @@ import android.app.Application
import android.os.StrictMode
import androidx.emoji2.bundled.BundledEmojiCompatConfig
import androidx.emoji2.text.EmojiCompat
import com.example.util.simpletimetracker.api.WebApiAdapter
import dagger.hilt.android.HiltAndroidApp
import kotlinx.coroutines.CoroutineScope
import kotlinx.coroutines.Dispatchers
import kotlinx.coroutines.SupervisorJob
import kotlinx.coroutines.launch
import timber.log.Timber
import timber.log.Timber.DebugTree
import javax.inject.Inject

@HiltAndroidApp
class TimeTrackerApp : Application() {

@Inject
lateinit var webApiAdapter: WebApiAdapter

private val applicationScope = CoroutineScope(SupervisorJob() + Dispatchers.IO)

override fun onCreate() {
super.onCreate()
initLog()
initLibraries()
initStrictMode()
startWebApi()
}

private fun initLog() {
Expand Down Expand Up @@ -47,4 +59,15 @@ class TimeTrackerApp : Application() {
)
}
}

private fun startWebApi() {
applicationScope.launch {
try {
webApiAdapter.start()
Timber.d("Web API started on port 8080")
} catch (e: Exception) {
Timber.e(e, "Failed to start Web API")
}
}
}
}
158 changes: 158 additions & 0 deletions app/src/play/java/com/example/util/simpletimetracker/api/WebApiAdapter.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,158 @@
package com.example.util.simpletimetracker.api

import com.example.util.simpletimetracker.wear_api.WearCommunicationAPI
import com.example.util.simpletimetracker.wear_api.WearStartActivityRequest
import com.example.util.simpletimetracker.wear_api.WearStopActivityRequest
import fi.iki.elonen.NanoHTTPD
import kotlinx.coroutines.runBlocking
import org.json.JSONArray
import org.json.JSONObject
import javax.inject.Inject

class WebApiAdapter @Inject constructor(
// Reuse the SAME interface that Wear OS uses!
private val wearApi: WearCommunicationAPI,
) : NanoHTTPD(8080) {

override fun serve(session: IHTTPSession): Response {
val headers = mutableMapOf(
"Access-Control-Allow-Origin" to "*",
"Access-Control-Allow-Methods" to "GET, POST, OPTIONS",
"Access-Control-Allow-Headers" to "Content-Type"
)

if (session.method == Method.OPTIONS) {
return newFixedLengthResponse(Response.Status.OK, MIME_PLAINTEXT, "")
.apply { headers.forEach { (k, v) -> addHeader(k, v) } }
}

return try {
when {
// GET /api/activities
session.uri == "/api/activities" && session.method == Method.GET -> {
getAllActivities(headers)
}
// GET /api/running
session.uri == "/api/running" && session.method == Method.GET -> {
getRunningActivities(headers)
}
// POST /api/start/:id
session.uri.startsWith("/api/start/") && session.method == Method.POST -> {
val id = session.uri.substringAfterLast("/").toLongOrNull()
startActivity(id, headers)
}
// POST /api/stop/:id
session.uri.startsWith("/api/stop/") && session.method == Method.POST -> {
val id = session.uri.substringAfterLast("/").toLongOrNull()
stopActivity(id, headers)
}
else -> {
newFixedLengthResponse(
Response.Status.NOT_FOUND,
"application/json",
"""{"error": "Not found"}"""
).apply { headers.forEach { (k, v) -> addHeader(k, v) } }
}
}
} catch (e: Exception) {
newFixedLengthResponse(
Response.Status.INTERNAL_ERROR,
"application/json",
"""{"error": "${e.message}"}"""
).apply { headers.forEach { (k, v) -> addHeader(k, v) } }
}
}

private fun getAllActivities(headers: Map<String, String>): Response = runBlocking {
// Reuse the EXACT same method Wear OS uses!
val activities = wearApi.queryActivities()
val currentState = wearApi.queryCurrentActivities()
val runningIds = currentState.currentActivities.map { it.id }.toSet()

val json = JSONArray()
activities.forEach { activity ->
json.put(JSONObject().apply {
put("id", activity.id)
put("name", activity.name)
put("icon", activity.icon)
put("color", activity.color)
put("isRunning", runningIds.contains(activity.id))
})
}

newFixedLengthResponse(
Response.Status.OK,
"application/json",
json.toString()
).apply {
headers.forEach { (k, v) -> addHeader(k, v) }
}
}

private fun getRunningActivities(headers: Map<String, String>): Response = runBlocking {
// Reuse the EXACT same method Wear OS uses!
val currentState = wearApi.queryCurrentActivities()
val activities = wearApi.queryActivities().associateBy { it.id }

val json = JSONArray()
currentState.currentActivities.forEach { current ->
val activity = activities[current.id]
json.put(JSONObject().apply {
put("id", current.id)
put("name", activity?.name ?: "Unknown")
put("timeStarted", current.startedAt)
put("duration", System.currentTimeMillis() - current.startedAt)
})
}

newFixedLengthResponse(
Response.Status.OK,
"application/json",
json.toString()
).apply {
headers.forEach { (k, v) -> addHeader(k, v) }
}
}

private fun startActivity(id: Long?, headers: Map<String, String>): Response = runBlocking {
if (id == null) {
return@runBlocking newFixedLengthResponse(
Response.Status.BAD_REQUEST,
"application/json",
"""{"error": "Invalid ID"}"""
)
}

// Reuse the EXACT same method Wear OS uses!
wearApi.startActivity(WearStartActivityRequest(id = id, tags = null))

newFixedLengthResponse(
Response.Status.OK,
"application/json",
"""{"success": true}"""
).apply {
headers.forEach { (k, v) -> addHeader(k, v) }
}
}

private fun stopActivity(id: Long?, headers: Map<String, String>): Response = runBlocking {
if (id == null) {
return@runBlocking newFixedLengthResponse(
Response.Status.BAD_REQUEST,
"application/json",
"""{"error": "Invalid ID"}"""
)
}

// Reuse the EXACT same method Wear OS uses!
wearApi.stopActivity(WearStopActivityRequest(id = id))

newFixedLengthResponse(
Response.Status.OK,
"application/json",
"""{"success": true}"""
).apply {
headers.forEach { (k, v) -> addHeader(k, v) }
}
}
}
19 changes: 19 additions & 0 deletions app/src/play/java/com/example/util/simpletimetracker/api/WebApiModule.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
package com.example.util.simpletimetracker.api

import dagger.Module
import dagger.Provides
import dagger.hilt.InstallIn
import dagger.hilt.components.SingletonComponent
import javax.inject.Singleton

@Module
@InstallIn(SingletonComponent::class)
object WebApiModule {
@Provides
@Singleton
fun provideWebApiAdapter(
wearApi: com.example.util.simpletimetracker.wear_api.WearCommunicationAPI
): WebApiAdapter {
return WebApiAdapter(wearApi)
}
}
2 changes: 2 additions & 0 deletions gradle/libs.versions.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ ksp = "1.9.25-1.0.20" # same as kotlin
marathon = "0.10.3"

coroutines = "1.6.4"
nanohttpd = "2.3.1"
timber = "4.7.1"
javax = "1"

Expand Down Expand Up @@ -55,6 +56,7 @@ rules = "1.5.0"
kotlin = { group = "org.jetbrains.kotlin", name = "kotlin-stdlib", version.ref = "kotlin" }
coroutines = { group = "org.jetbrains.kotlinx", name = "kotlinx-coroutines-android", version.ref = "coroutines" }
javax = { group = "javax.inject", name = "javax.inject", version.ref = "javax" }
nanohttpd = { module = "org.nanohttpd:nanohttpd", version.ref = "nanohttpd" }
timber = { group = "com.jakewharton.timber", name = "timber", version.ref = "timber" }

# Androidx
Expand Down
Loading