Continued roadmap - dbsandis/TwiligtApp GitHub Wiki

Great—that’s an excellent and scalable approach: • WordPress (on one Lightsail server) handles authentication • Django app (on another separate Lightsail server) handles the financial planner • Users authenticate via WordPress, and Django verifies sessions via API or token-based access (e.g., JWT) • You avoid tight coupling, so both apps can scale independently.

⸻

Refined Technical Architecture & Roadmap

ARCHITECTURE OVERVIEW

[User] | |--- Logs in via ---> [WordPress Site (Lightsail #1)] | | | |--- Issues JWT via WP REST Auth plugin | | | |--- Provides link to app (e.g., finance.mysite.com?token=xyz) | |--- Accesses ---> [Django App (Lightsail #2)] | |--- Verifies JWT token with WP REST API |--- Loads financial planning interface (AJAX forms, dashboards) |--- Reads/Writes data to [RDS PostgreSQL/MySQL]

⸻

PHASED ROADMAP (TECHNICAL)

PHASE 1 – Setup & Secure Integration (Month 1)

WordPress (Lightsail #1) • Install JWT Auth for WP REST API (Plugin) • Enable CORS + HTTPS • Create a login form that issues a JWT on successful login • Store JWT in browser localStorage or pass via redirect query param

Django (Lightsail #2) • Create basic Django project and app scaffold • Use Django REST Framework • Add JWT middleware (e.g., via djangorestframework-simplejwt) • Validate JWT by querying WP site /wp-json/jwt-auth/v1/token/validate

⸻

PHASE 2 – Build Core Financial Planning App (Months 2–3)

Django App • Create User Profile model (tie WordPress user ID or email) • Build Budgeting, Debt, Emergency Fund models • Build AJAX forms with HTMX or Vanilla JS + Django views • Use Django templates + Bootstrap or Tailwind CSS • Store data in RDS PostgreSQL/MySQL

⸻

PHASE 3 – UX, Reporting, and PDF Export (Months 4–5) • Implement charts (Chart.js or ApexCharts) • Add PDF export (WeasyPrint or xhtml2pdf) • Allow edit/resume of previous sessions • Optimize mobile experience

⸻

PHASE 4 – Scale & Harden (Month 6+) • Set up S3 + CloudFront for static file delivery • Add CloudWatch or Grafana for monitoring • Harden WordPress with WP Fail2Ban, security headers • Harden Django with CSRF protection, HTTPS-only cookies, and rate limiting • Schedule RDS backups + Django DB cleanup scripts

⸻

Would you like a sample JWT validation middleware for Django to get started?