feat: Build Automated iCalendar (.ics) Feed Generator with Live Cryptographic Subscriptions

[mahi-8758]

---

Problem

Currently, StudyPlan acts as a standalone sandbox web application. While it features an interactive global calendar view within the dashboard, it is completely isolated from a student's broader digital ecosystem. Students do not rely on a single dashboard—their daily deadlines, exam schedules, and lectures live inside primary productivity apps like Google Calendar, Apple Calendar, or Outlook.

Forcing students to manually check a separate web app defeats the project's goal of removing manual planning overhead. Additionally, the platform currently provides no way to export or stream extracted tasks externally.

Proposed Improvement

Implement a dynamic, automated iCalendar (.ics) feed generation engine that securely streams tasks from the local SQLite database directly to external calendar clients via standard subscription protocols (RFC 5545).

Technical Requirements

1. Dynamic ICS Generator Layer (backend):

• Create a dedicated backend route: /api/v1/calendar/feed/:feed_token.
• When pinged by a calendar provider's background scraper, this route must query the SQLite database, filter pending/due tasks, and map them to standard RFC 5545 string formats (handling tags like BEGIN:VCALENDAR, BEGIN:VEVENT, DTSTART, DTEND, SUMMARY, and DESCRIPTION).

2. Cryptographic Token Obfuscation (security):

• Calendar client aggregators (like Google Calendar) poll URL feeds anonymously without supporting traditional HTTP authentication headers (Bearers, cookies, etc.).
• Generate an obfuscated, unique feed_token for the user session (e.g., using a cryptographically secure hash or UUIDv4 stored in the database). Prevent URL enumeration or unauthorized scraping of student schedules.

3. Frontend Management Integration (frontend):

• Enhance the global calendar interface with a "Sync with External Calendar" section.
• Provide a clean input block with a "Copy Live Link" option, a checklist of instructions for major providers (Google, Apple, Outlook), and a critical safety function: a "Regenerate Secret URL" button that immediately voids the existing token and issues a new one if leaked.

Why improvement is needed

This shifts StudyPlan from a simple visualization utility to an integrated workflow system.

• Zero Friction: Once a student pastes a syllabus or assignment list, it automatically appears on their phone’s native calendar app within minutes without manual intervention.
• Proactive Engagement: Leveraging native phone/desktop notification systems via existing calendar tools bypasses browser-level notification blocking, drastically reducing the chances of a student missing a deadline.

Expected Result

• Backend: A highly performant Express endpoint that outputs clean text/calendar content types with proper line foldings (max 75 octets per line per RFC specifications).
• Frontend: A minimalist, glassmorphic container on the calendar interface displaying the subscription feed URL, a copy button utilizing the Clipboard API, and a working token rotation interface.
• Integrations: Adding the generated link to Google Calendar under "From URL" seamlessly populates and synchronizes all tasks extracted by the Gemini API.

Alternatives Considered

• Static ICS Downloads: Creating a button that generates and downloads a physical .ics file. Rejected because it is completely static; every time a user pastes a new text block or updates a deadline via inline editing, they would have to delete their old calendar layer and re-download a new file.
• Direct Google Calendar REST API Integration: Authenticating users via OAuth2 to push tasks straight to their Google Calendar accounts. Rejected because it destroys the lightweight, zero-dependency philosophy of this codebase, creates vendor lock-in for non-Google users, requires complex OAuth app management, and violates privacy boundaries for an offline-first feeling local SQLite build.

Additional Context

The implementation should strictly use vanilla JavaScript on the frontend and standard internal Node.js libraries (crypto) to preserve the zero-dependency profile of the app's structural layers where possible.

The core flow should align perfectly with the established state management architecture:

User updates task -> Database state updates -> Calendar feed updates dynamically -> External client reflects change on next poll.

[mrsantosh2005]

Hi @mahi-8758 👋

I would like to work on this issue under GSSoC'26.

I have experience with full-stack development using JavaScript, Node.js, Express, and frontend UI integration. I’m interested in implementing the dynamic iCalendar (.ics) feed system along with secure token-based calendar synchronization.

I can help with:

• building the dynamic RFC 5545 compliant ICS feed endpoint
• implementing secure feed token generation and regeneration
• integrating SQLite task synchronization with external calendar clients
• creating a clean and responsive “Sync with External Calendar” UI section
• adding copy-to-clipboard functionality and provider setup instructions
• maintaining compatibility with the existing architecture and zero-dependency philosophy

I’ll ensure the implementation remains scalable, secure, lightweight, and contributor-friendly while preserving the current workflow architecture.

Please assign this issue to me.
Thank you!