DEV Community: Axo

I am Building a Fitness Dashboard

Axo — Sun, 03 May 2026 06:57:30 +0000

A few weeks ago I had no idea what Gunicorn was, had never touched PostgreSQL, and had never written a single line of Django. This week I connected a live fitness API to a web app I built from scratch and generated a downloadable shareable card with real data on it. That feels pretty wild to say out loud.

Let me back up and explain what I have been building, because I think the concept is actually kind of interesting.

🏋️ The Idea: A Fitness Identity Card

While researching project ideas, I kept coming back to apps like Spotify Wrapped, that end of year card everyone shares on social media. I wanted to make something like that but for fitness. Something where you connect your Strava or Fitbit account, pick which stats matter to you (total distance, longest run, active days, elevation gained, etc.), arrange them however you want, and then share a link or download a card image. I am calling it FitCard.

The gap I noticed is that nothing like this really exists in a clean, social friendly way. There are stat trackers out there, but none of them give you a fully personalized shareable card you could post on Instagram or hand to a recruiter as proof you actually follow through on things.

🔑 The Part That Broke My Brain: OAuth

Getting Strava connected was honestly the hardest part of the whole week. Not because the code was complicated, but because I did not fully understand what OAuth actually was before I started.

Here is the short version of what I learned: OAuth is a system where instead of giving your password to a third party app, you get redirected to the original service (Strava, in this case), you approve access there, and then Strava hands back a token to my app. That token is what I use to make API calls on your behalf. No passwords stored, no security nightmare.

The first time the redirect worked and I saw "Strava Connected" show up on my dashboard, I genuinely did not believe it worked on the first try.

Once I had the token I could call Strava's API and pull back real stats. Here is basically what that looks like:

headers = {'Authorization': f'Bearer {access_token}'}
stats = requests.get(
    f'https://www.strava.com/api/v3/athletes/{athlete_id}/stats',
    headers=headers
).json()

The fact that a few lines of Python can reach out to Strava's servers, grab someone's running history, and display it on a page I built still kind of amazes me.

🎛️ Making It Feel Like a Real Product: Drag and Drop

One of the features I really wanted was the ability to customize which widgets show on your card and arrange them however you want, kind of like how you can move apps around on an iPhone home screen. I used a JavaScript library called SortableJS for this, which handles all the drag logic. I just had to wire it up to save the new positions back to the database whenever you drop a widget in a new spot.

Sortable.create(grid, {
    animation: 150,
    ghostClass: 'sortable-ghost',
    onEnd: function() {
        // save new positions to the database
    }
});

What I did not expect was how satisfying that would feel to use. Dragging a widget, watching it snap into place, refreshing the page and seeing it stay. That is when it started feeling like a real app rather than a class project.

🖼️ The Downloadable Card

The last piece this week was generating an actual downloadable image of your FitCard using a Python library called Pillow. This was different from everything else I had done because instead of building a web page, I was drawing pixels. Laying out text, colors, and shapes programmatically onto a canvas and then saving it as a PNG file.

img = Image.new('RGB', (800, 500), (26, 26, 26))
draw = ImageDraw.Draw(img)
draw.text((40, 40), "FitCard", fill=(0, 229, 160), font=font_large)

My first version had a thick black border around the card that looked terrible. Fixing it was a two line change, but it is the kind of thing you only notice when you actually look at the output. That is a lesson I keep relearning: you have to test your own work with fresh eyes.

🚀 What's Coming Next

The app works but there is still a lot left to do. The VM's IP address keeps changing every time I restart it, which is annoying and something I need to fix with a static IP. I also want to add support for a second fitness platform and make sure the public profile page shows real data instead of placeholder values.

But the core loop works: connect an account, pick your widgets, arrange them, view your public card, download the image. For three weeks of work starting from zero Django knowledge, I am pretty happy with where this is.

Thanks for reading. More updates coming as the project continues.

I am Building a Fitness Dashboard

Axo — Sun, 03 May 2026 06:57:30 +0000

Let me back up and explain what I have been building, because I think the concept is actually kind of interesting.

🏋️ The Idea: A Fitness Identity Card

🔑 The Part That Broke My Brain: OAuth

Getting Strava connected was honestly the hardest part of the whole week. Not because the code was complicated, but because I did not fully understand what OAuth actually was before I started.

The first time the redirect worked and I saw "Strava Connected" show up on my dashboard, I genuinely did not believe it worked on the first try.

Once I had the token I could call Strava's API and pull back real stats. Here is basically what that looks like:

headers = {'Authorization': f'Bearer {access_token}'}
stats = requests.get(
    f'https://www.strava.com/api/v3/athletes/{athlete_id}/stats',
    headers=headers
).json()

The fact that a few lines of Python can reach out to Strava's servers, grab someone's running history, and display it on a page I built still kind of amazes me.

🎛️ Making It Feel Like a Real Product: Drag and Drop

Sortable.create(grid, {
    animation: 150,
    ghostClass: 'sortable-ghost',
    onEnd: function() {
        // save new positions to the database
    }
});

🖼️ The Downloadable Card

img = Image.new('RGB', (800, 500), (26, 26, 26))
draw = ImageDraw.Draw(img)
draw.text((40, 40), "FitCard", fill=(0, 229, 160), font=font_large)

🚀 What's Coming Next

Thanks for reading. More updates coming as the project continues.

sudo - Power Tool, Not a Magic Fix

Axo — Sun, 12 Apr 2026 04:45:10 +0000

If you've spent any time in a Linux terminal, you've typed sudo in front of a command. Maybe it was because something was blocked, maybe someone told you to, or maybe you just picked up the habit. Either way, most beginners use it constantly without really thinking about what it's doing.

So let's talk about it. What sudo actually is, when you should reach for it, and where it can genuinely get you into trouble.

🔑 What You're Actually Doing When You Type `sudo`

sudo stands for "superuser do." When you put it in front of a command, you're telling Linux to run that command as the root user, the most powerful account on the Root can read, modify, or delete anything. No file is off limits, no permission can stop it, and nothing it does is automatically undoable.

That's a lot of power to invoke casually.

✅ When `sudo` Makes Sense

There are plenty of situations where sudo is exactly the right tool. Installing software, editing system configuration files, managing users, restarting services. These all genuinely require elevated privileges and sudo is the correct way to get them.

sudo apt install nginx
sudo nano /etc/hosts
sudo systemctl restart ssh

The common thread is that these are all tasks that affect the system beyond your own user space. That's the right mental bar to clear before reaching for sudo.

⚠️ When People Misuse It

The most common mistake beginners make is using sudo as a shortcut whenever they hit a Permission Denied error. That error exists for a reason. The system is telling you that your current user isn't supposed to be doing that thing, and the correct response is to ask why, not to bulldoze through it with root privileges.

The second big mistake is running commands you don't fully understand and adding sudo to make them work. That's genuinely risky. If you copied a command from the internet and can't explain what every part of it does, adding sudo to it is not the move.

💀 The Commands Worth Being Careful With

A few combinations are worth knowing about specifically because they go from useful to catastrophic very quickly with root access.

sudo rm -rf /

This deletes everything on the system. No confirmation prompt, no warning, no recovery.

sudo chmod -R 777 /

This strips all permission restrictions from the entire filesystem, leaving your system wide open.

sudo dd if=/dev/zero of=/dev/sda

This wipes your hard drive completely by overwriting it with zeros.

None of these commands will ask if you're sure. Linux assumes you know what you're doing.

🧠 The Simple Rule

If something works fine without sudo, don't add it. Reach for it only when the system genuinely requires elevated privileges, and when you do, read the full command twice before you hit Enter. Root doesn't do second chances.

DEV Community: Axo

I am Building a Fitness Dashboard

🏋️ The Idea: A Fitness Identity Card

🔑 The Part That Broke My Brain: OAuth

🎛️ Making It Feel Like a Real Product: Drag and Drop

🖼️ The Downloadable Card

🚀 What's Coming Next

I am Building a Fitness Dashboard

🏋️ The Idea: A Fitness Identity Card

🔑 The Part That Broke My Brain: OAuth

🎛️ Making It Feel Like a Real Product: Drag and Drop

🖼️ The Downloadable Card

🚀 What's Coming Next

sudo - Power Tool, Not a Magic Fix

🔑 What You're Actually Doing When You Type sudo

✅ When sudo Makes Sense

⚠️ When People Misuse It

💀 The Commands Worth Being Careful With

🧠 The Simple Rule

🔑 What You're Actually Doing When You Type `sudo`

✅ When `sudo` Makes Sense