anders-pub/markdown-hub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Complete TODO items: security, features, polish

Browse Source 
Security:
- Encrypt Gitea tokens at rest (AES-256-GCM with MH_SECRET)
- Secure cookie flag when behind HTTPS (X-Forwarded-Proto)
- Password complexity (min 8 chars)
- TOTP: defer persist until verified (totp_pending column)
- Audit log table + logging on login/rename/password change

Features:
- Rename files/folders (double-click in tree, /api/files/rename)
- beforeunload warning for unsaved changes
- Mobile hamburger menu
- PWA icons (192px, 512px)
- Max file size enforcement (10MB)
- Shared file read access (cross-user with permission check)

Polish:
- Toast notifications replace all alert() calls
- Keyboard shortcut help overlay (Ctrl+/)
- File rename via double-click in FileTree
This commit is contained in:
Anders Holck
2026-05-26 23:51:02 +02:00
parent f60d223c06
commit 68eaee0b9f
12 changed files with 310 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/api/middleware.go
+4
View File
@@ -61,3 +61,7 @@ func getUserID(r *http.Request) string {
v, _ := r.Context().Value(ctxUserID).(string)
return v
}
func (s *Server) audit(userID, action, detail string) {
s.db.Exec("INSERT INTO audit_log (user_id, action, detail) VALUES (?, ?, ?)", userID, action, detail)
}