Complete TODO items: security, features, polish
Security: - Encrypt Gitea tokens at rest (AES-256-GCM with MH_SECRET) - Secure cookie flag when behind HTTPS (X-Forwarded-Proto) - Password complexity (min 8 chars) - TOTP: defer persist until verified (totp_pending column) - Audit log table + logging on login/rename/password change Features: - Rename files/folders (double-click in tree, /api/files/rename) - beforeunload warning for unsaved changes - Mobile hamburger menu - PWA icons (192px, 512px) - Max file size enforcement (10MB) - Shared file read access (cross-user with permission check) Polish: - Toast notifications replace all alert() calls - Keyboard shortcut help overlay (Ctrl+/) - File rename via double-click in FileTree
This commit is contained in:
@@ -37,6 +37,7 @@ func NewRouter(db *sql.DB, dataDir, secret string) http.Handler {
|
||||
mux.HandleFunc("POST /api/files/create-folder", s.requireAuth(s.handleCreateFolder))
|
||||
mux.HandleFunc("POST /api/files/delete", s.requireAuth(s.handleDeleteFile))
|
||||
mux.HandleFunc("POST /api/files/move", s.requireAuth(s.handleMoveFile))
|
||||
mux.HandleFunc("POST /api/files/rename", s.requireAuth(s.handleRenameFile))
|
||||
mux.HandleFunc("POST /api/files/trash", s.requireAuth(s.handleListTrash))
|
||||
mux.HandleFunc("POST /api/files/trash/restore", s.requireAuth(s.handleRestoreTrash))
|
||||
mux.HandleFunc("POST /api/files/trash/empty", s.requireAuth(s.handleEmptyTrash))
|
||||
|
||||
Reference in New Issue
Block a user