Complete TODO items: security, features, polish

Security: - Encrypt Gitea tokens at rest (AES-256-GCM with MH_SECRET) - Secure cookie flag when behind HTTPS (X-Forwarded-Proto) - Password complexity (min 8 chars) - TOTP: defer persist until verified (totp_pending column) - Audit log table + logging on login/rename/password change Features: - Rename files/folders (double-click in tree, /api/files/rename) - beforeunload warning for unsaved changes - Mobile hamburger menu - PWA icons (192px, 512px) - Max file size enforcement (10MB) - Shared file read access (cross-user with permission check) Polish: - Toast notifications replace all alert() calls - Keyboard shortcut help overlay (Ctrl+/) - File rename via double-click in FileTree
2026-05-26 23:51:02 +02:00
parent f60d223c06
commit 68eaee0b9f
12 changed files with 310 additions and 49 deletions
@@ -30,7 +30,20 @@ func Open(path string) (*DB, error) {

 func Migrate(database *DB) error {
 	_, err := database.Exec(schema)
-	return err
+	if err != nil {
+		return err
+	}
+	// Add columns that may not exist yet (idempotent)
+	database.Exec("ALTER TABLE users ADD COLUMN totp_pending TEXT")
+	database.Exec("ALTER TABLE users ADD COLUMN audit_log_enabled INTEGER DEFAULT 0")
+	database.Exec(`CREATE TABLE IF NOT EXISTS audit_log (
+		id INTEGER PRIMARY KEY AUTOINCREMENT,
+		user_id TEXT NOT NULL,
+		action TEXT NOT NULL,
+		detail TEXT,
+		created_at TEXT NOT NULL DEFAULT (datetime('now'))
+	)`)
+	return nil
 }

 var schema = `