anders-pub/markdown-hub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
22 Commits 1 Branch 0 Tags
0dae678c2e719b90dd6d3ad326b2158b581ce6be
Commit Graph

9 Commits

Author SHA1 Message Date
anders 8a7b0e18ed LDAP admin GUI + group filter 
- LDAP settings configurable from Admin panel (no restart needed)
- Required group filter: only users in specified group can login
- Supports both memberOf attribute and groupOfNames search
- Settings stored in DB (settings table), env vars as fallback
- SLDAP supported via ldaps:// URL
- Bind password masked in UI
 2026-05-27 00:08:00 +02:00
anders bf655c6bc5 Complete remaining TODO: image upload, spinners, drag-to-trash, sort 
- Image upload: drag-drop images into editor, stored in .assets/
- Serve images via /api/files/image/ endpoint
- Loading spinner bar in sidebar during file operations
- Sort files by name/date buttons
- Drag files onto Trash button to delete
- All code TODO items complete
 2026-05-26 23:56:13 +02:00
anders 68eaee0b9f Complete TODO items: security, features, polish 
Security:
- Encrypt Gitea tokens at rest (AES-256-GCM with MH_SECRET)
- Secure cookie flag when behind HTTPS (X-Forwarded-Proto)
- Password complexity (min 8 chars)
- TOTP: defer persist until verified (totp_pending column)
- Audit log table + logging on login/rename/password change

Features:
- Rename files/folders (double-click in tree, /api/files/rename)
- beforeunload warning for unsaved changes
- Mobile hamburger menu
- PWA icons (192px, 512px)
- Max file size enforcement (10MB)
- Shared file read access (cross-user with permission check)

Polish:
- Toast notifications replace all alert() calls
- Keyboard shortcut help overlay (Ctrl+/)
- File rename via double-click in FileTree
 2026-05-26 23:51:02 +02:00
anders 4f3113199b Security hardening 
- JWT: validate signing algorithm (prevent alg confusion)
- Login: rate limiting (10 attempts per 5 min per IP)
- Request body: 10MB size limit (prevent DoS)
- WebSocket: require JWT auth (token query param or cookie)
- Daemon endpoints: require admin role (not just any user)
- io.LimitReader on all request body decoding
 2026-05-26 22:51:33 +02:00
anders 55a9ae816f Add change password (Preferences > Change Password) 2026-05-25 08:44:15 +02:00
anders 1433890a4c Add trash: deleted files go to trash, restore or empty 2026-05-22 21:12:29 +02:00
anders 88eebf6944 Drag and drop files between folders 2026-05-22 20:08:09 +02:00
anders 4df87cbf9a Phase 2-6: Git sync, sharing, 2FA, AI integration 
- Git: init, commit, log, diff, restore, remotes, push/pull
- Auto-commit on every file save
- Sharing: share/unshare files with other users (ro/rw)
- Shared documents view in sidebar
- 2FA: TOTP setup/verify/disable, enforced at login
- AI: verify spec endpoint (LiteLLM), generate (summarize/prompt/expand)
- Light/dark theme with CSS variables
- File delete (recursive for folders)
- Admin panel + preferences panel
- File creation timestamp display
 2026-05-22 19:53:24 +02:00
anders 0c1047d390 Initial commit: Phase 1+2 prototype 
- Go backend with SQLite, JWT auth, file CRUD
- Vue 3 frontend with split/raw/WYSIWYG editor modes
- Markdown preview (marked, GFM)
- Formatting toolbar + keyboard shortcuts
- File tree with search, create, delete
- Light/dark theme toggle
- Admin panel (user management)
- Preferences (timezone, theme, default mode)
- Shared documents section (placeholder)
- Export: PDF, HTML, MD
- Build daemon (Python, stdlib only)
- Build job queue API
- Docker deployment
 2026-05-22 19:48:48 +02:00