 anders
|
68eaee0b9f
|
Complete TODO items: security, features, polish
Security:
- Encrypt Gitea tokens at rest (AES-256-GCM with MH_SECRET)
- Secure cookie flag when behind HTTPS (X-Forwarded-Proto)
- Password complexity (min 8 chars)
- TOTP: defer persist until verified (totp_pending column)
- Audit log table + logging on login/rename/password change
Features:
- Rename files/folders (double-click in tree, /api/files/rename)
- beforeunload warning for unsaved changes
- Mobile hamburger menu
- PWA icons (192px, 512px)
- Max file size enforcement (10MB)
- Shared file read access (cross-user with permission check)
Polish:
- Toast notifications replace all alert() calls
- Keyboard shortcut help overlay (Ctrl+/)
- File rename via double-click in FileTree
|
2026-05-26 23:51:02 +02:00 |
|
|
anders
|
1a77d068a7
|
PWA offline support + client-side encryption
- Service worker: caches app shell, network-first for HTML
- manifest.json for installable PWA
- IndexedDB: cache files locally, queue pending saves
- Offline fallback: open cached files when server unreachable
- Sync pending changes on reconnect (online event)
- Client-side AES-256-GCM encryption lib (PBKDF2 key derivation)
- Ready for Private Vault feature
|
2026-05-22 23:36:06 +02:00 |
|