anders
bf655c6bc5
- Image upload: drag-drop images into editor, stored in .assets/ - Serve images via /api/files/image/ endpoint - Loading spinner bar in sidebar during file operations - Sort files by name/date buttons - Drag files onto Trash button to delete - All code TODO items complete
36 lines
1.3 KiB
Markdown
36 lines
1.3 KiB
Markdown
# TODO
|
|
|
|
## Security
|
|
- [x] Encrypt Gitea tokens at rest in SQLite (use app-level AES with MH_SECRET)
|
|
- [x] Add `Secure` flag to auth cookie when behind HTTPS (detect via X-Forwarded-Proto)
|
|
- [x] Password complexity requirements (min 8 chars)
|
|
- [x] TOTP: don't persist secret until verified (uses totp_pending column)
|
|
- [x] Audit log (who did what, when)
|
|
|
|
## Features
|
|
- [x] Rename files/folders (double-click in tree)
|
|
- [x] Image upload (drag-drop into editor, store in .assets folder)
|
|
- [x] Browser `beforeunload` warning with unsaved changes
|
|
- [x] Mobile hamburger menu to toggle sidebar
|
|
- [x] PWA icons (icon-192.png, icon-512.png)
|
|
- [x] Session expiry / logout button in UI
|
|
- [x] Max file size enforcement on upload (10MB)
|
|
- [x] Shared file read access (cross-user file serving)
|
|
|
|
## Testing
|
|
- [ ] End-to-end: WYSIWYG mode (Milkdown)
|
|
- [ ] End-to-end: real-time collab (two browsers)
|
|
- [ ] End-to-end: git push/pull to Gitea
|
|
- [ ] End-to-end: 2FA setup flow
|
|
- [ ] End-to-end: sharing between two users
|
|
- [ ] End-to-end: build daemon + Pi
|
|
- [ ] End-to-end: offline edit → reconnect sync
|
|
|
|
## Polish
|
|
- [x] Error toasts instead of alert()
|
|
- [x] Loading spinners on API calls
|
|
- [x] Keyboard shortcut help overlay (Ctrl+/)
|
|
- [x] File rename inline in tree (double-click)
|
|
- [x] Drag files to trash
|
|
- [x] Sort files (name, date)
|