anders
68eaee0b9f
Security: - Encrypt Gitea tokens at rest (AES-256-GCM with MH_SECRET) - Secure cookie flag when behind HTTPS (X-Forwarded-Proto) - Password complexity (min 8 chars) - TOTP: defer persist until verified (totp_pending column) - Audit log table + logging on login/rename/password change Features: - Rename files/folders (double-click in tree, /api/files/rename) - beforeunload warning for unsaved changes - Mobile hamburger menu - PWA icons (192px, 512px) - Max file size enforcement (10MB) - Shared file read access (cross-user with permission check) Polish: - Toast notifications replace all alert() calls - Keyboard shortcut help overlay (Ctrl+/) - File rename via double-click in FileTree
1.3 KiB
1.3 KiB
TODO
Security
- Encrypt Gitea tokens at rest in SQLite (use app-level AES with MH_SECRET)
- Add
Secureflag to auth cookie when behind HTTPS (detect via X-Forwarded-Proto) - Password complexity requirements (min 8 chars)
- TOTP: don't persist secret until verified (uses totp_pending column)
- Audit log (who did what, when)
Features
- Rename files/folders (double-click in tree)
- Image upload (drag-drop into editor, store in assets folder)
- Browser
beforeunloadwarning with unsaved changes - Mobile hamburger menu to toggle sidebar
- PWA icons (icon-192.png, icon-512.png)
- Session expiry / logout button in UI
- Max file size enforcement on upload (10MB)
- Shared file read access (cross-user file serving)
Testing
- End-to-end: WYSIWYG mode (Milkdown)
- End-to-end: real-time collab (two browsers)
- End-to-end: git push/pull to Gitea
- End-to-end: 2FA setup flow
- End-to-end: sharing between two users
- End-to-end: build daemon + Pi
- End-to-end: offline edit → reconnect sync
Polish
- Error toasts instead of alert()
- Loading spinners on API calls
- Keyboard shortcut help overlay (Ctrl+/)
- File rename inline in tree (double-click)
- Drag files to trash
- Sort files (name, date, size)