1.3 KiB
1.3 KiB
TODO
Security
- Encrypt Gitea tokens at rest in SQLite (use app-level AES with MH_SECRET)
- Add
Secureflag to auth cookie when behind HTTPS (detect via X-Forwarded-Proto) - Password complexity requirements (min length, etc.)
- TOTP: don't persist secret until verified (currently saves on setup)
- Audit log (who did what, when)
Features
- Rename files/folders (currently only move)
- Image upload (drag-drop into editor, store in assets folder)
- Browser
beforeunloadwarning with unsaved changes - Mobile hamburger menu to toggle sidebar
- PWA icons (icon-192.png, icon-512.png)
- Session expiry / logout button in UI
- Max file size enforcement on upload
- Shared file read access (cross-user file serving)
Testing
- End-to-end: WYSIWYG mode (Milkdown)
- End-to-end: real-time collab (two browsers)
- End-to-end: git push/pull to Gitea
- End-to-end: 2FA setup flow
- End-to-end: sharing between two users
- End-to-end: build daemon + Pi
- End-to-end: offline edit → reconnect sync
Polish
- Error toasts instead of alert()
- Loading spinners on API calls
- Keyboard shortcut help overlay (Ctrl+?)
- File rename inline in tree (double-click)
- Drag files to trash
- Sort files (name, date, size)