36 lines
1.3 KiB
Markdown
36 lines
1.3 KiB
Markdown
# TODO
|
|
|
|
## Security
|
|
- [ ] Encrypt Gitea tokens at rest in SQLite (use app-level AES with MH_SECRET)
|
|
- [ ] Add `Secure` flag to auth cookie when behind HTTPS (detect via X-Forwarded-Proto)
|
|
- [ ] Password complexity requirements (min length, etc.)
|
|
- [ ] TOTP: don't persist secret until verified (currently saves on setup)
|
|
- [ ] Audit log (who did what, when)
|
|
|
|
## Features
|
|
- [ ] Rename files/folders (currently only move)
|
|
- [ ] Image upload (drag-drop into editor, store in assets folder)
|
|
- [ ] Browser `beforeunload` warning with unsaved changes
|
|
- [ ] Mobile hamburger menu to toggle sidebar
|
|
- [ ] PWA icons (icon-192.png, icon-512.png)
|
|
- [ ] Session expiry / logout button in UI
|
|
- [ ] Max file size enforcement on upload
|
|
- [ ] Shared file read access (cross-user file serving)
|
|
|
|
## Testing
|
|
- [ ] End-to-end: WYSIWYG mode (Milkdown)
|
|
- [ ] End-to-end: real-time collab (two browsers)
|
|
- [ ] End-to-end: git push/pull to Gitea
|
|
- [ ] End-to-end: 2FA setup flow
|
|
- [ ] End-to-end: sharing between two users
|
|
- [ ] End-to-end: build daemon + Pi
|
|
- [ ] End-to-end: offline edit → reconnect sync
|
|
|
|
## Polish
|
|
- [ ] Error toasts instead of alert()
|
|
- [ ] Loading spinners on API calls
|
|
- [ ] Keyboard shortcut help overlay (Ctrl+?)
|
|
- [ ] File rename inline in tree (double-click)
|
|
- [ ] Drag files to trash
|
|
- [ ] Sort files (name, date, size)
|