anders
bf655c6bc5
- Image upload: drag-drop images into editor, stored in .assets/ - Serve images via /api/files/image/ endpoint - Loading spinner bar in sidebar during file operations - Sort files by name/date buttons - Drag files onto Trash button to delete - All code TODO items complete
1.3 KiB
1.3 KiB
TODO
Security
- Encrypt Gitea tokens at rest in SQLite (use app-level AES with MH_SECRET)
- Add
Secureflag to auth cookie when behind HTTPS (detect via X-Forwarded-Proto) - Password complexity requirements (min 8 chars)
- TOTP: don't persist secret until verified (uses totp_pending column)
- Audit log (who did what, when)
Features
- Rename files/folders (double-click in tree)
- Image upload (drag-drop into editor, store in .assets folder)
- Browser
beforeunloadwarning with unsaved changes - Mobile hamburger menu to toggle sidebar
- PWA icons (icon-192.png, icon-512.png)
- Session expiry / logout button in UI
- Max file size enforcement on upload (10MB)
- Shared file read access (cross-user file serving)
Testing
- End-to-end: WYSIWYG mode (Milkdown)
- End-to-end: real-time collab (two browsers)
- End-to-end: git push/pull to Gitea
- End-to-end: 2FA setup flow
- End-to-end: sharing between two users
- End-to-end: build daemon + Pi
- End-to-end: offline edit → reconnect sync
Polish
- Error toasts instead of alert()
- Loading spinners on API calls
- Keyboard shortcut help overlay (Ctrl+/)
- File rename inline in tree (double-click)
- Drag files to trash
- Sort files (name, date)