git-annex/doc/design/assistant/webapp.mdwn

45 lines
1.8 KiB
Text
Raw Normal View History

2012-05-27 01:11:19 +00:00
The webapp is a web server that displays a shiny interface.
## security
2012-07-26 09:21:05 +00:00
* Listen only to localhost. **done**
2012-05-27 01:11:19 +00:00
* Instruct the user's web browser to open an url that contains a secret
2012-07-26 09:21:05 +00:00
token. This guards against other users on the same system. **done**
2012-07-26 09:22:17 +00:00
(I would like to avoid passwords or other authentication methods,
it's your local system.)
2012-07-26 17:47:41 +00:00
* Don't pass the url with secret token directly to the web browser,
as that exposes it to `ps`. Instead, write a html file only the user can read,
that redirects to the webapp. **done**
2012-05-31 19:48:26 +00:00
* Alternative for Linux at least would be to write a small program using
GTK+ Webkit, that runs the webapp, and can know what user ran it, avoiding
needing authentication.
2012-05-27 01:11:19 +00:00
## interface
* list of files uploading and downloading
* progress bars for each file
* drag and drop to reorder
* cancel and pause
2012-05-29 23:17:38 +00:00
* keep it usable w/o javascript, and accessible to blind, etc
2012-05-27 01:11:19 +00:00
2012-05-31 19:28:04 +00:00
## other features
* there could be a UI to export a file, which would make it be served up
over http by the web app
2012-06-06 20:54:39 +00:00
* Display any relevant warning messages. One is the `inotify max_user_watches`
2012-07-27 01:32:08 +00:00
exceeded message. Need to lift such messages into DaemonStatus
so the WebApp can include them in its rendering of DaemonStatus.
2012-05-31 19:28:04 +00:00
2012-05-27 01:11:19 +00:00
## implementation
2012-07-26 15:53:18 +00:00
* perhaps define a custom `errorHandler`, which could avoid the potential
2012-07-27 04:03:55 +00:00
of leaking auth tokens on error pages. Or make the test suite test for
leakage.
2012-07-26 15:53:18 +00:00
* possibly lose the ugly auth= token past the first page,
and use a client-side session. It could be encrypted using the token
as the `encryptKey`. Note: Would need to set the session duration
to infinite (how?)
2012-07-27 01:40:24 +00:00
* When long polling fails, retry a time or two, and then give up, and
either display an error message, or, possibly, close the browser window.
(Currently the display just stops updating.)