git-annex/doc/design/assistant/webapp.mdwn

The webapp is a web server that displays a shiny interface.

## security

* Listen only to localhost. **done**
* Instruct the user's web browser to open an url that contains a secret
  token. This guards against other users on the same system. **done**
  (I would like to avoid passwords or other authentication methods,
  it's your local system.)
* Don't pass the url with secret token directly to the web browser,
  as that exposes it to `ps`. Instead, write a html file only the user can read,
  that redirects to the webapp. **done**
* Alternative for Linux at least would be to write a small program using
  GTK+ Webkit, that runs the webapp, and can know what user ran it, avoiding
  needing authentication.

## interface

* list of files uploading and downloading
* progress bars for each file
* drag and drop to reorder
* cancel and pause
* keep it usable w/o javascript, and accessible to blind, etc

## other features

* there could be a UI to export a file, which would make it be served up
  over http by the web app
* Display any relevant warning messages. One is the `inotify max_user_watches`
  exceeded message. Need to lift such messages into DaemonStatus
  so the WebApp can include them in its rendering of DaemonStatus.

## implementation

* Include jquery into the webapp, preferably minimised at build time.
  Currently the webapp needs an internet connection to load jquery, which
  is not ideal.
* use `addStaticContent` to make /favicon.ico work. Return `Right (route, query)`
  and I think the route can be `favicon_ico`. (Tried this; couldn't seem
  to make it work.)
* perhaps define a custom `errorHandler`, which could avoid the potential
  of leaking auth tokens on error pages
* possibly lose the ugly auth= token past the first page,
  and use a client-side session. It could be encrypted using the token
  as the `encryptKey`. Note: Would need to set the session duration
  to infinite (how?)
* When long polling fails, retry a time or two, and then give up, and
  either display an error message, or, possibly, close the browser window.
  (Currently the display just stops updating.)
add preliminary design 2012-05-27 01:11:19 +00:00			`The webapp is a web server that displays a shiny interface.`

			`## security`

updae 2012-07-26 09:21:05 +00:00			`* Listen only to localhost. done`
add preliminary design 2012-05-27 01:11:19 +00:00			`* Instruct the user's web browser to open an url that contains a secret`
updae 2012-07-26 09:21:05 +00:00			`token. This guards against other users on the same system. done`
updae 2012-07-26 09:22:17 +00:00			`(I would like to avoid passwords or other authentication methods,`
			`it's your local system.)`
update 2012-07-26 17:47:41 +00:00			`* Don't pass the url with secret token directly to the web browser,`
			as that exposes it to `ps`. Instead, write a html file only the user can read,
			`that redirects to the webapp. done`
update 2012-05-31 19:48:26 +00:00			`* Alternative for Linux at least would be to write a small program using`
			`GTK+ Webkit, that runs the webapp, and can know what user ran it, avoiding`
			`needing authentication.`
add preliminary design 2012-05-27 01:11:19 +00:00
			`## interface`

			`* list of files uploading and downloading`
			`* progress bars for each file`
			`* drag and drop to reorder`
			`* cancel and pause`
updates 2012-05-29 23:17:38 +00:00			`* keep it usable w/o javascript, and accessible to blind, etc`
add preliminary design 2012-05-27 01:11:19 +00:00
update 2012-05-31 19:28:04 +00:00			`## other features`

			`* there could be a UI to export a file, which would make it be served up`
			`over http by the web app`
update 2012-06-06 20:54:39 +00:00			* Display any relevant warning messages. One is the `inotify max_user_watches`
update 2012-07-27 01:32:08 +00:00			`exceeded message. Need to lift such messages into DaemonStatus`
			`so the WebApp can include them in its rendering of DaemonStatus.`
update 2012-05-31 19:28:04 +00:00
add preliminary design 2012-05-27 01:11:19 +00:00			`## implementation`

update 2012-07-26 21:58:44 +00:00			`* Include jquery into the webapp, preferably minimised at build time.`
			`Currently the webapp needs an internet connection to load jquery, which`
			`is not ideal.`
update 2012-07-26 15:53:18 +00:00			* use `addStaticContent` to make /favicon.ico work. Return `Right (route, query)`
update 2012-07-26 21:58:44 +00:00			and I think the route can be `favicon_ico`. (Tried this; couldn't seem
			`to make it work.)`
update 2012-07-26 15:53:18 +00:00			* perhaps define a custom `errorHandler`, which could avoid the potential
			`of leaking auth tokens on error pages`
			`* possibly lose the ugly auth= token past the first page,`
			`and use a client-side session. It could be encrypted using the token`
			as the `encryptKey`. Note: Would need to set the session duration
			`to infinite (how?)`
todo 2012-07-27 01:40:24 +00:00			`* When long polling fails, retry a time or two, and then give up, and`
			`either display an error message, or, possibly, close the browser window.`
			`(Currently the display just stops updating.)`