From 773a06fce6870e8dc48d9f1f4aa2e2fd0a9a80d0 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 19 Aug 2012 20:14:34 -0400 Subject: [PATCH] updates --- doc/design/assistant/configurators.mdwn | 2 +- doc/design/assistant/leftovers.mdwn | 2 +- doc/design/assistant/webapp.mdwn | 33 +++++++++++++------------ 3 files changed, 19 insertions(+), 18 deletions(-) diff --git a/doc/design/assistant/configurators.mdwn b/doc/design/assistant/configurators.mdwn index e0e938efdd..b6aaa1cb65 100644 --- a/doc/design/assistant/configurators.mdwn +++ b/doc/design/assistant/configurators.mdwn @@ -9,7 +9,7 @@ through setting up common use cases. * Create a repository (run when the web app is started without a configured repository too). -* Clone this repo to a USB drive. +* Clone this repo to a USB drive or other removable drive. **done** * Clone this repo to another host. (Needs [[pairing]]) * Set up Amazon S3. * Set up rsync remote. diff --git a/doc/design/assistant/leftovers.mdwn b/doc/design/assistant/leftovers.mdwn index c322a27812..f6cb15c950 100644 --- a/doc/design/assistant/leftovers.mdwn +++ b/doc/design/assistant/leftovers.mdwn @@ -1,6 +1,6 @@ Things that don't fit anywhere else: -* Automatically start daemon on boot or when user logs in. +* Automatically start daemon on boot or when user logs in. **done** * Somehow get content that is unavailable. This is problematic with inotify, since we only get an event once the user has tried (and failed) to read from the file. This is only needed if all the files in the directory diff --git a/doc/design/assistant/webapp.mdwn b/doc/design/assistant/webapp.mdwn index ddcc661536..82d180af20 100644 --- a/doc/design/assistant/webapp.mdwn +++ b/doc/design/assistant/webapp.mdwn @@ -1,27 +1,14 @@ The webapp is a web server that displays a shiny interface. -## security - -* Listen only to localhost. **done** -* Instruct the user's web browser to open an url that contains a secret - token. This guards against other users on the same system. **done** - (I would like to avoid passwords or other authentication methods, - it's your local system.) -* Don't pass the url with secret token directly to the web browser, - as that exposes it to `ps`. Instead, write a html file only the user can read, - that redirects to the webapp. **done** -* Alternative for Linux at least would be to write a small program using - GTK+ Webkit, that runs the webapp, and can know what user ran it, avoiding - needing authentication. - ## interface * list of files uploading and downloading **done** * button to open file browser on repo (`xdg-open $DIR`) **done** * progress bars for each file (see [[progressbars]]) * drag and drop to reorder -* cancel and pause -* keep it usable w/o javascript, and accessible to blind, etc +* cancel, pause, and resume **done** +* keep it usable w/o javascript **done** +* keep it accessible to blind, etc ## other features @@ -42,3 +29,17 @@ The webapp is a web server that displays a shiny interface. * record repository that was made, and use it next time run **done** * write a pid file, to prevent more than one first-start process running at once **done** + +## security **acceptable/done** + +* Listen only to localhost. **done** +* Instruct the user's web browser to open an url that contains a secret + token. This guards against other users on the same system. **done** + (I would like to avoid passwords or other authentication methods, + it's your local system.) +* Don't pass the url with secret token directly to the web browser, + as that exposes it to `ps`. Instead, write a html file only the user can read, + that redirects to the webapp. **done** +* Alternative for Linux at least would be to write a small program using + GTK+ Webkit, that runs the webapp, and can know what user ran it, avoiding + needing authentication.