git-annex/doc/design/assistant/webapp.mdwn

57 lines
2.4 KiB
Markdown

The webapp is a web server that displays a shiny interface.
## bugs
* At least in chromium, clicking on the transfer pause or cancel button
sometimes fails. Seen in javascript console:
500 error code from web server.
This is quite likely because of how the div containing transfers is refereshed.
If instead javascript was used to update the progress bar etc for transfers
with json data, the buttons would work better.
* Some forms display a modal message when submitted and also have required
fields. This does not interact well.
## interface
* list of files uploading and downloading **done**
* button to open file browser on repo (`xdg-open $DIR`) **done**
* progress bars for each file (see [[progressbars]]) **done**
* drag and drop to reorder
* cancel, pause, and resume **done**
* keep it usable w/o javascript **done**
* keep it accessible to blind, etc
## other features
* there could be a UI to export a file, which would make it be served up
over http by the web app
* there could be a UI (some javascript thing) in the web browser to
submit urls to the web app to be added to the annex and downloaded.
See: [[todo/wishlist:_an_"assistant"_for_web-browsing_--_tracking_the_sources_of_the_downloads]]
* Display the `inotify max_user_watches` exceeded message. **done**
* Display something sane when kqueue runs out of file descriptors.
* allow removing git remotes **done**
* allow disabling syncing to here, which should temporarily disable all
local syncing.
## first start **done**
* make git repo **done**
* generate a nice description like "joey@hostname Desktop/annex" **done**
* record repository that was made, and use it next time run **done**
* write a pid file, to prevent more than one first-start process running
at once **done**
## security **acceptable/done**
* Listen only to localhost. **done**
* Instruct the user's web browser to open an url that contains a secret
token. This guards against other users on the same system. **done**
(I would like to avoid passwords or other authentication methods,
it's your local system.)
* Don't pass the url with secret token directly to the web browser,
as that exposes it to `ps`. Instead, write a html file only the user can read,
that redirects to the webapp. **done**
* Alternative for Linux at least would be to write a small program using
GTK+ Webkit, that runs the webapp, and can know what user ran it, avoiding
needing authentication.