39 lines
1.4 KiB
Markdown
39 lines
1.4 KiB
Markdown
The webapp is a web server that displays a shiny interface.
|
|
|
|
## security
|
|
|
|
* Listen only to localhost. **done**
|
|
* Instruct the user's web browser to open an url that contains a secret
|
|
token. This guards against other users on the same system. **done**
|
|
(I would like to avoid passwords or other authentication methods,
|
|
it's your local system.)
|
|
* Alternative for Linux at least would be to write a small program using
|
|
GTK+ Webkit, that runs the webapp, and can know what user ran it, avoiding
|
|
needing authentication.
|
|
|
|
## interface
|
|
|
|
* list of files uploading and downloading
|
|
* progress bars for each file
|
|
* drag and drop to reorder
|
|
* cancel and pause
|
|
* keep it usable w/o javascript, and accessible to blind, etc
|
|
|
|
## other features
|
|
|
|
* there could be a UI to export a file, which would make it be served up
|
|
over http by the web app
|
|
* Display any relevant warning messages. One is the `inotify max_user_watches`
|
|
exceeded message.
|
|
|
|
## implementation
|
|
|
|
* use `addStaticContent` to make /favicon.ico work. Return `Right (route, query)`
|
|
and I think the route can be `favicon_ico`.
|
|
* perhaps define a custom `errorHandler`, which could avoid the potential
|
|
of leaking auth tokens on error pages
|
|
* possibly lose the ugly auth= token past the first page,
|
|
and use a client-side session. It could be encrypted using the token
|
|
as the `encryptKey`. Note: Would need to set the session duration
|
|
to infinite (how?)
|
|
* look up "server-sent events" sent using `sendWaiResponse`
|