40 lines
1.5 KiB
Markdown
40 lines
1.5 KiB
Markdown
The webapp is a web server that displays a shiny interface.
|
|
|
|
## security
|
|
|
|
* Listen only to localhost. **done**
|
|
* Instruct the user's web browser to open an url that contains a secret
|
|
token. This guards against other users on the same system. **done**
|
|
(I would like to avoid passwords or other authentication methods,
|
|
it's your local system.)
|
|
* Don't pass the url with secret token directly to the web browser,
|
|
as that exposes it to `ps`. Instead, write a html file only the user can read,
|
|
that redirects to the webapp. **done**
|
|
* Alternative for Linux at least would be to write a small program using
|
|
GTK+ Webkit, that runs the webapp, and can know what user ran it, avoiding
|
|
needing authentication.
|
|
|
|
## interface
|
|
|
|
* list of files uploading and downloading **done**
|
|
* progress bars for each file
|
|
* drag and drop to reorder
|
|
* cancel and pause
|
|
* keep it usable w/o javascript, and accessible to blind, etc
|
|
|
|
## other features
|
|
|
|
* there could be a UI to export a file, which would make it be served up
|
|
over http by the web app
|
|
* Display any relevant warning messages. One is the `inotify max_user_watches`
|
|
exceeded message.
|
|
|
|
## implementation
|
|
|
|
* possibly lose the ugly auth= token past the first page,
|
|
and use a client-side session. It could be encrypted using the token
|
|
as the `encryptKey`. Note: Would need to set the session duration
|
|
to infinite (how?)
|
|
* Fix notification handle leakage on pages other than the main page.
|
|
The javascript should use AJAX to request handles, that way
|
|
they won't be allocated at all in noscript.
|