Warren
3221b10918
feat: Add user authentication for File Tree with id/password login
...
Major features:
1. File Tree authentication system:
- User ID + Password login modal
- Each user_id accesses separate database (data/users/<user_id>.sqlite)
- Reuses existing auth system (/api/v2/auth/login)
2. TreeLoginModal UI:
- User ID input field
- Password input with eye icon toggle (👁 ↔ 🙈 )
- Enter key submission support
- Error messages display
- Cross-browser compatible
3. Token-based authentication:
- localStorage: tree_token + tree_user
- Bearer Authorization header for all tree API calls
- Token verification before tree access
- Auto-clear invalid tokens
4. Modified functions:
- toggleTree(): Check token validity before opening
- loadTree(): Add Authorization header
- applyIcon(): Add Authorization header
- organizeTree(): Add Authorization header
- New: showTreeLoginModal(), submitTreeLogin(), toggleTreePassword()
5. Security improvements:
- Restored verify_auth() check in get_tree() handler
- All tree API endpoints require authentication
- User-specific database access control
Architecture:
- Independent from admin authentication system
- Uses same backend auth (PostgreSQL sync)
- Separate localStorage keys (tree_token vs admin_token)
User workflow:
1. Click 🗂File Tree → Login modal appears
2. Enter user_id (e.g., demo) + password (e.g., demo123)
3. Login success → Tree loads with user-specific data
4. Each user sees only their own files
Files changed:
- src/server.rs: Restored auth check in get_tree()
- src/page.html: +130 lines (login modal + auth logic)
Test credentials:
- demo / demo123 (50 nodes)
- warren / demo123
- momentry / demo123
Status: File Tree authentication fully functional
2026-05-16 22:30:07 +08:00
Warren
a120bec14f
feat: Add password visibility toggle with eye icon to AdminLoginModal
...
Enhanced features:
1. Enter key submission (strengthened):
- onkeypress=handleAdminKeyPress(event) on password input
- Cross-browser support: e.key==='Enter' || e.keyCode===13
- Calls submitAdminLogin() on Enter press
2. Password visibility toggle (NEW):
- Eye icon (👁) button positioned inside password input
- Click 👁 → shows password (type='text') + icon changes to 🙈
- Click 🙈 → hides password (type='password') + icon changes to 👁
- New function: toggleAdminPassword()
- Absolute positioning: right:8px, top:50%, transform:translateY(-50%)
UI improvements:
- Password input wrapped in relative-positioned div
- Toggle button uses existing .mb-password-toggle class
- Clear password type on modal reopen (always starts as 'password')
- Better UX: keyboard + visual feedback
Files changed:
- src/page.html: +15 lines (toggle function + UI structure)
User workflow:
1. Open Settings → password modal
2. Type password OR click 👁 to see password
3. Press Enter OR click Login button
4. Both methods work seamlessly
Status: Features complete, server running
2026-05-16 21:57:47 +08:00
Warren
2611874b14
feat: Add Enter key support for admin password input
...
UX improvement:
- Password input now accepts Enter key to submit
- Added onkeypress=handleAdminKeyPress(event) to input field
- New function handleAdminKeyPress(e) checks for Enter key
- Enter key triggers submitAdminLogin()
Implementation:
- Modified showAdminLoginModal() to add onkeypress handler
- Added handleAdminKeyPress(e) function
- Supports both e.key==='Enter' and e.keyCode===13 (cross-browser)
User workflow:
1. Open Settings → Password modal appears
2. Type password: admin123
3. Press Enter → Login submits (no need to click button)
4. Or click Login button → Both methods work
Files changed: src/page.html (+8 lines)
UX: Faster login, keyboard-friendly interface
2026-05-16 21:41:55 +08:00
Warren
0a0e4a8b9c
feat: Add 10-second timeout for admin re-authentication
...
Security enhancement:
- Admin must re-enter password if Settings closed >10 seconds
- localStorage stores admin_close_time when closing Settings
- toggleSettings() checks elapsed time since last close
- If elapsed >10s: clear token, show login modal
- If elapsed <=10s: open Settings directly (no password)
Implementation:
- Added localStorage.admin_close_time tracking
- Modified toggleSettings() to check timeout
- Clear close_time when opening Settings
- Clear close_time on new login
- Clear close_time when token removed
User workflow:
1. Login → Settings open
2. Close Settings → record close_time
3. Re-open immediately (<10s) → direct access
4. Re-open after 10s → password required
Files changed: src/page.html (+15 lines in toggleSettings, +1 line in submitAdminLogin)
Security: Prevents unauthorized access if admin leaves Settings open and returns later
2026-05-16 21:26:35 +08:00
Warren
4be06d2fcd
feat: Add admin authentication for Settings panel
...
- Add sftpgo_admins table to auth.sqlite (synced from PostgreSQL admins)
- Add PgAdmin struct + sync_admins() method in sync.rs
- Add fetch_admins() method in pg_client.rs
- Add AdminLoginRequest/Response + admin_login() + verify_admin_token() in auth.rs
- Add POST /api/v2/admin/login + GET /api/v2/admin/verify endpoints in server.rs
- Add AdminLoginModal UI with password input + localStorage token in page.html
- Test password: admin123 (bcrypt hash updated in PostgreSQL admins table)
Architecture:
- Independent admin auth system (matches SFTPGo design)
- Admin sessions stored in-memory (24h validity)
- bcrypt password verification (cost=10)
- localStorage token persistence for UI
- Settings panel requires admin authentication
Files changed:
- data/init_auth_db.sql: +20 lines
- src/sync.rs: +100 lines
- src/pg_client.rs: +50 lines
- src/auth.rs: +60 lines
- src/server.rs: +50 lines
- src/page.html: +70 lines
Total: ~290 lines added
Tested: Admin sync, login, verify, UI modal all working
2026-05-16 20:47:28 +08:00
Warren
cdb12c1951
feat: Add password visibility toggle in Settings panel
...
- Hide password fields by default (show ••••••••)
- Add eye icon (👁) to toggle password visibility
- Add togglePassword() JavaScript function
- Password input fields use type=password attribute
- Preserve password toggle button position when editing
Affected fields:
- postgresql.password
- test.password
- authentication.default_password
User experience:
- Passwords hidden by default
- Click 👁 to show password
- Click 🙈 to hide password
- Edit mode uses password input type
2026-05-16 20:34:09 +08:00
Warren
e3901b55d3
feat: Add UI Settings panel with config management
...
- Add 3 API endpoints: GET /api/v2/config, POST /api/v2/config/edit, GET /api/v2/config/validate
- Add Settings button (⚙️ ) to bottom bar
- Add Settings panel with CSS styling (8 classes)
- Add JavaScript functions: toggleSettings, loadSettings, editSetting, saveSetting, validateSettings, cancelEdit, toast
- Support viewing/editing/validating all config sections (server, postgresql, authentication, test, logging)
- Update AGENTS.md with UI Settings documentation
Features:
- Real-time config editing via UI
- Input validation before save
- Toast notifications for user feedback
- Responsive design matching existing UI style
Files changed:
- src/server.rs: +70 lines (API handlers)
- src/page.html: +110 lines (UI + JS)
- AGENTS.md: +40 lines (documentation)
Tested: All API endpoints verified, UI elements present in HTML
2026-05-16 20:30:39 +08:00
Warren
e3d6b60825
feat: MarkBase initial version
...
Phase 1 (Infrastructure):
- Docs: README.md, AGENTS.md, CHANGELOG.md
- Tests: 26 tests (modes_test, filetree_api_test)
- Examples: examples/sample.md, sample.json
- CI/CD: .gitea/workflows/test.yml, release.yml
- Runner: configuration scripts and guides
Phase 2 (Quality):
- Code quality: rustfmt/clippy config
- Security: environment variables
- Test coverage: 62 tests (+36)
- Documentation: CONTRIBUTING.md, docs/api.yaml
- Showcase: demo_features.md, developer_quickstart.md
Test coverage: 75%
Test pass rate: 100%
2026-05-16 15:37:37 +08:00
