kato/WarpBox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
877ac905748b1f9fb107f912bbfdf843dc831097
WarpBox/admin-overview.md

711 lines
17 KiB
Markdown
Raw Normal View History

refactor(code): Cleaned-up the code base
2026-04-30 11:05:56 +03:00
# WarpBox Admin Overview
This document maps the current WarpBox admin area, explains how the existing pages and permission model work, then proposes an overhaul path for a more useful admin product: dashboard, account management, API keys, and a role/group based authorization system.
## Project Context
WarpBox is a small self-hosted file sharing app. Its core product is deliberately simple:
- create temporary upload boxes
- upload one or more files
- optionally protect the box with a password
- share a generated link
- allow individual downloads or ZIP downloads
- support one-time ZIP handoff
- store uploads on the local filesystem
- store app metadata in local BadgerDB
The project has a strong retro desktop identity. The admin area should keep that personality, but become more operationally useful. Best direction: retro surface, modern information architecture. Admin actions should feel clear, forgiving, and inspectable rather than dense or mysterious.
## Current Admin Architecture
Admin routes are registered under `/admin` in `lib/server/admin.go`.
Current pages:
- `/admin/login`
- `/admin`
- `/admin/boxes`
- `/admin/users`
- `/admin/tags`
- `/admin/settings`
Admin templates live in:
- `templates/admin_login.html`
- `templates/admin.html`
- `templates/admin_boxes.html`
- `templates/admin_users.html`
- `templates/admin_tags.html`
- `templates/admin_settings.html`
Styling uses:
- `static/css/admin.css`
- shared retro UI styles from `static/css/app.css` and `static/css/window.css`
Metadata lives in BadgerDB through `lib/metastore`. Current admin-relevant records are:
- users
- tags
- sessions
- settings overrides
## Current Login And Session Flow
Admin login is bootstrapped from environment configuration:
- `WARPBOX_ADMIN_PASSWORD`
- `WARPBOX_ADMIN_USERNAME`
- `WARPBOX_ADMIN_EMAIL`
- `WARPBOX_ADMIN_ENABLED`
On startup, `BootstrapAdmin` ensures a protected `admin` tag exists. If a user matching the admin username already exists, the admin tag is attached to that user. If no user exists and `WARPBOX_ADMIN_PASSWORD` is set, a first admin user is created.
Login behavior:
- `GET /admin/login` shows login form when admin login is enabled.
- `POST /admin/login` checks username/password.
- password hashes use bcrypt.
- disabled users cannot log in.
- user must have effective `AdminAccess`.
- successful login creates a BadgerDB session with random session token and CSRF token.
- session cookie name is `warpbox_admin_session`.
- cookie path is `/admin`.
- cookie is HTTP-only.
- cookie Secure flag is controlled by `WARPBOX_ADMIN_COOKIE_SECURE`.
- session TTL is controlled by `WARPBOX_SESSION_TTL_SECONDS`.
All protected admin routes require:
- valid session cookie
- unexpired session
- valid CSRF token for non-GET requests
- existing enabled user
- effective `AdminAccess`
Admin responses set no-store headers and `X-Content-Type-Options: nosniff`.
## Current Dashboard Page
Route:
- `GET /admin`
Template:
- `templates/admin.html`
Current behavior:
- shows signed-in username
- provides logout button
- shows four large links:
- Boxes
- Users
- Tags
- Settings
Current limitation:
- this is not a dashboard yet. It has no statistics, recent activity, health status, quota information, user counts, storage totals, warnings, or next actions.
Good future role:
- make this the admin home screen, with live operational summary and clear links into deeper management pages.
## Current Boxes Page
Route:
- `GET /admin/boxes`
Required permission:
- `AdminBoxesView`
Current behavior:
- loads all box summaries from filesystem via `boxstore.ListBoxSummaries()`
- shows summary counters:
- total boxes
- total storage
- expired boxes
- table columns:
- box id
- file count
- size
- created time
- expiry time
- flags
- flags include:
- expired
- one-time
- password
- box id links to `/box/{id}`
Current limitations:
- no search
- no filters
- no pagination
- no delete action
- no bulk cleanup
- no storage trend
- no per-box detail drawer
- no visibility into failed uploads, incomplete boxes, thumbnail state, or one-time consumption state
- expired boxes are counted but not directly actionable
Good future role:
- operational file-sharing monitor and cleanup center.
## Current Users Page
Routes:
- `GET /admin/users`
- `POST /admin/users`
Required permission:
- `AdminUsersManage`
Current behavior:
- create user with username, email, password, and selected tags
- list users sorted by username
- show username, email, assigned tags, created time, status
- enable/disable user
- active session user cannot disable themselves
Current user model:
- `ID`
- `Username`
- `Email`
- `PasswordHash`
- `TagIDs`
- `CreatedAt`
- `UpdatedAt`
- `Disabled`
- optional per-user max file size
- optional per-user max box size
- optional per-user max expiry seconds
Current limitations:
- no edit user page
- no password reset flow
- no email verification or invite flow
- no delete/archive user action
- no user detail screen
- no role preview
- no effective permissions display
- no API key management
- no account activity
- no per-user storage/upload stats
- per-user limit fields exist in the model but are not exposed in the admin UI
Good future role:
- user account command center, optimized for quick scanning, safe edits, and permission clarity.
## Current Tags Page
Routes:
- `GET /admin/tags`
- `POST /admin/tags`
Required permission:
- `AdminUsersManage`
Current behavior:
- create a tag
- set description
- attach permission booleans
- attach optional limits
- list existing tags
- built-in `admin` tag is protected and forced to full admin permissions
Current tag permissions:
- upload allowed
- one-time download allowed
- ZIP download allowed
- renewable allowed
- admin access
- manage users
- manage settings
- view boxes
- max file size bytes
- max box size bytes
- allowed expiry seconds
- renew on access seconds exists in model but is not exposed in current tag form
- renew on download seconds exists in model but is not exposed in current tag form
Permission resolution:
- user permissions are resolved from all assigned tags plus user-level overrides
- boolean permissions are additive: any tag can grant a permission
- size limits use the more permissive value
- global max file/box limits still cap resolved user limits
- allowed expiry seconds are merged from all tags and sorted
- global feature flags can still disable ZIP or one-time downloads even if a tag allows them
Current limitations:
- tags mix labels, roles, groups, limits, and admin capability grants in one concept
- no edit tag page
- no delete tag action
- no user count per tag
- no permission preview
- no conflict detection
- no clear distinction between "role grants access" and "plan defines quotas"
- permission logic is powerful but hard to explain to administrators
Good future role:
- replace tags with explicit roles/groups/plans. Keep old tags only as migration input.
## Current Settings Page
Routes:
- `GET /admin/settings`
- `POST /admin/settings`
Required permission:
- `AdminSettingsManage`
Current behavior:
- shows configured settings table
- columns:
- setting
- value
- source
- environment variable name
- editable values can be overridden from admin UI when `WARPBOX_ALLOW_ADMIN_SETTINGS_OVERRIDE=true`
- overrides are stored in BadgerDB
- runtime config is updated after save
Editable settings currently include:
- guest uploads enabled
- API enabled
- ZIP downloads enabled
- one-time downloads enabled
- one-time download expiry seconds
- renew on access enabled
- renew on download enabled
- default guest expiry seconds
- max guest expiry seconds
- default user max file size bytes
- default user max box size bytes
- session TTL seconds
- box poll interval milliseconds
- thumbnail batch size
- thumbnail interval seconds
Non-editable/hard settings include:
- data directory
- global max file size bytes
- global max box size bytes
- one-time download retry on failure
Current limitations:
- settings are presented as raw technical rows
- no grouping
- no descriptions
- no validation hints beyond backend errors
- byte fields require raw bytes
- duration fields require raw seconds/milliseconds
- no "restart required" or "runtime applied" distinction beyond current editability
- no audit trail for setting changes
Good future role:
- organized system configuration, with human units, clear safety boundaries, and change history.
## Current API Key State
There is visible API key UX in the upload page:
- "Use API key for larger quota"
- API key input
- local validation with regex
- value saved locally in browser localStorage
- cURL command includes `Authorization: Bearer YOUR_API_KEY` when enabled
Important current reality:
- no backend API key model was found
- no API key generation route was found
- no server-side Authorization bearer validation was found
- no per-user API key ownership or revocation exists yet
- no current upload flow applies user permissions from an API key
So API keys are a product placeholder, not a functional feature yet.
## Main Current Gaps
- Dashboard is only navigation.
- User management only creates and disables accounts.
- Tags are doing too many jobs.
- API keys are UI-only.
- Admin pages lack search, filters, pagination, and detail views.
- No audit log.
- No admin-visible system health.
- No storage cleanup controls.
- No account self-service area for non-admin users.
- Existing permission model is additive and permissive, which can surprise admins.
## Recommended Overhaul Direction
Build a full admin solution around four clear concepts:
- Dashboard: current health and useful actions.
- Accounts: people who can sign in or use API keys.
- Roles/Groups: permission bundles and admin capabilities.
- Plans/Limits: quotas and upload policy.
This separates identity from authorization from quotas. It should make the system easier to explain and safer to operate.
## Proposed Dashboard
Recommended dashboard cards:
- total active boxes
- total storage used
- expired boxes waiting cleanup
- boxes created today / last 24 hours
- uploads completed today / last 24 hours
- failed or incomplete uploads
- active users
- disabled users
- API keys active
- admin sessions active
- thumbnail queue / worker state
- current global limits
- guest uploads status
- ZIP downloads status
- one-time downloads status
Recommended dashboard sections:
- "Needs attention"
- expired boxes
- failed uploads
- one-time boxes stuck incomplete
- high storage usage
- disabled API setting while API key UI is visible
- "Recent boxes"
- latest boxes with flags and size
- "Recent admin activity"
- user created, role changed, setting changed, API key revoked
- "System"
- data directory
- BadgerDB status
- uploads directory size
- thumbnail worker timing
- config source summary
UX idea:
- dashboard should answer "is WarpBox healthy?", "what changed recently?", and "what should I do next?" in one glance.
## Proposed Account Management
Recommended account list:
- search by username/email
- filter by status, role/group, plan, API key presence
- columns:
- user
- email
- status
- roles/groups
- plan/limits
- API keys
- created
- last login / last API use
- storage used
- boxes created
Recommended account detail page:
- profile
- status controls
- password reset / force password change
- roles/groups assignment
- plan/limits assignment
- effective permissions preview
- API keys tab
- recent activity tab
- boxes owned by user
Recommended safe actions:
- disable user
- revoke all sessions
- revoke all API keys
- reset password
- assign role/group
- assign plan
- archive user
Recommended UX details:
- show effective permission summary before save
- warn when removing own admin access
- require confirmation for disabling final admin
- prevent accidental lockout at backend level
- show inherited vs direct settings clearly
## Proposed API Key System
Data model idea:
- API key id
- user id
- name/label
- hashed secret
- secret prefix for display
- scopes
- created at
- expires at
- last used at
- revoked at
- created by
- optional allowed IP/CIDR list
Security rules:
- show raw key only once on creation
- store only hash server-side
- allow revoke, rotate, rename
- support expiry dates
- log last-used timestamp
- rate limit failed key attempts
- avoid putting API keys in URLs
User-facing API key page:
- create key
- name key
- choose expiry
- view active/revoked keys
- revoke key
- copy cURL example
- see last used time
Admin-facing API key controls:
- view user key count and last use
- revoke a user key
- revoke all keys for disabled user
- optionally create key on behalf of user
- audit key creation/revocation
Permission behavior:
- bearer key resolves to user
- user roles/groups/plans determine upload policy
- key scopes can further restrict user permission but not exceed it
- API key can enable higher quota only if assigned user's plan allows it
Initial scopes:
- `box:create`
- `box:upload`
- `box:read`
- `box:download`
- `box:delete-own`
## Proposed Role/Group System
Replace tags with explicit authorization objects.
Recommended models:
- Role: permission bundle, e.g. `admin`, `operator`, `uploader`, `viewer`
- Group: collection of users with assigned roles and optional plan
- Plan: quota/limit policy, e.g. `guest`, `standard`, `trusted`, `unlimited`
Roles should answer:
- what can this user do?
Plans should answer:
- how much can this user use?
Groups should answer:
- who receives these defaults together?
Recommended permissions:
- admin.access
- admin.dashboard.view
- admin.users.view
- admin.users.manage
- admin.roles.manage
- admin.settings.view
- admin.settings.manage
- admin.boxes.view
- admin.boxes.manage
- boxes.create
- boxes.download.zip
- boxes.download.one_time
- boxes.password.set
- boxes.renew
- api_keys.manage_own
- api_keys.manage_any
Recommended limit fields:
- max file size
- max box size
- max boxes per day
- max storage active at once
- max expiry
- allowed expiry choices
- max API keys
- API key max TTL
- guest upload allowed
- ZIP allowed
- one-time allowed
- renew allowed
Recommended resolver:
- start with system defaults
- apply assigned plan quotas
- apply group plan when user has no direct plan
- apply direct user overrides last
- roles grant permissions
- scopes restrict API key actions
- hard global limits cap everything
Migration strategy:
- create role equivalents from current tag admin booleans
- create plan equivalents from current tag upload limits
- assign users based on existing `TagIDs`
- keep read-only legacy tag view during migration
- remove tag creation from final UI
## Extra Feature Ideas
Storage and cleanup:
- expired box cleanup page
- bulk delete expired boxes
- storage by age chart
- largest boxes list
- orphaned manifest/file scanner
- thumbnail cleanup/rebuild tools
Security:
- audit log
- active admin sessions page
- revoke sessions
- failed login tracking
- optional two-factor auth for admins
- final-admin protection
- configurable password policy
Operations:
- system health page
- config export
- backup/restore notes for data directory and BadgerDB
- maintenance mode
- manual thumbnail worker run
- background job status
User experience:
- account self-service page
- personal upload history
- personal quota meter
- personal API keys
- upload presets
- saved retention preferences
Admin UX:
- global search
- command palette
- filters saved per admin
- CSV export for users/boxes
- inline detail drawer for boxes/users
- change preview before saving roles/plans
Product:
- named boxes supported server-side
- custom slug support server-side
- private/listed boxes if public listing is added
- max view count server-side
- ownership model: boxes created by user/API key belong to that user
- public share page controls based on owner plan
## Suggested Implementation Phases
Phase 1: make current admin useful
- add real dashboard statistics
- add search/filter/pagination to boxes and users
- expose effective permissions on user rows/details
- add user edit form
- add storage cleanup actions
Phase 2: implement API keys
- add API key model in BadgerDB
- add create/revoke/list routes
- hash keys server-side
- validate bearer keys on API endpoints
- connect key to user permissions
- add self-service API key UI
Phase 3: replace tags
- add roles/plans/groups models
- add resolver
- add migration from tags
- update user management UI
- deprecate tag creation
Phase 4: polish into full admin solution
- audit log
- account detail pages
- system health
- advanced cleanup
- activity timeline
- safer setting editor
## Product Principle For The Overhaul
Keep WarpBox small, local, and understandable. The admin area should not become enterprise software cosplay. It should give the operator sharp tools:
- see what is happening
- fix common problems
- manage people safely
- give trusted users more power
- keep storage under control
- make permission decisions obvious
Best version: a retro control panel that behaves like a modern, careful admin console.
Reference in New Issue Copy Permalink