feat(accounts): implement user accounts, sessions, and dashboards
All checks were successful
Build and Publish Docker Image / deploy (push) Successful in 1m8s
All checks were successful
Build and Publish Docker Image / deploy (push) Successful in 1m8s
Introduce Stage 4 features to support multi-user accounts, cookie-based web sessions, and personal dashboards. Changes include: - Adding `/register` to bootstrap the first admin account and `/login`/`/logout` for session management. - Creating a personal dashboard (`/app`) to display owned boxes, storage usage, and upload history. - Implementing admin user management (`/admin/users`) for generating invite links and managing user states. - Updating the bbolt database schema to store users, sessions, invites, and collections. - Adding `golang.org/x/crypto` for password hashing and introducing unit tests for account handlers.
This commit is contained in:
25
README.md
25
README.md
@@ -20,7 +20,12 @@ Background jobs are enabled with `WARPBOX_JOBS_ENABLED=true`. Individual jobs ca
|
||||
`WARPBOX_CLEANUP_ENABLED` and `WARPBOX_THUMBNAIL_ENABLED`, and their schedules are configured with
|
||||
`WARPBOX_CLEANUP_EVERY` and `WARPBOX_THUMBNAIL_EVERY`.
|
||||
|
||||
The basic admin console is available at `/admin`. Set `WARPBOX_ADMIN_TOKEN` and use that value to sign in.
|
||||
On a fresh data directory, visit `/register` to create the first account. That first user becomes
|
||||
the instance admin and normal registration closes after bootstrap. Admins can create copyable invite
|
||||
links from `/admin/users`.
|
||||
|
||||
The env admin token still exists as emergency fallback access. Set `WARPBOX_ADMIN_TOKEN` and use it
|
||||
at `/admin/login` if you need to recover access without a user session.
|
||||
|
||||
For one-off Go commands, run them from the backend module:
|
||||
|
||||
@@ -97,6 +102,23 @@ curl -F sharex=@./screenshot.png \
|
||||
The upload endpoint accepts multipart fields named `file` and `sharex`. ShareX users can start
|
||||
from `examples/sharex/warpbox-anonymous.sxcu`; update `RequestURL` to match your instance URL.
|
||||
|
||||
## Stage 4 Accounts + Personal Boxes
|
||||
|
||||
- `/register` bootstraps the first admin account only when no users exist.
|
||||
- `/login` and `/logout` provide cookie-based web sessions.
|
||||
- `/app` is the personal dashboard for logged-in users, showing owned boxes, storage usage, upload
|
||||
history, and flat collections. Uploading still happens from the homepage.
|
||||
- `/admin/users` lets admins create invite links, disable/reactivate users, and generate reset links.
|
||||
- Logged-in browser uploads from `/` still use `POST /api/v1/upload`, but the resulting box is
|
||||
stored with owner and optional collection metadata.
|
||||
- Admin users are exempt from the global max upload size on the homepage upload flow. Future
|
||||
per-user quotas should apply to this same upload path rather than creating a second uploader.
|
||||
- Anonymous uploads, ShareX uploads, unlisted public box links, password protection, expiry, delete
|
||||
tokens, thumbnails, and cleanup continue to work as before.
|
||||
|
||||
Email delivery is intentionally deferred. Invite and reset links are copyable today; future SMTP
|
||||
support will power public forgot-password and optional email delivery.
|
||||
|
||||
## Runtime Data
|
||||
|
||||
Warpbox keeps local runtime data under the configured data directory:
|
||||
@@ -104,6 +126,7 @@ Warpbox keeps local runtime data under the configured data directory:
|
||||
- `data/files/{box_id}/@each@{file_id}.ext` - uploaded file contents.
|
||||
- `data/files/{box_id}/@thumb@{file_id}.jpg` - generated previews where available.
|
||||
- `data/db/warpbox.bbolt` - bbolt metadata database for boxes and file records.
|
||||
- `data/db/warpbox.bbolt` also stores users, sessions, invites, and collections.
|
||||
- `data/logs/{YYYY-MM-DD}.log` - JSONL logs, one event per line.
|
||||
|
||||
## Static Asset Policy
|
||||
|
||||
Reference in New Issue
Block a user