feat(storage): add S3 backend support and advanced upload limits

- Introduce S3-compatible storage backend support using minio-go. - Add configuration options for local storage limits, box limits, and rate limiting. - Implement storage backend selection (local vs S3) for anonymous and registered users. - Add an `/admin/storage` management interface. - Update documentation and environment examples with the new configuration variables.
2026-05-31 02:14:10 +03:00
parent 830d2a885c
commit c3558fd353
34 changed files with 2668 additions and 168 deletions
--- a/backend/templates/pages/dashboard.html
+++ b/backend/templates/pages/dashboard.html
@@ -10,6 +10,7 @@
    </nav>
    <hr class="sidebar-sep">
    <form class="sidebar-logout" action="/logout" method="post">
+      <input type="hidden" name="csrf_token" value="{{.CSRFToken}}">
      <button class="button button-outline" type="submit">Sign out</button>
    </form>
  </aside>
@@ -35,6 +36,7 @@
        <summary class="button button-outline button-sm">+ Collection</summary>
        <div class="new-collection-body">
          <form action="/app/collections" method="post">
+            <input type="hidden" name="csrf_token" value="{{$.CSRFToken}}">
            <label>
              <span>Name</span>
              <input name="name" placeholder="e.g. Projects" required>
@@ -73,6 +75,7 @@
                    <details class="row-edit">
                      <summary>Rename</summary>
                      <form action="/app/boxes/{{.ID}}/rename" method="post" class="row-edit-form">
+                        <input type="hidden" name="csrf_token" value="{{$.CSRFToken}}">
                        <input name="title" placeholder="New title">
                        <button class="button button-outline button-sm" type="submit">Save</button>
                      </form>
@@ -83,6 +86,7 @@
                    <details class="row-edit">
                      <summary>Move</summary>
                      <form action="/app/boxes/{{.ID}}/move" method="post" class="row-edit-form">
+                        <input type="hidden" name="csrf_token" value="{{$.CSRFToken}}">
                        <select name="collection_id">
                          <option value="">Unsorted</option>
                          {{range $.Data.Collections}}<option value="{{.ID}}">{{.Name}}</option>{{end}}
@@ -97,6 +101,7 @@
                  <td class="table-actions">
                    <a class="button button-outline button-sm" href="{{.URL}}" target="_blank" rel="noopener noreferrer">Open</a>
                    <form action="/app/boxes/{{.ID}}/delete" method="post">
+                      <input type="hidden" name="csrf_token" value="{{$.CSRFToken}}">
                      <button class="button button-danger button-sm" type="submit">Delete</button>
                    </form>
                  </td>