The login() function used 'request: LoginRequest' which shadowed
FastAPI's Starlette Request object. Request.client was accessed on
the LoginRequest Pydantic model instead of the HTTP request, causing
AttributeError: 'LoginRequest' object has no attribute 'client'.
Fix: rename the Pydantic parameter to 'body' and add explicit
'request: Request' for IP extraction and rate limiting.
- Add .dockerignore to exclude .git, __pycache__, docs, etc. from Docker context
- Create .env.example template with documented env vars
- Move OBSIGATE_ADMIN_PASSWORD from docker-compose.yml to env_file: .env
- Add .env.* to .gitignore (excluding .env.example)
- Enable GZipMiddleware for ~70% bandwidth reduction on text responses
- Add Cache-Control: immutable for /static/ assets
- Update ROADMAP: mark all 4 quick wins as done, add audit findings
- Add comprehensive technical audit report (AUDIT_TECHNIQUE_2026-05-27.md)
Remove the old HTML-based PDF download endpoint in favor of the new
WeasyPrint-based one, and replace the generic "Télécharger" button
in popout.html with a dedicated .md download and a new PDF button.
Also remove the unused generic download button from the main file view.
- Implement dark/light theme toggle with persistent preference via
localStorage
- Add a sticky toolbar with theme toggle, Markdown export, and PDF
export buttons
- Update bookmark button to reflect current state with visual feedback
- Introduce CSS custom properties for theming and responsive layout
improvements
Register a hook with the indexer so that file add/remove events
incrementally maintain the inverted index, removing the need for
periodic staleness checks and cooldowns. Rebuild the index once on
startup via init_inverted_index().
Implement several security and feature improvements across the backend
and frontend:
- New IP-based rate limiter for authentication endpoints
- New audit logging system for sensitive operations
- New secret redactor to mask sensitive patterns in rendered content
- Configurable token TTL and IGNORED_DIRS via environment variables
- Add backlink index and API endpoint
- Add preview tab support with single/double-click behavior in tree
- Add file backup before write/delete operations
- Add cdnjs.cloudflare.com, fonts.googleapis.com, and fonts.gstatic.com to connect-src CSP directive
- Add waitForHljs helper function with 50 attempt limit and 100ms polling interval
- Check if hljs is defined before highlighting code blocks in popout view
- Fall back to async waiting if hljs not immediately available to prevent undefined reference errors
- Add ext: operator support to query parser in backend and frontend
- Update search documentation in README and help modal with ext: examples
- Parse ext: operator to extract file extension filter (strips leading dot, converts to lowercase)
- Filter search candidates by file extension in advanced_search function
- Add ext chip display in search UI alongside existing tag/vault/title/path chips
- Update API documentation and function
- Add POST/PATCH/DELETE endpoints for directory operations (create, rename, delete)
- Add POST/PATCH endpoints for file operations (create, rename)
- Implement writable vault check to prevent modifications on read-only vaults
- Update file delete endpoint to broadcast SSE events and update index
- Add Pydantic models for all new request/response schemas
- Integrate context menu support in frontend for files and directories
- Broadcast real
