Bruno Charest
482937fb30
Implement several security and feature improvements across the backend and frontend: - New IP-based rate limiter for authentication endpoints - New audit logging system for sensitive operations - New secret redactor to mask sensitive patterns in rendered content - Configurable token TTL and IGNORED_DIRS via environment variables - Add backlink index and API endpoint - Add preview tab support with single/double-click behavior in tree - Add file backup before write/delete operations
61 lines
3.3 KiB
Markdown
61 lines
3.3 KiB
Markdown
# ObsiGate — Plan d'implémentation Roadmap
|
||
|
||
> Généré le 2026-05-26 — Implémentation des items du ROADMAP.md
|
||
|
||
## Ordre d'implémentation
|
||
|
||
### Phase 1 — Backend Sécurité & Robustesse (P0–P1) ✅
|
||
| # | Item | Fichiers | Statut |
|
||
|---|------|----------|--------|
|
||
| 1 | Rate limiting login | `backend/ratelimit.py` (nouveau), `backend/auth/router.py` | ✅ |
|
||
| 2 | Secret redactor | `backend/secret_redactor.py` (nouveau), `backend/main.py` | ✅ |
|
||
| 3 | Log d'audit | `backend/audit.py` (nouveau), `backend/main.py` | ✅ |
|
||
| 4 | Backup avant écriture | `backend/main.py` (PUT/DELETE endpoints) | ✅ |
|
||
|
||
### Phase 2 — Configuration & Bug fixes (P1–P2) ✅
|
||
| # | Item | Fichiers | Statut |
|
||
|---|------|----------|--------|
|
||
| 5 | TOC scroll fix (slugify unifié) | `backend/main.py` (`unicodedata.category`) | ✅ |
|
||
| 6 | IGNORED_DIRS configurable | `backend/indexer.py`, `backend/watcher.py`, env var `OBSIGATE_IGNORED_DIRS` | ✅ |
|
||
| 7 | Timeout session configurable | `backend/auth/jwt_handler.py`, env vars `OBSIGATE_ACCESS_TOKEN_TTL` / `OBSIGATE_REFRESH_TOKEN_TTL` | ✅ |
|
||
|
||
### Phase 3 — UX & Fonctionnel (P2–P3) ✅
|
||
| # | Item | Fichiers | Statut |
|
||
|---|------|----------|--------|
|
||
| 8 | Clic simple/double clic arborescence | `frontend/app.js` (TabManager.openPreview/openPersistent), `frontend/style.css` | ✅ |
|
||
| 9 | Backlinks panel | `backend/indexer.py` (_backlink_index), `backend/main.py` (GET /backlinks), `frontend/app.js` (renderBacklinksPanel), `frontend/style.css` | ✅ |
|
||
| 10 | Gestion fichiers non-supportés | `backend/main.py` (FileContentResponse + unsupported), `frontend/app.js` (renderFile) | ✅ |
|
||
|
||
## Fichiers créés
|
||
- `backend/ratelimit.py` — IP-based rate limiter
|
||
- `backend/secret_redactor.py` — Regex-based secret masking
|
||
- `backend/audit.py` — JSON-lines audit logging
|
||
|
||
## Fichiers modifiés
|
||
- `backend/main.py` — +audit, +backup, +redaction, +backlinks endpoint, +unsupported files, +slugify fix
|
||
- `backend/auth/router.py` — +IP rate limiting on login
|
||
- `backend/auth/jwt_handler.py` — +configurable TTL via env vars
|
||
- `backend/indexer.py` — +IGNORED_DIRS, +backlink index
|
||
- `backend/watcher.py` — +configurable IGNORED_DIRS
|
||
- `frontend/app.js` — +TabManager preview/persistent, +backlinks panel, +unsupported file UI, +tree dblclick
|
||
- `frontend/style.css` — +preview tab style, +backlinks panel style, +unsupported file style
|
||
|
||
## Nouvelles variables d'environnement
|
||
| Variable | Défaut | Description |
|
||
|----------|--------|-------------|
|
||
| `OBSIGATE_LOGIN_MAX_ATTEMPTS` | 10 | Échecs max par IP avant blocage |
|
||
| `OBSIGATE_LOGIN_WINDOW_SECONDS` | 900 | Fenêtre de blocage IP (secondes) |
|
||
| `OBSIGATE_IGNORED_DIRS` | `.obsidian,.trash,.git,__pycache__,node_modules,.obsigate-backup` | Dossiers ignorés |
|
||
| `OBSIGATE_ACCESS_TOKEN_TTL` | 3600 | Durée access token (secondes) |
|
||
| `OBSIGATE_REFRESH_TOKEN_TTL` | 604800 | Durée refresh token (secondes) |
|
||
| `OBSIGATE_BACKUP_DIR` | `.obsigate-backup` | Répertoire de backups |
|
||
| `OBSIGATE_AUDIT_MAX_SIZE` | 10485760 | Taille max du fichier d'audit avant rotation |
|
||
|
||
## Reste à faire (non implémenté dans cette session)
|
||
- 🟢 Publication publique de documents
|
||
- 🟢 Dashboard statistiques
|
||
- 🟢 Webhooks
|
||
- 🟢 Documentation OpenAPI enrichie
|
||
- 🟡 Gestion des conflits Syncthing
|
||
- ⬜ Tests, CI/CD, i18n, CHANGELOG, MFA
|