Bruno Charest
482937fb30
Implement several security and feature improvements across the backend and frontend: - New IP-based rate limiter for authentication endpoints - New audit logging system for sensitive operations - New secret redactor to mask sensitive patterns in rendered content - Configurable token TTL and IGNORED_DIRS via environment variables - Add backlink index and API endpoint - Add preview tab support with single/double-click behavior in tree - Add file backup before write/delete operations
3.3 KiB
3.3 KiB
ObsiGate — Plan d'implémentation Roadmap
Généré le 2026-05-26 — Implémentation des items du ROADMAP.md
Ordre d'implémentation
Phase 1 — Backend Sécurité & Robustesse (P0–P1) ✅
| # | Item | Fichiers | Statut |
|---|---|---|---|
| 1 | Rate limiting login | backend/ratelimit.py (nouveau), backend/auth/router.py |
✅ |
| 2 | Secret redactor | backend/secret_redactor.py (nouveau), backend/main.py |
✅ |
| 3 | Log d'audit | backend/audit.py (nouveau), backend/main.py |
✅ |
| 4 | Backup avant écriture | backend/main.py (PUT/DELETE endpoints) |
✅ |
Phase 2 — Configuration & Bug fixes (P1–P2) ✅
| # | Item | Fichiers | Statut |
|---|---|---|---|
| 5 | TOC scroll fix (slugify unifié) | backend/main.py (unicodedata.category) |
✅ |
| 6 | IGNORED_DIRS configurable | backend/indexer.py, backend/watcher.py, env var OBSIGATE_IGNORED_DIRS |
✅ |
| 7 | Timeout session configurable | backend/auth/jwt_handler.py, env vars OBSIGATE_ACCESS_TOKEN_TTL / OBSIGATE_REFRESH_TOKEN_TTL |
✅ |
Phase 3 — UX & Fonctionnel (P2–P3) ✅
| # | Item | Fichiers | Statut |
|---|---|---|---|
| 8 | Clic simple/double clic arborescence | frontend/app.js (TabManager.openPreview/openPersistent), frontend/style.css |
✅ |
| 9 | Backlinks panel | backend/indexer.py (_backlink_index), backend/main.py (GET /backlinks), frontend/app.js (renderBacklinksPanel), frontend/style.css |
✅ |
| 10 | Gestion fichiers non-supportés | backend/main.py (FileContentResponse + unsupported), frontend/app.js (renderFile) |
✅ |
Fichiers créés
backend/ratelimit.py— IP-based rate limiterbackend/secret_redactor.py— Regex-based secret maskingbackend/audit.py— JSON-lines audit logging
Fichiers modifiés
backend/main.py— +audit, +backup, +redaction, +backlinks endpoint, +unsupported files, +slugify fixbackend/auth/router.py— +IP rate limiting on loginbackend/auth/jwt_handler.py— +configurable TTL via env varsbackend/indexer.py— +IGNORED_DIRS, +backlink indexbackend/watcher.py— +configurable IGNORED_DIRSfrontend/app.js— +TabManager preview/persistent, +backlinks panel, +unsupported file UI, +tree dblclickfrontend/style.css— +preview tab style, +backlinks panel style, +unsupported file style
Nouvelles variables d'environnement
| Variable | Défaut | Description |
|---|---|---|
OBSIGATE_LOGIN_MAX_ATTEMPTS |
10 | Échecs max par IP avant blocage |
OBSIGATE_LOGIN_WINDOW_SECONDS |
900 | Fenêtre de blocage IP (secondes) |
OBSIGATE_IGNORED_DIRS |
.obsidian,.trash,.git,__pycache__,node_modules,.obsigate-backup |
Dossiers ignorés |
OBSIGATE_ACCESS_TOKEN_TTL |
3600 | Durée access token (secondes) |
OBSIGATE_REFRESH_TOKEN_TTL |
604800 | Durée refresh token (secondes) |
OBSIGATE_BACKUP_DIR |
.obsigate-backup |
Répertoire de backups |
OBSIGATE_AUDIT_MAX_SIZE |
10485760 | Taille max du fichier d'audit avant rotation |
Reste à faire (non implémenté dans cette session)
- 🟢 Publication publique de documents
- 🟢 Dashboard statistiques
- 🟢 Webhooks
- 🟢 Documentation OpenAPI enrichie
- 🟡 Gestion des conflits Syncthing
- ⬜ Tests, CI/CD, i18n, CHANGELOG, MFA