Full Changelog: v1.0.4...v1.0.5
changes 4/2/2025
-
Admin Panel - User Permissions
- folderOnly - User gets their own root folder.
- readOnly - User can't delete, rename, move, copy and other endpoints are blocked.
- disableUpload - User can't upload any files.
- Encrypted json
userPermissions.json - Created
updateUserPermissions.php&getUserPermissions.php
-
TOTP Confirmation
- Must confirm code before it will enable TOTP.
totp_verify.php&totp_disable.phpwere created
-
Basic Auth & OIDC fixes
- Fixed session issues
- Improvements for both Basic Auth & OIDC
-
Path Normalization
-
Folder Rendering Adjustments
-
Folder Creation Logic adjusted
-
User Panel added username
-
Admin Panel added version number
-
Metadata Adjustments
-
Toast moved to bottom right
-
Help function
loadUserPermissions() -
auth.jssplit intoauthModals.js -
Empty
createdTags.jsonadded -
And more
changes 3/31/2025
-
Chunk merging logic updated to attempt to clear any resumable issues
-
Implemented Video Progress Saving and Resuming
-
Context Menu Tagging:
- "Tag File" option for single files; "Tag Selected" for multiple files.
-
Tagging Modals:
- Separate modals for single‑ and multi‑file tagging with custom dropdowns.
-
Global Tag Store:
- Reusable tags persisted via
createdTags.json; dropdown shows tag color and remove icon.
- Reusable tags persisted via
-
Unified Search:
- Single search box filters files by name or associated tag(s).
-
saveFileTag.php:
- Saves file-specific tags and updates global tags (supports removal).
-
getFileList.php:
- Returns tag data for each file and the global tag list.
-
Added
openMultiTagModal()for batch tagging. -
Custom dropdowns with colored tag previews and removal buttons.
-
Filtering logic updated in table and gallery views to combine file name and tag searches.
changes 3/30/2025
-
New Feature: Generates a QR code for TOTP setup using the Endroid QR Code library.
-
TOTP Secret Management:
- Retrieves the current user's TOTP secret from the users file.
- If no secret exists, generates a new one using RobThree\Auth\TwoFactorAuth and stores it (encrypted).
-
Global OTPAuth URL Integration:
- Checks for a global OTPAuth URL in the admin configuration.
- If provided, replaces the
{label}and{secret}placeholders in the URL template; otherwise, falls back to a default otpauth URL.
-
Security:
- Enforces session authentication.
- Verifies the CSRF token passed via GET parameters.
-
New Feature: Handles AJAX requests to update the user’s TOTP settings from the User Panel.
-
TOTP Enable/Disable Handling:
- If TOTP is disabled, clears the user's TOTP secret from the users file.
- If TOTP remains enabled, leaves the stored secret intact.
-
Security:
- Validates user authentication and CSRF token before processing the update.
-
Response:
- Returns a JSON response indicating whether TOTP has been enabled or disabled successfully.
-
New TOTP Settings Section:
- A "TOTP Settings" fieldset has been added to the User Panel modal.
-
Automatic TOTP Setup Trigger:
- When the "Enable TOTP" checkbox is checked, it automatically triggers the TOTP Setup Modal to display the QR code.
-
State Management
-
UI Improvements:
- All modals (User Panel, TOTP Setup, and TOTP Login) now support dark mode styling.
-
Error Handling & Security:
- Enhanced error handling across all new TOTP-related endpoints.
- Added extra CSRF and authentication checks to improve security.
-
User Experience:
- Streamlined the onboarding process for TOTP by integrating automatic modal triggers and real-time configuration updates.