From 2acbc4e2483cbe46830bb73a89f1d9ab00213afc Mon Sep 17 00:00:00 2001 From: "matthias.lotz" Date: Sun, 30 Nov 2025 17:36:54 +0100 Subject: [PATCH] docs: Moved finisched FeatureRequest, Update README.md --- CHANGELOG.md | 14 +-- .../{ => done}/FEATURE_PLAN-telegram.md | 0 .../{ => done}/FEATURE_REQUEST-telegram.md | 0 README.md | 101 +----------------- 4 files changed, 8 insertions(+), 107 deletions(-) rename FeatureRequests/{ => done}/FEATURE_PLAN-telegram.md (100%) rename FeatureRequests/{ => done}/FEATURE_REQUEST-telegram.md (100%) diff --git a/CHANGELOG.md b/CHANGELOG.md index b7885ab..2661437 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -44,7 +44,7 @@ - Improve release script with tag-based commit detection -## [Unreleased] - Branch: feature/public-internal-hosts +## Public/Internal Host Separation (November 25, 2025) ### ๐ŸŒ Public/Internal Host Separation (November 25, 2025) @@ -143,7 +143,7 @@ --- -## [Unreleased] - Branch: feature/security +## feature/security ### ๐Ÿ” Session-Based Admin Authentication & Multi-Admin Support (November 23, 2025) @@ -165,7 +165,7 @@ --- -## [Unreleased] - Branch: feature/SocialMedia +## feature/SocialMedia ### ๐Ÿงช Comprehensive Test Suite & Admin API Security (November 16, 2025) @@ -414,7 +414,7 @@ --- -## [Unreleased] - Branch: feature/PreloadImage +## Preload Image ### ๐Ÿš€ Slideshow Optimization (November 2025) @@ -451,7 +451,7 @@ --- -## [Unreleased] - Branch: feature/DeleteUnprovedGroups +## Delete Unproved Groups ### โœจ Automatic Cleanup Feature (November 2025) @@ -518,7 +518,7 @@ --- -## [Unreleased] - Branch: feature/ImageDescription +## Image Description ### โœจ Image Descriptions Feature (November 2025) @@ -592,7 +592,7 @@ --- -## [Unreleased] - Branch: upgrade/deps-react-node-20251028 +## Upgrade Deps: React & Node (October 2025) ### ๐ŸŽฏ Major Framework Upgrades (October 2025) diff --git a/FeatureRequests/FEATURE_PLAN-telegram.md b/FeatureRequests/done/FEATURE_PLAN-telegram.md similarity index 100% rename from FeatureRequests/FEATURE_PLAN-telegram.md rename to FeatureRequests/done/FEATURE_PLAN-telegram.md diff --git a/FeatureRequests/FEATURE_REQUEST-telegram.md b/FeatureRequests/done/FEATURE_REQUEST-telegram.md similarity index 100% rename from FeatureRequests/FEATURE_REQUEST-telegram.md rename to FeatureRequests/done/FEATURE_REQUEST-telegram.md diff --git a/README.md b/README.md index 86564b8..1709cd1 100644 --- a/README.md +++ b/README.md @@ -21,106 +21,7 @@ A self-hosted image uploader with multi-image upload capabilities and automatic ## What's New This project extends the original [Image-Uploader by vallezw](https://github.com/vallezw/Image-Uploader) with enhanced multi-upload and slideshow capabilities. -### ๐Ÿ†• Latest Features (November 2025) - -- **๐Ÿ“ฑ Telegram Bot Notifications** (Nov 30): - - Real-time notifications for all critical events - - 4 notification types: Upload, Consent Changes, Group Deletion, Daily Warnings - - Upload notifications with name, year, title, image count, and consent status - - Consent change tracking (workshop display + social media platforms) - - Group deletion confirmations with uploader and statistics - - Daily deletion warnings (09:00) for groups pending auto-cleanup (24h notice) - - Cron-scheduled automation via node-cron - - Admin endpoint for manual trigger: `POST /api/admin/telegram/warning` - - Optional feature via `TELEGRAM_ENABLED` environment variable - - Complete setup guide in `scripts/README.telegram.md` - -- **๐ŸŒ Public/Internal Host Separation** (Nov 25): - - Subdomain-based feature separation for production deployment - - Public host (`deinprojekt.hobbyhimmel.de`): Upload + UUID Management only - - Internal host (`deinprojekt.lan.hobbyhimmel.de`): Full admin access - - Frontend code splitting with React.lazy() for optimized bundle size - - Backend API protection via hostGate middleware - - Rate limiting: 20 uploads/hour on public host - - Audit log tracking with source host information - - Complete local testing support via /etc/hosts entries - - Zero configuration overhead for single-host deployments - -- **๐Ÿงช Comprehensive Test Suite** (Nov 16): - - 45 automated tests covering all API endpoints (100% passing) - - Jest + Supertest integration testing framework - - Unit tests for authentication middleware - - API tests for admin, consent, migration, and upload endpoints - - In-memory SQLite database for isolated testing - - Coverage: 26% statements, 15% branches (realistic starting point) - - Test execution time: ~10 seconds for full suite - - CI/CD ready with proper teardown and cleanup - -- **๐Ÿ”’ Admin Session Authentication** (Nov 16): - - Server-managed HTTP sessions for all admin/system endpoints - - CSRF protection on every mutating request via `X-CSRF-Token` - - Secure `ADMIN_SESSION_SECRET` configuration keeps cookies tamper-proof - - Protected routes: `/api/admin/*`, `/api/system/migration/migrate`, `/api/system/migration/rollback` - - Session-aware moderation UI with login + first-admin setup wizard - - Complete authentication documentation in `AUTHENTICATION.md` - -- **๐Ÿ“‹ API Route Documentation** (Nov 16): - - Single Source of Truth: `backend/src/routes/routeMappings.js` - - Comprehensive route overview in `backend/src/routes/README.md` - - Critical Express routing order documented (specific before generic) - - Frontend-ready route reference with authentication requirements - - OpenAPI specification auto-generation integrated - -- **๐Ÿ” Social Media Consent Management** (Phase 1 Complete - Nov 9-10): - - GDPR-compliant consent system for image usage - - Mandatory workshop display consent (no upload without approval) - - Optional per-platform consents (Facebook, Instagram, TikTok) - - Consent badges and filtering in moderation panel - - CSV/JSON export for legal documentation - - Group ID tracking for consent withdrawal requests -- **๐Ÿ”‘ Self-Service Management Portal** (Phase 2 Complete - Nov 11-15): - - Secure UUID-based management tokens for user self-service - - Frontend portal at `/manage/:token` for consent management - - Revoke/restore consents for workshop and social media - - Edit metadata (title, description) after upload - - Add/delete images after upload (with moderation re-approval) - - Complete group deletion with audit trail - - IP-based rate limiting (10 requests/hour) - - Brute-force protection (20 failed attempts โ†’ 24h ban) - - Management audit log for security tracking -- **๐ŸŽจ Modular UI Architecture** (Nov 15): - - Reusable components: ConsentManager, GroupMetadataEditor, ImageDescriptionManager - - Multi-mode support: upload/edit/moderate modes for maximum reusability - - Code reduction: 62% in ModerationGroupImagesPage (281โ†’107 lines) - - Consistent design: HTML buttons, Paper boxes, Material-UI Alerts - - Individual save/discard per component section - - Zero code duplication between pages -- **๏ฟฝ Slideshow Optimization**: Intelligent image preloading eliminates loading delays and duplicate images -- **๐Ÿ“… Chronological Display**: Slideshows now play in chronological order (year โ†’ upload date) -- **Automatic Cleanup**: Unapproved groups are automatically deleted after 7 days -- **Deletion Log**: Complete audit trail with statistics (groups, images, storage freed) -- **Countdown Display**: Visual indicator showing days until automatic deletion -- **Approval Feedback**: SweetAlert2 notifications for moderation actions -- **Manual Cleanup Trigger**: Admin API endpoints for testing and manual cleanup -- **Image Descriptions**: Add optional descriptions to individual images (max 200 characters) -- **Edit Mode**: Edit descriptions for uploaded images in upload preview and moderation interface -- **Slideshow Display**: Image descriptions shown as overlays during slideshow presentation -- **Public Display**: Descriptions visible in public group views and galleries - -### Previous Features (October 2025) -- **Drag-and-Drop Image Reordering**: Admins can now reorder images using intuitive drag-and-drop -- **Touch-Friendly Interface**: Mobile-optimized controls with always-visible drag handles -- **Slideshow Integration**: Custom image order automatically applies to slideshow mode -- **Optimistic UI Updates**: Immediate visual feedback with error recovery -- **Comprehensive Admin Panel**: Dedicated moderation interface for content curation - -### Core Features -- Multi-image batch upload with progress tracking -- Automatic slideshow presentation mode -- Image grouping with descriptions and metadata -- Random slideshow rotation with custom ordering support -- Keyboard navigation support (Slideshow: Space/Arrow keys, Escape to exit) -- Mobile-responsive design with touch-first interactions +See the [CHANGELOG](CHANGELOG.md) for a detailed list of improvements and new features. ## Quick Start