docs: Moved finisched FeatureRequest, Update README.md

2025-11-30 17:36:54 +01:00 · 2025-11-30 17:36:54 +01:00 · 2acbc4e248
commit 2acbc4e248
parent 27d8c73b5f
4 changed files with 8 additions and 107 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -44,7 +44,7 @@
 - Improve release script with tag-based commit detection
-## [Unreleased] - Branch: feature/public-internal-hosts
+## Public/Internal Host Separation (November 25, 2025)
 ### 🌐 Public/Internal Host Separation (November 25, 2025)
@ -143,7 +143,7 @@
 ---
-## [Unreleased] - Branch: feature/security
+## feature/security
 ### 🔐 Session-Based Admin Authentication & Multi-Admin Support (November 23, 2025)
@ -165,7 +165,7 @@
 ---
-## [Unreleased] - Branch: feature/SocialMedia
+## feature/SocialMedia
 ### 🧪 Comprehensive Test Suite & Admin API Security (November 16, 2025)
@ -414,7 +414,7 @@
 ---
-## [Unreleased] - Branch: feature/PreloadImage
+## Preload Image
 ### 🚀 Slideshow Optimization (November 2025)
@ -451,7 +451,7 @@
 ---
-## [Unreleased] - Branch: feature/DeleteUnprovedGroups
+## Delete Unproved Groups
 ### ✨ Automatic Cleanup Feature (November 2025)
@ -518,7 +518,7 @@
 ---
-## [Unreleased] - Branch: feature/ImageDescription
+## Image Description
 ### ✨ Image Descriptions Feature (November 2025)
@ -592,7 +592,7 @@
 ---
-## [Unreleased] - Branch: upgrade/deps-react-node-20251028
+## Upgrade Deps: React & Node (October 2025)
 ### 🎯 Major Framework Upgrades (October 2025)
--- a/FeatureRequests/done/FEATURE_PLAN-telegram.md
+++ b/FeatureRequests/done/FEATURE_PLAN-telegram.md
--- a/FeatureRequests/done/FEATURE_REQUEST-telegram.md
+++ b/FeatureRequests/done/FEATURE_REQUEST-telegram.md
--- a/README.md
+++ b/README.md
@ -21,106 +21,7 @@ A self-hosted image uploader with multi-image upload capabilities and automatic
 ## What's New
 This project extends the original [Image-Uploader by vallezw](https://github.com/vallezw/Image-Uploader) with enhanced multi-upload and slideshow capabilities.
-### 🆕 Latest Features (November 2025)
+See the [CHANGELOG](CHANGELOG.md) for a detailed list of improvements and new features.
 - **📱 Telegram Bot Notifications** (Nov 30):
  - Real-time notifications for all critical events
  - 4 notification types: Upload, Consent Changes, Group Deletion, Daily Warnings
  - Upload notifications with name, year, title, image count, and consent status
  - Consent change tracking (workshop display + social media platforms)
  - Group deletion confirmations with uploader and statistics
  - Daily deletion warnings (09:00) for groups pending auto-cleanup (24h notice)
  - Cron-scheduled automation via node-cron
  - Admin endpoint for manual trigger: `POST /api/admin/telegram/warning`
  - Optional feature via `TELEGRAM_ENABLED` environment variable
  - Complete setup guide in `scripts/README.telegram.md`
 - **🌐 Public/Internal Host Separation** (Nov 25):
  - Subdomain-based feature separation for production deployment
  - Public host (`deinprojekt.hobbyhimmel.de`): Upload + UUID Management only
  - Internal host (`deinprojekt.lan.hobbyhimmel.de`): Full admin access
  - Frontend code splitting with React.lazy() for optimized bundle size
  - Backend API protection via hostGate middleware
  - Rate limiting: 20 uploads/hour on public host
  - Audit log tracking with source host information
  - Complete local testing support via /etc/hosts entries
  - Zero configuration overhead for single-host deployments
 - **🧪 Comprehensive Test Suite** (Nov 16):
  - 45 automated tests covering all API endpoints (100% passing)
  - Jest + Supertest integration testing framework
  - Unit tests for authentication middleware
  - API tests for admin, consent, migration, and upload endpoints
  - In-memory SQLite database for isolated testing
  - Coverage: 26% statements, 15% branches (realistic starting point)
  - Test execution time: ~10 seconds for full suite
  - CI/CD ready with proper teardown and cleanup
 - **🔒 Admin Session Authentication** (Nov 16):
  - Server-managed HTTP sessions for all admin/system endpoints
  - CSRF protection on every mutating request via `X-CSRF-Token`
  - Secure `ADMIN_SESSION_SECRET` configuration keeps cookies tamper-proof
  - Protected routes: `/api/admin/*`, `/api/system/migration/migrate`, `/api/system/migration/rollback`
  - Session-aware moderation UI with login + first-admin setup wizard
  - Complete authentication documentation in `AUTHENTICATION.md`
 - **📋 API Route Documentation** (Nov 16):
  - Single Source of Truth: `backend/src/routes/routeMappings.js`
  - Comprehensive route overview in `backend/src/routes/README.md`
  - Critical Express routing order documented (specific before generic)
  - Frontend-ready route reference with authentication requirements
  - OpenAPI specification auto-generation integrated
 - **🔐 Social Media Consent Management** (Phase 1 Complete - Nov 9-10):
  - GDPR-compliant consent system for image usage
  - Mandatory workshop display consent (no upload without approval)
  - Optional per-platform consents (Facebook, Instagram, TikTok)
  - Consent badges and filtering in moderation panel
  - CSV/JSON export for legal documentation
  - Group ID tracking for consent withdrawal requests
 - **🔑 Self-Service Management Portal** (Phase 2 Complete - Nov 11-15):
  - Secure UUID-based management tokens for user self-service
  - Frontend portal at `/manage/:token` for consent management
  - Revoke/restore consents for workshop and social media
  - Edit metadata (title, description) after upload
  - Add/delete images after upload (with moderation re-approval)
  - Complete group deletion with audit trail
  - IP-based rate limiting (10 requests/hour)
  - Brute-force protection (20 failed attempts → 24h ban)
  - Management audit log for security tracking
 - **🎨 Modular UI Architecture** (Nov 15):
  - Reusable components: ConsentManager, GroupMetadataEditor, ImageDescriptionManager
  - Multi-mode support: upload/edit/moderate modes for maximum reusability
  - Code reduction: 62% in ModerationGroupImagesPage (281→107 lines)
  - Consistent design: HTML buttons, Paper boxes, Material-UI Alerts
  - Individual save/discard per component section
  - Zero code duplication between pages
 - **<EFBFBD> Slideshow Optimization**: Intelligent image preloading eliminates loading delays and duplicate images
 - **📅 Chronological Display**: Slideshows now play in chronological order (year → upload date)
 - **Automatic Cleanup**: Unapproved groups are automatically deleted after 7 days
 - **Deletion Log**: Complete audit trail with statistics (groups, images, storage freed)
 - **Countdown Display**: Visual indicator showing days until automatic deletion
 - **Approval Feedback**: SweetAlert2 notifications for moderation actions
 - **Manual Cleanup Trigger**: Admin API endpoints for testing and manual cleanup
 - **Image Descriptions**: Add optional descriptions to individual images (max 200 characters)
 - **Edit Mode**: Edit descriptions for uploaded images in upload preview and moderation interface
 - **Slideshow Display**: Image descriptions shown as overlays during slideshow presentation
 - **Public Display**: Descriptions visible in public group views and galleries
 ### Previous Features (October 2025)
 - **Drag-and-Drop Image Reordering**: Admins can now reorder images using intuitive drag-and-drop
 - **Touch-Friendly Interface**: Mobile-optimized controls with always-visible drag handles  
 - **Slideshow Integration**: Custom image order automatically applies to slideshow mode
 - **Optimistic UI Updates**: Immediate visual feedback with error recovery
 - **Comprehensive Admin Panel**: Dedicated moderation interface for content curation
 ### Core Features
 - Multi-image batch upload with progress tracking
 - Automatic slideshow presentation mode
 - Image grouping with descriptions and metadata
 - Random slideshow rotation with custom ordering support
 - Keyboard navigation support (Slideshow: Space/Arrow keys, Escape to exit)
 - Mobile-responsive design with touch-first interactions
 ## Quick Start