|
1 | 1 | # ToDo Next |
2 | | -- [ ] Migrate token handling to an encrypted-at-rest model (Option 2) to ensure tokens in the config cannot be used if leaked, while maintaining O(1) lookup performance on the hot path. |
3 | | - - [ ] Implement a simple, well-documented API endpoint to "mint" (encrypt) tokens using the server's secret. |
4 | | - - [ ] Update config loading logic to decrypt tokens in `config.yaml` upon fetch/refresh. |
5 | | - - [ ] Ensure request authentication remains a fast memory lookup against the decrypted tokens. |
| 2 | +- Migrate away from the forgejo/http request based token/auth management to a locally managed one. For this I want to rely on SSO via OIDC (with SCIM and backchannel logout) with a local sqlite database. |
| 3 | +- The database should have point in time recovery, either via a native litestream integration or as a sidecard process in the container |
6 | 4 |
|
7 | | - |
8 | | -# Ideas for the future |
9 | | -> Some of the feature below might be better handled by a workflow engine or serverless functions platform |
10 | | -- [ ] migrate away from quasi stateless forgejo backend to a stateful sqlite one, that auto restored litestream backup on startup and stream litestream backups to target location during operation |
11 | | -- [ ] use new backend to implement url shortening service under $patchwork_domain/s/... |
12 | | -- [ ] add oidc integration for auth to manage data, tokens etc |
| 5 | +# Ideas for the future (once a database is in place) |
| 6 | +- [ ] use new backend to implement url shortening service under $patchwork\_domain/s/... |
13 | 7 | - [ ] embed a mqtt server using sqlite db for persistence |
14 | 8 | - [ ] add token management platform (using some permission system based on namespaces) |
15 | 9 | - [ ] add data from mqtt broker to prometheus data |
16 | 10 | - [ ] replace ntfy endpoint abstraction with https://containrrr.dev/shoutrrr/v0.8/ to allow users to easily add many different notification services |
17 | | -- [ ] look into adding data storage for small scripts |
| 11 | +- [ ] look into adding data storage for small scripts (per-user or per-script databases?) |
18 | 12 | - [ ] add web endpoints for mqtt broker (subscribe to mqtt patterns using SSE, send messages using a simple POST) |
19 | | -- [ ] look into optional integration into a mosquitto-logger service (idea would be to integrate it, but make it optional and allow users to start the logger without the rest of the server) |
20 | | -- [ ] think about integrating simple file sharing using s3 backend with pre-signed urls etc (or direct rclone integration instead) |
| 13 | +- [ ] think about integrating simple file sharing using s3 backend with pre-signed urls etc (or direct rclone integration instead) |
0 commit comments