Implement JWT token decoding from cookies as a secondary authentication method in webdav_auth, falling back to Basic Auth then session cookie. Add full test suite (735 lines) covering OPTIONS, PROPFIND, and authorization scenarios for WebDAV endpoints.
Migrate billing test suite from per-module Tortoise initializer/finalizer fixtures to a shared session-scoped setup in tests/conftest.py, converting all @pytest.fixture async helpers to @pytest_asyncio.fixture and removing the deleted e2e Playwright test directory.
Add a comprehensive LegalDocument base class in mywebdav/legal.py with abstract methods for title and content generation, along with full markdown and HTML implementations for compliance statement, contact/complaint mechanism, and cookie policy pages, replacing placeholder content with detailed regulatory and procedural information.
Replace all eight footer legal links from .md to .html extensions in mywebdav-app.js and create corresponding HTML documents for privacy policy, data processing agreement, terms of service, cookie policy, security policy, compliance statement, data portability & deletion policy, and contact & complaint mechanism, each with placeholder content and back navigation.
Replace every occurrence of "RBox" with "MyWebdav" in source files, configuration,
legal documents, UI components, and test fixtures. This includes renaming the
`RBoxApp` class to `MyWebdavApp` in the JavaScript component, updating the
TOTP issuer from "RBox" to "MyWebdav" in the auth router, changing the
application description in the argument parser, and updating all user-facing
strings in HTML templates, legal policies, and the manifest file. The
`.env.example` default for `TOTP_ISSUER` is also updated accordingly.
Add .login-container CSS class with flex centering and gradient background, move gradient from .auth-container to new class, and update rbox-app.js showLogin() to render login-view inside a div.login-container alongside a footer with legal links and a cookie-consent element.
- Replace "commercial" with "self-hosted" in project description
- Remove Stripe billing integration from admin features list
- Remove Stripe payment credentials from environment variables section
Add placeholder legal documents for compliance statement, contact/complaint mechanism, data portability/deletion policy, data processing agreement, security policy, and full implementations for cookie policy, privacy policy, and terms of service. Include CodeMirror 6 editor bundle with basic extensions (line numbers, syntax highlighting, autocompletion, bracket matching, undo history, search, linting) and minified CSS for legacy editor styling.
Replace every occurrence of "RBox" with "MyWebdav" in README.md, invoice templates, welcome emails, share notifications, FastAPI metadata, default database filename, domain name, S3 bucket name, TOTP issuer, and WebDAV realm header to reflect the commercial rebranding of the application.
Add a check in FileList.connectedCallback to skip loading all files when
data-search-mode attribute is present, preventing empty result sets from
overwriting search results on partial matches. Introduce a monotonically
increasing search ID counter in RBoxApp to discard responses from outdated
search requests, ensuring only the latest query result is rendered and
stale error messages are suppressed.
Implement a new `rbox/mail.py` module providing an async email service using `aiosmtplib`, including a background worker queue for non-blocking email dispatch. Integrate the service into the application lifespan (start/stop) and add email sending in three places: welcome email on user registration in `routers/auth.py`, invoice email with line-item details in `billing/invoice_generator.py`, and a test-email admin endpoint in `routers/admin.py`. Add `aiosmtplib==5.0.0` to `requirements.txt`.
Add composite index on usage_records for user_id, record_type, and timestamp columns; add individual indexes on record_type, timestamp, period_start, and status fields in billing models. Implement lazy Stripe API key initialization via _ensure_api_key method called before each Stripe operation. Fix monthly usage query to use date range filtering instead of year/month decomposition. Refactor auth login endpoint to replace OAuth2PasswordRequestForm dependency with custom LoginRequest model. Add error handling wrapper around current usage endpoint and introduce loading/error CSS classes for billing UI. Convert code editor view from absolute positioning to fixed overlay with centered modal container. Include Stripe.js script tag in index.html and add new APIContract class for response validation against schemas.
- Implement two-factor authentication with TOTP verification, recovery codes, and QR code setup in auth flow
- Add is_starred and last_accessed_at fields to File and Folder models for bookmarking and recency tracking
- Introduce batch operation endpoints for files and folders (delete, star, unstar, move, copy)
- Configure structured logging with timestamps and module names, replacing print statements
- Register admin and starred routers, add global HTTPException handler with JSON error responses
- Update authenticate_user and create_access_token to handle 2FA verification and token claims