The webapp is a web server that displays a shiny interface.

## bugs

* At least in chromium, clicking on the transfer pause or cancel button
  sometimes fails. Seen in javascript console:
  500 error code from web server.
  This is quite likely because of how the div containing transfers is refereshed.
  If instead javascript was used to update the progress bar etc for transfers
  with json data, the buttons would work better.

## interface

* list of files uploading and downloading **done**
* button to open file browser on repo (`xdg-open $DIR`) **done**
* progress bars for each file (see [[progressbars]]) **done**
* drag and drop to reorder
* cancel, pause, and resume **done**
* keep it usable w/o javascript **done**
* keep it accessible to blind, etc

## other features

* there could be a UI to export a file, which would make it be served up
  over http by the web app
* there could be a UI (some javascript thing) in the web browser to
  submit urls to the web app to be added to the annex and downloaded.
  See: [[todo/wishlist:_an_"assistant"_for_web-browsing_--_tracking_the_sources_of_the_downloads]]
* Display the `inotify max_user_watches` exceeded message. **done**
* Display something sane when kqueue runs out of file descriptors.
* allow renaming git remotes and/or setting git-annex repo descriptions
* allow removing git remotes

## first start **done**

* make git repo **done**
* generate a nice description like "joey@hostname Desktop/annex" **done**
* record repository that was made, and use it next time run **done**
* write a pid file, to prevent more than one first-start process running
  at once **done**

## security **acceptable/done**

* Listen only to localhost. **done**
* Instruct the user's web browser to open an url that contains a secret
  token. This guards against other users on the same system. **done**
  (I would like to avoid passwords or other authentication methods,
  it's your local system.)
* Don't pass the url with secret token directly to the web browser,
  as that exposes it to `ps`. Instead, write a html file only the user can read,
  that redirects to the webapp. **done**
* Alternative for Linux at least would be to write a small program using
  GTK+ Webkit, that runs the webapp, and can know what user ran it, avoiding
  needing authentication.