arkay/bookmarksite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add comprehensive database setup and user management system

Browse Source 
- Implement PostgreSQL database schema with users and bookmarks tables
- Add database connection pooling with retry logic and error handling
- Create migration system with automatic schema initialization
- Add database CLI tools for management (init, status, validate, etc.)
- Include comprehensive error handling and diagnostics
- Add development seed data and testing utilities
- Implement health monitoring and connection pool statistics
- Create detailed documentation and troubleshooting guide

Database features:
- Users table with authentication fields and email verification
- Bookmarks table with user association and metadata
- Proper indexes for performance optimization
- Automatic timestamp triggers
- Transaction support with rollback handling
- Connection pooling (20 max connections, 30s idle timeout)
- Graceful shutdown handling

CLI commands available:
- npm run db:init - Initialize database
- npm run db:status - Check database status
- npm run db:validate - Validate schema
- npm run db:test - Run database tests
- npm run db:diagnostics - Full diagnostics
This commit is contained in:
Rainer Koschnick
2025-07-19 23:21:50 +02:00
commit 0abee5b794
66 changed files with 45023 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

426
.kiro/specs/bookmark-manager/design.md Normal file
View File

@ -0,0 +1,426 @@
# Bookmark Manager - Design Document
## Overview
The Bookmark Manager is a client-side web application built with vanilla JavaScript, HTML5, and CSS3. It provides a comprehensive bookmark management solution with import/export capabilities, link validation, duplicate detection, and an intuitive folder-based organization system. The application uses browser localStorage for data persistence and follows modern web development best practices for responsive design and user experience.
## Architecture
### High-Level Architecture
```mermaid
graph TB
UI[User Interface Layer]
BM[BookmarkManager Class]
PARSER[HTML Parser]
STORAGE[localStorage API]
NETWORK[Fetch API]
UI --> BM
BM --> PARSER
BM --> STORAGE
BM --> NETWORK
subgraph "Browser APIs"
STORAGE
NETWORK
DOM[DOM API]
FILE[File API]
end
subgraph "Core Components"
BM
PARSER
end
```
### Application Flow
1. **Initialization**: Application loads, restores data from localStorage, binds events
2. **Data Management**: CRUD operations on bookmarks with automatic persistence
3. **Import/Export**: File-based operations using HTML parsing and generation
4. **Link Testing**: Asynchronous HTTP requests with progress tracking
5. **UI Updates**: Real-time rendering based on data changes and user interactions
## Components and Interfaces
### 1. BookmarkManager Class
**Purpose**: Central controller managing all bookmark operations and UI interactions
**Key Properties**:
- `bookmarks: Array<Bookmark>` - Main bookmark collection
- `currentEditId: string|null` - ID of bookmark being edited
- `currentFilter: string` - Active filter state ('all', 'valid', 'invalid', 'duplicate')
- `currentContextBookmark: Bookmark` - Bookmark selected in context menu
**Key Methods**:
- `init()` - Initialize application
- `bindEvents()` - Attach event listeners
- `renderBookmarks(bookmarks?)` - Render bookmark display
- `updateStats()` - Update statistics display
### 2. Bookmark Data Model
```typescript
interface Bookmark {
id: string; // Unique identifier (timestamp + random)
title: string; // Display title
url: string; // Target URL
folder: string; // Folder path (e.g., "Development / Tools")
addDate: number; // Creation timestamp
lastModified?: number; // Last modification timestamp
icon: string; // Favicon URL or data URI
status: 'unknown' | 'valid' | 'invalid' | 'testing' | 'duplicate';
}
```
### 3. HTML Parser Component
**Purpose**: Parse Netscape bookmark HTML files and extract bookmark data
**Key Features**:
- Two-pass parsing algorithm for robust folder hierarchy detection
- Metadata preservation (dates, icons, attributes)
- Folder path normalization (removes "Bookmarks Toolbar")
- Error handling for malformed HTML
**Algorithm**:
1. **Pass 1**: Build folder hierarchy map from H3 elements
2. **Pass 2**: Process A elements and assign to folders based on DOM relationships
### 4. Storage Interface
**Purpose**: Persist bookmark data using browser localStorage
**Methods**:
- `saveBookmarksToStorage()` - Serialize and store bookmark array
- `loadBookmarksFromStorage()` - Deserialize and restore bookmarks
- `clearStorage()` - Remove all stored data
**Data Format**: JSON serialization of bookmark array
### 5. Link Testing Component
**Purpose**: Validate bookmark URLs using HTTP requests
**Features**:
- Asynchronous testing with progress tracking
- Configurable timeout (10 seconds)
- CORS handling with opaque response support
- Batch processing for "Test All" operations
- Selective retesting for invalid links
**Status Mapping**:
- `valid` - HTTP 200-299 or opaque response
- `invalid` - Network error, timeout, or HTTP error
- `testing` - Currently being tested
- `unknown` - Not yet tested
## Data Models
### Folder Structure
Folders are represented as hierarchical paths using " / " separator:
- Root level: `""` (empty string)
- Single level: `"Development"`
- Multi-level: `"Development / Web / JavaScript"`
### Statistics Model
```typescript
interface Statistics {
total: number;
valid: number;
invalid: number;
duplicate: number;
unknown: number;
}
```
### Filter States
- `all` - Show all bookmarks
- `valid` - Show only valid bookmarks
- `invalid` - Show only invalid bookmarks
- `duplicate` - Show only duplicate bookmarks
## Error Handling
### Import/Export Errors
- **File Selection**: Alert user if no file selected
- **Parse Errors**: Try-catch around HTML parsing with user notification
- **Empty Results**: Alert if no bookmarks found in file
- **Export Errors**: Handle blob creation and download failures
### Link Testing Errors
- **Network Errors**: Catch fetch failures and mark as invalid
- **Timeouts**: Use AbortController for request timeouts
- **CORS Issues**: Handle opaque responses appropriately
- **Invalid URLs**: Validate URL format before testing
### Storage Errors
- **localStorage Unavailable**: Graceful degradation without persistence
- **Quota Exceeded**: Handle storage limit errors
- **Serialization Errors**: Catch JSON stringify/parse failures
### UI Error States
- **Empty States**: Show helpful messages when no bookmarks exist
- **Loading States**: Display progress indicators during operations
- **Validation Errors**: Form validation with user feedback
## Testing Strategy
### Unit Testing Approach
**Core Functions to Test**:
1. `parseNetscapeBookmarks()` - HTML parsing accuracy
2. `normalizeUrl()` - URL normalization consistency
3. `findDuplicates()` - Duplicate detection algorithm
4. `generateNetscapeHTML()` - Export format compliance
5. `searchBookmarks()` - Search filtering logic
**Test Data**:
- Sample Netscape HTML files with various structures
- Edge cases: empty folders, special characters, malformed URLs
- Large datasets for performance testing
### Integration Testing
**User Workflows**:
1. Import → Organize → Export cycle
2. Add → Edit → Delete bookmark operations
3. Search → Filter → Clear operations
4. Test Links → View Results → Retest workflow
### Browser Compatibility Testing
**Target Browsers**:
- Chrome 90+
- Firefox 88+
- Safari 14+
- Edge 90+
**Key Features to Test**:
- File API support
- Fetch API with CORS
- localStorage availability
- CSS Grid and Flexbox support
### Performance Testing
**Scenarios**:
- Import files with 10,000+ bookmarks
- Link testing with 1,000+ URLs
- Search performance with large datasets
- UI responsiveness during operations
## User Interface Design
### Layout Structure
```
┌─────────────────────────────────────┐
│ Header (Title + Import/Export/Add) │
├─────────────────────────────────────┤
│ Toolbar (Search + Actions) │
├─────────────────────────────────────┤
│ Stats (Total/Valid/Invalid/Dupes) │
├─────────────────────────────────────┤
│ Progress Bar (when testing) │
├─────────────────────────────────────┤
│ ┌─────────┐ ┌─────────┐ ┌─────────┐ │
│ │Folder 1 │ │Folder 2 │ │Folder 3 │ │
│ │ • Link │ │ • Link │ │ • Link │ │
│ │ • Link │ │ • Link │ │ • Link │ │
│ └─────────┘ └─────────┘ └─────────┘ │
└─────────────────────────────────────┘
```
### Responsive Design
**Breakpoints**:
- Desktop: 1200px+ (3-4 columns)
- Tablet: 768px-1199px (2-3 columns)
- Mobile: <768px (1 column, stacked layout)
**Mobile Adaptations**:
- Header actions stack vertically
- Toolbar becomes full-width column
- Stats center-aligned
- Touch-friendly button sizes
### Color Scheme
**Status Colors**:
- Valid: `#28a745` (green)
- Invalid: `#dc3545` (red)
- Testing: `#ffc107` (yellow)
- Duplicate: `#17a2b8` (blue)
- Unknown: `#6c757d` (gray)
**UI Colors**:
- Primary: `#3498db` (blue)
- Secondary: `#95a5a6` (gray)
- Success: `#27ae60` (green)
- Warning: `#f39c12` (orange)
- Danger: `#e74c3c` (red)
### Folder Selection Enhancement
**Design for Enhanced Folder Input**:
```html
<div class="form-group">
<label for="bookmarkFolder">Folder:</label>
<div class="folder-input-container">
<input type="text" id="bookmarkFolder" list="folderList"
placeholder="Select existing folder or type new name">
<datalist id="folderList">
<!-- Dynamically populated with existing folders -->
</datalist>
</div>
</div>
```
**Features**:
- HTML5 datalist for native dropdown with type-ahead
- Dynamic population from existing folder names
- Allows both selection and custom input
- Consistent styling with existing form elements
### Animation and Transitions
**Hover Effects**:
- Card elevation on hover (`transform: translateY(-2px)`)
- Bookmark item slide on hover (`transform: translateX(4px)`)
- Button lift effect (`transform: translateY(-1px)`)
**Loading States**:
- Progress bar smooth width transitions
- Pulse animation for testing status
- Fade transitions for modal show/hide
**Responsive Transitions**:
- Smooth grid layout changes on resize
- Collapsible elements with height transitions
- Mobile menu slide animations
## Security Considerations
### Content Security Policy
**Recommended CSP Headers**:
```
Content-Security-Policy:
default-src 'self';
script-src 'self' 'unsafe-inline';
style-src 'self' 'unsafe-inline';
connect-src *;
```
### Data Sanitization
**HTML Escaping**:
- All user input escaped before DOM insertion
- `escapeHtml()` function for bookmark titles and URLs
- Prevent XSS through innerHTML manipulation
**URL Validation**:
- URL constructor validation before testing
- Protocol restrictions (http/https only)
- Malformed URL handling
### Privacy Considerations
**Local Storage Only**:
- No server communication for bookmark data
- All processing happens client-side
- User maintains full control of data
**Link Testing Privacy**:
- HEAD requests minimize data transfer
- No cookies or authentication sent
- User-initiated testing only
## Performance Optimizations
### Rendering Optimizations
**Virtual Scrolling**: For large bookmark collections
**Debounced Search**: 300ms delay for search input
**Lazy Loading**: Defer non-critical UI elements
**Efficient DOM Updates**: Minimize reflows and repaints
### Memory Management
**Event Listener Cleanup**: Remove listeners when not needed
**Object Pooling**: Reuse DOM elements where possible
**Garbage Collection**: Avoid memory leaks in long-running operations
### Network Optimizations
**Request Batching**: Sequential link testing to avoid overwhelming servers
**Timeout Management**: Reasonable timeouts to prevent hanging requests
**Error Recovery**: Retry logic for transient network failures
## Accessibility Features
### Keyboard Navigation
- Tab order through all interactive elements
- Enter/Space activation for buttons
- Escape key to close modals
- Arrow key navigation in lists
### Screen Reader Support
- Semantic HTML structure
- ARIA labels for complex interactions
- Status announcements for dynamic content
- Alternative text for icons
### Visual Accessibility
- High contrast color ratios (WCAG AA compliance)
- Focus indicators for keyboard navigation
- Scalable text and UI elements
- Color-blind friendly status indicators
## Browser Storage Strategy
### localStorage Implementation
**Data Structure**:
```javascript
{
"bookmarks": [
{
"id": "1642534567890_0.123",
"title": "Example Site",
"url": "https://example.com",
"folder": "Development / Tools",
"addDate": 1642534567890,
"icon": "data:image/png;base64,...",
"status": "valid"
}
]
}
```
**Storage Limits**:
- Typical limit: 5-10MB per origin
- Monitoring: Check available space before large operations
- Cleanup: Provide clear all functionality
### Backup and Recovery
**Export as Backup**: Regular export recommendations
**Import Recovery**: Merge vs replace options
**Data Validation**: Integrity checks on load
This design document provides a comprehensive blueprint for implementing and maintaining the Bookmark Manager application, ensuring scalability, maintainability, and excellent user experience.

148
.kiro/specs/bookmark-manager/requirements.md Normal file
View File

@ -0,0 +1,148 @@
# Bookmark Manager - Requirements Document
## Introduction
The Bookmark Manager is a web-based application designed to help users organize, manage, and maintain their browser bookmarks. The application provides comprehensive bookmark management capabilities including import/export functionality, link validation, duplicate detection, and an intuitive folder-based organization system.
## Requirements
### Requirement 1: Bookmark Import and Export
**User Story:** As a user, I want to import and export my bookmarks in standard formats, so that I can migrate bookmarks between browsers and backup my bookmark collection.
#### Acceptance Criteria
1. WHEN a user clicks the "Import Bookmarks" button THEN the system SHALL display a file selection modal
2. WHEN a user selects a Netscape bookmark HTML file THEN the system SHALL parse and import all bookmarks with their folder structure
3. WHEN importing bookmarks THEN the system SHALL preserve bookmark metadata including titles, URLs, folders, creation dates, and favicons
4. WHEN importing bookmarks THEN the system SHALL filter out "Bookmarks Toolbar" and "Bookmarks Bar" from folder paths to create cleaner organization
5. WHEN importing bookmarks THEN the system SHALL offer the user a choice to replace existing bookmarks or merge with current collection
6. WHEN a user clicks "Export Bookmarks" THEN the system SHALL generate a Netscape-compatible HTML file for download
7. WHEN exporting bookmarks THEN the system SHALL organize bookmarks by folders and preserve all metadata
8. WHEN exporting bookmarks THEN the system SHALL use the current date in the filename format "bookmarks_YYYY-MM-DD.html"
### Requirement 2: Bookmark Organization and Management
**User Story:** As a user, I want to organize my bookmarks into folders and manage individual bookmarks, so that I can maintain a structured and accessible bookmark collection.
#### Acceptance Criteria
1. WHEN bookmarks are displayed THEN the system SHALL group them by folder in card-based layout
2. WHEN a folder contains bookmarks THEN the system SHALL display the folder name, bookmark count, and status statistics
3. WHEN a user adds a new bookmark THEN the system SHALL require title and URL fields and allow optional folder assignment
4. WHEN the folder field is focused THEN the system SHALL provide a dropdown list of all existing folders for selection
5. WHEN selecting from folder dropdown THEN the system SHALL allow users to choose an existing folder or type a new folder name
6. WHEN a user edits a bookmark THEN the system SHALL allow modification of title, URL, and folder assignment with the same folder selection capabilities
5. WHEN a user deletes a bookmark THEN the system SHALL request confirmation before permanent removal
6. WHEN bookmarks are displayed THEN the system SHALL show bookmark titles, URLs (on hover), and status indicators
7. WHEN a user hovers over a bookmark THEN the system SHALL expand to show the full URL and title
8. WHEN bookmarks exceed the card height limit THEN the system SHALL provide vertical scrolling within the card
### Requirement 3: Link Validation and Testing
**User Story:** As a user, I want to test my bookmarks to identify broken links, so that I can maintain a collection of working bookmarks.
#### Acceptance Criteria
1. WHEN a user clicks "Test All Links" THEN the system SHALL test every bookmark URL for accessibility
2. WHEN testing links THEN the system SHALL display a progress bar showing current progress and bookmark being tested
3. WHEN testing a link THEN the system SHALL use HTTP HEAD requests with 10-second timeout to minimize bandwidth
4. WHEN a link test completes THEN the system SHALL mark bookmarks as "valid", "invalid", or "unknown" status
5. WHEN a user clicks "Test Invalid Links" THEN the system SHALL retest only bookmarks previously marked as invalid
6. WHEN link testing encounters CORS restrictions THEN the system SHALL handle opaque responses appropriately
7. WHEN testing completes THEN the system SHALL update bookmark status indicators and statistics
8. WHEN a user clicks on a bookmark status indicator THEN the system SHALL show a context menu with testing options
### Requirement 4: Search and Filtering
**User Story:** As a user, I want to search and filter my bookmarks, so that I can quickly find specific bookmarks in large collections.
#### Acceptance Criteria
1. WHEN a user types in the search box THEN the system SHALL filter bookmarks in real-time based on title, URL, and folder name
2. WHEN search results are displayed THEN the system SHALL maintain the current filter state (all/valid/invalid/duplicates)
3. WHEN a user clicks filter buttons THEN the system SHALL show only bookmarks matching the selected status
4. WHEN "All" filter is active THEN the system SHALL display all bookmarks regardless of status
5. WHEN "Valid" filter is active THEN the system SHALL display only bookmarks with valid status
6. WHEN "Invalid" filter is active THEN the system SHALL display only bookmarks with invalid status
7. WHEN "Duplicates" filter is active THEN the system SHALL display only bookmarks marked as duplicates
8. WHEN filters are applied THEN the system SHALL update the statistics display to reflect filtered counts
### Requirement 5: Duplicate Detection and Management
**User Story:** As a user, I want to identify duplicate bookmarks in my collection, so that I can clean up redundant entries and maintain an organized bookmark library.
#### Acceptance Criteria
1. WHEN a user clicks "Find Duplicates" THEN the system SHALL analyze all bookmarks for duplicate URLs
2. WHEN detecting duplicates THEN the system SHALL normalize URLs by removing trailing slashes and www prefixes
3. WHEN duplicates are found THEN the system SHALL mark all instances in duplicate groups with "duplicate" status
4. WHEN duplicate detection completes THEN the system SHALL display an alert showing the number of duplicates found
5. WHEN no duplicates exist THEN the system SHALL inform the user that no duplicates were found
6. WHEN duplicates are marked THEN the system SHALL update the statistics display to show duplicate count
7. WHEN duplicate detection runs THEN the system SHALL reset any previously marked duplicates before new analysis
### Requirement 6: Data Persistence and Storage
**User Story:** As a user, I want my bookmarks to be saved automatically, so that my work is preserved between browser sessions.
#### Acceptance Criteria
1. WHEN bookmarks are imported, added, edited, or deleted THEN the system SHALL automatically save to browser localStorage
2. WHEN the application loads THEN the system SHALL restore bookmarks from localStorage if available
3. WHEN bookmark status is updated THEN the system SHALL persist the new status information
4. WHEN a user clears all bookmarks THEN the system SHALL remove all data from localStorage after confirmation
5. WHEN localStorage is unavailable THEN the system SHALL handle gracefully without crashing
### Requirement 7: User Interface and Experience
**User Story:** As a user, I want an intuitive and responsive interface, so that I can efficiently manage my bookmarks across different devices.
#### Acceptance Criteria
1. WHEN the application loads THEN the system SHALL display a clean, modern interface with clear navigation
2. WHEN bookmarks are displayed THEN the system SHALL use a responsive grid layout that adapts to screen size
3. WHEN on mobile devices THEN the system SHALL stack interface elements vertically for better usability
4. WHEN performing long operations THEN the system SHALL show progress indicators and status messages
5. WHEN hovering over interactive elements THEN the system SHALL provide visual feedback with hover effects
6. WHEN displaying status information THEN the system SHALL use color-coded indicators (green=valid, red=invalid, blue=duplicate, gray=unknown)
7. WHEN modals are displayed THEN the system SHALL allow closing by clicking outside the modal or using close buttons
8. WHEN errors occur THEN the system SHALL display user-friendly error messages
### Requirement 8: Context Menu and Bookmark Actions
**User Story:** As a user, I want quick access to bookmark actions, so that I can efficiently manage individual bookmarks.
#### Acceptance Criteria
1. WHEN a user clicks on a bookmark THEN the system SHALL display a context menu with available actions
2. WHEN "Visit" is selected THEN the system SHALL open the bookmark URL in a new browser tab
3. WHEN "Test Link" is selected THEN the system SHALL test the individual bookmark and update its status
4. WHEN "Edit" is selected THEN the system SHALL open the bookmark editing modal with current values
5. WHEN "Delete" is selected THEN the system SHALL request confirmation and remove the bookmark if confirmed
6. WHEN context menu actions complete THEN the system SHALL close the context menu automatically
### Requirement 9: Statistics and Monitoring
**User Story:** As a user, I want to see statistics about my bookmark collection, so that I can understand the health and size of my bookmark library.
#### Acceptance Criteria
1. WHEN bookmarks are loaded or updated THEN the system SHALL calculate and display total bookmark count
2. WHEN link testing occurs THEN the system SHALL update counts for valid and invalid bookmarks
3. WHEN duplicate detection runs THEN the system SHALL update the duplicate bookmark count
4. WHEN statistics are displayed THEN the system SHALL show counts as clickable filter buttons
5. WHEN folder cards are displayed THEN the system SHALL show individual folder statistics including valid/invalid counts
6. WHEN statistics change THEN the system SHALL update the display in real-time
### Requirement 10: Performance and Scalability
**User Story:** As a user, I want the application to perform well with large bookmark collections, so that I can manage thousands of bookmarks efficiently.
#### Acceptance Criteria
1. WHEN importing large bookmark files THEN the system SHALL parse and display bookmarks without blocking the UI
2. WHEN testing many links THEN the system SHALL process them sequentially to avoid overwhelming servers
3. WHEN displaying many bookmarks THEN the system SHALL use efficient rendering to maintain responsive performance
4. WHEN searching large collections THEN the system SHALL provide fast, real-time filtering results
5. WHEN bookmark cards contain many items THEN the system SHALL limit display height and provide scrolling

121
.kiro/specs/bookmark-manager/tasks.md Normal file
View File

@ -0,0 +1,121 @@
# Implementation Plan
## ✅ Already Implemented (Core Features)
- [x] **Basic bookmark management** - Add, edit, delete bookmarks with title, URL, and folder
- [x] **Import/Export functionality** - Netscape HTML format with robust parsing and generation
- [x] **Link testing** - Test all links, test invalid links only, with progress tracking
- [x] **Search and filtering** - Real-time search with status-based filtering (all/valid/invalid/duplicate)
- [x] **Duplicate detection** - URL normalization and duplicate marking
- [x] **Data persistence** - localStorage with error handling
- [x] **Folder organization** - Card-based layout grouped by folders
- [x] **Context menu** - Right-click actions for individual bookmarks
- [x] **Statistics display** - Real-time counts with clickable filter buttons
- [x] **Basic responsive design** - Mobile breakpoints and layout adjustments
- [x] **Progress indicators** - Progress bars for link testing operations
- [x] **Basic error handling** - Try-catch blocks with user alerts for major operations
## 🚀 Priority Tasks (High Impact)
- [x] 1. Enhance folder selection in Add/Edit Bookmark dialog
- Implement HTML5 datalist for folder dropdown with existing folder options
- Add dynamic population of folder list from current bookmark collection
- Ensure both selection from dropdown and custom typing work seamlessly
- Update modal styling to accommodate the enhanced folder input
- _Requirements: 2.4, 2.5, 2.6_
- [x] 2. Add keyboard navigation and accessibility features
- Implement tab order navigation through all interactive elements
- Add ARIA labels and semantic HTML structure for screen readers
- Enable Enter/Space key activation for buttons and bookmark items
- Add Escape key functionality to close modals
- Ensure high contrast ratios meet WCAG AA compliance
- _Requirements: 7.4, 7.5, 7.6, 7.7_
- [x] 3. Optimize performance for large bookmark collections
- Implement debounced search with 300ms delay to reduce excessive filtering
- Add virtual scrolling or pagination for bookmark cards when collection exceeds threshold
- Optimize DOM manipulation to minimize reflows during rendering
- Add loading states for operations that might take time
- _Requirements: 10.1, 10.2, 10.3, 10.4, 10.5_
## 🔧 Enhancement Tasks (Medium Priority)
- [x] 4. Enhance link testing with better error categorization
- Improve error handling to categorize different types of link failures
- Add retry logic for transient network failures during testing
- Implement better timeout handling with user-configurable timeout values
- Add detailed error reporting in console for debugging failed links
- _Requirements: 3.3, 3.4, 3.6, 3.7_
- [x] 5. Implement advanced duplicate detection algorithms
- Enhance URL normalization to handle more edge cases (query parameters, fragments)
- Add fuzzy matching for bookmark titles to detect near-duplicates
- Implement user choice for duplicate resolution (keep newest, oldest, or manual selection)
- Add preview of duplicates before marking them
- _Requirements: 5.2, 5.3, 5.4, 5.5_
- [x] 6. Add data export options and backup features
- Implement multiple export formats (JSON, CSV, plain text)
- Add selective export by folder or status
- Create automatic backup reminders based on bookmark count or time
- Add import validation to prevent data corruption
- _Requirements: 1.6, 1.7, 1.8, 6.1_
- [x] 7. Enhance mobile responsiveness and touch interactions
- Optimize touch targets for mobile devices (minimum 44px)
- Implement swipe gestures for bookmark actions on mobile
- Add pull-to-refresh functionality for link testing
- Optimize modal layouts for small screens
- _Requirements: 7.2, 7.3, 7.4_
## 🎯 Advanced Features (Lower Priority)
- [x] 8. Add advanced search and filtering capabilities
- Implement search within specific folders
- Add date-based filtering (added this week, month, year)
- Create saved search functionality
- Add search history and suggestions
- _Requirements: 4.1, 4.2, 4.3, 4.4_
- [x] 9. Implement bookmark organization features
- Add drag-and-drop functionality to move bookmarks between folders
- Create folder management interface (rename, delete, merge folders)
- Add bulk operations (move multiple bookmarks, bulk delete)
- Implement bookmark sorting options (alphabetical, date, status)
- _Requirements: 2.1, 2.2, 2.7, 2.8_
- [x] 10. Add bookmark metadata and tagging system
- Implement tagging system for bookmarks beyond folders
- Add bookmark notes/descriptions field
- Create bookmark rating or favorite system
- Add last visited tracking for bookmarks
- _Requirements: 1.3, 2.3, 9.1, 9.2_
- [x] 11. Enhance statistics and reporting features
- Create detailed analytics dashboard showing bookmark usage patterns
- Add charts and graphs for bookmark statistics over time
- Implement bookmark health reports (broken links, old bookmarks)
- Add export functionality for statistics data
- _Requirements: 9.1, 9.2, 9.3, 9.4, 9.5, 9.6_
- [x] 12. Implement advanced import/export features
- Add support for importing from multiple browser formats (Chrome, Firefox, Safari)
- Create incremental import to merge new bookmarks without duplicates
- Add import preview showing what will be imported before confirmation
- Implement bookmark synchronization between multiple devices
- _Requirements: 1.1, 1.2, 1.3, 1.4, 1.5_
- [x] 13. Add bookmark sharing and collaboration features
- Create shareable bookmark collections with public URLs
- Add bookmark export to social media or email
- Implement bookmark recommendations based on similar collections
- Create bookmark collection templates for common use cases
- _Requirements: 1.6, 1.7, 1.8_
- [x] 14. Implement advanced security and privacy features
- Add bookmark encryption for sensitive collections
- Implement secure bookmark sharing with password protection
- Add privacy mode to exclude certain bookmarks from exports
- Create bookmark access logging for security auditing
- _Requirements: 6.1, 6.2, 6.3, 6.4_

578
.kiro/specs/user-management/design.md Normal file
View File

@ -0,0 +1,578 @@
# User Management - Design Document
## Overview
The User Management system transforms the existing client-side bookmark manager into a full-stack web application with multi-user support. The system uses a Node.js/Express backend with PostgreSQL database for data persistence, JWT-based authentication, and maintains the existing frontend while adding user authentication flows. The architecture follows RESTful API principles with proper security measures including password hashing, session management, and data isolation between users.
## Architecture
### High-Level Architecture
```mermaid
graph TB
CLIENT[Frontend Client]
AUTH[Authentication Layer]
API[REST API Layer]
BIZ[Business Logic Layer]
DATA[Data Access Layer]
DB[(PostgreSQL Database)]
EMAIL[Email Service]
CLIENT --> AUTH
AUTH --> API
API --> BIZ
BIZ --> DATA
DATA --> DB
BIZ --> EMAIL
subgraph "Backend Services"
AUTH
API
BIZ
DATA
end
subgraph "External Services"
EMAIL
DB
end
```
### Technology Stack
**Backend**:
- Node.js with Express.js framework
- PostgreSQL database with pg (node-postgres) driver
- bcrypt for password hashing
- jsonwebtoken for JWT authentication
- nodemailer for email services
- express-rate-limit for API rate limiting
- helmet for security headers
**Frontend**:
- Existing vanilla JavaScript application
- Fetch API for HTTP requests
- JWT token storage in httpOnly cookies
- Enhanced UI for authentication flows
### Application Flow
1. **User Registration**: Email validation → Password hashing → Database storage → Email verification
2. **Authentication**: Credential validation → JWT token generation → Session establishment
3. **Bookmark Operations**: Token validation → User authorization → Database operations → Response
4. **Session Management**: Token refresh → Expiration handling → Logout cleanup
## Components and Interfaces
### 1. User Authentication Service
**Purpose**: Handle user registration, login, password management, and session control
**Key Methods**:
- `registerUser(email, password)` - Create new user account
- `authenticateUser(email, password)` - Validate credentials and create session
- `generateJWT(userId)` - Create authentication token
- `validateToken(token)` - Verify token validity
- `resetPassword(email)` - Initiate password reset flow
- `changePassword(userId, currentPassword, newPassword)` - Update user password
**Security Features**:
- bcrypt password hashing with salt rounds (12)
- JWT tokens with 24-hour expiration
- Password strength validation
- Rate limiting on authentication endpoints
- Secure cookie configuration
### 2. User Data Model
```typescript
interface User {
id: string; // UUID primary key
email: string; // Unique email address
password_hash: string; // bcrypt hashed password
is_verified: boolean; // Email verification status
created_at: Date; // Account creation timestamp
updated_at: Date; // Last profile update
last_login: Date; // Last successful login
verification_token?: string; // Email verification token
reset_token?: string; // Password reset token
reset_expires?: Date; // Reset token expiration
}
```
### 3. Enhanced Bookmark Data Model
```typescript
interface Bookmark {
id: string; // UUID primary key
user_id: string; // Foreign key to users table
title: string; // Bookmark title
url: string; // Target URL
folder: string; // Folder path
add_date: Date; // Creation timestamp
last_modified: Date; // Last update timestamp
icon: string; // Favicon URL or data URI
status: 'unknown' | 'valid' | 'invalid' | 'testing' | 'duplicate';
created_at: Date; // Database creation timestamp
updated_at: Date; // Database update timestamp
}
```
### 4. Database Schema
**Users Table**:
```sql
CREATE TABLE users (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
email VARCHAR(255) UNIQUE NOT NULL,
password_hash VARCHAR(255) NOT NULL,
is_verified BOOLEAN DEFAULT FALSE,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
last_login TIMESTAMP,
verification_token VARCHAR(255),
reset_token VARCHAR(255),
reset_expires TIMESTAMP
);
CREATE INDEX idx_users_email ON users(email);
CREATE INDEX idx_users_verification_token ON users(verification_token);
CREATE INDEX idx_users_reset_token ON users(reset_token);
```
**Bookmarks Table**:
```sql
CREATE TABLE bookmarks (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
title VARCHAR(500) NOT NULL,
url TEXT NOT NULL,
folder VARCHAR(255) DEFAULT '',
add_date TIMESTAMP NOT NULL,
last_modified TIMESTAMP,
icon TEXT,
status VARCHAR(20) DEFAULT 'unknown',
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
CREATE INDEX idx_bookmarks_user_id ON bookmarks(user_id);
CREATE INDEX idx_bookmarks_folder ON bookmarks(user_id, folder);
CREATE INDEX idx_bookmarks_status ON bookmarks(user_id, status);
CREATE INDEX idx_bookmarks_url ON bookmarks(user_id, url);
```
### 5. REST API Endpoints
**Authentication Endpoints**:
- `POST /api/auth/register` - User registration
- `POST /api/auth/login` - User login
- `POST /api/auth/logout` - User logout
- `POST /api/auth/refresh` - Token refresh
- `POST /api/auth/forgot-password` - Password reset request
- `POST /api/auth/reset-password` - Password reset confirmation
- `GET /api/auth/verify/:token` - Email verification
**User Management Endpoints**:
- `GET /api/user/profile` - Get user profile
- `PUT /api/user/profile` - Update user profile
- `POST /api/user/change-password` - Change password
- `DELETE /api/user/account` - Delete user account
**Bookmark Endpoints**:
- `GET /api/bookmarks` - Get user's bookmarks (with pagination)
- `POST /api/bookmarks` - Create new bookmark
- `PUT /api/bookmarks/:id` - Update bookmark
- `DELETE /api/bookmarks/:id` - Delete bookmark
- `POST /api/bookmarks/import` - Import bookmarks
- `GET /api/bookmarks/export` - Export bookmarks
- `POST /api/bookmarks/test-links` - Test bookmark links
- `POST /api/bookmarks/find-duplicates` - Find duplicate bookmarks
### 6. Middleware Components
**Authentication Middleware**:
```javascript
const authenticateToken = (req, res, next) => {
const token = req.cookies.authToken;
if (!token) return res.status(401).json({ error: 'Access denied' });
try {
const verified = jwt.verify(token, process.env.JWT_SECRET);
req.user = verified;
next();
} catch (error) {
res.status(400).json({ error: 'Invalid token' });
}
};
```
**Rate Limiting Middleware**:
```javascript
const authLimiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 5, // 5 attempts per window
message: 'Too many authentication attempts'
});
```
## Data Models
### Session Management
**JWT Payload Structure**:
```typescript
interface JWTPayload {
userId: string;
email: string;
iat: number; // Issued at
exp: number; // Expiration
}
```
**Cookie Configuration**:
```javascript
const cookieOptions = {
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
sameSite: 'strict',
maxAge: 24 * 60 * 60 * 1000 // 24 hours
};
```
### Email Templates
**Verification Email**:
- Subject: "Verify your Bookmark Manager account"
- Content: Welcome message with verification link
- Link format: `${baseUrl}/verify/${verificationToken}`
**Password Reset Email**:
- Subject: "Reset your Bookmark Manager password"
- Content: Reset instructions with secure link
- Link format: `${baseUrl}/reset-password/${resetToken}`
- Expiration: 1 hour
## Error Handling
### API Error Response Format
```typescript
interface APIError {
error: string; // Error message
code?: string; // Error code for client handling
details?: any; // Additional error details
timestamp: string; // ISO timestamp
}
```
### Error Categories
**Authentication Errors (401)**:
- Invalid credentials
- Token expired
- Token invalid
- Account not verified
**Authorization Errors (403)**:
- Insufficient permissions
- Account suspended
- Resource access denied
**Validation Errors (400)**:
- Invalid email format
- Weak password
- Missing required fields
- Invalid data format
**Server Errors (500)**:
- Database connection failed
- Email service unavailable
- Internal server error
### Error Logging Strategy
```javascript
const logger = {
error: (message, meta) => {
console.error({
timestamp: new Date().toISOString(),
level: 'error',
message,
...meta
});
},
warn: (message, meta) => {
console.warn({
timestamp: new Date().toISOString(),
level: 'warn',
message,
...meta
});
}
};
```
## Testing Strategy
### Unit Testing
**Authentication Service Tests**:
- Password hashing and verification
- JWT token generation and validation
- Email validation logic
- Password strength validation
**Database Layer Tests**:
- User CRUD operations
- Bookmark CRUD operations
- Data isolation between users
- Query performance with large datasets
**API Endpoint Tests**:
- Request validation
- Authentication middleware
- Error response formats
- Rate limiting behavior
### Integration Testing
**Authentication Flow Tests**:
1. Registration → Email verification → Login
2. Login → Token refresh → Logout
3. Password reset → New password → Login
4. Failed login attempts → Account lockout
**Bookmark Management Tests**:
1. Login → Import bookmarks → Verify isolation
2. CRUD operations → Data persistence
3. Link testing → Status updates
4. Export functionality → Data integrity
### Security Testing
**Authentication Security**:
- SQL injection prevention
- XSS protection
- CSRF protection
- Rate limiting effectiveness
- Password brute force protection
**Data Security**:
- User data isolation
- Sensitive data exposure
- Token security
- Session management
### Performance Testing
**Load Testing Scenarios**:
- Concurrent user registrations
- Simultaneous bookmark operations
- Large bookmark imports
- Database query performance
**Scalability Testing**:
- Database connection pooling
- Memory usage under load
- Response times with large datasets
## User Interface Design
### Authentication Pages
**Login Page Layout**:
```
┌─────────────────────────────────────┐
│ Bookmark Manager │
├─────────────────────────────────────┤
│ ┌─────────────────────────────────┐ │
│ │ Email: [________________] │ │
│ │ Password: [________________] │ │
│ │ [ ] Remember me │ │
│ │ [Login] [Forgot Password?] │ │
│ │ Don't have an account? Register │ │
│ └─────────────────────────────────┘ │
└─────────────────────────────────────┘
```
**Registration Page Layout**:
```
┌─────────────────────────────────────┐
│ Create Account │
├─────────────────────────────────────┤
│ ┌─────────────────────────────────┐ │
│ │ Email: [________________] │ │
│ │ Password: [________________] │ │
│ │ Confirm: [________________] │ │
│ │ Password Requirements: │ │
│ │ ✓ 8+ characters │ │
│ │ ✓ Uppercase letter │ │
│ │ ✓ Number │ │
│ │ [Create Account] │ │
│ │ Already have an account? Login │ │
│ └─────────────────────────────────┘ │
└─────────────────────────────────────┘
```
### Enhanced Main Application
**Header with User Menu**:
```
┌─────────────────────────────────────┐
│ Bookmark Manager [user@email.com]│
│ [Profile ▼] │
│ - Account │
│ - Settings │
│ - Logout │
├─────────────────────────────────────┤
│ [Import] [Export] [Add Bookmark] │
└─────────────────────────────────────┘
```
### Responsive Design Considerations
**Mobile Authentication**:
- Full-screen login/register forms
- Touch-friendly input fields
- Clear error messaging
- Simplified navigation
**Tablet/Desktop**:
- Centered authentication forms
- Side-by-side login/register options
- Enhanced user menu
- Consistent with existing bookmark UI
## Security Considerations
### Password Security
**Hashing Strategy**:
- bcrypt with 12 salt rounds
- Automatic salt generation
- Timing attack prevention
- Password history (optional)
**Password Policy**:
- Minimum 8 characters
- At least one uppercase letter
- At least one lowercase letter
- At least one number
- At least one special character
- Common password blacklist
### Token Security
**JWT Configuration**:
- Strong secret key (256-bit)
- Short expiration times (24 hours)
- Secure cookie storage
- Token refresh mechanism
- Blacklist for revoked tokens
### API Security
**Request Security**:
- HTTPS enforcement
- CORS configuration
- Rate limiting per endpoint
- Input validation and sanitization
- SQL injection prevention
**Response Security**:
- Security headers (helmet.js)
- Error message sanitization
- No sensitive data exposure
- Proper HTTP status codes
### Database Security
**Connection Security**:
- Connection string encryption
- Connection pooling limits
- Query timeout configuration
- Prepared statements only
**Data Protection**:
- User data isolation
- Soft delete for audit trails
- Regular backup procedures
- Access logging
## Performance Optimizations
### Database Optimizations
**Indexing Strategy**:
- Primary keys on all tables
- Foreign key indexes
- Composite indexes for common queries
- Partial indexes for filtered queries
**Query Optimization**:
- Pagination for large result sets
- Efficient JOIN operations
- Query result caching
- Connection pooling
### API Performance
**Response Optimization**:
- Gzip compression
- JSON response minification
- Conditional requests (ETags)
- Appropriate cache headers
**Request Handling**:
- Async/await patterns
- Error handling middleware
- Request timeout configuration
- Memory leak prevention
### Frontend Integration
**Token Management**:
- Automatic token refresh
- Graceful authentication failures
- Offline capability considerations
- Local storage cleanup
**API Integration**:
- Request retry logic
- Loading state management
- Error boundary implementation
- Optimistic updates where appropriate
## Deployment Considerations
### Environment Configuration
**Development Environment**:
- Local PostgreSQL instance
- Development JWT secrets
- Debug logging enabled
- CORS allowing localhost
**Production Environment**:
- Managed database service
- Environment variable secrets
- Production logging configuration
- Strict CORS policy
- HTTPS enforcement
### Monitoring and Logging
**Application Monitoring**:
- Request/response logging
- Error rate monitoring
- Performance metrics
- User activity tracking
**Security Monitoring**:
- Failed authentication attempts
- Suspicious activity detection
- Rate limit violations
- Token usage patterns
This design document provides a comprehensive blueprint for implementing secure, scalable user management functionality that integrates seamlessly with the existing bookmark manager while maintaining high security standards and excellent user experience.

0
.kiro/specs/user-management/requirements.md Normal file
View File

93
.kiro/specs/user-management/tasks.md Normal file
View File

@ -0,0 +1,93 @@
# User Management - Implementation Plan
- [x] 1. Set up backend project structure and dependencies
- Create Node.js project with Express.js framework
- Install required dependencies: express, pg, bcrypt, jsonwebtoken, nodemailer, helmet, express-rate-limit
- Configure project structure with controllers, models, middleware, and routes directories
- Set up environment configuration with dotenv
- _Requirements: 7.1, 7.2_
- [x] 2. Create database schema and connection setup
- Write SQL migration scripts for users and bookmarks tables with proper indexes
- Implement database connection module with PostgreSQL connection pooling
- Create database initialization script with table creation and seed data
- Add database connection error handling and retry logic
- _Requirements: 7.1, 7.2, 7.5_
- [ ] 3. Implement user authentication service
- Create User model with bcrypt password hashing functionality
- Implement user registration with email validation and password strength checking
- Build login authentication with credential validation and JWT token generation
- Add password reset functionality with secure token generation and email sending
- _Requirements: 1.2, 1.3, 2.2, 2.3, 3.1, 3.2, 3.3_
- [ ] 4. Build authentication middleware and security
- Create JWT token validation middleware for protected routes
- Implement rate limiting middleware for authentication endpoints
- Add security headers middleware using helmet.js
- Create user authorization middleware for bookmark operations
- _Requirements: 8.1, 8.2, 8.3, 8.6_
- [ ] 5. Create user management API endpoints
- Implement POST /api/auth/register endpoint with validation and email verification
- Build POST /api/auth/login endpoint with credential validation and session creation
- Create POST /api/auth/logout endpoint with session cleanup
- Add GET /api/user/profile and PUT /api/user/profile endpoints for profile management
- Implement POST /api/user/change-password endpoint with current password verification
- _Requirements: 1.1, 1.5, 2.1, 2.3, 4.1, 4.2, 4.5_
- [ ] 6. Implement bookmark data isolation and API endpoints
- Create Bookmark model with user association and CRUD operations
- Build GET /api/bookmarks endpoint with user filtering and pagination
- Implement POST /api/bookmarks endpoint with user association
- Create PUT /api/bookmarks/:id and DELETE /api/bookmarks/:id endpoints with ownership validation
- Add bookmark import/export endpoints with user data isolation
- _Requirements: 5.1, 5.2, 5.3, 5.4, 5.6_
- [ ] 7. Build email service integration
- Create email service module with nodemailer configuration
- Implement email verification functionality with secure token generation
- Build password reset email functionality with time-limited tokens
- Create email templates for verification and password reset
- Add email sending error handling and retry logic
- _Requirements: 1.5, 1.7, 3.1, 3.7_
- [ ] 8. Create frontend authentication pages
- Build login page with email/password form and validation
- Create registration page with email, password, and confirmation fields
- Implement password reset request page with email input
- Add password reset confirmation page with new password form
- Create email verification success/error pages
- _Requirements: 1.1, 2.1, 3.2, 4.1_
- [ ] 9. Integrate authentication with existing frontend
- Modify existing bookmark manager to check authentication status on load
- Add user menu to header with profile and logout options
- Implement automatic token refresh and session management
- Update all bookmark API calls to include authentication headers
- Add authentication error handling and redirect to login
- _Requirements: 2.3, 2.6, 6.1, 6.3, 6.7_
- [ ] 10. Implement data migration functionality
- Create migration endpoint to import localStorage bookmarks to user account
- Build frontend migration UI with merge/replace options
- Add validation for imported bookmark data format
- Implement conflict resolution for duplicate bookmarks during migration
- Create post-migration cleanup of localStorage data
- _Requirements: 9.1, 9.2, 9.3, 9.5, 9.6_
- [ ] 11. Add comprehensive error handling and logging
- Implement centralized error handling middleware for API endpoints
- Create logging service with different log levels and rotation
- Add authentication failure logging for security monitoring
- Implement database error handling with appropriate user messages
- Create client-side error boundaries for authentication failures
- _Requirements: 10.1, 10.2, 10.3, 10.4_
- [ ] 12. Create comprehensive test suite
- Write unit tests for authentication service functions (password hashing, token generation)
- Create integration tests for user registration and login flows
- Build API endpoint tests for all authentication and bookmark endpoints
- Implement database isolation tests to verify user data separation
- Add security tests for SQL injection prevention and XSS protection
- _Requirements: 1.2, 2.2, 5.1, 8.4, 8.5_