-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsecurity.html
More file actions
28 lines (26 loc) · 25.9 KB
/
security.html
File metadata and controls
28 lines (26 loc) · 25.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
<!DOCTYPE html>
<html lang="en-US" dir="ltr">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<title>Security | Foldergram</title>
<meta name="description" content="The real security posture of Foldergram, including admin/viewer/public access control, mutation trust checks, and local-only caveats.">
<meta name="generator" content="VitePress v1.6.4">
<link rel="preload stylesheet" href="/assets/style.D0ri7LhZ.css" as="style">
<link rel="preload stylesheet" href="/vp-icons.css" as="style">
<script type="module" src="/assets/app.Ctsaibyu.js"></script>
<link rel="preload" href="/assets/inter-roman-latin.Di8DUHzh.woff2" as="font" type="font/woff2" crossorigin="">
<link rel="modulepreload" href="/assets/chunks/theme.DJE1TC2M.js">
<link rel="modulepreload" href="/assets/chunks/framework.ePeAWSvT.js">
<link rel="modulepreload" href="/assets/security.md.BwkL2X-x.lean.js">
<link rel="icon" type="image/svg+xml" href="/logo.svg">
<link rel="apple-touch-icon" href="/logo.svg">
<meta name="theme-color" content="#6366f1">
<script id="check-dark-mode">(()=>{const e=localStorage.getItem("vitepress-theme-appearance")||"auto",a=window.matchMedia("(prefers-color-scheme: dark)").matches;(!e||e==="auto"?a:e==="dark")&&document.documentElement.classList.add("dark")})();</script>
<script id="check-mac-os">document.documentElement.classList.toggle("mac",/Mac|iPhone|iPod|iPad/i.test(navigator.platform));</script>
</head>
<body>
<div id="app"><div class="Layout" data-v-b831c05f><!--[--><!--]--><!--[--><span tabindex="-1" data-v-9178e81a></span><a href="#VPContent" class="VPSkipLink visually-hidden" data-v-9178e81a>Skip to content</a><!--]--><!----><header class="VPNav" data-v-b831c05f data-v-2222ab16><div class="VPNavBar" data-v-2222ab16 data-v-3a1adb31><div class="wrapper" data-v-3a1adb31><div class="container" data-v-3a1adb31><div class="title" data-v-3a1adb31><div class="VPNavBarTitle has-sidebar" data-v-3a1adb31 data-v-7c1b0e18><a class="title" href="/" data-v-7c1b0e18><!--[--><!--]--><!--[--><img class="VPImage logo" src="/logo.svg" alt data-v-84be65fe><!--]--><span data-v-7c1b0e18>Foldergram</span><!--[--><!--]--></a></div></div><div class="content" data-v-3a1adb31><div class="content-body" data-v-3a1adb31><!--[--><!--]--><div class="VPNavBarSearch search" data-v-3a1adb31><!--[--><!----><div id="local-search"><button type="button" class="DocSearch DocSearch-Button" aria-label="Search"><span class="DocSearch-Button-Container"><span class="vp-icon DocSearch-Search-Icon"></span><span class="DocSearch-Button-Placeholder">Search</span></span><span class="DocSearch-Button-Keys"><kbd class="DocSearch-Button-Key"></kbd><kbd class="DocSearch-Button-Key">K</kbd></span></button></div><!--]--></div><nav aria-labelledby="main-nav-aria-label" class="VPNavBarMenu menu" data-v-3a1adb31 data-v-b187e594><span id="main-nav-aria-label" class="visually-hidden" data-v-b187e594> Main Navigation </span><!--[--><!--[--><a class="VPLink link VPNavBarMenuLink" href="/quick-start" tabindex="0" data-v-b187e594 data-v-4599aa41><!--[--><span data-v-4599aa41>Quick Start</span><!--]--></a><!--]--><!--[--><a class="VPLink link VPNavBarMenuLink" href="/installation" tabindex="0" data-v-b187e594 data-v-4599aa41><!--[--><span data-v-4599aa41>Installation</span><!--]--></a><!--]--><!--[--><a class="VPLink link VPNavBarMenuLink" href="/configuration" tabindex="0" data-v-b187e594 data-v-4599aa41><!--[--><span data-v-4599aa41>Configuration</span><!--]--></a><!--]--><!--[--><a class="VPLink link VPNavBarMenuLink" href="/how-it-works" tabindex="0" data-v-b187e594 data-v-4599aa41><!--[--><span data-v-4599aa41>How It Works</span><!--]--></a><!--]--><!--[--><a class="VPLink link VPNavBarMenuLink" href="/api" tabindex="0" data-v-b187e594 data-v-4599aa41><!--[--><span data-v-4599aa41>API</span><!--]--></a><!--]--><!--[--><a class="VPLink link VPNavBarMenuLink active" href="/security" tabindex="0" data-v-b187e594 data-v-4599aa41><!--[--><span data-v-4599aa41>Security</span><!--]--></a><!--]--><!--[--><a class="VPLink link vp-external-link-icon VPNavBarMenuLink" href="https://foldergram.intentdeep.com/" target="_blank" rel="noreferrer" tabindex="0" data-v-b187e594 data-v-4599aa41><!--[--><span data-v-4599aa41>Demo</span><!--]--></a><!--]--><!--]--></nav><!----><div class="VPNavBarAppearance appearance" data-v-3a1adb31 data-v-df187b99><button class="VPSwitch VPSwitchAppearance" type="button" role="switch" title aria-checked="false" data-v-df187b99 data-v-8e7bc7a0 data-v-dc0f6ec6><span class="check" data-v-dc0f6ec6><span class="icon" data-v-dc0f6ec6><!--[--><span class="vpi-sun sun" data-v-8e7bc7a0></span><span class="vpi-moon moon" data-v-8e7bc7a0></span><!--]--></span></span></button></div><div class="VPSocialLinks VPNavBarSocialLinks social-links" data-v-3a1adb31 data-v-ed584c66 data-v-2b546b40><!--[--><a class="VPSocialLink no-icon" href="https://github.com/foldergram/foldergram" aria-label="github" target="_blank" rel="noopener" data-v-2b546b40 data-v-9ca19b6a><span class="vpi-social-github"></span></a><!--]--></div><div class="VPFlyout VPNavBarExtra extra" data-v-3a1adb31 data-v-7fd1485d data-v-5d90fd5a><button type="button" class="button" aria-haspopup="true" aria-expanded="false" aria-label="extra navigation" data-v-5d90fd5a><span class="vpi-more-horizontal icon" data-v-5d90fd5a></span></button><div class="menu" data-v-5d90fd5a><div class="VPMenu" data-v-5d90fd5a data-v-565e72ed><!----><!--[--><!--[--><!----><div class="group" data-v-7fd1485d><div class="item appearance" data-v-7fd1485d><p class="label" data-v-7fd1485d>Appearance</p><div class="appearance-action" data-v-7fd1485d><button class="VPSwitch VPSwitchAppearance" type="button" role="switch" title aria-checked="false" data-v-7fd1485d data-v-8e7bc7a0 data-v-dc0f6ec6><span class="check" data-v-dc0f6ec6><span class="icon" data-v-dc0f6ec6><!--[--><span class="vpi-sun sun" data-v-8e7bc7a0></span><span class="vpi-moon moon" data-v-8e7bc7a0></span><!--]--></span></span></button></div></div></div><div class="group" data-v-7fd1485d><div class="item social-links" data-v-7fd1485d><div class="VPSocialLinks social-links-list" data-v-7fd1485d data-v-2b546b40><!--[--><a class="VPSocialLink no-icon" href="https://github.com/foldergram/foldergram" aria-label="github" target="_blank" rel="noopener" data-v-2b546b40 data-v-9ca19b6a><span class="vpi-social-github"></span></a><!--]--></div></div></div><!--]--><!--]--></div></div></div><!--[--><!--]--><button type="button" class="VPNavBarHamburger hamburger" aria-label="mobile navigation" aria-expanded="false" aria-controls="VPNavScreen" data-v-3a1adb31 data-v-7b1e48c5><span class="container" data-v-7b1e48c5><span class="top" data-v-7b1e48c5></span><span class="middle" data-v-7b1e48c5></span><span class="bottom" data-v-7b1e48c5></span></span></button></div></div></div></div><div class="divider" data-v-3a1adb31><div class="divider-line" data-v-3a1adb31></div></div></div><!----></header><div class="VPLocalNav has-sidebar empty" data-v-b831c05f data-v-a3b82d7b><div class="container" data-v-a3b82d7b><button class="menu" aria-expanded="false" aria-controls="VPSidebarNav" data-v-a3b82d7b><span class="vpi-align-left menu-icon" data-v-a3b82d7b></span><span class="menu-text" data-v-a3b82d7b>Menu</span></button><div class="VPLocalNavOutlineDropdown" style="--vp-vh:0px;" data-v-a3b82d7b data-v-84597ab5><button data-v-84597ab5>Return to top</button><!----></div></div></div><aside class="VPSidebar" data-v-b831c05f data-v-e0bd508c><div class="curtain" data-v-e0bd508c></div><nav class="nav" id="VPSidebarNav" aria-labelledby="sidebar-aria-label" tabindex="-1" data-v-e0bd508c><span class="visually-hidden" id="sidebar-aria-label" data-v-e0bd508c> Sidebar Navigation </span><!--[--><!--]--><!--[--><div class="no-transition group" data-v-aef8ce5e><section class="VPSidebarItem level-0" data-v-aef8ce5e data-v-44dbf5ab><div class="item" role="button" tabindex="0" data-v-44dbf5ab><div class="indicator" data-v-44dbf5ab></div><h2 class="text" data-v-44dbf5ab>Guide</h2><!----></div><div class="items" data-v-44dbf5ab><!--[--><div class="VPSidebarItem level-1 is-link" data-v-44dbf5ab data-v-44dbf5ab><div class="item" data-v-44dbf5ab><div class="indicator" data-v-44dbf5ab></div><a class="VPLink link link" href="/quick-start" data-v-44dbf5ab><!--[--><p class="text" data-v-44dbf5ab>Quick Start</p><!--]--></a><!----></div><!----></div><div class="VPSidebarItem level-1 is-link" data-v-44dbf5ab data-v-44dbf5ab><div class="item" data-v-44dbf5ab><div class="indicator" data-v-44dbf5ab></div><a class="VPLink link link" href="/installation" data-v-44dbf5ab><!--[--><p class="text" data-v-44dbf5ab>Installation</p><!--]--></a><!----></div><!----></div><div class="VPSidebarItem level-1 is-link" data-v-44dbf5ab data-v-44dbf5ab><div class="item" data-v-44dbf5ab><div class="indicator" data-v-44dbf5ab></div><a class="VPLink link link" href="/configuration" data-v-44dbf5ab><!--[--><p class="text" data-v-44dbf5ab>Configuration</p><!--]--></a><!----></div><!----></div><!--]--></div></section></div><div class="no-transition group" data-v-aef8ce5e><section class="VPSidebarItem level-0 has-active" data-v-aef8ce5e data-v-44dbf5ab><div class="item" role="button" tabindex="0" data-v-44dbf5ab><div class="indicator" data-v-44dbf5ab></div><h2 class="text" data-v-44dbf5ab>Product</h2><!----></div><div class="items" data-v-44dbf5ab><!--[--><div class="VPSidebarItem level-1 is-link" data-v-44dbf5ab data-v-44dbf5ab><div class="item" data-v-44dbf5ab><div class="indicator" data-v-44dbf5ab></div><a class="VPLink link link" href="/how-it-works" data-v-44dbf5ab><!--[--><p class="text" data-v-44dbf5ab>How It Works</p><!--]--></a><!----></div><!----></div><div class="VPSidebarItem level-1 is-link" data-v-44dbf5ab data-v-44dbf5ab><div class="item" data-v-44dbf5ab><div class="indicator" data-v-44dbf5ab></div><a class="VPLink link link" href="/features" data-v-44dbf5ab><!--[--><p class="text" data-v-44dbf5ab>Features</p><!--]--></a><!----></div><!----></div><div class="VPSidebarItem level-1 is-link" data-v-44dbf5ab data-v-44dbf5ab><div class="item" data-v-44dbf5ab><div class="indicator" data-v-44dbf5ab></div><a class="VPLink link link" href="/media-processing" data-v-44dbf5ab><!--[--><p class="text" data-v-44dbf5ab>Media Processing</p><!--]--></a><!----></div><!----></div><div class="VPSidebarItem level-1 is-link" data-v-44dbf5ab data-v-44dbf5ab><div class="item" data-v-44dbf5ab><div class="indicator" data-v-44dbf5ab></div><a class="VPLink link link" href="/security" data-v-44dbf5ab><!--[--><p class="text" data-v-44dbf5ab>Security</p><!--]--></a><!----></div><!----></div><!--]--></div></section></div><div class="no-transition group" data-v-aef8ce5e><section class="VPSidebarItem level-0" data-v-aef8ce5e data-v-44dbf5ab><div class="item" role="button" tabindex="0" data-v-44dbf5ab><div class="indicator" data-v-44dbf5ab></div><h2 class="text" data-v-44dbf5ab>Reference</h2><!----></div><div class="items" data-v-44dbf5ab><!--[--><div class="VPSidebarItem level-1 is-link" data-v-44dbf5ab data-v-44dbf5ab><div class="item" data-v-44dbf5ab><div class="indicator" data-v-44dbf5ab></div><a class="VPLink link link" href="/api" data-v-44dbf5ab><!--[--><p class="text" data-v-44dbf5ab>API</p><!--]--></a><!----></div><!----></div><div class="VPSidebarItem level-1 is-link" data-v-44dbf5ab data-v-44dbf5ab><div class="item" data-v-44dbf5ab><div class="indicator" data-v-44dbf5ab></div><a class="VPLink link link" href="/development" data-v-44dbf5ab><!--[--><p class="text" data-v-44dbf5ab>Development</p><!--]--></a><!----></div><!----></div><div class="VPSidebarItem level-1 is-link" data-v-44dbf5ab data-v-44dbf5ab><div class="item" data-v-44dbf5ab><div class="indicator" data-v-44dbf5ab></div><a class="VPLink link link" href="/troubleshooting" data-v-44dbf5ab><!--[--><p class="text" data-v-44dbf5ab>Troubleshooting</p><!--]--></a><!----></div><!----></div><div class="VPSidebarItem level-1 is-link" data-v-44dbf5ab data-v-44dbf5ab><div class="item" data-v-44dbf5ab><div class="indicator" data-v-44dbf5ab></div><a class="VPLink link link" href="/faq" data-v-44dbf5ab><!--[--><p class="text" data-v-44dbf5ab>FAQ</p><!--]--></a><!----></div><!----></div><!--]--></div></section></div><!--]--><!--[--><!--]--></nav></aside><div class="VPContent has-sidebar" id="VPContent" data-v-b831c05f data-v-bf3f1372><div class="VPDoc has-sidebar has-aside" data-v-bf3f1372 data-v-7c2da6bf><!--[--><!--]--><div class="container" data-v-7c2da6bf><div class="aside" data-v-7c2da6bf><div class="aside-curtain" data-v-7c2da6bf></div><div class="aside-container" data-v-7c2da6bf><div class="aside-content" data-v-7c2da6bf><div class="VPDocAside" data-v-7c2da6bf data-v-c3c6bcbc><!--[--><!--]--><!--[--><!--]--><nav aria-labelledby="doc-outline-aria-label" class="VPDocAsideOutline" data-v-c3c6bcbc data-v-16b74dc6><div class="content" data-v-16b74dc6><div class="outline-marker" data-v-16b74dc6></div><div aria-level="2" class="outline-title" id="doc-outline-aria-label" role="heading" data-v-16b74dc6>On this page</div><ul class="VPDocOutlineItem root" data-v-16b74dc6 data-v-8c1c05d6><!--[--><!--]--></ul></div></nav><!--[--><!--]--><div class="spacer" data-v-c3c6bcbc></div><!--[--><!--]--><!----><!--[--><!--]--><!--[--><!--]--></div></div></div></div><div class="content" data-v-7c2da6bf><div class="content-container" data-v-7c2da6bf><!--[--><!--]--><main class="main" data-v-7c2da6bf><div style="position:relative;" class="vp-doc _security" data-v-7c2da6bf><div><h1 id="security" tabindex="-1">Security <a class="header-anchor" href="#security" aria-label="Permalink to "Security""></a></h1><p>Foldergram is built for local-only and self-hosted browsing. Its security model is intentionally narrow even though it now supports an optional admin/viewer/public access gate for homelab and LAN use.</p><h2 id="what-foldergram-assumes" tabindex="-1">What Foldergram assumes <a class="header-anchor" href="#what-foldergram-assumes" aria-label="Permalink to "What Foldergram assumes""></a></h2><ul><li>you run it on your own machine or behind a trusted local-network or reverse-proxy setup</li><li>the app is not exposed directly to the public internet without additional protection</li><li>the built-in auth story is a small role-based password gate, not a multi-user account system</li></ul><h2 id="password-protection" tabindex="-1">Password protection <a class="header-anchor" href="#password-protection" aria-label="Permalink to "Password protection""></a></h2><p>Foldergram can optionally protect the library from the Settings page with:</p><ul><li>an <code>admin</code> password for full access</li><li>an optional separate <code>viewer</code> password for browse-only access</li><li>an optional <code>public</code> viewer mode for anonymous browsing with local favorites</li></ul><p>When enabled:</p><ul><li>Foldergram stores one-way password hashes, salts, and session metadata in SQLite <code>app_settings</code></li><li>the browser unlocks access with a signed <code>HttpOnly</code> session cookie</li><li>the session payload carries the current role (<code>admin</code> or <code>viewer</code>)</li><li><code>/api</code> routes require that session, except for <code>GET /api/health</code>, <code>GET /api/auth/status</code>, <code>POST /api/auth/login</code>, <code>POST /api/auth/unlock-admin</code>, and <code>POST /api/auth/logout</code></li><li>generated media under <code>/thumbnails</code> and <code>/previews</code> also require that session unless public viewer mode is enabled</li><li>in <code>viewer_access_mode=public</code>, safe read routes and generated media can be browsed anonymously</li><li>anonymous public favorites stay in the browser and never write into SQLite likes</li><li>authenticated API and media responses are marked <code>Cache-Control: no-store</code> and <code>Vary: Cookie</code></li><li>the production service worker skips caching protected thumbnail and preview responses</li><li>admin-only routes reject <code>viewer</code> and <code>anonymous</code> sessions with <code>403</code> or <code>401</code> depending on auth state</li></ul><p>Changing either stored password or the viewer-access mode rotates the session version, which invalidates older sessions. Disabling password protection clears the stored auth settings.</p><h2 id="mutation-protection" tabindex="-1">Mutation protection <a class="header-anchor" href="#mutation-protection" aria-label="Permalink to "Mutation protection""></a></h2><p>All mutating API routes pass through <code>requireTrustedMutationRequest</code>.</p><p>That middleware does two things:</p><ol><li>Requires <code>x-foldergram-intent: 1</code></li><li>Rejects non-loopback <code>Origin</code> or <code>Referer</code> values when those headers are present</li></ol><p>Allowed hostnames are:</p><ul><li><code>localhost</code></li><li><code>127.0.0.1</code></li><li><code>::1</code></li></ul><p>Allowed ports are:</p><ul><li><code>DEV_SERVER_PORT</code> and the reserved <code>DEV_CLIENT_PORT</code> through <code>DEV_CLIENT_PORT + 3</code> range in development or test</li><li><code>SERVER_PORT</code> in production, with loopback origins or the exact host that served the app accepted for browser mutations</li><li>explicit extra origins can be allowed through <code>CSRF_TRUSTED_ORIGINS</code></li></ul><h2 id="what-this-protects-against" tabindex="-1">What this protects against <a class="header-anchor" href="#what-this-protects-against" aria-label="Permalink to "What this protects against""></a></h2><p>With password protection enabled, this design helps reduce opportunistic browsing of the library from other machines on the same network.</p><p>Separately, the mutation checks help reduce accidental or cross-site browser-triggered mutations from untrusted origins.</p><p>It is especially relevant for:</p><ul><li>feed and folder reads when password protection is enabled</li><li>generated thumbnails and previews when password protection is enabled and public mode is off</li><li>delete actions</li><li>like toggles</li><li>manual rescans</li><li>rebuild operations</li><li>Settings-only auth changes</li></ul><h2 id="path-confinement" tabindex="-1">Path confinement <a class="header-anchor" href="#path-confinement" aria-label="Permalink to "Path confinement""></a></h2><p>Foldergram does not serve arbitrary filesystem paths from the client.</p><h3 id="original-file-serving" tabindex="-1">Original-file serving <a class="header-anchor" href="#original-file-serving" aria-label="Permalink to "Original-file serving""></a></h3><p><code>GET /api/originals/:id</code>:</p><ul><li>looks up the post by numeric ID</li><li>resolves the stored absolute path</li><li>confirms that path is still within <code>GALLERY_ROOT</code></li><li>confirms the file still exists</li></ul><h3 id="delete-actions" tabindex="-1">Delete actions <a class="header-anchor" href="#delete-actions" aria-label="Permalink to "Delete actions""></a></h3><p>Delete flows resolve target files and directories inside configured roots before removing them. If a stored path falls outside the expected root, the operation throws instead of deleting blindly.</p><h2 id="storage-availability-behavior" tabindex="-1">Storage availability behavior <a class="header-anchor" href="#storage-availability-behavior" aria-label="Permalink to "Storage availability behavior""></a></h2><p>On startup, Foldergram checks:</p><ul><li>gallery directory</li><li>thumbnails directory</li><li>previews directory</li><li>database directory</li></ul><p>If the database directory is unavailable, it falls back to an in-memory database. If the gallery or derivative directories are unavailable, the library is marked unavailable and the UI receives explicit storage-state information.</p><p>This is a resilience measure, not a security feature.</p><h2 id="rate-limiting" tabindex="-1">Rate limiting <a class="header-anchor" href="#rate-limiting" aria-label="Permalink to "Rate limiting""></a></h2><p>Foldergram includes small in-memory rate limiters for:</p><ul><li>authentication attempts</li><li>admin mutation routes such as rescan and rebuild operations</li></ul><p>These limiters are process-local and intentionally simple. They are useful for basic abuse reduction, not for hardened distributed deployments.</p><h2 id="important-limitations" tabindex="-1">Important limitations <a class="header-anchor" href="#important-limitations" aria-label="Permalink to "Important limitations""></a></h2><p>Foldergram does <strong>not</strong> currently provide:</p><ul><li>multi-user authentication</li><li>per-user authorization</li><li>TLS termination</li><li>audit logging</li><li>hardened remote deployment defaults</li><li>external identity provider integration</li><li>per-user isolation</li></ul><h2 id="practical-advice" tabindex="-1">Practical advice <a class="header-anchor" href="#practical-advice" aria-label="Permalink to "Practical advice""></a></h2><p>Use Foldergram like a local app:</p><ul><li>use strong, different admin and viewer passwords if you expose it on a homelab or LAN</li><li>remember that public viewer mode exposes the library to anyone who can reach the app</li><li>keep it on loopback unless you know exactly how you are proxying and protecting it</li><li>terminate HTTPS upstream if the app is reachable off-box</li><li>remember that on plain HTTP, both the password and session cookie are visible to anyone who can sniff that local network traffic</li><li>do not assume the password layer and mutation checks are a full internet-facing security boundary</li><li>treat delete actions as destructive and permanent</li></ul><h2 id="a-precise-caveat-about-headers" tabindex="-1">A precise caveat about headers <a class="header-anchor" href="#a-precise-caveat-about-headers" aria-label="Permalink to "A precise caveat about headers""></a></h2><p>If a mutating request omits both <code>Origin</code> and <code>Referer</code>, the middleware still accepts it as long as <code>x-foldergram-intent: 1</code> is present. That is acceptable for the current local-only model, but it is one reason these checks should not be described as a full remote-hardening story.</p><h2 id="what-foldergram-does-not-try-to-be" tabindex="-1">What Foldergram does not try to be <a class="header-anchor" href="#what-foldergram-does-not-try-to-be" aria-label="Permalink to "What Foldergram does not try to be""></a></h2><p>Foldergram is not attempting to be:</p><ul><li>a cloud photo product</li><li>a multi-user NAS portal</li><li>a public media server with account management</li><li>a zero-trust network service</li></ul><p>The implementation is much closer to a private local gallery with a browser UI.</p></div></div></main><footer class="VPDocFooter" data-v-7c2da6bf data-v-fea9e177><!--[--><!--]--><div class="edit-info" data-v-fea9e177><!----><div class="last-updated" data-v-fea9e177><p class="VPLastUpdated" data-v-fea9e177 data-v-61bce6e2>Last updated: <time datetime="2026-03-28T17:40:54.000Z" data-v-61bce6e2></time></p></div></div><nav class="prev-next" aria-labelledby="doc-footer-aria-label" data-v-fea9e177><span class="visually-hidden" id="doc-footer-aria-label" data-v-fea9e177>Pager</span><div class="pager" data-v-fea9e177><a class="VPLink link pager-link prev" href="/media-processing" data-v-fea9e177><!--[--><span class="desc" data-v-fea9e177>Previous page</span><span class="title" data-v-fea9e177>Media Processing</span><!--]--></a></div><div class="pager" data-v-fea9e177><a class="VPLink link pager-link next" href="/api" data-v-fea9e177><!--[--><span class="desc" data-v-fea9e177>Next page</span><span class="title" data-v-fea9e177>API</span><!--]--></a></div></nav></footer><!--[--><!--]--></div></div></div><!--[--><!--]--></div></div><footer class="VPFooter has-sidebar" data-v-b831c05f data-v-9f6e1f5c><div class="container" data-v-9f6e1f5c><p class="message" data-v-9f6e1f5c>Released under the AGPL-3.0 License.</p><p class="copyright" data-v-9f6e1f5c>Copyright © 2026 Sajjad Ali</p></div></footer><!--[--><!--]--></div></div>
<script>window.__VP_HASH_MAP__=JSON.parse("{\"api.md\":\"Dq0npsCa\",\"configuration.md\":\"BsBeukw7\",\"development.md\":\"C4QAiDqM\",\"faq.md\":\"BhPUjBTn\",\"features.md\":\"C4hW69V4\",\"how-it-works.md\":\"CLbxPRcv\",\"index.md\":\"CCJ_uVDf\",\"installation.md\":\"BJPcu2wc\",\"media-processing.md\":\"BZnAue5X\",\"quick-start.md\":\"Bi2ZqhxJ\",\"security.md\":\"BwkL2X-x\",\"troubleshooting.md\":\"c84mph4l\"}");window.__VP_SITE_DATA__=JSON.parse("{\"lang\":\"en-US\",\"dir\":\"ltr\",\"title\":\"Foldergram\",\"description\":\"Documentation for Foldergram, the local-first photo and video gallery.\",\"base\":\"/\",\"head\":[],\"router\":{\"prefetchLinks\":true},\"appearance\":true,\"themeConfig\":{\"logo\":\"/logo.svg\",\"siteTitle\":\"Foldergram\",\"search\":{\"provider\":\"local\"},\"nav\":[{\"text\":\"Quick Start\",\"link\":\"/quick-start\"},{\"text\":\"Installation\",\"link\":\"/installation\"},{\"text\":\"Configuration\",\"link\":\"/configuration\"},{\"text\":\"How It Works\",\"link\":\"/how-it-works\"},{\"text\":\"API\",\"link\":\"/api\"},{\"text\":\"Security\",\"link\":\"/security\"},{\"text\":\"Demo\",\"link\":\"https://foldergram.intentdeep.com/\"}],\"socialLinks\":[{\"icon\":\"github\",\"link\":\"https://github.com/foldergram/foldergram\"}],\"sidebar\":[{\"text\":\"Guide\",\"items\":[{\"text\":\"Quick Start\",\"link\":\"/quick-start\"},{\"text\":\"Installation\",\"link\":\"/installation\"},{\"text\":\"Configuration\",\"link\":\"/configuration\"}]},{\"text\":\"Product\",\"items\":[{\"text\":\"How It Works\",\"link\":\"/how-it-works\"},{\"text\":\"Features\",\"link\":\"/features\"},{\"text\":\"Media Processing\",\"link\":\"/media-processing\"},{\"text\":\"Security\",\"link\":\"/security\"}]},{\"text\":\"Reference\",\"items\":[{\"text\":\"API\",\"link\":\"/api\"},{\"text\":\"Development\",\"link\":\"/development\"},{\"text\":\"Troubleshooting\",\"link\":\"/troubleshooting\"},{\"text\":\"FAQ\",\"link\":\"/faq\"}]}],\"outline\":{\"level\":[2,3],\"label\":\"On this page\"},\"footer\":{\"message\":\"Released under the AGPL-3.0 License.\",\"copyright\":\"Copyright © 2026 Sajjad Ali\"}},\"locales\":{},\"scrollOffset\":134,\"cleanUrls\":true}");</script>
</body>
</html>