The webapp is a web server that displays a shiny interface.

## security

* Listen only to localhost. **done**
* Instruct the user's web browser to open an url that contains a secret
  token. This guards against other users on the same system. **done**
  (I would like to avoid passwords or other authentication methods,
  it's your local system.)
* Alternative for Linux at least would be to write a small program using
  GTK+ Webkit, that runs the webapp, and can know what user ran it, avoiding
  needing authentication.

## interface

* list of files uploading and downloading
* progress bars for each file
* drag and drop to reorder
* cancel and pause
* keep it usable w/o javascript, and accessible to blind, etc

## other features

* there could be a UI to export a file, which would make it be served up
  over http by the web app
* Display any relevant warning messages. One is the `inotify max_user_watches`
  exceeded message.

## implementation

* use `addStaticContent` to make /favicon.ico work. Return `Right (route, query)`
  and I think the route can be `favicon_ico`.
* perhaps define a custom `errorHandler`, which could avoid the potential
  of leaking auth tokens on error pages
* possibly lose the ugly auth= token past the first page,
  and use a client-side session. It could be encrypted using the token
  as the `encryptKey`. Note: Would need to set the session duration
  to infinite (how?)
* look up "server-sent events" sent using `sendWaiResponse`