Hubs-Foundation / hubs-cloud

Resources for self hosted Hubs Cloud instances
Mozilla Public License 2.0
156 stars 99 forks source link

Un-pinned stored files are not removed after the custom TTL is exceed #174

Open Softvision-GeluHaiduc opened 3 years ago

Softvision-GeluHaiduc commented 3 years ago

[Affected Versions]:

[Affected Platforms]:

[Prerequisites]:

[Steps to reproduce]:

  1. Click the "Server Settings" list item from the left side menu in the "Setup" section.
  2. Click the "Content" tab on the page.
  3. Input a valid entry, 10, in the "Storage TTL" field and save the changes.
  4. Go create a room and upload a file to the room. (e.g. drag and drop an image into the room)
  5. Hover the object press the spacebar and click the "open link" button.
  6. Wait for the storage TTL time to expire and observe/reload the page of the object.

[Expected results]:

[Actual results]:

[Notes]:

┆Issue is synchronized with this Jira Task

johnshaughnessy commented 3 years ago

I do not think this needs to block the release because I think I gave you an incorrect test case for ttl.

Files are not removed immediately after their ttl expires. They are only "vacuum"ed once a day:

https://github.com/mozilla/reticulum/blob/42775acec0ac3de4e5c8b50e27610ce5a4e6e0ec/config/prod.exs#L122

Their ttl is checked during this vacuum job to determine whether or not they should be removed. Importantly, their ttl only expires if the file has not been accessed at all in the meantime:

https://github.com/mozilla/reticulum/blob/42775acec0ac3de4e5c8b50e27610ce5a4e6e0ec/lib/ret/storage.ex#L173-L186

Two remediation items we can proceed with:

Softvision-GeluHaiduc commented 3 years ago

The test case should instead be: Set the ttl to something short. Upload a file, save the link, close the room and don't access the link for 48 hours (24 hours may not be enough in case you happen to start just before the daily vacuum). After 48 hours pass, try to access the media at the link. It should not be found.

I was in luck, I still had the bookmarks from when I tested it the first time, but more than 48 hours passed, the links from the objects gave an "HTTP ERROR 401". Is this the correct behaviour/error code (401 Unauthorized)?

johnshaughnessy commented 3 years ago

Is this the correct behaviour/error code (401 Unauthorized)?

I think that is correct.

I am not very familiar with this code and am surprised that this would not return a 404 not found. However it seems like 401 is the current intended behavior. Source: https://github.com/mozilla/reticulum/blob/42775acec0ac3de4e5c8b50e27610ce5a4e6e0ec/lib/ret_web/controllers/file_controller.ex#L40-L41 and https://github.com/mozilla/reticulum/blob/42775acec0ac3de4e5c8b50e27610ce5a4e6e0ec/lib/ret/storage.ex#L80-L81

Softvision-GeluHaiduc commented 3 years ago

I will add the [QA]:Normal issue label as this is working with the updated test scenario. I will leave it open as to tracking the possible changes mentioned in the first comment, if this is not necessary we can close it as well