search

chibisafe / chibisafe

Blazing fast file vault written in TypeScript! 🚀
https://chibisafe.app
MIT License
1.64k stars 266 forks source link

When a user deletes a file, don't delete it if it's shared with another user #8

Closed Pitu closed 7 years ago

Pitu commented 7 years ago

Since we don't save the same file twice, if more than one user uploads the same file and one of them deletes it, it shouldn't delete the file from the system if another user also uploaded it.

Need to check if it's the last/only user that has that file on the database and if it is, then delete it. Of course if the admin deletes it, it goes away for everyone.

Aareksio commented 7 years ago

Deleting the files is an interesting topic.

Let's take two users, A and B. A uploads file, it's saved on the disk and added to the database, with userid set to A. Application returns:

{
    name: 'abc',
    ...
}

Now B uploads the same file. As the hash matches file already existing in the database, application returns the same JSON as above, although the database isn't modified in any way - B isn't saved as the owner of the file.

Right now the file is accessible by it's filename (https://github.com/WeebDev/loli-safe/blob/master/lolisafe.js#L25 - btwthis line is broken, config.uploads.folder is ignored, that happens not only in this line).

Assuming you solved the first problem by adding many-to-many relation, there's another problem - the file is saved on the disk once, with one filename (abc). If the user decides to delete it, you need'll to make sure the file is no longer accessible by that name (or else what's the point of deleting the file). Changing the filename is not an option, it would break existing links used by other users.

Good luck :) Can't wait to see the progress.

Pitu commented 7 years ago

After much considering, the solution I came up with is the following:

If you are a registered user and upload a file, that file belongs to you. If another user uploads the exact same file, it will also get uploaded and will be attached to that user. That way each user will get a different link. At the same time, if the user uploads the exact same file again, file will be deleted and API will return the original file link instead.

This also applies to anonymous uploads, if the file was anonymously uploaded before and someone attempts to upload the exact same file, they will get the original link instead. This felt the best way to achieve this without over-complicating the logic behind it.