search

marius-wieschollek / passwords

A simple, yet feature rich password manager for Nextcloud
GNU Affero General Public License v3.0
215 stars 45 forks source link

503 Unavailable because of massive useless asynchroneous requests #336

Closed bertrand-benoit closed 2 years ago

bertrand-benoit commented 3 years ago

System Information

Server:

{
    "version": {
        "server": "20.0.5.2",
        "app": "2021.1.2",
        "php": "7.4.5"
    },
    "environment": {
        "os": "Linux",
        "architecture": "x86_64",
        "bits": 64,
        "database": "mysql",
        "cron": "cron",
        "proxy": false,
        "sslProxy": false,
        "subdirectory": false
    },
    "legacyApi": {
        "enabled": 2,
        "used": false
    },
    "services": {
        "images": "imagick",
        "favicons": "default",
        "previews": "default",
        "security": "hibp",
        "words": "wo4snakes",
        "previewApi": false,
        "faviconApi": false
    },
    "settings": {
        "channel": "stable",
        "nightlies": false,
        "handbook": false,
        "performance": 5
    },
    "encryption": {
        "sse": {
            "SSEv1r1": true,
            "SSEv1r2": true,
            "SSEv2r1": false,
            "none": false,
            "default": "SSEv1r2"
        },
        "cse": {
            "CSEv1r1": false,
            "none": true,
            "default": "none"
        }
    }
}

Hosted on [Gandi](https://www.gandi.net/en)

Client:

 Browser and Version: Mozilla Firefox 84.0.2 (64-bit)
 Client OS and Version: Ubuntu 20.04.1 LTS - 5.8.0-40-generic

Steps to reproduce

  1. Open Passwords tab under Nextcloud
  2. Perform a search matching onlly one password
  3. HundredS (I guess one for each password) of asynchroneous requests are executed to URL like: https://cloud.bertrand-benoit.net/index.php/apps/passwords/api/1.0/service/favicon/XXX despite 'Favicon Service' is set to None, and 'Website Preview Service' is set to None too

Expected result

Almost immediat answer for only one password on about 500.

Actual result

Server 100% down (503 unavailable) because of too much simultaneous requests (the server has limited PHP fpm which are quickly reached).

Nextcloud log

Nextcloud log ``` - Open the Nextcloud admin settings - Open the "Log" section - Click the "Copy" icon, then Copy Raw ```

Browser log

Browser log ``` [...] Hundreds of 503 error ... Failed sending heartbeat, got: 503 UserStatus.vue:161 Slowing down notifications: instance is in maintenance mode. [...] ```
marius-wieschollek commented 3 years ago

TI think the handbook offers a solution for this.

bertrand-benoit commented 3 years ago

Thanks for your answer, even with a performance value of 1, the issue is the same.

Anyway, because I disabled favicon, why the application is fetching icon for each password? I do not want this feature, I just want it to answer my search (there is no need to list everything, or to fetch any icon). How can I fully disable the favicon feature?

bertrand-benoit commented 3 years ago

Please, How can I fully disable the favicon feature?

marius-wieschollek commented 3 years ago

There really isn't a way to disable this. Setting the service to none just means that the api always responds with the default image.

You can check the following (counter intuitive) method. Set the performance level to 0. Then open the developer tools of Firefox and enable the option "Disable Cache" in the Network tab. Then check the passwords app and see if now only one icon is fetched at a time.

bertrand-benoit commented 3 years ago

Ok many thanks, I'll try this very soon.

Anyway, please, could you consider adding on option allowing to 100% disable this favicon feature please? I think it may be a quick win update, and believe on some server (like Gandi, with limited PHP fpm), it would be a drastically performance improvement.