Allow logging on all downloads

[aengelberg]

Context

I use filebrowser mostly as a personal server from which I share files with my friends, who access the files through links I've created via the "Share" feature.

My problem

The share links are public, so if a link I share gets into the wrong hands, I could either leak a sensitive file to an unexpected destination, or more realistically, my server might accrue high network costs due to someone abusing the download endpoint. In either case, I need to figure out who is abusing the server, and via which share link, so I can delete it and share a new link.

Proposed solution

Add an option to the filebrowser.json configuration that enables logging on all public downloads, which would include any time someone downloads a file to their hard drive, or loads a preview of an image or audio file in the browser. Each log would contain a timestamp, the filename in question, the share link that was used to access the file, the user (if they are logged in), the caller's ip address, and maybe the user-agent of the caller. If an archive of multiple files was downloaded, the server could emit one log per file included, or one log line with all the filenames comma-separated.

Alternative solution

Add "Download" as a new event type to the Command Runner. When a download happens, the specified command will be run with the environment variables $FILE, $USERNAME, $IP_ADDR, $INVITE_LINK, $USER_AGENT.

[wooriele]

I'm facing the same issue. Hope someone can fix it.

[fozzedout]

At the very least, a count per shared link would give some sort of indication of potential issues with things getting out of hand

[letshin]

Has there been any movement on this issue?

[sebcourant]

#2534 and #2690 also asking about this.

I wish someone would pick this up

[sbocquet]

+1

[a-v-kalabuhov]

+1