Server: One-time download links

First of all.

It is not so simple. Because a link is accessed via webdav as well. So just opening the link is already the first access. Then downloading it is the second access. Or if they navigate in the structure it is all access. Or what hapens when they have a client that previews the page or something? It is all access.

Make sure the recipient and ONLY the recipient can download: sent link, check if person downloaded, link has disappeared already. Safe!

This is really a bogus argument. Because there are only 2 scenarios here:

1. The recipient shared the link with somebody. Which means they intend to have the file. If the download link would only work once they would just share it via other means.
2. You are afraid somebody guesses you share token. However, I would say if somebody has the time to guess a few septillion share tokens they can also just guess your password.

Thought about that some time ago...

You are running into several problems here:

1. Check if the user downloading the file is really the user you sent the link to.
   This would need some kind of authentication (e.g. pgp key validation)

2. You need to be sure the whole file got downloaded and no error occured on client side or the user gets locked out and you would have to re-submit the link. (Timeout, poor connection, browser crash)
   Dunno if this would be possible with javascript to look at every aspect of file transfer
   I remember mega(dot)nz does some kind of browser file caching, maybe hashing is possible to verify file integrity there

Have a look at how Firefox Send works maybe? Open source. Would be great to see this feature!

Well, the use case I think is clear: you create a public link and want it to go away once the recipient has downloaded the file, without having to go and check up with that person.

Some thoughts:

• We show an Activities thing when a file is downloaded. This doesn't trigger on preview generation does it? Perhaps the same thing that triggers the Activity can trigger the removal of the shared link.
• a grace period makes sense in case a download went wrong. So once download is initiated, give it 10 minutes at least (and until the next Cron run, hehe).

I personally frequently share files by public link for a one-time use case: a screenshot you want to show and other stuff. Automatic cleanup of those links would be nice...

Someone mentioned Firefox Send as offering one-time download links. There are also some other open source projects to look at with this feature. Examples:

• Lufi: https://framagit.org/fiat-tux/hat-softwares/lufi
• Jirafeau: https://gitlab.com/mojo42/Jirafeau

This feature and the simpler feature requested in #17934 would be useful and I'd like to see them both. Currently it is not even clear when expiration actually happens, i.e. is it 00:00 UTC? 00:00 in the user's local time zone when setting the expiration? Some other arbitrary time?

My context for this is that we use shared links to communicate initial passwords to users. We'd like these to die when they are no longer needed but no sooner. That is obviously not determinable programmatically, so at least knowing precisely when a link expires (with a fixed time or after a certain number of accesses or something more complex but deterministic) would help.

I would be interested in such functionality. For me it would be enough to drop the guarantee that the client has actually received the data: as soon as the server has sent the data, it should be considered to have been downloaded and the data should be removed after 1 or N downloads. If the client didn't get it: tough luck, wait for a complaint and resend. I think that this would make it less difficult to implement.

I vote for that feature too.
In mission impossible style it would be like: this nextcloud share will self destruct after one download :)

Just adding my two cents to this. I think this feature is severely needed.
Currently running a nextcloud for my team to quickly send files around while send.firefox.com is down and this would solve my issue now.

Agree, this is a very useful feature, to say the least.

Same here would be interested

Would be nice to share Passwords and Certificates

Maybe, an expiration period after the first download? a default of 24 hours seems reasonable I think to cover errors during download and gives the users some time to retry.