Overhaul tracker keys in torrents

[josecelano]

Relates to: #412 (comment)

I've been recently working on this issue.

When you download a torrent the index always includes the user's tracker key if the user is logged in (logged-in user means the user sends the authentication bearer token).

{
   "announce": "udp://tracker.torrust-demo.com:6969/k24qT2KgWFh9d5e1iHSJ9kOwfK45fH4V",
   "announce-list": [
      [
         "udp://tracker.torrust-demo.com:6969/k24qT2KgWFh9d5e1iHSJ9kOwfK45fH4V"
      ],
      [
         "udp://tracker.torrust-demo.com:6969"
      ]
   ],
   "comment": "Torrust logo",
   "created by": "qBittorrent v4.6.2",
   "creation date": 1702605531,
   "info": {
      "length": 7059,
      "name": "logo.avif",
      "piece length": 16384,
      "pieces": "<hex>DD DD 58 BD B0 E3 AC 5F 28 5B CF F5 AC E8 29 13 59 8C 10 95</hex>",
      "private": 1
   }
}

Notice the tracker key k24qT2KgWFh9d5e1iHSJ9kOwfK45fH4V in the announce URL.

The current button to download the torrent is

You can see it on the live demo.

This happens regardless of which mode the tracker is running in. In the live demo, the tracker is running in Public mode.

I think that should not be the case. We should not include the key when the tracker is not running in Private mode. It should only include the key when the tracker is running in Private or PrivateListed.

@da2ce7 suggested this implementation.

Happy path

• 1 Tracker running in Private or PrivateListed mode:
  • 1.1 Guest
    • We should never include any tracker key
  • 1.2 Authenticated user
    • We should include the user's tracker key
    • We should change the download torrent button label from download torrent to download private torrent.
• 2 Tracker running in Public or Listed mode:
  • We should never include any tracker key

Corner case: Index can't get the user's tracker key

The tracker could be temporarily unavailable or the Inde could have the wrong configuration (for example wrong tracker API token).

We only need the key for case 1.2, if we cannot generate a valid user key we could:

• Show somewhere in the torrent details or list page a message like "tracker unavailable". Whenever you can download a torrent file.
• Disable the download link.
• The Index API should fail (returning a non-200 response, maybe 503 Service Unavailable) when you try to download a private torrent but it can be generated with the right tracker key.

@da2ce7 was that your proposal?

cc @WarmBeer @mario-nt @grmbyrn @clean-master

[josecelano]

It seems there is also a bug reported here.

Not sure if this is happening to anyone else, but it seems like the current backend still serves a download link with no personal tracker link if the backend isn't able to retrieve a valid one. This is an issue since once the tracker token expires the user usually has to log out and back in to refresh it.

[josecelano]

Now, the live demo (with a public tracker) returns the right tracker URLs without keys.

https://index.torrust-demo.com/torrents?search=logo&sorting=UploadedDesc&pageSize=50&page=1&layout=default

{
   "announce": "udp://tracker.torrust-demo.com:6969",
   "announce-list": [
      [
         "udp://tracker.torrust-demo.com:6969"
      ]
   ],
   "comment": "Torrust logo",
   "created by": "qBittorrent v4.6.2",
   "creation date": 1702605531,
   "info": {
      "length": 7059,
      "name": "logo.avif",
      "piece length": 16384,
      "pieces": "<hex>DD DD 58 BD B0 E3 AC 5F 28 5B CF F5 AC E8 29 13 59 8C 10 95</hex>",
      "private": 1
   }
}

Fixed via torrust/torrust-index#488