Need your word for v2.0

[dr-dimitru]

Hello everyone.

Today I would like to ask community to give a right path for Meteor-Files 2.0. Any feature requests, suggestion and ideas is highly appreciated.

Lately this lib gained an attention, thank you to everyone who has a chance to use is. Lots of contributors have made this lib much better.

Now it's time for v2.0, time to move from CoffeeScript to ES6, time to remove all obsolete code.

Here is some of my thoughts and questions to you:

1. As HTTP upload shows itself as faster, stable and more efficient than DDP (WebSockets), should we drop support for DDP? And put more focus on efficient and asynchronous uploads via HTTP? I've been playing with uploads directly from Web Workers - no more UI freezes, 1.5x speed increase, POST uploads from 3rd parties. To find out more about upload transports take a look on this article.
2. Drop dependency from MongoDB. A lot of questions and issues about meta data, additional fields, etc. - This looks like bottleneck, which ties developers hands, and forces to rely on MongoDB, and to create records in strict schema. How about to put all control in hands of developer, and let you to decide where you should store file and how to describe its metadata? On Client you call upload method, and on Server you receive everything you need at afterUpload hook. This one may also help to move this lib to NPM. Another good option is to split this lib into two - one which manages files as collections, and another which handles uploads.
3. Protected files and uploads are also popular topic here. Need to standardise authentication method. Looking forward old friend Authorization header with current Meteor token for uploads. For file requests (download, display, play) it's still unclear. As discussed here we can not rely on cookies as they are not accessible at various circumstances, especially on production with mobile apps. Authentication headers is not under control when you displaying file in HTML. Get query is not safe, HTTPS (SSL) partly solves get query parameters security.
4. Is any of developers uses public files? Like when it served by proxy-server nginx, apache, etc.
5. What API do you prefer/most use?:
   • Callbacks
   • Events
   • Promises
   • Other?

As always main idea to keep this project flexible as possible, by providing thin API to work with files and uploads without overhead.

[s-ol]

@dr-dimitru this looks like a very solid feature list and we are looking forward to see 2.0 already.

1. I didn't really work with these internals of MF, faster and POST sounds great of course, but web worker sound like a potential legacy-support problem case.
2. this sounds very good, we have had to work around some parts of the MF database organization a couple times (bugs with the schema) and would've preferred to embed the meteor files documents at times and couldn't. I think current behaviour, or something similar, should be available as an implementation that users can choose to use or instead configure themselves. I imagine something like a metadataHandler object/interface. You could have a class that accepts constructor arguments like the database name and some of the current 'global' constructor arguments and creates a Mongodb-backend.

This reminds me of something i would like to mention: the current API is rather opaque and inconsistent in naming and parameters. It is workable because the API is documented well enough, but I think structuring the API into different parts would greatly help this: MeteorFiles.Collection(storage, metadata, options), MeteorFiles.StorageBackend and MeteorFiles.MetadataBackend or something like that would make it much easier to grasp and extend in single places by grouping the callbacks and configuration options by purpose and defining clear interfaces.

If 2.0 is going to break backwards compatibility anyway, I would suggest fixing some of the naming issues in the same sweep. For example there is no clear style for callback options in the configuration, there are some names like on(Before/After/Initiate)*, then there are downloadCallback and namingFunction and finally some properties that can be values or functions creating them: protected, interceptDownload... This is very confusing because all of them have different structures; some are called function or callback and obviously should be functions, some are verbs and don't even sound like they should be set by the user (interceptDownload) and some are adjectives and don't sound like they could be scripted.

3. We talked about this in the other issue, I don't think it needs a comment here
4. We don't use public currently because all of our files are controlled with rather strict permission tests (or should be, the authentication issue is relevant here). I think it is still a useful feature. In my proposal above it could very easily be made possible by an alternative StorageBackend implementation that returns a link built according to a user function and saves files at a path supplied like that.

[dr-dimitru]

@s-ol thank you for feedback

Agree about mess with naming through library. This project started more than two yeas ago, when it was less than 200 lines. Both v1.5.0 and v1.6.0 was attempts to rewrite lib from the scratch, but due to backward compatibility all naming was saved. You can participate in reviewing 2.0 once its branch will be pushed.

And thanks for all contributions from your end, during this year.

[Avijobo]

Please add a TypeScript definitions file. This will also make it easier - even for non-TypeScript users - to better understand the structure and usage of the package. Thanks in advance!

[dr-dimitru]

@Avijobo Thank you.
Here is something you can start with: #226

[luixal]

Just found the package (yep, looking to get rid of CFS :P).

As the (extreme) modularity fan I am, I don't see the point in splitting the lib in tow (files VS handling uploads).

I mean: does anyone on Earth need a file collection if his app is not allowing to upload files?

PS: May I understand from issue #51 that cluster is supported? That's the main reason we're moving away from CFS (although we'll set a files microservice in another machine this time). Nop, we don't have any experienced devop in the team :P

[s-ol]

@luixal I'm not sure I understand what you mean:

As the (extreme) modularity fan I am, I don't see the point in splitting the lib in tow (files VS handling uploads).

files vs handling uploads? I don't understand what the 'file' part of that separation would be. What I am proposing is to split between

• Data Storage: where and how the data is written to (local FS, local DB, remote CDN...), where and how to access and link the data (remote URL, stream from file, stream from remote URL...),
• Metadata Storage: where and how the metadata is stored and accessed (seperate Mongo Collection, seperate Mongo Collection w/o versions, embedded Collection, other DB) and I guess
• Data Transfer: how the data is transported from client to server (DDP, WS, HTTP POST...).

Not all of these things need to be strictly seperate, and not all of them need to be very extensible (I didn't suggest to abstract the Data Transfer layer, though it would be possible), but I think especially the two types of storage are important to be patchable conveniently, any average-sized app will have to touch them eventually.

I mean: does anyone on Earth need a file collection if his app is not allowing to upload files?

no, but there are tons of use cases for different storage and metadata-storage backends (and the separation in between).

For example:

• embedding the metadata inside another collection (very strong point considering mongo's limitations in joins etc.)
• storing and retrieving the files from remote hosting services like S3 etc.
  yes, this is possible right now by specifying two callbacks, overloading a class method and breaking the schema in at least two places, and you still need to manually delete the files after you have uploaded them. This could, and should be a lot cleaner to do, especially when you start to integrate it a bit deeper with application logic.
• doing that for multiple collections that only have the backend in common (you can create a custom constructor, but that's pretty much the same as implementing a tiny backend interface and less clean and reusable anyway)

[menelike]

1. Drop it, but keep it possible to add other protocols later on.
2. Yes.
3. Yes.
4. All our files a restricted by default, imho public and protected files should coexist.

I think that this is heading into the very right direction. After about one year with this great library we'd love to see a more modularized solution written in ES6. From a developer's perspective this project should primarily aim on the heavy lifting e.g. getting data from client to server and vice versa, this must of course include authorization and later on maybe sophisticated solutions for different protocols like webRTC etc.
In addition all we need are pre- and post-hooks, where context must contain the meta data, every hook can cancel further progress and data consistency is automatically maintained while transfers are in progress (to avoid orphaned data left on storage).

[dr-dimitru]

@menelike

In addition all we need are pre- and post-hooks, where context must contain the meta data, every hook can cancel further progress and data consistency is automatically maintained while transfers are in progress (to avoid orphaned data left on storage).

Right, agree what all hooks, callbacks, events should share same context with .abort() method and meta-data.

Btw what API do you prefer/most use?:

1. Callbacks
2. Events
3. Promises

[s-ol]

@dr-dimitru we are using react client-side and try to use a data-driven approach throughout the whole project, so currently we use promises. When I get back to work tomorrow I might be able to provide you with a brief overview of how we currently use MF1.0, that might give you a good idea of our view and use cases.

I don't think events are appropriate for what is a very linear process and callback chains are mostly just 'dumb' promises so I do believe they might be the objectively best here.