Limit media download retries to prevent unbounded background rescheduling by Szpadel · Pull Request #1 · Szpadel/LocalTube

Szpadel · 2026-03-09T21:07:25Z

The existing retry flow scheduled detached retry tasks indefinitely when a download failed and media_path remained None, enabling unbounded background work and a potential DoS.
A minimal, localized fix is needed to cap automatic retries while preserving normal enqueue behavior and backwards compatibility.

Add a MAX_RETRY_ATTEMPTS: u8 = 3 constant and a retry_attempt: u8 field to FetchMediaWorkerArgs with #[serde(default)] so older queued jobs default to 0 when deserialized. (src/workers/fetch_media.rs)
Change schedule_media_retry to accept the current retry_attempt, skip scheduling when the cap is reached, and re-enqueue the job with retry_attempt incremented. (src/workers/fetch_media.rs)
Initialize retry_attempt: 0 at explicit enqueue call sites to maintain behavior for new jobs. (src/workers/fetch_source_info.rs, src/controllers/media.rs)
Add unit tests that assert retry_attempt defaults to 0 on deserialization and that MAX_RETRY_ATTEMPTS is positive. (src/workers/fetch_media.rs tests)

Ran code formatting with cargo fmt --all which completed successfully.
Ran cargo test fetch_media_worker_args_retry_attempt_defaults_to_zero and it passed.
Ran cargo test retry_attempt_limit_is_greater_than_zero and it passed.
Ran existing retry scheduler tests such as cargo test executes_action_when_check_passes and they passed, confirming no regression in RetryScheduler behavior.

Limit fetch media retry attempts to prevent DoS

ac3a080

Szpadel added codex aardvark labels Mar 9, 2026 — with ChatGPT Codex Connector

Provide feedback