From dc9f612df47f2c426cbcd4e80b6ace347ead6edc Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Fri, 12 Dec 2025 21:14:31 +0100
Subject: [PATCH] Clean up status file after upgrade and reduce data exposure
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Delete status file 10 seconds after upgrade completes
- Reduce stale timeout from 30 to 10 minutes
- Remove timestamp from API response (internal detail)
- Treat timestamp parse failures as stale for security

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 app/Http/Controllers/Api/OtherController.php | 10 ++++------
 scripts/upgrade.sh                           |  5 +++++
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/app/Http/Controllers/Api/OtherController.php b/app/Http/Controllers/Api/OtherController.php
index 64b2669e9..27b0fc3fe 100644
--- a/app/Http/Controllers/Api/OtherController.php
+++ b/app/Http/Controllers/Api/OtherController.php
@@ -202,7 +202,6 @@ public function healthcheck(Request $request)
                         new OA\Property(property: 'status', type: 'string', example: 'in_progress'),
                         new OA\Property(property: 'step', type: 'integer', example: 3),
                         new OA\Property(property: 'message', type: 'string', example: 'Pulling Docker images'),
-                        new OA\Property(property: 'timestamp', type: 'string', example: '2024-01-15T10:30:45+00:00'),
                     ]
                 )),
             new OA\Response(
@@ -231,17 +230,18 @@ public function upgradeStatus(Request $request)
 
         [$step, $message, $timestamp] = $parts;
 
-        // Check if status is stale (older than 30 minutes)
+        // Check if status is stale (older than 10 minutes) - upgrades shouldn't take longer
         try {
             $statusTime = new \DateTime($timestamp);
             $now = new \DateTime;
             $diffMinutes = ($now->getTimestamp() - $statusTime->getTimestamp()) / 60;
 
-            if ($diffMinutes > 30) {
+            if ($diffMinutes > 10) {
                 return response()->json(['status' => 'none']);
             }
         } catch (\Exception $e) {
-            // If timestamp parsing fails, continue with the status
+            // If timestamp parsing fails, treat as stale for security
+            return response()->json(['status' => 'none']);
         }
 
         // Determine status based on step
@@ -250,7 +250,6 @@ public function upgradeStatus(Request $request)
                 'status' => 'error',
                 'step' => 0,
                 'message' => $message,
-                'timestamp' => $timestamp,
             ]);
         }
 
@@ -261,7 +260,6 @@ public function upgradeStatus(Request $request)
             'status' => $status,
             'step' => $stepInt,
             'message' => $message,
-            'timestamp' => $timestamp,
         ]);
     }
 }
diff --git a/scripts/upgrade.sh b/scripts/upgrade.sh
index f6d0c9c8d..8ade89669 100644
--- a/scripts/upgrade.sh
+++ b/scripts/upgrade.sh
@@ -260,6 +260,11 @@ nohup bash -c "
     echo '============================================================' >>\"\$LOGFILE\"
     echo \"Upgrade completed: \$(date '+%Y-%m-%d %H:%M:%S')\" >>\"\$LOGFILE\"
     echo '============================================================' >>\"\$LOGFILE\"
+
+    # Clean up status file after a short delay to allow frontend to read completion
+    sleep 10
+    rm -f \"\$STATUS_FILE\"
+    log 'Status file cleaned up'
 " >>"$LOGFILE" 2>&1 &
 
 # Give the background process a moment to start