ip_cleanup_scheduler: Introduce separate session retention period

This commit is contained in:
Jeremy Kescher 2022-07-03 10:41:48 +02:00
parent c5e0fac088
commit 54426b77d0
No known key found for this signature in database
GPG key ID: 48DFE4BB15BA5940
3 changed files with 10 additions and 1 deletions

View file

@ -293,6 +293,12 @@ MAX_REMOTE_EMOJI_SIZE=204800
# Time unit in seconds
IP_RETENTION_PERIOD=31556952
# Session retention period
# The termination of (web) sessions older than a year is done alongside the ip cleanup in vanilla Mastodon.
# Therefore, to prevent sessions from being destroyed alongside IP addresses, this separate period exists.
# Its default value of 31556952 (1 year) is derived from the previous hardcoded value of IP_RETENTION_PERIOD.
SESSION_RETENTION_PERIOD=31556952
# Optional hCaptcha support
# HCAPTCHA_SECRET_KEY=
# HCAPTCHA_SITE_KEY=

View file

@ -16,4 +16,5 @@ This Mastodon fork is based on the [glitch-soc Fork of Mastodon](https://github.
You might want to revert these to the upstream files (or your own versions!) if you decide to use this fork for your own instance.
- The web frontend emoji picker is a blobcat instead of the joy emoji.
- Editing posts is enabled in the web frontend (thanks, meave [for the hint](https://toot.site/@meave/108515761669028663)).
- The duration of retention of IP addresses was made configurable. Unfortunately, the retention of IP addresses is currently coupled to the lifetime of sessions. Decoupling this is currently being worked on.
- The period of retention of IP addresses was made configurable.
- The period of retention of sessions was made configurable.

View file

@ -4,6 +4,7 @@ class Scheduler::IpCleanupScheduler
include Sidekiq::Worker
IP_RETENTION_PERIOD = ENV.fetch('IP_RETENTION_PERIOD', 1.year).to_i.seconds.freeze
SESSION_RETENTION_PERIOD = ENV.fetch('SESSION_RETENTION_PERIOD', 1.year).to_i.seconds.freeze
sidekiq_options retry: 0
@ -15,6 +16,7 @@ class Scheduler::IpCleanupScheduler
private
def clean_ip_columns!
SessionActivation.where('updated_at < ?', SESSION_RETENTION_PERIOD.ago).in_batches.destroy_all
SessionActivation.where('updated_at < ?', IP_RETENTION_PERIOD.ago).in_batches.update_all(ip: nil)
User.where('current_sign_in_at < ?', IP_RETENTION_PERIOD.ago).in_batches.update_all(sign_up_ip: nil)
LoginActivity.where('created_at < ?', IP_RETENTION_PERIOD.ago).in_batches.destroy_all