ip_cleanup_scheduler: Introduce separate session retention period

2 years ago · 54426b77d0
parent c5e0fac088
commit 54426b77d0
3 changed files with 10 additions and 1 deletions
--- a/.env.production.sample
+++ b/.env.production.sample
@ -293,6 +293,12 @@ MAX_REMOTE_EMOJI_SIZE=204800
 # Time unit in seconds
 IP_RETENTION_PERIOD=31556952

+# Session retention period
+# The termination of (web) sessions older than a year is done alongside the ip cleanup in vanilla Mastodon.
+# Therefore, to prevent sessions from being destroyed alongside IP addresses, this separate period exists.
+# Its default value of 31556952 (1 year) is derived from the previous hardcoded value of IP_RETENTION_PERIOD.
+SESSION_RETENTION_PERIOD=31556952
+
 # Optional hCaptcha support
 # HCAPTCHA_SECRET_KEY=
 # HCAPTCHA_SITE_KEY=
--- a/README.md
+++ b/README.md
@ -16,4 +16,5 @@ This Mastodon fork is based on the [glitch-soc Fork of Mastodon](https://github.
  You might want to revert these to the upstream files (or your own versions!) if you decide to use this fork for your own instance.
 - The web frontend emoji picker is a blobcat instead of the joy emoji.
 - Editing posts is enabled in the web frontend (thanks, meave [for the hint](https://toot.site/@meave/108515761669028663)).
- The duration of retention of IP addresses was made configurable. Unfortunately, the retention of IP addresses is currently coupled to the lifetime of sessions. Decoupling this is currently being worked on.
+- The period of retention of IP addresses was made configurable.
+- The period of retention of sessions was made configurable.
--- a/app/workers/scheduler/ip_cleanup_scheduler.rb
+++ b/app/workers/scheduler/ip_cleanup_scheduler.rb
@ -4,6 +4,7 @@ class Scheduler::IpCleanupScheduler
  include Sidekiq::Worker

  IP_RETENTION_PERIOD = ENV.fetch('IP_RETENTION_PERIOD', 1.year).to_i.seconds.freeze
+  SESSION_RETENTION_PERIOD = ENV.fetch('SESSION_RETENTION_PERIOD', 1.year).to_i.seconds.freeze

  sidekiq_options retry: 0

@ -15,6 +16,7 @@ class Scheduler::IpCleanupScheduler
  private

  def clean_ip_columns!
+    SessionActivation.where('updated_at < ?', SESSION_RETENTION_PERIOD.ago).in_batches.destroy_all
    SessionActivation.where('updated_at < ?', IP_RETENTION_PERIOD.ago).in_batches.update_all(ip: nil)
    User.where('current_sign_in_at < ?', IP_RETENTION_PERIOD.ago).in_batches.update_all(sign_up_ip: nil)
    LoginActivity.where('created_at < ?', IP_RETENTION_PERIOD.ago).in_batches.destroy_all