forked from mastodon/mastodon
-
Notifications
You must be signed in to change notification settings - Fork 182
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add SELF_DESTRUCT env variable to process self-destructions in the ba…
…ckground (mastodon#26439)
- Loading branch information
1 parent
26d2a2a
commit 379115e
Showing
22 changed files
with
192 additions
and
56 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# frozen_string_literal: true | ||
|
||
module SelfDestructHelper | ||
def self.self_destruct? | ||
value = ENV.fetch('SELF_DESTRUCT', nil) | ||
value.present? && Rails.application.message_verifier('self-destruct').verify(value) == ENV['LOCAL_DOMAIN'] | ||
rescue ActiveSupport::MessageVerifier::InvalidSignature | ||
false | ||
end | ||
|
||
def self_destruct? | ||
SelfDestructHelper.self_destruct? | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
- content_for :page_title do | ||
= t('self_destruct.title') | ||
|
||
.simple_form | ||
%h1.title= t('self_destruct.title') | ||
%p.lead= t('self_destruct.lead_html', domain: ENV['LOCAL_DOMAIN']) | ||
|
||
.form-footer | ||
%ul.no-list | ||
- if user_signed_in? | ||
%li= link_to t('settings.account_settings'), edit_user_registration_path | ||
- else | ||
- if controller_name != 'sessions' | ||
%li= link_to_login t('auth.login') | ||
|
||
- if controller_name != 'passwords' && controller_name != 'registrations' | ||
%li= link_to t('auth.forgot_password'), new_user_password_path | ||
|
||
- if user_signed_in? | ||
%li= link_to t('auth.logout'), destroy_user_session_path, data: { method: :delete } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
# frozen_string_literal: true | ||
|
||
class Scheduler::SelfDestructScheduler | ||
include Sidekiq::Worker | ||
include SelfDestructHelper | ||
|
||
MAX_ENQUEUED = 10_000 | ||
MAX_REDIS_MEM_USAGE = 0.5 | ||
MAX_ACCOUNT_DELETIONS_PER_JOB = 50 | ||
|
||
sidekiq_options retry: 0, lock: :until_executed, lock_ttl: 1.day.to_i | ||
|
||
def perform | ||
return unless self_destruct? | ||
return if sidekiq_overwhelmed? | ||
|
||
delete_accounts! | ||
end | ||
|
||
private | ||
|
||
def sidekiq_overwhelmed? | ||
redis_mem_info = Sidekiq.redis_info | ||
|
||
Sidekiq::Stats.new.enqueued > MAX_ENQUEUED || redis_mem_info['used_memory'].to_f > redis_mem_info['total_system_memory'].to_f * MAX_REDIS_MEM_USAGE | ||
end | ||
|
||
def delete_accounts! | ||
# We currently do not distinguish between deleted accounts and suspended | ||
# accounts, and we do not want to remove the records in this scheduler, as | ||
# we still rely on it for account delivery and don't want to perform | ||
# needless work when the database can be outright dropped after the | ||
# self-destruct. | ||
# Deleted accounts are suspended accounts that do not have a pending | ||
# deletion request. | ||
|
||
# This targets accounts that have not been deleted nor marked for deletion yet | ||
Account.local.without_suspended.reorder(id: :asc).take(MAX_ACCOUNT_DELETIONS_PER_JOB).each do |account| | ||
delete_account!(account) | ||
end | ||
|
||
return if sidekiq_overwhelmed? | ||
|
||
# This targets accounts that have been marked for deletion but have not been | ||
# deleted yet | ||
Account.local.suspended.joins(:deletion_request).take(MAX_ACCOUNT_DELETIONS_PER_JOB).each do |account| | ||
delete_account!(account) | ||
account.deletion_request&.destroy | ||
end | ||
end | ||
|
||
def inboxes | ||
@inboxes ||= Account.inboxes | ||
end | ||
|
||
def delete_account!(account) | ||
payload = ActiveModelSerializers::SerializableResource.new( | ||
account, | ||
serializer: ActivityPub::DeleteActorSerializer, | ||
adapter: ActivityPub::Adapter | ||
).as_json | ||
|
||
json = Oj.dump(ActivityPub::LinkedDataSignature.new(payload).sign!(account)) | ||
|
||
ActivityPub::DeliveryWorker.push_bulk(inboxes, limit: 1_000) do |inbox_url| | ||
[json, account.id, inbox_url] | ||
end | ||
|
||
# Do not call `Account#suspend!` because we don't want to issue a deletion request | ||
account.update!(suspended_at: Time.now.utc, suspension_origin: :local) | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,6 +7,7 @@ | |
- [mailers, 2] | ||
- [pull] | ||
- [scheduler] | ||
|
||
:scheduler: | ||
:listened_queues_only: true | ||
:schedule: | ||
|
Oops, something went wrong.