diff options
Diffstat (limited to 'app/services/suspend_account_service.rb')
| -rw-r--r-- | app/services/suspend_account_service.rb | 200 |
1 files changed, 59 insertions, 141 deletions
diff --git a/app/services/suspend_account_service.rb b/app/services/suspend_account_service.rb index ecc893931..9f4da91d4 100644 --- a/app/services/suspend_account_service.rb +++ b/app/services/suspend_account_service.rb @@ -3,173 +3,91 @@ class SuspendAccountService < BaseService include Payloadable - ASSOCIATIONS_ON_SUSPEND = %w( - account_pins - active_relationships - block_relationships - blocked_by_relationships - conversation_mutes - conversations - custom_filters - domain_blocks - favourites - follow_requests - list_accounts - mute_relationships - muted_by_relationships - notifications - owned_lists - passive_relationships - report_notes - scheduled_statuses - status_pins - ).freeze - - ASSOCIATIONS_ON_DESTROY = %w( - reports - targeted_moderation_notes - targeted_reports - ).freeze - - # Suspend or remove an account and remove as much of its data - # as possible. If it's a local account and it has not been confirmed - # or never been approved, then side effects are skipped and both - # the user and account records are removed fully. Otherwise, - # it is controlled by options. - # @param [Account] - # @param [Hash] options - # @option [Boolean] :reserve_email Keep user record. Only applicable for local accounts - # @option [Boolean] :reserve_username Keep account record - # @option [Boolean] :skip_side_effects Side effects are ActivityPub and streaming API payloads - # @option [Time] :suspended_at Only applicable when :reserve_username is true - def call(account, **options) + def call(account) @account = account - @options = { reserve_username: true, reserve_email: true }.merge(options) - - if @account.local? && @account.user_unconfirmed_or_pending? - @options[:reserve_email] = false - @options[:reserve_username] = false - @options[:skip_side_effects] = true - end - reject_follows! - purge_user! - purge_profile! - purge_content! + suspend! + reject_remote_follows! + distribute_update_actor! + unmerge_from_home_timelines! + unmerge_from_list_timelines! + privatize_media_attachments! end private - def reject_follows! - return if @account.local? || !@account.activitypub? - - ActivityPub::DeliveryWorker.push_bulk(Follow.where(account: @account)) do |follow| - [build_reject_json(follow), follow.target_account_id, follow.account.inbox_url] - end + def suspend! + @account.suspend! unless @account.suspended? end - def purge_user! - return if !@account.local? || @account.user.nil? - - if @options[:reserve_email] - @account.user.disable! - @account.user.invites.where(uses: 0).destroy_all - else - @account.user.destroy - end - end - - def purge_content! - distribute_delete_actor! if @account.local? && !@options[:skip_side_effects] - - @account.statuses.reorder(nil).find_in_batches do |statuses| - statuses.reject! { |status| reported_status_ids.include?(status.id) } if @options[:reserve_username] - BatchedRemoveStatusService.new.call(statuses, skip_side_effects: @options[:skip_side_effects]) - end - - @account.media_attachments.reorder(nil).find_each do |media_attachment| - next if @options[:reserve_username] && reported_status_ids.include?(media_attachment.status_id) - - media_attachment.destroy - end + def reject_remote_follows! + return if @account.local? || !@account.activitypub? - @account.polls.reorder(nil).find_each do |poll| - next if @options[:reserve_username] && reported_status_ids.include?(poll.status_id) + # When suspending a remote account, the account obviously doesn't + # actually become suspended on its origin server, i.e. unlike a + # locally suspended account it continues to have access to its home + # feed and other content. To prevent it from being able to continue + # to access toots it would receive because it follows local accounts, + # we have to force it to unfollow them. Unfortunately, there is no + # counterpart to this operation, i.e. you can't then force a remote + # account to re-follow you, so this part is not reversible. - poll.destroy - end + follows = Follow.where(account: @account).to_a - associations_for_destruction.each do |association_name| - destroy_all(@account.public_send(association_name)) + ActivityPub::DeliveryWorker.push_bulk(follows) do |follow| + [Oj.dump(serialize_payload(follow, ActivityPub::RejectFollowSerializer)), follow.target_account_id, @account.inbox_url] end - @account.destroy unless @options[:reserve_username] - end - - def purge_profile! - # If the account is going to be destroyed - # there is no point wasting time updating - # its values first - - return unless @options[:reserve_username] - - @account.silenced_at = nil - @account.suspended_at = @options[:suspended_at] || Time.now.utc - @account.locked = false - @account.memorial = false - @account.discoverable = false - @account.display_name = '' - @account.note = '' - @account.fields = [] - @account.statuses_count = 0 - @account.followers_count = 0 - @account.following_count = 0 - @account.moved_to_account = nil - @account.trust_level = :untrusted - @account.avatar.destroy - @account.header.destroy - @account.save! + follows.each(&:destroy) end - def destroy_all(association) - association.in_batches.destroy_all + def distribute_update_actor! + ActivityPub::UpdateDistributionWorker.perform_async(@account.id) if @account.local? end - def distribute_delete_actor! - ActivityPub::DeliveryWorker.push_bulk(delivery_inboxes) do |inbox_url| - [delete_actor_json, @account.id, inbox_url] + def unmerge_from_home_timelines! + @account.followers_for_local_distribution.find_each do |follower| + FeedManager.instance.unmerge_from_home(@account, follower) end + end - ActivityPub::LowPriorityDeliveryWorker.push_bulk(low_priority_delivery_inboxes) do |inbox_url| - [delete_actor_json, @account.id, inbox_url] + def unmerge_from_list_timelines! + @account.lists_for_local_distribution.find_each do |list| + FeedManager.instance.unmerge_from_list(@account, list) end end - def delete_actor_json - @delete_actor_json ||= Oj.dump(serialize_payload(@account, ActivityPub::DeleteActorSerializer, signer: @account)) - end + def privatize_media_attachments! + attachment_names = MediaAttachment.attachment_definitions.keys - def build_reject_json(follow) - Oj.dump(serialize_payload(follow, ActivityPub::RejectFollowSerializer)) - end + @account.media_attachments.find_each do |media_attachment| + attachment_names.each do |attachment_name| + attachment = media_attachment.public_send(attachment_name) + styles = [:original] | attachment.styles.keys - def delivery_inboxes - @delivery_inboxes ||= @account.followers.inboxes + Relay.enabled.pluck(:inbox_url) - end + next if attachment.blank? - def low_priority_delivery_inboxes - Account.inboxes - delivery_inboxes - end - - def reported_status_ids - @reported_status_ids ||= Report.where(target_account: @account).unresolved.pluck(:status_ids).flatten.uniq - end + styles.each do |style| + case Paperclip::Attachment.default_options[:storage] + when :s3 + begin + attachment.s3_object(style).acl.put(acl: 'private') + rescue Aws::S3::Errors::NoSuchKey + Rails.logger.warn "Tried to change acl on non-existent key #{attachment.s3_object(style).key}" + end + when :fog + # Not supported + when :filesystem + begin + FileUtils.chmod(0o600 & ~File.umask, attachment.path(style)) unless attachment.path(style).nil? + rescue Errno::ENOENT + Rails.logger.warn "Tried to change permission on non-existent file #{attachment.path(style)}" + end + end - def associations_for_destruction - if @options[:reserve_username] - ASSOCIATIONS_ON_SUSPEND - else - ASSOCIATIONS_ON_SUSPEND + ASSOCIATIONS_ON_DESTROY + CacheBusterWorker.perform_async(attachment.path(style)) if Rails.configuration.x.cache_buster_enabled + end + end end end end |