// GoToSocial // Copyright (C) GoToSocial Authors admin@gotosocial.org // SPDX-License-Identifier: AGPL-3.0-or-later // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU Affero General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU Affero General Public License for more details. // // You should have received a copy of the GNU Affero General Public License // along with this program. If not, see . package account import ( "context" "errors" "net" "time" "codeberg.org/gruf/go-kv" "github.com/google/uuid" "github.com/superseriousbusiness/gotosocial/internal/ap" "github.com/superseriousbusiness/gotosocial/internal/db" "github.com/superseriousbusiness/gotosocial/internal/gtserror" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" "github.com/superseriousbusiness/gotosocial/internal/log" "github.com/superseriousbusiness/gotosocial/internal/messages" "github.com/superseriousbusiness/gotosocial/internal/util" "golang.org/x/crypto/bcrypt" ) const deleteSelectLimit = 50 // Delete deletes an account, and all of that account's statuses, media, follows, notifications, etc etc etc. // The origin passed here should be either the ID of the account doing the delete (can be itself), or the ID of a domain block. func (p *Processor) Delete(ctx context.Context, account *gtsmodel.Account, origin string) gtserror.WithCode { l := log.WithContext(ctx).WithFields(kv.Fields{ {"username", account.Username}, {"domain", account.Domain}, }...) l.Trace("beginning account delete process") if err := p.deleteAccountFollows(ctx, account); err != nil { return gtserror.NewErrorInternalError(err) } if err := p.deleteAccountBlocks(ctx, account); err != nil { return gtserror.NewErrorInternalError(err) } if err := p.deleteAccountStatuses(ctx, account); err != nil { return gtserror.NewErrorInternalError(err) } if err := p.deleteAccountNotifications(ctx, account); err != nil { return gtserror.NewErrorInternalError(err) } if err := p.deleteAccountPeripheral(ctx, account); err != nil { return gtserror.NewErrorInternalError(err) } if account.IsLocal() { // we tokens, applications and clients for account as one of the last // stages during deletion, as other database models rely on these. if err := p.deleteUserAndTokensForAccount(ctx, account); err != nil { return gtserror.NewErrorInternalError(err) } } // To prevent the account being created again, // stubbify it and update it in the db. // The account will not be deleted, but it // will become completely unusable. columns := stubbifyAccount(account, origin) if err := p.state.DB.UpdateAccount(ctx, account, columns...); err != nil { return gtserror.NewErrorInternalError(err) } l.Info("account deleted") return nil } // DeleteSelf is like Delete, but specifically for local accounts deleting themselves. // // Calling DeleteSelf results in a delete message being enqueued in the processor, // which causes side effects to occur: delete will be federated out to other instances, // and the above Delete function will be called afterwards from the processor, to clear // out the account's bits and bobs, and stubbify it. func (p *Processor) DeleteSelf(ctx context.Context, account *gtsmodel.Account) gtserror.WithCode { fromClientAPIMessage := messages.FromClientAPI{ APObjectType: ap.ActorPerson, APActivityType: ap.ActivityDelete, OriginAccount: account, TargetAccount: account, } // Process the delete side effects asynchronously. p.state.Workers.EnqueueClientAPI(ctx, fromClientAPIMessage) return nil } // deleteUserAndTokensForAccount deletes the gtsmodel.User and // any OAuth tokens and applications for the given account. // // Callers to this function should already have checked that // this is a local account, or else it won't have a user associated // with it, and this will fail. func (p *Processor) deleteUserAndTokensForAccount(ctx context.Context, account *gtsmodel.Account) error { user, err := p.state.DB.GetUserByAccountID(ctx, account.ID) if err != nil { return gtserror.Newf("db error getting user: %w", err) } tokens := []*gtsmodel.Token{} if err := p.state.DB.GetWhere(ctx, []db.Where{{Key: "user_id", Value: user.ID}}, &tokens); err != nil { return gtserror.Newf("db error getting tokens: %w", err) } for _, t := range tokens { // Delete any OAuth clients associated with this token. if err := p.state.DB.DeleteByID(ctx, t.ClientID, &[]*gtsmodel.Client{}); err != nil { return gtserror.Newf("db error deleting client: %w", err) } // Delete any OAuth applications associated with this token. if err := p.state.DB.DeleteApplicationByClientID(ctx, t.ClientID); err != nil { return gtserror.Newf("db error deleting application: %w", err) } // Delete the token itself. if err := p.state.DB.DeleteByID(ctx, t.ID, t); err != nil { return gtserror.Newf("db error deleting token: %w", err) } } columns, err := stubbifyUser(user) if err != nil { return gtserror.Newf("error stubbifying user: %w", err) } if err := p.state.DB.UpdateUser(ctx, user, columns...); err != nil { return gtserror.Newf("db error updating user: %w", err) } return nil } // deleteAccountFollows deletes: // - Follows targeting account. // - Follow requests targeting account. // - Follows created by account. // - Follow requests created by account. func (p *Processor) deleteAccountFollows(ctx context.Context, account *gtsmodel.Account) error { // Delete follows targeting this account. followedBy, err := p.state.DB.GetAccountFollowers(ctx, account.ID, nil) if err != nil && !errors.Is(err, db.ErrNoEntries) { return gtserror.Newf("db error getting follows targeting account %s: %w", account.ID, err) } for _, follow := range followedBy { if err := p.state.DB.DeleteFollowByID(ctx, follow.ID); err != nil { return gtserror.Newf("db error unfollowing account followedBy: %w", err) } } // Delete follow requests targeting this account. followRequestedBy, err := p.state.DB.GetAccountFollowRequests(ctx, account.ID, nil) if err != nil && !errors.Is(err, db.ErrNoEntries) { return gtserror.Newf("db error getting follow requests targeting account %s: %w", account.ID, err) } for _, followRequest := range followRequestedBy { if err := p.state.DB.DeleteFollowRequestByID(ctx, followRequest.ID); err != nil { return gtserror.Newf("db error unfollowing account followRequestedBy: %w", err) } } var ( // Use this slice to batch unfollow messages. msgs = []messages.FromClientAPI{} // To avoid checking if account is local over + over // inside the subsequent loops, just generate static // side effects function once now. unfollowSideEffects = p.unfollowSideEffectsFunc(account) ) // Delete follows originating from this account. following, err := p.state.DB.GetAccountFollows(ctx, account.ID, nil) if err != nil && !errors.Is(err, db.ErrNoEntries) { return gtserror.Newf("db error getting follows owned by account %s: %w", account.ID, err) } // For each follow owned by this account, unfollow // and process side effects (noop if remote account). for _, follow := range following { if err := p.state.DB.DeleteFollowByID(ctx, follow.ID); err != nil { return gtserror.Newf("db error unfollowing account: %w", err) } if msg := unfollowSideEffects(ctx, account, follow); msg != nil { // There was a side effect to process. msgs = append(msgs, *msg) } } // Delete follow requests originating from this account. followRequesting, err := p.state.DB.GetAccountFollowRequesting(ctx, account.ID, nil) if err != nil && !errors.Is(err, db.ErrNoEntries) { return gtserror.Newf("db error getting follow requests owned by account %s: %w", account.ID, err) } // For each follow owned by this account, unfollow // and process side effects (noop if remote account). for _, followRequest := range followRequesting { if err := p.state.DB.DeleteFollowRequestByID(ctx, followRequest.ID); err != nil { return gtserror.Newf("db error unfollowingRequesting account: %w", err) } // Dummy out a follow so our side effects func // has something to work with. This follow will // never enter the db, it's just for convenience. follow := >smodel.Follow{ URI: followRequest.URI, AccountID: followRequest.AccountID, Account: followRequest.Account, TargetAccountID: followRequest.TargetAccountID, TargetAccount: followRequest.TargetAccount, } if msg := unfollowSideEffects(ctx, account, follow); msg != nil { // There was a side effect to process. msgs = append(msgs, *msg) } } // Process accreted messages asynchronously. p.state.Workers.EnqueueClientAPI(ctx, msgs...) return nil } func (p *Processor) unfollowSideEffectsFunc(deletedAccount *gtsmodel.Account) func(ctx context.Context, account *gtsmodel.Account, follow *gtsmodel.Follow) *messages.FromClientAPI { if !deletedAccount.IsLocal() { // Don't try to process side effects // for accounts that aren't local. return func(ctx context.Context, account *gtsmodel.Account, follow *gtsmodel.Follow) *messages.FromClientAPI { return nil // noop } } return func(ctx context.Context, account *gtsmodel.Account, follow *gtsmodel.Follow) *messages.FromClientAPI { if follow.TargetAccount == nil { // TargetAccount seems to have gone; // race condition? db corruption? log.WithContext(ctx).WithField("follow", follow).Warn("follow had no TargetAccount, likely race condition") return nil } if follow.TargetAccount.IsLocal() { // No side effects for local unfollows. return nil } // There was a follow, process side effects. return &messages.FromClientAPI{ APObjectType: ap.ActivityFollow, APActivityType: ap.ActivityUndo, GTSModel: follow, OriginAccount: account, TargetAccount: follow.TargetAccount, } } } func (p *Processor) deleteAccountBlocks(ctx context.Context, account *gtsmodel.Account) error { if err := p.state.DB.DeleteAccountBlocks(ctx, account.ID); err != nil { return gtserror.Newf("db error deleting account blocks for %s: %w", account.ID, err) } return nil } // deleteAccountStatuses iterates through all statuses owned by // the given account, passing each discovered status (and boosts // thereof) to the processor workers for further async processing. func (p *Processor) deleteAccountStatuses(ctx context.Context, account *gtsmodel.Account) error { // We'll select statuses 50 at a time so we don't wreck the db, // and pass them through to the client api worker to handle. // // Deleting the statuses in this way also handles deleting the // account's media attachments, mentions, and polls, since these // are all attached to statuses. var ( statuses []*gtsmodel.Status err error maxID string msgs = []messages.FromClientAPI{} ) statusLoop: for { // Page through account's statuses. statuses, err = p.state.DB.GetAccountStatuses( ctx, account.ID, deleteSelectLimit, false, false, maxID, "", false, false, ) if err != nil && !errors.Is(err, db.ErrNoEntries) { // Make sure we don't have a real error. return err } if len(statuses) == 0 { break statusLoop } // Update next maxID from last status. maxID = statuses[len(statuses)-1].ID for _, status := range statuses { status.Account = account // ensure account is set // Pass the status delete through the client api worker for processing. msgs = append(msgs, messages.FromClientAPI{ APObjectType: ap.ObjectNote, APActivityType: ap.ActivityDelete, GTSModel: status, OriginAccount: account, TargetAccount: account, }) // Look for any boosts of this status in DB. boosts, err := p.state.DB.GetStatusBoosts(ctx, status.ID) if err != nil && !errors.Is(err, db.ErrNoEntries) { return gtserror.Newf("error fetching status reblogs for %s: %w", status.ID, err) } for _, boost := range boosts { if boost.Account == nil { // Fetch the relevant account for this status boost. boostAcc, err := p.state.DB.GetAccountByID(ctx, boost.AccountID) if err != nil { if errors.Is(err, db.ErrNoEntries) { // We don't have an account for this boost // for some reason, so just skip processing. log.WithContext(ctx).WithField("boost", boost).Warnf("no account found with id %s for boost %s", boost.AccountID, boost.ID) continue } return gtserror.Newf("error fetching boosted status account for %s: %w", boost.AccountID, err) } // Set account model boost.Account = boostAcc } // Pass the boost delete through the client api worker for processing. msgs = append(msgs, messages.FromClientAPI{ APObjectType: ap.ActivityAnnounce, APActivityType: ap.ActivityUndo, GTSModel: status, OriginAccount: boost.Account, TargetAccount: account, }) } } } // Batch process all accreted messages. p.state.Workers.EnqueueClientAPI(ctx, msgs...) return nil } func (p *Processor) deleteAccountNotifications(ctx context.Context, account *gtsmodel.Account) error { // Delete all notifications of all types targeting given account. if err := p.state.DB.DeleteNotifications(ctx, nil, account.ID, ""); err != nil && !errors.Is(err, db.ErrNoEntries) { return gtserror.Newf("error deleting notifications targeting account: %w", err) } // Delete all notifications of all types originating from given account. if err := p.state.DB.DeleteNotifications(ctx, nil, "", account.ID); err != nil && !errors.Is(err, db.ErrNoEntries) { return gtserror.Newf("error deleting notifications by account: %w", err) } return nil } func (p *Processor) deleteAccountPeripheral(ctx context.Context, account *gtsmodel.Account) error { // Delete all bookmarks owned by given account. if err := p.state.DB.DeleteStatusBookmarks(ctx, account.ID, ""); // nocollapse err != nil && !errors.Is(err, db.ErrNoEntries) { return gtserror.Newf("error deleting bookmarks by account: %w", err) } // Delete all bookmarks targeting given account. if err := p.state.DB.DeleteStatusBookmarks(ctx, "", account.ID); // nocollapse err != nil && !errors.Is(err, db.ErrNoEntries) { return gtserror.Newf("error deleting bookmarks targeting account: %w", err) } // Delete all faves owned by given account. if err := p.state.DB.DeleteStatusFaves(ctx, account.ID, ""); // nocollapse err != nil && !errors.Is(err, db.ErrNoEntries) { return gtserror.Newf("error deleting faves by account: %w", err) } // Delete all faves targeting given account. if err := p.state.DB.DeleteStatusFaves(ctx, "", account.ID); // nocollapse err != nil && !errors.Is(err, db.ErrNoEntries) { return gtserror.Newf("error deleting faves targeting account: %w", err) } // TODO: add status mutes here when they're implemented. // Delete all poll votes owned by given account. if err := p.state.DB.DeletePollVotesByAccountID(ctx, account.ID); // nocollapse err != nil && !errors.Is(err, db.ErrNoEntries) { return gtserror.Newf("error deleting poll votes by account: %w", err) } return nil } // stubbifyAccount renders the given account as a stub, // removing most information from it and marking it as // suspended. // // The origin parameter refers to the origin of the // suspension action; should be an account ID or domain // block ID. // // For caller's convenience, this function returns the db // names of all columns that are updated by it. func stubbifyAccount(account *gtsmodel.Account, origin string) []string { var ( now = time.Now() never = time.Time{} ) account.FetchedAt = never account.AvatarMediaAttachmentID = "" account.AvatarRemoteURL = "" account.HeaderMediaAttachmentID = "" account.HeaderRemoteURL = "" account.DisplayName = "" account.EmojiIDs = nil account.Emojis = nil account.Fields = nil account.Note = "" account.NoteRaw = "" account.Memorial = util.Ptr(false) account.AlsoKnownAs = "" account.MovedToAccountID = "" account.Reason = "" account.Discoverable = util.Ptr(false) account.StatusContentType = "" account.CustomCSS = "" account.SuspendedAt = now account.SuspensionOrigin = origin account.HideCollections = util.Ptr(true) account.EnableRSS = util.Ptr(false) return []string{ "fetched_at", "avatar_media_attachment_id", "avatar_remote_url", "header_media_attachment_id", "header_remote_url", "display_name", "emojis", "fields", "note", "note_raw", "memorial", "also_known_as", "moved_to_account_id", "reason", "discoverable", "status_content_type", "custom_css", "suspended_at", "suspension_origin", "hide_collections", "enable_rss", } } // stubbifyUser renders the given user as a stub, // removing sensitive information like IP addresses // and sign-in times, but keeping email addresses to // prevent the same email address from creating another // account on this instance. // // `encrypted_password` is set to the bcrypt hash of a // random uuid, so if the action is reversed, the user // will have to reset their password via email. // // For caller's convenience, this function returns the db // names of all columns that are updated by it. func stubbifyUser(user *gtsmodel.User) ([]string, error) { uuid, err := uuid.New().MarshalBinary() if err != nil { return nil, err } dummyPassword, err := bcrypt.GenerateFromPassword(uuid, bcrypt.DefaultCost) if err != nil { return nil, err } never := time.Time{} user.EncryptedPassword = string(dummyPassword) user.SignUpIP = net.IPv4zero user.CurrentSignInAt = never user.CurrentSignInIP = net.IPv4zero user.LastSignInAt = never user.LastSignInIP = net.IPv4zero user.SignInCount = 1 user.Locale = "" user.CreatedByApplicationID = "" user.LastEmailedAt = never user.ConfirmationToken = "" user.ConfirmationSentAt = never user.ResetPasswordToken = "" user.ResetPasswordSentAt = never return []string{ "encrypted_password", "sign_up_ip", "current_sign_in_at", "current_sign_in_ip", "last_sign_in_at", "last_sign_in_ip", "sign_in_count", "locale", "created_by_application_id", "last_emailed_at", "confirmation_token", "confirmation_sent_at", "reset_password_token", "reset_password_sent_at", }, nil }