user_auth_token_logs opschonen?

RGJ · 13 september 2024 om 17:30

We hebben een forum waar user_auth_token_logs 61 miljoen rijen heeft (en groeiende).

Er zijn slechts 25k user_auth_tokens.

Van de 61 miljoen rijen verwijzen 54 miljoen rijen naar een user_auth_token die niet meer bestaat (d.w.z. een database-integriteitsprobleem). En van de 61 miljoen rijen zijn ongeveer 58 miljoen ouder dan 2 maanden (d.w.z. schijnbaar nutteloos?)

Vragen:

Kunnen we dit gewoon opschonen zonder verdere integriteitsproblemen te riskeren?
Zou het een idee zijn om hier automatisch een taak voor te laten lopen?

db=# select count(*) from user_auth_tokens;
 count
-------
 25648

db=# select count(*) from user_auth_token_logs;
  count
----------
 61415352

db=# select count(*) from user_auth_token_logs where user_auth_token_id not in (select id from user_auth_tokens);
  count
----------
 54558442

db=# select count(*) from user_auth_token_logs where created_at < '2024-07-13';
  count
----------
 58565943

pmusaraj · 13 september 2024 om 18:22

Yes, user_auth_token_logs are there only for debugging purposes. All rows can be emptied, the only consequence will be that you won’t have any logs to debug.

This should be covered by:

https://github.com/discourse/discourse/blob/main/app/jobs/scheduled/weekly.rb#L13

RGJ · 13 september 2024 om 19:07

Thank you for that, I did not realize that was there.

So… the cleanup only runs when verbose_auth_token_logging is true (which is not the case on this instance)

but non-verbose logging always happens regardless of the setting

github.com

discourse/discourse/blob/main/app/models/user_auth_token.rb#L29-L35


      
          def self.log(info)
            UserAuthTokenLog.create!(info)
          end
          
          def self.log_verbose(info)
            log(info) if SiteSetting.verbose_auth_token_logging
          end

per 8fb823c

Moving this to bug

pmusaraj · 13 september 2024 om 19:45

Ah yes, good catch. Looks like lines 214 to 217 need fixing as well.

I would be comfortable with a global cleanup after a certain timeframe. @osama (since you’re the author of the commit linked above), do you think we can clean up all of these logs after some time (and if so, after how long)? It sounds like we need to keep some of them for detecting suspicious logins.

RGJ · 13 september 2024 om 22:16

Why does it need fixing? That piece of code is about cleaning up rotated UserAuthTokens, not about the log records?

Update: after enabling SiteSetting.verbose_auth_token_logging, triggering the weekly job and running VACUUM FULL user_auth_token_logs the table went from 16GB to 687MB

Saved some trees today

Osama · 16 september 2024 om 20:15

Yes, I think we can clean up most of the logs, but some of them have to stay. Specifically, I think any records that have suspicious, generate, or rotate for action will need to be kept around because they’re used for detecting and generating reports for suspicious logins.

github.com

discourse/discourse/blob/501f07ab1fceafcfa56bbfc074951d03d7d30d22/app/models/concerns/reports/suspicious_logins.rb#L38


      
              title: I18n.t("reports.suspicious_logins.labels.login_time"),
            },
          ]
          
          report.data = []
          
          sql = <<~SQL
            SELECT u.id user_id, u.username, u.uploaded_avatar_id, t.client_ip, t.user_agent, t.created_at login_time
            FROM user_auth_token_logs t
            JOIN users u ON u.id = t.user_id
            WHERE t.action = 'suspicious'
              AND t.created_at >= :start_date
              AND t.created_at <= :end_date
            ORDER BY t.created_at DESC
          SQL
          
          DB
            .query(sql, start_date: report.start_date, end_date: report.end_date)
            .each do |row|
              data = {}

github.com

discourse/discourse/blob/501f07ab1fceafcfa56bbfc074951d03d7d30d22/app/models/user_auth_token.rb#L61


      
              Math.sin((lat2_rad - lat1_rad) / 2)**2 +
                Math.cos(lat1_rad) * Math.cos(lat2_rad) * Math.sin((lon2_rad - lon1_rad) / 2)**2
            c = 2 * Math.atan2(Math.sqrt(a), Math.sqrt(1 - a))
          
            c * EARTH_RADIUS_KM
          end
          
          def self.is_suspicious(user_id, user_ip)
            return false unless User.find_by(id: user_id)&.staff?
          
            ips = UserAuthTokenLog.where(user_id: user_id).pluck(:client_ip)
            ips.delete_at(ips.index(user_ip) || ips.length) # delete one occurrence (current)
            ips.uniq!
            return false if ips.empty? # first login is never suspicious
          
            if user_location = login_location(user_ip)
              ips.none? do |ip|
                if location = login_location(ip)
                  distance(user_location, location) < SiteSetting.max_suspicious_distance_km
                end
              end

JonahAragon1 · 8 augustus 2025 om 16:11

I’m seeing on my forum this bug was never fixed

The suspicious logins report seems to only apply to staff members, is there a reason these logs need to be kept for non-admins?

For the report to work, does it need data from the beginning of the account’s history? Can the log be shortened to something like the past 6 months?

Right now there is no cleanup whatsoever, which is a privacy concern.

RGJ · 8 augustus 2025 om 16:31

I don’t understand the above discussion either.

The bug is very simple: if the mode is not verbose, then no cleanup of UserAuthTokenLog is performed at all, ever. The if must go.

The original implementation only logged when SiteSetting.verbose_auth_token_logging is true. Which still had the problem that after disabling it, the most recent remaining logs would stay, but that’s a small thing.

But this change made the logging unconditional (“The generate, rotate and suspicious auth token logs are now always logged regardless of the verbose_auth_token_logging setting”).

TLDR; That change forgot to make the removal unconditional as well.

sam · 11 augustus 2025 om 02:47

Zeker, we zullen het de komende weken oplossen. Als er haast bij is, stuur gerust een pull request (die getest is en bevestigt dat dit naar verwachting werkt).

RGJ · 13 augustus 2025 om 10:05

I’ve made a PR Fix: cleanup UserAuthTokenLog unconditionally by communiteq · Pull Request #34288 · discourse/discourse · GitHub, would be cool if this made the cut for 3.5

RGJ · 14 augustus 2025 om 05:23

And it seems I was beaten to it

github.com/discourse/discourse

FIX: Automatically clean up user_auth_token_logs

main ← jonaharagon:patch-1

opened 04:11PM - 10 Aug 25 UTC

jonaharagon

+45 -25

Fixes: https://meta.discourse.org/t/clean-up-user-auth-token-logs/326397?u=jonah…aragon1 Currently (since 2021 when this logging was [made unconditional](https://github.com/discourse/discourse/commit/8fb823c30f7fd3086f4370c2dc6e4e3737ae6acf)) all user IP addresses and user agent strings for all forum users are continuously logged and never cleared. Keeping unnecessary PII is a massive liability for us, so I hope this can be merged ASAP. I observe (in my user archive download) this indefinite logging does not happen on Meta, presumably because you have _verbose_ logging enabled, but it does happen on virtually all Discourse-hosted and self-hosted sites, which indicates to me this is unintended behavior. I should not have to enable verbose logging to _decrease_ the amount of logging here, but that is what I had to do as a temporary solution. This change will keep the logs for a few months by default. I can find no reason the logs should be kept longer, _especially_ as they only seem to be used for a feature (suspicious login reporting) which currently only applies to staff accounts and not regular users. cc: @OsamaSayegh

pmusaraj · 14 augustus 2025 om 17:13

Inderdaad, die PR is nu samengevoegd dankzij @Osama. Het pakt de meeste soorten user_auth_token_logs aan, maar niet allemaal. We zullen binnenkort een oplossing voor de generate-vermeldingen volgen. (Zie de discussie in de PR-link hierboven voor meer context).

Ik houd dit onderwerp open terwijl we de follow-up aanpakken.

Topic		Antwoorden	Weergaven
User anonymization and staff_action_logs Support	7	701	8 september 2021
Logging checked_for_custom_avatar Bug	8	1086	2 januari 2015
How to remove admin logs Support	15	2480	15 november 2023
Is there a limit to user_auth_token? Support	4	545	9 juli 2021
Reset all login tokens Feature	8	2160	4 december 2025

user_auth_token_logs opschonen?

Gerelateerde topics