0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-22 07:13:02 -05:00
forgejo/services
Andreas Shimokawa 3beefb29b9 Do not rewrite ssh keys files when deleting a user without one (#6097)
### Problem

Big instances can have huge authorized_keys files when using OpenSSH instead of the internal ssh server. Forgejo always re-generates the contents of that file when a user is deleted, even if he does not even have a public key uploaded. In case of codeberg.org, a 15MB file gets rewritten. If we batch delete 100 Spam users without ssh keys, we rewrite 1.5GB, this takes time and wears the SSD. In addition, there is a high chance of hitting a race contidion bug, when deleting users in parallel.

### Solution / Mitigation

This patch prevents rewriting authorized_keys files, when not necessary. It greatly speeds up deleting malicious users, saves IO bandwidth and SSD wear. It also greatly reduces the chance of hitting a race condition bug. Fixing the race condition is not the scope of this patch though.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6097
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Andreas Shimokawa <shimokawa@fsfe.org>
Co-committed-by: Andreas Shimokawa <shimokawa@fsfe.org>
(cherry picked from commit 3c9b3ddf5c)
2024-12-05 21:32:48 +00:00
..
actions fix: clean up log files that no longer exist 2024-12-03 07:08:16 +00:00
agit fix(agit): run full pr checks on force-push 2024-08-12 09:00:41 +02:00
asymkey Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
attachment Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
auth allow the actions user to login via the jwt token (#32527) 2024-11-24 16:51:29 +00:00
automerge Fix agit automerge (#31207) 2024-08-25 10:47:37 +02:00
context Improve Swagger documentation for user endpoints 2024-11-28 20:44:16 +00:00
contexttest [TESTS] Fix usage of LoadRepoCommit 2024-08-26 08:03:48 +02:00
convert Fix /repos/{owner}/{repo}/pulls/{index}/files endpoint not populating previous_filename (#32017) 2024-09-14 17:53:55 +02:00
cron Clear up old Actions logs (#31735) 2024-08-04 18:24:10 +02:00
doctor Merge pull request 'fix: dbconsistency check adding missing quotes' (#6124) from 71rd/forgejo:dbconsistency-forgejo into forgejo 2024-12-03 04:07:18 +00:00
externalaccount allow synchronizing user status from OAuth2 login providers (#31572) 2024-07-22 15:44:13 +02:00
f3 feat: upgrade F3 to v3.7.0 2024-08-18 19:39:20 +02:00
federation feat: access ActivityPub client through interfaces to facilitate mocking in unit tests (#4853) 2024-08-07 05:45:24 +00:00
feed Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
forgejo Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
forms [FEAT] Allow pushmirror to use publickey authentication 2024-08-22 17:05:07 +02:00
gitdiff feat: Improve diff being generated 2024-08-26 13:58:17 +02:00
indexer
issue fix: check read permissions for code owner review requests 2024-11-17 19:19:11 +00:00
lfs feat(quota): Quota enforcement 2024-08-02 11:10:34 +02:00
mailer fix: extend forgejo_auth_token table 2024-11-15 11:33:17 +01:00
markup Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
migrations fix: support www.github.com for migrations 2024-11-03 17:28:30 +00:00
mirror [FEAT] Allow pushmirror to use publickey authentication 2024-08-22 17:05:07 +02:00
notify
org Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
packages fix arch pkg 2024-10-21 05:10:13 +00:00
pull Fix the logic of finding the latest pull review commit ID (#32139) 2024-10-06 11:34:08 +02:00
release Handle invalid target when creating releases using API (#31841) 2024-09-14 18:45:18 +02:00
remote Enable unparam linter (#31277) 2024-06-16 13:42:58 +02:00
repository Fix: return correct type in GetSubModule 2024-12-03 03:24:54 +00:00
secrets
task feat(quota): Quota enforcement 2024-08-02 11:10:34 +02:00
uinotification
user Do not rewrite ssh keys files when deleting a user without one (#6097) 2024-12-05 21:32:48 +00:00
webhook fix: improve discord webhook api conformance 2024-10-09 16:07:34 +00:00
wiki Show page titles in wiki search results (#6048) 2024-11-25 14:18:18 +00:00