AkkomaGang/akkoma
AkkomaGang/akkoma
15
65
Fork 92
Code Issues 176 Pull requests 24 Projects 2 Releases 14 Packages Wiki Activity

Refresh Users much more aggressively when processing Move activities #714

Merged
floatingghost merged 1 commit from erincandescent/akkoma:move-bust-cache into develop 2024-04-03 10:03:15 +00:00
Conversation 7 Commits 1 Files changed 2 +15 -9
erincandescent commented 2024-02-29 20:41:56 +00:00
Contributor
Copy link

The default refresh interval of 1 day is woefully inadequate here;
users expect to be able to add the alias to their new account and
press the move button on their old account and have it work.

This allows callers to specify a maximum age before a refetch is
triggered. We set that to 5s for the move code, as a nice compromise
between Making Things Work and ensuring that this can't be used
to hammer a remote server

The default refresh interval of 1 day is woefully inadequate here; users expect to be able to add the alias to their new account and press the move button on their old account and have it work. This allows callers to specify a maximum age before a refetch is triggered. We set that to 5s for the move code, as a nice compromise between Making Things Work and ensuring that this can't be used to hammer a remote server
❤️ 1
erincandescent added 1 commit 2024-02-29 20:41:56 +00:00
Refresh Users much more aggressively when processing Move activities
Some checks failed
ci/woodpecker/pr/lint Pipeline was successful
Details
ci/woodpecker/pr/test Pipeline failed
Details
ci/woodpecker/pr/build-arm64 unknown status
Details
ci/woodpecker/pr/build-amd64 unknown status
Details
ci/woodpecker/pr/docs unknown status
Details
f18e2ba42c 
The default refresh interval of 1 day is woefully inadequate here;
users expect to be able to add the alias to their new account and
press the move button on their old account and have it work.

This allows callers to specify a maximum age before a refetch is
triggered. We set that to 5s for the move code, as a nice compromise
between Making Things Work and ensuring that this can't be used
to hammer a remote server
erincandescent commented 2024-02-29 20:42:27 +00:00
Author
Contributor
Copy link

This one is currently marinating on akko.erincandescent.net to see if we have any issues, but its a minor change so I don't expect any

This one is currently marinating on `akko.erincandescent.net` to see if we have any issues, but its a minor change so I don't expect any
erincandescent commented 2024-03-01 14:55:27 +00:00
Author
Contributor
Copy link

(I debated a bit whether we should just bypass cache entirely here, what do you think?)

(I debated a bit whether we should just bypass cache entirely here, what do you think?)
floatingghost commented 2024-03-01 17:14:05 +00:00
Owner
Copy link

it's probably good to use the cache in some capacity here since otherwise it would just become a dos vector which isn't amazing

5s should be fine i guess? i hope

it's probably good to use the cache in some capacity here since otherwise it would just become a dos vector which isn't amazing 5s should be fine i guess? i hope
erincandescent commented 2024-03-01 17:32:40 +00:00
Author
Contributor
Copy link

Yeah, theoretically someone could make us refresh a profile 720 times an hour by spamming Moves at us, but in the grand scheme of things they could also make any AP impl try and fetch random objects by spamming Announces at it so this feels moderately academic

But doing some caching at least keeps things from becoming stupid

Yeah, theoretically someone could make us refresh a profile 720 times an hour by spamming Moves at us, but in the grand scheme of things they could also make any AP impl try and fetch random objects by spamming Announces at it so this feels moderately academic But doing some caching at least keeps things from becoming stupid
shadowjonathan commented 2024-03-14 12:10:18 +00:00
First-time contributor
Copy link

FWIW this bug currently causes users to lose their followers from akkoma instances fairly often, since posting about it, i've seen at least 3 mutuals lose some of their followers because of this.

A DoS would only get 0.2 req/s on the target instance, I concur with erin that the concern is purely academical.

FWIW this bug currently causes users to lose their followers from akkoma instances fairly often, since [posting about it](https://tech.lgbt/@ShadowJonathan/111999825642948194), i've seen at least 3 mutuals lose some of their followers because of this. A DoS would only get 0.2 req/s on the target instance, I concur with erin that the concern is purely academical.
erincandescent commented 2024-04-02 08:54:57 +00:00
Author
Contributor
Copy link

I haven't noticed any issues arising out of this one over the past month 👍

I haven't noticed any issues arising out of this one over the past month 👍
floatingghost commented 2024-04-03 10:03:05 +00:00
Owner
Copy link

all good, thank you very much!

all good, thank you very much!
floatingghost merged commit 554f19a9ed into develop 2024-04-03 10:03:15 +00:00
floatingghost deleted branch move-bust-cache 2024-04-03 10:03:15 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
approved, awaiting change

   
bug

Something is not working

  
configuration

This requires config changes

  
documentation

This is about human-readable docs

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
extremely low priority

   
feature request

Something new?

  
Fix it yourself

Support has been attempted

  
help wanted

Need some help

  
invalid

Something is wrong

  
mastodon_api

   
needs docs

   
needs tests

   
not a bug

   
planned

   
pleroma_api

   
privacy

   
question

More information is needed

  
static_fe

   
triage

   
wontfix

This won't be fixed

No labels
approved, awaiting change
bug
configuration
documentation
duplicate
enhancement
extremely low priority
feature request
Fix it yourself
help wanted
invalid
mastodon_api
needs docs
needs tests
not a bug
planned
pleroma_api
privacy
question
static_fe
triage
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: AkkomaGang/akkoma#714
No description provided.
Delete branch "erincandescent/akkoma:move-bust-cache"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?