2.9 KiB
2.9 KiB
spam accounts management for forgejo
Usage
- remove
model.json
if you want to start with no pre-existing model of what is spam or not. Or keep it to use the current classifier. The file gets updated when using the tool: the classifier learns from spam/legit decisions and should get progressively better at identifying spam. - run:
cargo run
- classify users as spam/not spam. By default the classification is stored
locally in
db.json
, no concrete action is taken. (see theACTUALLY_BAN_USERS
environment variable below.)
Configuration
Forgery reads the following environment variables:
FORGE_URL
(mandatory): url of the forgejo instance (e.g. https://git.deuxfleurs.fr)FORGE_API_TOKEN
(mandatory): Forgejo API token granting admin access. You can generate an API token using the Forgejo web interface inSettings -> Applications -> Generate New Token
.ACTUALLY_BAN_USERS
(default:false
): define it totrue
to actually lock user accounts, send notification emails and eventually delete user accounts. Otherwise, no actual action is taken: spammers are only listed in the database. The variable should be set in production, but probably not for testing.STORAGE_BACKEND
(default:local
): eitherlocal
ors3
. Choselocal
to store the application state to local files, ors3
to store them in S3-compatible storage (see below for corresponding configuration variables).BIND_ADDR
(default:127.0.0.1:8080
): address on which the webserver listens
Environment variables read when ACTUALLY_BAN_USERS=true
:
SMTP_ADDRESS
: address of the SMTP relay used to send email notificationsSMTP_USERNAME
: SMTP usernameSMTP_PASSWORD
: SMTP passwordADMIN_CONTACT_EMAIL
: email that can be used to contact admins of your instance (included in the notification email sent when locking accounts)ORG_NAME
: organization name (used in the notification email sent when locking accounts)
Environment variables read when STORAGE_BACKEND=local
:
STORAGE_LOCAL_DIR
(default:.
): path to a local directory where to store the application data (as two filesdb.json
andmodel.json
).
Environment variables read when STORAGE_BACKEND=s3
:
STORAGE_S3_BUCKET
: name of the bucket where to store the application data (as two entriesdb.json
andmodel.json
).AWS_DEFAULT_REGION
: S3 endpoint regionAWS_ENDPOINT_URL
: S3 endpoint URLAWS_ACCESS_KEY_ID
: S3 key idAWS_SECRET_ACCESS_KEY
: S3 key secret
Todos
- discuss the current design choices for when locking the account/sending a notification email fails. (Current behavior is to periodically retry, avoid deleting if the account could not be locked, but delete the account after the grace period even if the email could not be sent…)
- auth: add support for connecting to the forge using oauth?
- improve error handling? currently the app will panic if writing to the storage backend fails. Can we do better?