superseriousbusiness / gotosocial

Fast, fun, small ActivityPub server.
https://docs.gotosocial.org
GNU Affero General Public License v3.0
3.78k stars 327 forks source link

[feature] Show Last Login for a user in moderation pages #3020

Open justdaj opened 4 months ago

justdaj commented 4 months ago

Is your feature request related to a problem ?

No

Describe the solution you'd like.

It would be useful to see the Last Login date/time of a user when looking at their profile in the moderation section. Currently it shows: Created & Last Posted

Hopefully last login is stored in the DB and can easily be shown

Describe alternatives you've considered.

NONE

Additional context.

No response

justdaj commented 4 months ago

I had a read through the various files in gtsmodel and could not see an obvious Last Login in the DB structure 😒

Of course, that may count for nothing as I know very little of the setup/Go. haha. I do plan to learn a little though!

tsmethurst commented 4 months ago

Currently we don't store last login information, though if there's a good reason to do so, we may when we get around to reworking our oauth implementation a bit.

justdaj commented 4 months ago

No probs. Just an idea. I love stats and it seems like an obvious gap.

Also, I run a couple of other types of server. In the T&Cs there's a note that if you do not login to your account for six months, we reserve the right to delete it.

daenney commented 4 months ago

No probs. Just an idea. I love stats and it seems like an obvious gap.

Storing that and making it visible has some privacy implications. It's also not all that trivial to represent correctly since tokens can be long-lived. They would still actively be using the account, but not actually "logging in". To use it for the purposes of detecting account inactivity, we'd have to update this on every client API call, which isn't very desirable.

Also, I run a couple of other types of server. In the T&Cs there's a note that if you do not login to your account for six months, we reserve the right to delete it.

That's probably not something you want to do for a fedi user. It would result in the destruction of their signing keys. They could never use that identity again to successfully federate with users on servers they've federated with before, or come back to it later and maybe move it to a different server. At best you may want to lock it and purge statuses/media.