Implement cleanup job for email authentications

Add scheduled cleanup job that removes old user email authentications after 7 days. Runs every hour.
2026-01-16 13:26:18 +01:00
parent e6e793f46f
commit f350b94918
6 changed files with 186 additions and 2 deletions
--- a/crates/storage/src/queue/tasks.rs
+++ b/crates/storage/src/queue/tasks.rs
@@ -390,6 +390,14 @@ impl InsertableJob for CleanupUserRecoverySessionsJob {
    const QUEUE_NAME: &'static str = "cleanup-user-recovery-sessions";
 }

+/// Cleanup old user email authentications
+#[derive(Serialize, Deserialize, Debug, Clone, Default)]
+pub struct CleanupUserEmailAuthenticationsJob;
+
+impl InsertableJob for CleanupUserEmailAuthenticationsJob {
+    const QUEUE_NAME: &'static str = "cleanup-user-email-authentications";
+}
+
 /// Scheduled job to expire inactive sessions
 ///
 /// This job will trigger jobs to expire inactive compat, oauth and user
--- a/crates/storage/src/user/email.rs
+++ b/crates/storage/src/user/email.rs
@@ -1,3 +1,4 @@
+// Copyright 2025, 2026 Element Creations Ltd.
 // Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2022-2024 The Matrix.org Foundation C.I.C.
 //
@@ -334,6 +335,32 @@ pub trait UserEmailRepository: Send + Sync {
        authentication: UserEmailAuthentication,
        upstream_oauth_authorization_session: &UpstreamOAuthAuthorizationSession,
    ) -> Result<UserEmailAuthentication, Self::Error>;
+
+    /// Cleanup old email authentications
+    ///
+    /// This will delete email authentications with IDs up to and including
+    /// `until`. Uses ULID cursor-based pagination for efficiency.
+    /// Authentication codes will cascade-delete automatically.
+    ///
+    /// Returns the number of authentications deleted and the cursor for the
+    /// next batch
+    ///
+    /// # Parameters
+    ///
+    /// * `since`: The cursor to start from (exclusive), or `None` to start from
+    ///   the beginning
+    /// * `until`: The maximum ULID to delete (inclusive upper bound)
+    /// * `limit`: The maximum number of authentications to delete in this batch
+    ///
+    /// # Errors
+    ///
+    /// Returns [`Self::Error`] if the underlying repository fails
+    async fn cleanup_authentications(
+        &mut self,
+        since: Option<Ulid>,
+        until: Ulid,
+        limit: usize,
+    ) -> Result<(usize, Option<Ulid>), Self::Error>;
 }

 repository_impl!(UserEmailRepository:
@@ -409,4 +436,11 @@ repository_impl!(UserEmailRepository:
        authentication: UserEmailAuthentication,
        upstream_oauth_authorization_session: &UpstreamOAuthAuthorizationSession,
    ) -> Result<UserEmailAuthentication, Self::Error>;
+
+    async fn cleanup_authentications(
+        &mut self,
+        since: Option<Ulid>,
+        until: Ulid,
+        limit: usize,
+    ) -> Result<(usize, Option<Ulid>), Self::Error>;
 );