Add message retention and hide emails by default

- db: cleanup_old_messages(days) purges messages older than N days in batches; recipients/reads/deliveries/reactions follow via ON DELETE CASCADE. Returns attachment file_ids no longer referenced by any surviving message (forwarded copies keep their files) and removes their image_uploads rows - server: MESSAGE_RETENTION_DAYS env var (default 0 = keep forever); hourly cleanup deletes expired messages and securely removes orphaned attachment blobs from the upload dir - schema: email_visible now defaults to 0 — previously any logged-in user who knew a UUID could read another user's email via get_profile - migrations: SQL script to apply the new default and reset the flag on existing databases (run manually, see file header) - docker-compose: document MESSAGE_RETENTION_DAYS Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-12 10:30:42 +02:00
parent 750290ddc1
commit f42ecf5c5b
5 changed files with 118 additions and 1 deletions
--- a/schema.sql
+++ b/schema.sql
@@ -155,7 +155,7 @@ CREATE TABLE IF NOT EXISTS user_profiles (
    user_id CHAR(36) NOT NULL PRIMARY KEY,
    phone VARCHAR(50) DEFAULT NULL,
    phone_visible TINYINT(1) NOT NULL DEFAULT 0,
-    email_visible TINYINT(1) NOT NULL DEFAULT 1,
+    email_visible TINYINT(1) NOT NULL DEFAULT 0,
    location VARCHAR(255) DEFAULT NULL,
    location_visible TINYINT(1) NOT NULL DEFAULT 0,
    avatar_file VARCHAR(255) DEFAULT NULL,