Add grace period for account deletions

[jonbarrow]

Resolves #303

Changes:

Adds new marked_for_deletion and hard_delete_time fields to the PNID model, and replaces all instances of pnid.scrub() with pnid.markForDeletion(). pnid.markForDeletion() sets marked_for_deletion to true and hard_delete_time to 7 days in the future. A new cron job runs every day at 2am (same as the BOSS server cron job) to run through all the pending deletions ready to be deleted, and then processes them. Also checks at server boot to catch any that happened during downtime, though once the cron job starts it shouldn't matter anyway

This lets us "rollback" any accidental deletions that may occur. There isn't a way for us to undo a pending deletion at the moment outside of direct DB access, but that should be fine for now since I don't think we'd be processing too many of those kinds of requests

Should be merged before #313, since these changes can be deployed at any time

• I have read and agreed to the Code of Conduct.
• I have read and complied with the contributing guidelines.
• What I'm implementing was an approved issue.
• I have tested all of my changes.

[DaniElectra]

While we're here I think we should also update how the scrubbing works. Right now it scrubs the access level and sets it to 0, but this is kinda problematic especially for moderation, such as in the case where a PNID is banned and they delete their account.

I'd say to reset the level to 0 if it's above 0, but keep it as-is if it's lower than 0

[jonbarrow]

While we're here I think we should also update how the scrubbing works. Right now it scrubs the access level and sets it to 0, but this is kinda problematic especially for moderation, such as in the case where a PNID is banned and they delete their account.

I'd say to reset the level to 0 if it's above 0, but keep it as-is if it's lower than 0

I forgot about this issue, sounds good to me

[DaniElectra]

LGTM

[jonbarrow]

@mrjvs does this look good to you? Wanted to make sure the cron job and such won't mess with any deployments since it's the first time I've use a cron job since the new infra came out

[mrjvs]

There's no problems with using nodejs cronjobs in the current infra setup.

If there is ever a need to scale the account server up to multiple instances, we may need a distributed locking system on top of cronjobs (so that we dont scrub the same account twice in the same millisecond)

[jonbarrow]

There's no problems with using nodejs cronjobs in the current infra setup.

Gotcha

If there is ever a need to scale the account server up to multiple instances, we may need a distributed locking system on top of cronjobs (so that we dont scrub the same account twice in the same millisecond)

Is this a concern for now or do you think it can wait until later?

[mrjvs]

It can wait, I don't think account currently can be horizontally scaled anyway. There's more work to be done before that's an option.

[jonbarrow]

Sounds good then, thanks 👍