Remove usernames from access log table

This is a GDPR liability since the usernames could be linked to the players.

Plan/common/src/main/java/com/djrapitops/plan/storage/database/SQLDB.java

@@ -233,7 +233,8 @@ public abstract class SQLDB extends AbstractDatabase {
                 new UserInfoHostnameAllowNullPatch(),
                 new RegisterDateMinimizationPatch(),
                 new UsersTableNameLengthPatch(),
-                new SessionJoinAddressPatch()
+                new SessionJoinAddressPatch(),
+                new RemoveUsernameFromAccessLogPatch()
         };
     }
 

Plan/common/src/main/java/com/djrapitops/plan/storage/database/sql/tables/AccessLogTable.java

@@ -29,10 +29,6 @@ public class AccessLogTable {
     public static final String REQUEST_METHOD = "request_method";
     public static final String REQUEST_URI = "request_uri";
     public static final String RESPONSE_CODE = "response_code";
-    public static final String USERNAME = "username";
-    public static final String INSERT_WITH_USER = "INSERT INTO " + TABLE_NAME + " (" +
-            TIME + ',' + FROM_IP + ',' + REQUEST_METHOD + ',' + REQUEST_URI + ',' + RESPONSE_CODE + ',' + USERNAME +
-            ") VALUES (?, ?, ?, ?, ?, ?)";
     public static final String INSERT_NO_USER = "INSERT INTO " + TABLE_NAME + " (" +
             TIME + ',' + FROM_IP + ',' + REQUEST_METHOD + ',' + REQUEST_URI + ',' + RESPONSE_CODE +
             ") VALUES (?, ?, ?, ?, ?)";
@@ -49,7 +45,6 @@ public class AccessLogTable {
                 .column(REQUEST_METHOD, Sql.varchar(8)).notNull()
                 .column(REQUEST_URI, Sql.TEXT).notNull()
                 .column(RESPONSE_CODE, Sql.INT)
-                .column(USERNAME, Sql.varchar(100))
                 .build();
     }
 }

Plan/common/src/main/java/com/djrapitops/plan/storage/database/transactions/events/StoreRequestTransaction.java

@@ -18,7 +18,6 @@ package com.djrapitops.plan.storage.database.transactions.events;
 
 import com.djrapitops.plan.delivery.web.resolver.Response;
 import com.djrapitops.plan.delivery.web.resolver.request.Request;
-import com.djrapitops.plan.delivery.web.resolver.request.WebUser;
 import com.djrapitops.plan.delivery.webserver.configuration.WebserverConfiguration;
 import com.djrapitops.plan.delivery.webserver.http.InternalRequest;
 import com.djrapitops.plan.storage.database.sql.tables.AccessLogTable;
@@ -28,8 +27,6 @@ import org.apache.commons.lang3.StringUtils;
 
 import java.sql.PreparedStatement;
 import java.sql.SQLException;
-import java.sql.Types;
-import java.util.Optional;
 
 public class StoreRequestTransaction extends Transaction {
 
@@ -48,37 +45,17 @@ public class StoreRequestTransaction extends Transaction {
 
     @Override
     protected void performOperations() {
-        if (request == null || request.getUser().isEmpty()) { // login failed / auth disabled
-            execute(new ExecStatement(AccessLogTable.INSERT_NO_USER) {
-                @Override
-                public void prepare(PreparedStatement statement) throws SQLException {
-                    statement.setLong(1, internalRequest.getTimestamp());
-                    statement.setString(2, internalRequest.getAccessAddress(webserverConfiguration));
-                    String method = internalRequest.getMethod();
-                    statement.setString(3, method != null ? method : "?");
-                    statement.setString(4, getTruncatedURI());
-                    statement.setInt(5, response.getCode());
-                }
-            });
-        } else {
-            execute(new ExecStatement(AccessLogTable.INSERT_WITH_USER) {
-                @Override
-                public void prepare(PreparedStatement statement) throws SQLException {
-                    statement.setLong(1, internalRequest.getTimestamp());
-                    statement.setString(2, internalRequest.getAccessAddress(webserverConfiguration));
-                    statement.setString(3, request.getMethod());
-                    statement.setString(4, getTruncatedURI());
-                    statement.setInt(5, response.getCode());
-
-                    Optional<String> webUsername = request.getUser().map(WebUser::getUsername);
-                    if (webUsername.isPresent()) {
-                        statement.setString(6, webUsername.get());
-                    } else {
-                        statement.setNull(6, Types.VARCHAR);
-                    }
-                }
-            });
-        }
+        execute(new ExecStatement(AccessLogTable.INSERT_NO_USER) {
+            @Override
+            public void prepare(PreparedStatement statement) throws SQLException {
+                statement.setLong(1, internalRequest.getTimestamp());
+                statement.setString(2, internalRequest.getAccessAddress(webserverConfiguration));
+                String method = internalRequest.getMethod();
+                statement.setString(3, method != null ? method : "?");
+                statement.setString(4, getTruncatedURI());
+                statement.setInt(5, response.getCode());
+            }
+        });
     }
 
     private String getTruncatedURI() {

Plan/common/src/main/java/com/djrapitops/plan/storage/database/transactions/patches/RemoveUsernameFromAccessLogPatch.java

@@ -0,0 +1,61 @@
+/*
+ *  This file is part of Player Analytics (Plan).
+ *
+ *  Plan is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License v3 as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  Plan is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with Plan. If not, see <https://www.gnu.org/licenses/>.
+ */
+package com.djrapitops.plan.storage.database.transactions.patches;
+
+import com.djrapitops.plan.storage.database.queries.QueryAllStatement;
+import com.djrapitops.plan.storage.database.sql.tables.AccessLogTable;
+import com.djrapitops.plan.storage.database.transactions.ExecStatement;
+
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Types;
+
+import static com.djrapitops.plan.storage.database.sql.building.Sql.*;
+
+/**
+ * @author AuroraLS3
+ */
+public class RemoveUsernameFromAccessLogPatch extends Patch {
+
+    @Override
+    public boolean hasBeenApplied() {
+        if (!hasColumn(AccessLogTable.TABLE_NAME, "username")) {
+            return true;
+        }
+
+        String sql = SELECT + "COUNT(*) as c" +
+                FROM + AccessLogTable.TABLE_NAME +
+                WHERE + "username" + IS_NOT_NULL;
+        return query(new QueryAllStatement<>(sql) {
+            @Override
+            public Boolean processResults(ResultSet set) throws SQLException {
+                return set.next() && set.getInt("c") > 0;
+            }
+        });
+    }
+
+    @Override
+    protected void applyPatch() {
+        execute(new ExecStatement("UPDATE " + AccessLogTable.TABLE_NAME + " SET username=?") {
+            @Override
+            public void prepare(PreparedStatement statement) throws SQLException {
+                statement.setNull(1, Types.VARCHAR);
+            }
+        });
+    }
+}