Save initial signup information for users to aid in spam prevention

[techknowlogick]

trafficstars

This will allow instance admins to view signup pattern patterns for public instances. It is modelled after discourse, mastodon, and MediaWiki's approaches.

Note: This has privacy implications, but as the above-stated open-source projects take this approach, especially MediaWiki, which I have no doubt looked into this thoroughly, it is likely okay for us, too. However, I would be appreciative of any feedback on how this could be improved.

[lafriks]

I support integrating this functionality, however, please make it opt-out so that instance admins can decide on their own if they do not want this feature due to privacy reasons.

I don't really think there is a privacy problem here as IP addresses should be kept for auditing purposes anyway and browser user agent string is not person identifying information or anyhow related to privacy

[techknowlogick]

@lafriks, I'm inclined to merge this as is, with it disabled by default. Then, you could open a new PR to change it so a more in-depth discussion can be had.

[delvh]

What I do understand however, is that this is mostly intended for public instances. So perhaps we should describe in the config docs that especially those instances should consider enabling it?

[lunny]

How about creating a CreateUserOptions as a parameter, user and others could be parameter of that struct.

[techknowlogick]

@delvh by recording signup IPs you can track if multiple users share the same address in case a spam ring creates many accounts. And the user agent is useful too as you can see additional behaviours

[techknowlogick]

@lunny yes, that can be done, but it's out of scope for this PR as I don't want to refactor too much in toys one.

[yp05327]

@lunny Should we move this PR to 1.23.0 milestone? As 1.23.0 is not released yet.