mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-07 20:31:06 -05:00
Merge pull request #12878 from overleaf/em-hash-oauth-secrets-2
Script for hashing OAuth secrets GitOrigin-RevId: 7e2198ff9b41a24b1ca84768c24f3f653243c030
This commit is contained in:
parent
66d29940c3
commit
05f963d17d
1 changed files with 48 additions and 0 deletions
48
services/web/scripts/oauth/backfill_hashed_secrets.js
Normal file
48
services/web/scripts/oauth/backfill_hashed_secrets.js
Normal file
|
@ -0,0 +1,48 @@
|
|||
const {
|
||||
db,
|
||||
waitForDb,
|
||||
READ_PREFERENCE_SECONDARY,
|
||||
} = require('../../app/src/infrastructure/mongodb')
|
||||
const {
|
||||
hashSecret,
|
||||
} = require('../../modules/oauth2-server/app/src/SecretsHelper')
|
||||
|
||||
async function main() {
|
||||
await waitForDb()
|
||||
console.log('Hashing client secrets...')
|
||||
await hashSecrets(db.oauthApplications, 'clientSecret')
|
||||
console.log('Hashing access tokens...')
|
||||
await hashSecrets(db.oauthAccessTokens, 'accessToken')
|
||||
console.log('Hashing refresh tokens...')
|
||||
await hashSecrets(db.oauthAccessTokens, 'refreshToken')
|
||||
console.log('Hashing authorization codes...')
|
||||
await hashSecrets(db.oauthAuthorizationCodes, 'authorizationCode')
|
||||
}
|
||||
|
||||
async function hashSecrets(collection, field) {
|
||||
const cursor = collection.find(
|
||||
{
|
||||
[field]: /^(?!v1\.)/,
|
||||
},
|
||||
{
|
||||
projection: { _id: 1, [field]: 1 },
|
||||
readPreference: READ_PREFERENCE_SECONDARY,
|
||||
}
|
||||
)
|
||||
let hashedCount = 0
|
||||
for await (const doc of cursor) {
|
||||
const hash = hashSecret(doc[field])
|
||||
await collection.updateOne({ _id: doc._id }, { $set: { [field]: hash } })
|
||||
hashedCount++
|
||||
}
|
||||
console.log(`${hashedCount} secrets hashed`)
|
||||
}
|
||||
|
||||
main()
|
||||
.then(() => {
|
||||
process.exit(0)
|
||||
})
|
||||
.catch(err => {
|
||||
console.error(err)
|
||||
process.exit(1)
|
||||
})
|
Loading…
Reference in a new issue