overleaf/services/web/scripts/count_encrypted_access_tokens.js
Jakob Ackermann 9e6a767c96 Merge pull request #11544 from overleaf/jpa-re-encrypt-access-tokens
[misc] add scripts for rotating all the encrypted access-tokens

GitOrigin-RevId: ce3374bb5d318a7f16a416ac1719a819c1160fb4
2023-02-01 09:03:56 +00:00

73 lines
1.7 KiB
JavaScript

const TEN_MINUTES = 1000 * 60 * 10
process.env.MONGO_SOCKET_TIMEOUT =
process.env.MONGO_SOCKET_TIMEOUT || TEN_MINUTES.toString()
const { ReadPreference } = require('mongodb')
const { db, waitForDb } = require('../app/src/infrastructure/mongodb')
const _ = require('lodash')
const {
formatTokenUsageStats,
} = require('@overleaf/access-token-encryptor/scripts/helpers/format-usage-stats')
const CASES = {
users: {
dropbox: 'dropbox.access_token_oauth2.encrypted',
zotero: 'refProviders.zotero.encrypted',
mendeley: 'refProviders.mendeley.encrypted',
},
githubSyncUserCredentials: {
github: 'auth_token_encrypted',
},
}
async function count(collectionName, paths) {
const collection = db[collectionName]
const stats = {}
const projection = { _id: 0 }
for (const path of Object.values(paths)) {
projection[path] = 1
}
const cursor = collection.find(
{},
{
readPreference: ReadPreference.SECONDARY,
projection,
}
)
for await (const doc of cursor) {
for (const [name, path] of Object.entries(paths)) {
const blob = _.get(doc, path)
if (!blob) continue
// Schema: LABEL:SALT:CIPHERTEXT:IV
const [label, , , iv] = blob.split(':', 4)
const version = iv ? 'v2' : 'v1'
const key = [name, version, collectionName, path, label].join(':')
stats[key] = (stats[key] || 0) + 1
}
}
return stats
}
async function main() {
await waitForDb()
const STATS = {}
for (const [collectionName, paths] of Object.entries(CASES)) {
const stats = await count(collectionName, paths)
Object.assign(STATS, stats)
}
formatTokenUsageStats()
}
main()
.then(() => {
process.exit(0)
})
.catch(err => {
console.error(err)
process.exit(1)
})