chore: add logout-all-users recovery script#207
Open
cdtinney wants to merge 1 commit into
Open
Conversation
Adds scripts/logout-all-users.sh, run on the droplet to clear the session table when stale cookies point at user rows the server can't deserialize (e.g. after a token-encryption rollout, where pre-existing rows hold plaintext tokens the new decrypt path rejects and every authenticated request 500s before the user can reach /auth/user/logout). Once the session table is empty, the next request runs the OAuth flow, which rewrites the user row with freshly-encrypted tokens via findOrCreateUser ON CONFLICT. Confirmation prompt by default; --yes skips.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds
scripts/logout-all-users.sh, run on the droplet to clear thesessiontable when stale cookies point at user rows the server can't deserialize.Concretely: after the token-encryption rollout in #204, pre-existing user rows still hold plaintext access/refresh tokens. The new
decryptTokenpath requires av1:prefix and throws on anything else, so passport'sdeserializeUser(which callsfindUserBySpotifyId→toUser) throws on every authenticated request — including/api/auth/user/logout. The user has no in-app way to recover.Wiping the
sessiontable breaks the cookie → user mapping. The next request runs the OAuth flow, andfindOrCreateUser'sON CONFLICT … DO UPDATErewrites both token columns with freshly-encrypted (v1:-prefixed) values, so the stale rows fix themselves on next login. No need to touch theuserstable.Hardcoded to
/opt/spune/docker-compose.ymlto matchmigrate.sh/logs.sh. UsesDELETEoverTRUNCATE(works under any privilege level, transactional). Confirmation prompt by default;--yesto skip.Testing
bash -n scripts/logout-all-users.sh— syntax check passes.sessiontable → next request has nopassport.useronreq.session→ passport doesn't calldeserializeUser→ no decrypt error →/api/auth/spotifyredirect works → callback runsfindOrCreateUser→ row rewritten withv1:tokens.