From 173a5b7699aa39bfbb9e3d2ba3590b8b8c258b22 Mon Sep 17 00:00:00 2001
From: Jimmy Domagala-Tang <Jimmy.Domagala-Tang@overleaf.com>
Date: Tue, 14 Oct 2025 13:37:05 -0400
Subject: [PATCH] adding script to remove the stale wf oauth tokens (#28786)

GitOrigin-RevId: a4bd36a23867bf8d2273fa397426830c87ab47a2
---
 .../delete_old_writefull_refresh_tokens.mjs   | 38 +++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 services/web/scripts/delete_old_writefull_refresh_tokens.mjs

diff --git a/services/web/scripts/delete_old_writefull_refresh_tokens.mjs b/services/web/scripts/delete_old_writefull_refresh_tokens.mjs
new file mode 100644
index 0000000000..cb275d4423
--- /dev/null
+++ b/services/web/scripts/delete_old_writefull_refresh_tokens.mjs
@@ -0,0 +1,38 @@
+import minimist from 'minimist'
+import { scriptRunner } from './lib/ScriptRunner.mjs'
+import { db } from '../app/src/infrastructure/mongodb.js'
+
+const argv = minimist(process.argv.slice(2))
+
+async function main() {
+  const { expirationDate, commit } = argv
+  const cutOffDate = new Date(expirationDate)
+  const { _id: writefullId } = await db.oauthApplications.findOne({
+    id: 'writefull',
+  })
+  const count = await db.oauthAccessTokens.countDocuments(
+    {
+      accessTokenExpiresAt: { $lte: cutOffDate },
+      oauthApplication_id: writefullId,
+    },
+    { readPreference: 'secondaryPreferred' }
+  )
+  console.log(`${count} access tokens expired before ${cutOffDate}`)
+  if (commit) {
+    await db.oauthAccessTokens.deleteMany({
+      oauthApplication_id: writefullId,
+      accessTokenExpiresAt: { $lte: cutOffDate },
+    })
+  } else {
+    console.log('use --commit to delete expired tokens')
+  }
+}
+
+try {
+  await scriptRunner(main)
+  console.log('Done.')
+  process.exit(0)
+} catch (error) {
+  console.error({ error })
+  process.exit(1)
+}