[migrations] delete expired oauth access tokens after 24h (#33575)

Co-authored-by: Brian Gough <brian.gough@overleaf.com> GitOrigin-RevId: 7f67a7e6949472c66f5f75a6053161d8e359f5df
2026-05-23 17:19:37 +02:00 · 2026-05-18 10:28:35 +02:00
parent 2f5d838e0f
commit b1a0bb16db
1 changed files with 29 additions and 0 deletions
--- a/tools/migrations/20260511104500_expire_oauthAccessTokens.mjs
+++ b/tools/migrations/20260511104500_expire_oauthAccessTokens.mjs
@@ -0,0 +1,29 @@
+import Helpers from './lib/helpers.mjs'
+
+const tags = ['server-ce', 'server-pro', 'saas']
+
+// Distinguish between access token not found and access token expired for 24h after expiry.
+const oneDayInSeconds = 24 * 60 * 60
+
+const indexes = [
+  {
+    name: 'accessTokenExpiresAt_1',
+    key: { accessTokenExpiresAt: 1 },
+    partialFilterExpression: { accessTokenExpiresAt: { $exists: true } },
+    expireAfterSeconds: oneDayInSeconds,
+  },
+]
+
+const migrate = async ({ db }) => {
+  await Helpers.addIndexesToCollection(db.oauthAccessTokens, indexes)
+}
+
+const rollback = async ({ db }) => {
+  await Helpers.dropIndexesFromCollection(db.oauthAccessTokens, indexes)
+}
+
+export default {
+  tags,
+  migrate,
+  rollback,
+}