[PM-5533] Migrate Org Keys to state providers (#7521)

* Move org keys to state providers * Create state for org keys and derive decrypted for use * Make state readonly * Remove org keys from state service * Migrate user keys state * Review feedback * Correct test name * Refix key types * `npm run prettier` 🤖
2025-12-19 17:53:39 +00:00 · 2024-01-23 16:01:49 -05:00
parent 6ba1cc96e1
commit e23bcb50e8
15 changed files with 462 additions and 149 deletions
--- a/libs/common/src/state-migrations/migrations/11-move-org-keys-to-state-providers.ts
+++ b/libs/common/src/state-migrations/migrations/11-move-org-keys-to-state-providers.ts
@@ -0,0 +1,59 @@
+import { KeyDefinitionLike, MigrationHelper } from "../migration-helper";
+import { Migrator } from "../migrator";
+
+type OrgKeyDataType = {
+  type: "organization" | "provider";
+  key: string;
+  providerId?: string;
+};
+
+type ExpectedAccountType = {
+  keys?: {
+    organizationKeys?: {
+      encrypted?: Record<string, OrgKeyDataType>;
+    };
+  };
+};
+
+const USER_ENCRYPTED_ORGANIZATION_KEYS: KeyDefinitionLike = {
+  key: "organizationKeys",
+  stateDefinition: {
+    name: "crypto",
+  },
+};
+
+export class OrganizationKeyMigrator extends Migrator<10, 11> {
+  async migrate(helper: MigrationHelper): Promise<void> {
+    const accounts = await helper.getAccounts<ExpectedAccountType>();
+    async function migrateAccount(userId: string, account: ExpectedAccountType): Promise<void> {
+      const value = account?.keys?.organizationKeys?.encrypted;
+      if (value != null) {
+        await helper.setToUser(userId, USER_ENCRYPTED_ORGANIZATION_KEYS, value);
+        delete account.keys.organizationKeys;
+        await helper.set(userId, account);
+      }
+    }
+
+    await Promise.all([...accounts.map(({ userId, account }) => migrateAccount(userId, account))]);
+  }
+  async rollback(helper: MigrationHelper): Promise<void> {
+    const accounts = await helper.getAccounts<ExpectedAccountType>();
+    async function rollbackAccount(userId: string, account: ExpectedAccountType): Promise<void> {
+      const value = await helper.getFromUser<Record<string, OrgKeyDataType>>(
+        userId,
+        USER_ENCRYPTED_ORGANIZATION_KEYS,
+      );
+      if (account && value) {
+        account.keys = Object.assign(account.keys ?? {}, {
+          organizationKeys: {
+            encrypted: value,
+          },
+        });
+        await helper.set(userId, account);
+      }
+      await helper.setToUser(userId, USER_ENCRYPTED_ORGANIZATION_KEYS, null);
+    }
+
+    await Promise.all([...accounts.map(({ userId, account }) => rollbackAccount(userId, account))]);
+  }
+}