Merge pull request #14 from cerberauth/clients-cleanup

Clients cleanup

.github/workflows/ci.yml

@@ -14,8 +14,11 @@ env:
 jobs:
   build:
     runs-on: ubuntu-latest
-    env:
-      working-directory: ./hydra-login-consent
+    strategy:
+      matrix:
+        working-directory:
+          - ./hydra-login-consent
+          - ./hydra-cleanup
 
     steps:
       - uses: actions/checkout@v4
@@ -26,5 +29,5 @@ jobs:
           go-version: ${{ env.GO_VERSION }}
 
       - name: Build
-        working-directory: ${{ env.working-directory }}
+        working-directory: ${{ matrix.working-directory }}
         run: go build -v ./...

docker-compose.dev.yml

@@ -11,7 +11,7 @@ services:
       - .env
 
   hydra-admin:
-    command: serve admin -c /etc/config/hydra/hydra.yml --sqa-opt-out
+    command: serve admin -c /etc/config/hydra/hydra.yml --sqa-opt-out --dev
     ports:
       - 4445:4445
     env_file:

hydra-cleanup/.env.local

@@ -0,0 +1 @@
+HYDRA_ADMIN_URL=http://localhost:4445

hydra-cleanup/.gitignore

@@ -0,0 +1,28 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Environment variables file
+.env
+
+# dependencies
+/node_modules
+/.pnp
+.pnp.js
+.yarn/install-state.gz
+
+# debug
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+hydra-cleanup

hydra-cleanup/Dockerfile

@@ -0,0 +1,21 @@
+FROM golang:1.22 AS builder
+
+WORKDIR /app
+
+COPY go.mod go.sum ./
+RUN go mod download
+
+COPY . ./
+
+RUN CGO_ENABLED=0 GOOS=linux GO111MODULE=on go build -o /hydra-cleanup .
+
+FROM gcr.io/distroless/static-debian11:nonroot AS runner
+
+WORKDIR /app
+
+COPY --from=builder --chown=nonroot:nonroot /hydra-cleanup /usr/bin/hydra-cleanup
+
+USER nonroot:nonroot
+
+ENTRYPOINT ["hydra-cleanup"]
+CMD ["cron", "-f"]

hydra-cleanup/README.md

@@ -0,0 +1 @@
+# TestID Hydra Clients Cleanup

hydra-cleanup/go.mod

@@ -0,0 +1,10 @@
+module github.com/cerberauth/testid/hydra-cleanup
+
+go 1.22
+
+require (
+	github.com/ory/hydra-client-go/v2 v2.2.1
+	github.com/peterhellberg/link v1.2.0
+)
+
+require golang.org/x/oauth2 v0.21.0 // indirect

hydra-cleanup/go.sum

@@ -0,0 +1,8 @@
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/ory/hydra-client-go/v2 v2.2.1 h1:m1821pIX6ybG/3oSAn2wtrbBKNwe9q5A8fLljYuLpBk=
+github.com/ory/hydra-client-go/v2 v2.2.1/go.mod h1:K83R+iK40+5uF2uQ34yRUrf9izRvFsza9pG2Se5qMmk=
+github.com/peterhellberg/link v1.2.0 h1:UA5pg3Gp/E0F2WdX7GERiNrPQrM1K6CVJUUWfHa4t6c=
+github.com/peterhellberg/link v1.2.0/go.mod h1:gYfAh+oJgQu2SrZHg5hROVRQe1ICoK0/HHJTcE0edxc=
+golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
+golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=

hydra-cleanup/main.go

@@ -0,0 +1,94 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+	"os"
+	"time"
+
+	"github.com/peterhellberg/link"
+
+	hydraClient "github.com/ory/hydra-client-go/v2"
+)
+
+func setupHydraClient() *hydraClient.APIClient {
+	hydraAdminURL := os.Getenv("HYDRA_ADMIN_URL")
+	if hydraAdminURL == "" {
+		hydraAdminURL = "http://localhost:4445"
+	}
+
+	configuration := hydraClient.NewConfiguration()
+	configuration.Debug = hydraAdminURL == "http://localhost:4445"
+	configuration.Servers = []hydraClient.ServerConfiguration{
+		{
+			URL: hydraAdminURL,
+		},
+	}
+
+	hydraAdminClient := hydraClient.NewAPIClient(configuration)
+	return hydraAdminClient
+}
+
+func cleanupClients(ctx context.Context, hydraAdminClient *hydraClient.APIClient) (int, error) {
+	deletedClients := 0
+	pageSize := 200
+	pageToken := "1"
+
+	fmt.Println("Cleaning up clients...")
+	for {
+		clients, r, err := hydraAdminClient.OAuth2API.ListOAuth2Clients(ctx).PageSize(int64(pageSize)).PageToken(pageToken).Execute()
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.ListOAuth2Clients``: %v\n", err)
+			fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+
+			return deletedClients, err
+		}
+
+		for _, client := range clients {
+			if client.GetMetadata() != nil {
+				metadata, ok := client.GetMetadata().(map[string]interface{})
+				if ok && metadata["disable_cleanup"] == "true" {
+					continue
+				}
+			}
+
+			// Check if client creation time is older than 1 day
+			if time.Since(client.GetCreatedAt()).Hours() > 24 {
+				_, err := hydraAdminClient.OAuth2API.DeleteOAuth2Client(ctx, client.GetClientId()).Execute()
+				if err != nil {
+					fmt.Fprintf(os.Stderr, "Error deleting client: %v\n", err)
+					continue
+				}
+				deletedClients++
+			}
+		}
+
+		next := link.ParseHeader(r.Header)["next"]
+		if next == nil {
+			break
+		}
+
+		nextUri, err := url.Parse(next.URI)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Error parsing next URI: %v\n", err)
+			return deletedClients, err
+		}
+		pageToken = nextUri.Query().Get("page_token")
+	}
+
+	return deletedClients, nil
+}
+
+func main() {
+	ctx := context.Background()
+	hydraAdminClient := setupHydraClient()
+
+	deletedClients, err := cleanupClients(ctx, hydraAdminClient)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error cleaning up clients: %v\n", err)
+		return
+	}
+
+	fmt.Printf("Deleted %d clients\n", deletedClients)
+}