Add script for reshare migration

anhthii · anhthii · commit db83c8d089c7 · 2025-08-08T22:51:40.000+07:00
diff --git a/scripts/migration/check-participants/main.go b/scripts/migration/check-participants/main.go
@@ -0,0 +1,122 @@
+package main
+
+import (
+	"encoding/json"
+	"os"
+	"strings"
+
+	"github.com/fystack/mpcium/pkg/config"
+	"github.com/fystack/mpcium/pkg/infra"
+	"github.com/fystack/mpcium/pkg/keyinfo"
+	"github.com/fystack/mpcium/pkg/logger"
+	"github.com/spf13/viper"
+)
+
+type KeyReport struct {
+	Key                string   `json:"key"`
+	WalletID           string   `json:"wallet_id"`
+	KeyType            string   `json:"key_type"`
+	ParticipantCount   int      `json:"participant_count"`
+	ParticipantPeerIDs []string `json:"participant_peer_ids"`
+	Threshold          int      `json:"threshold"`
+	Version            int      `json:"version"`
+}
+
+// extractWalletIDAndKeyType extracts wallet ID and key type from the consul key
+// Format: threshold_keyinfo/eddsa:0f2d9b28-7066-4571-855c-980983928fe8:0
+// or: threshold_keyinfo/ecdsa:wallet-id:index
+func extractWalletIDAndKeyType(consulKey string) (walletID, keyType string) {
+	// Remove the prefix
+	withoutPrefix := strings.TrimPrefix(consulKey, "threshold_keyinfo/")
+
+	// Split by colon to get key type and wallet info
+	parts := strings.SplitN(withoutPrefix, ":", 2)
+	if len(parts) >= 2 {
+		keyType = parts[0]
+		walletID = parts[1] // This includes the wallet ID and any suffix like ":0"
+	} else {
+		// Fallback: if no colon, treat the whole thing as wallet ID
+		walletID = withoutPrefix
+		keyType = "unknown"
+	}
+
+	return walletID, keyType
+}
+
+func main() {
+	config.InitViperConfig()
+	environment := viper.GetString("environment")
+	logger.Init(environment, true)
+
+	consulClient := infra.GetConsulClient(environment)
+	// Get KV client
+	kv := consulClient.KV()
+
+	// List all keys under threshold_keyinfo/
+	pairs, _, err := kv.List("threshold_keyinfo/", nil)
+	if err != nil {
+		logger.Fatal("Failed to list keys", err)
+	}
+
+	var keysWithLowParticipants []KeyReport
+
+	// Check each key
+	for _, pair := range pairs {
+		var info keyinfo.KeyInfo
+		if err := json.Unmarshal(pair.Value, &info); err != nil {
+			logger.Warn("Failed to unmarshal key",
+				"key", pair.Key,
+				"error", err,
+			)
+			continue
+		}
+
+		// Check if participants are less than 3
+		if len(info.ParticipantPeerIDs) < 3 {
+			walletID, keyType := extractWalletIDAndKeyType(pair.Key)
+
+			report := KeyReport{
+				Key:                pair.Key,
+				WalletID:           walletID,
+				KeyType:            keyType,
+				ParticipantCount:   len(info.ParticipantPeerIDs),
+				ParticipantPeerIDs: info.ParticipantPeerIDs,
+				Threshold:          info.Threshold,
+				Version:            info.Version,
+			}
+			keysWithLowParticipants = append(keysWithLowParticipants, report)
+			logger.Info("Found key with low participants",
+				"key", pair.Key,
+				"wallet_id", walletID,
+				"key_type", keyType,
+				"count", len(info.ParticipantPeerIDs),
+				"participants", info.ParticipantPeerIDs,
+			)
+		}
+	}
+
+	// Create report
+	report := struct {
+		TotalKeysFound int         `json:"total_keys_found"`
+		Keys           []KeyReport `json:"keys"`
+	}{
+		TotalKeysFound: len(keysWithLowParticipants),
+		Keys:           keysWithLowParticipants,
+	}
+
+	// Save to JSON file
+	outputFile := "low_participant_keys.json"
+	reportJSON, err := json.MarshalIndent(report, "", "  ")
+	if err != nil {
+		logger.Fatal("Failed to marshal report", err)
+	}
+
+	if err := os.WriteFile(outputFile, reportJSON, 0644); err != nil {
+		logger.Fatal("Failed to write report", err)
+	}
+
+	logger.Info("Report generated",
+		"total_keys", len(keysWithLowParticipants),
+		"output_file", outputFile,
+	)
+}
diff --git a/scripts/migration/deployment_script.sh b/scripts/migration/deployment_script.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+# Function to decrypt secrets
+decrypt_secret() {
+    gpg --pinentry-mode loopback --passphrase "$1" -d "$2" 2>/dev/null
+}
+
+# Prompt for PASS value
+read -sp "Enter the PASS value: " PASS
+echo
+
+# Set up environment variables
+export GPG_TTY=$(tty)
+
+# Decrypt secrets
+NATS_PASSWORD=$(decrypt_secret "$PASS" ~/.password-store/apex-nats-password.gpg)
+CONSUL_PASSWORD=$(decrypt_secret "$PASS" ~/.password-store/apex-consul-password.gpg)
+CONSUL_TOKEN=$(decrypt_secret "$PASS" ~/.password-store/apex-consul-token.gpg)
+BADGER_PASSWORD=$(decrypt_secret "$PASS" ~/.password-store/mpcium-badger-password.gpg)
+
+# Prompt for command
+read -p "Enter the command to execute: " user_command
+
+# Execute the command with environment variables
+env NATS_PASSWORD="$NATS_PASSWORD" \
+    CONSUL_PASSWORD="$CONSUL_PASSWORD" \
+    CONSUL_TOKEN="$CONSUL_TOKEN" \
+    BADGER_PASSWORD="$BADGER_PASSWORD" \
+    ENVIRONMENT=production \
+    $user_command
+
+# Clear sensitive variables
+unset PASS NATS_PASSWORD CONSUL_PASSWORD CONSUL_TOKEN BADGER_PASSWORD
diff --git a/scripts/migration/execute-reshare/main.go b/scripts/migration/execute-reshare/main.go
