From 0c51977b63364056ef0878eae52acc30355a2ba1 Mon Sep 17 00:00:00 2001
From: Patryk Kalinowski <patryk@kalinowski.dev>
Date: Fri, 23 Aug 2024 16:10:40 +0200
Subject: [PATCH] rpc/migration: limit email migration to conf'd projects

---
 config/migrations.go           | 5 +++--
 etc/waas-auth.dev.conf         | 1 +
 rpc/migration/oidc_to_email.go | 4 ++++
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/config/migrations.go b/config/migrations.go
index a1f71221..184b04ab 100644
--- a/config/migrations.go
+++ b/config/migrations.go
@@ -12,6 +12,7 @@ type OIDCToStytchConfig struct {
 }
 
 type EmailMigrationConfig struct {
-	Enabled      bool   `toml:"enabled"`
-	IssuerPrefix string `toml:"issuer_prefix"`
+	Enabled      bool     `toml:"enabled"`
+	IssuerPrefix string   `toml:"issuer_prefix"`
+	Projects     []uint64 `toml:"projects"`
 }
diff --git a/etc/waas-auth.dev.conf b/etc/waas-auth.dev.conf
index 60f03d8a..a3cd2f84 100644
--- a/etc/waas-auth.dev.conf
+++ b/etc/waas-auth.dev.conf
@@ -62,4 +62,5 @@ QwIDAQAB
 [migrations.oidc_to_email]
     enabled = true
     issuer_prefix = "https://cognito-idp.ca-central-1.amazonaws.com/"
+    projects = [694]
 
diff --git a/rpc/migration/oidc_to_email.go b/rpc/migration/oidc_to_email.go
index e99962bb..d7ceac2d 100644
--- a/rpc/migration/oidc_to_email.go
+++ b/rpc/migration/oidc_to_email.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"slices"
 	"strings"
 
 	"github.com/0xsequence/waas-authenticator/config"
@@ -28,6 +29,9 @@ func (m *OIDCToEmail) OnRegisterSession(ctx context.Context, originalAccount *da
 	if originalAccount.ProjectID != tntData.ProjectID {
 		return errors.New("project id does not match")
 	}
+	if !slices.Contains(m.config.Projects, originalAccount.ProjectID) {
+		return nil
+	}
 	if originalAccount.Identity.Type != proto.IdentityType_OIDC {
 		return nil
 	}