From cad4caf5182fca6837cda7ec727980a7aad4965e Mon Sep 17 00:00:00 2001
From: Tanner Collin <git@tannercollin.com>
Date: Thu, 15 Apr 2021 23:30:16 +0000
Subject: [PATCH] Reset backup canaries

---
 .../api/management/commands/generate_backups.py          | 7 ++++++-
 apiserver/apiserver/secrets.py.example                   | 9 +++++++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/apiserver/apiserver/api/management/commands/generate_backups.py b/apiserver/apiserver/api/management/commands/generate_backups.py
index 942e0d8..687eb9f 100644
--- a/apiserver/apiserver/api/management/commands/generate_backups.py
+++ b/apiserver/apiserver/api/management/commands/generate_backups.py
@@ -29,6 +29,7 @@ class Command(BaseCommand):
     @transaction.atomic
     def generate_backups(self):
         backup_users = secrets.BACKUP_TOKENS.values()
+        count = 0
 
         for user in backup_users:
             models.MetaInfo.objects.update_or_create(
@@ -40,6 +41,9 @@ class Command(BaseCommand):
             with open(DATA_FOLDER + '/static/123e4567-e89b-12d3-a456-426655440000.jpg', 'w') as f:
                 f.write(backup_id_string(user) + '\n')
 
+            if user['name'] == 'null':  # reset the canaries for data-at-rest
+                continue
+
             file_name = 'spaceport-backup-{}.tar.gz'.format(
                 str(now().date()),
             )
@@ -72,8 +76,9 @@ class Command(BaseCommand):
             cache.set(user['cache_key'], path_name + '/' + file_name)
 
             self.stdout.write('Wrote backup for: ' + user['name'])
+            count += 1
 
-        return len(backup_users)
+        return count
 
     def handle(self, *args, **options):
         self.stdout.write('{} - Generating backups'.format(str(now())))
diff --git a/apiserver/apiserver/secrets.py.example b/apiserver/apiserver/secrets.py.example
index df16488..5360a63 100644
--- a/apiserver/apiserver/secrets.py.example
+++ b/apiserver/apiserver/secrets.py.example
@@ -75,12 +75,17 @@ EMAIL_PASS = ''
 # head /dev/urandom | base32 | head -c 40
 BACKUP_TOKENS = {
     '<token>': {
-        'name': 'firstname_lastname',
+        'name': 'firstname.lastname',
         'backup_id': '<token>',
         'cache_key': '<token>',
     },
     '<token>': {
-        'name': 'firstname_lastname',
+        'name': 'firstname.lastname',
+        'backup_id': '<token>',
+        'cache_key': '<token>',
+    },
+    '<token>': {  # reset the canaries for data-at-rest
+        'name': 'null',
         'backup_id': '<token>',
         'cache_key': '<token>',
     },