From e97397ddbfeef75fca1b444010cfb86c3cf90942 Mon Sep 17 00:00:00 2001 From: kjh2064 Date: Wed, 1 Jul 2026 14:17:53 +0900 Subject: [PATCH] Disable antiforgery on auth and add quantengine migration tools --- src/dotnet/QuantEngine.Web/Program.cs | 4 +- ...ate_quantengine_schema_to_quantenginedb.sh | 39 +++++++++++++++++++ tools/verify_quantengine_migration.sh | 21 ++++++++++ 3 files changed, 62 insertions(+), 2 deletions(-) create mode 100644 tools/migrate_quantengine_schema_to_quantenginedb.sh create mode 100644 tools/verify_quantengine_migration.sh diff --git a/src/dotnet/QuantEngine.Web/Program.cs b/src/dotnet/QuantEngine.Web/Program.cs index ba96c3a..29edf7a 100644 --- a/src/dotnet/QuantEngine.Web/Program.cs +++ b/src/dotnet/QuantEngine.Web/Program.cs @@ -167,7 +167,7 @@ app.MapPost("/api/auth/login", async (LoginRequest request, IWorkspaceRepository accessToken = rawToken, expiresAt = expiresAt.ToString("O") }); -}); +}).DisableAntiforgery(); app.MapGet("/api/auth/me", async (HttpContext context, IWorkspaceRepository workspaceRepo) => { @@ -210,7 +210,7 @@ app.MapPost("/api/auth/logout", async (HttpContext context, IWorkspaceRepository var tokenHash = Convert.ToHexString(SHA256.HashData(Encoding.UTF8.GetBytes(token))); await workspaceRepo.RevokeSessionAsync(tokenHash, DateTimeOffset.UtcNow.ToString("O")); return Results.Ok(new { success = true }); -}); +}).DisableAntiforgery(); // Operational Report serving API (WASM safe file loading substitute) app.MapGet("/api/operational-report", async (IWebHostEnvironment env) => diff --git a/tools/migrate_quantengine_schema_to_quantenginedb.sh b/tools/migrate_quantengine_schema_to_quantenginedb.sh new file mode 100644 index 0000000..f8293c2 --- /dev/null +++ b/tools/migrate_quantengine_schema_to_quantenginedb.sh @@ -0,0 +1,39 @@ +#!/usr/bin/env bash + +set -euo pipefail + +SRC_DB="${SRC_DB:-giteadb}" +SRC_USER="${SRC_USER:-gitea}" +SRC_PASSWORD="${SRC_PASSWORD:-}" +DST_DB="${DST_DB:-quantenginedb}" +DST_USER="${DST_USER:-quantengine_app}" +DST_PASSWORD="${DST_PASSWORD:-}" +HOST="${HOST:-127.0.0.1}" +PORT="${PORT:-5432}" +SCHEMA="${SCHEMA:-quantengine}" + +if [ -z "${SRC_PASSWORD}" ] || [ -z "${DST_PASSWORD}" ]; then + echo "ERROR: SRC_PASSWORD and DST_PASSWORD must be set." + exit 1 +fi + +TMP_DIR="$(mktemp -d)" +trap 'rm -rf "${TMP_DIR}"' EXIT + +echo "[1/4] Dumping ${SCHEMA} from ${SRC_DB}..." +PGPASSWORD="${SRC_PASSWORD}" pg_dump -h "${HOST}" -p "${PORT}" -U "${SRC_USER}" -n "${SCHEMA}" --no-owner --no-privileges "${SRC_DB}" > "${TMP_DIR}/quantengine_schema.sql" +grep -vE '^CREATE SCHEMA ' "${TMP_DIR}/quantengine_schema.sql" > "${TMP_DIR}/quantengine_schema.filtered.sql" + +echo "[2/4] Ensuring destination schema exists..." +PGPASSWORD="${DST_PASSWORD}" psql -h "${HOST}" -p "${PORT}" -U "${DST_USER}" -d "${DST_DB}" -v ON_ERROR_STOP=1 < ${DST_DB}.${SCHEMA}" diff --git a/tools/verify_quantengine_migration.sh b/tools/verify_quantengine_migration.sh new file mode 100644 index 0000000..beb4873 --- /dev/null +++ b/tools/verify_quantengine_migration.sh @@ -0,0 +1,21 @@ +#!/usr/bin/env bash + +set -euo pipefail + +DB_HOST="${DB_HOST:-127.0.0.1}" +DB_PORT="${DB_PORT:-5432}" +DB_USER="${DB_USER:-quantengine_app}" +DB_PASSWORD="${DB_PASSWORD:-}" +DB_NAME="${DB_NAME:-quantenginedb}" +SCHEMA="${SCHEMA:-quantengine}" + +if [ -z "${DB_PASSWORD}" ]; then + echo "ERROR: DB_PASSWORD must be set." + exit 1 +fi + +echo "Row counts in ${DB_NAME}.${SCHEMA}:" +for table in workspace_account workspace_session settings account_snapshot workspace_approval_v2 workspace_lock kis_tokens kis_collection_runs kis_collection_snapshots kis_collection_errors; do + count=$(PGPASSWORD="${DB_PASSWORD}" psql -h "${DB_HOST}" -p "${DB_PORT}" -U "${DB_USER}" -d "${DB_NAME}" -Atc "SELECT COUNT(*) FROM ${SCHEMA}.${table};" 2>/dev/null || echo "MISSING") + printf '%s %s\n' "${table}" "${count}" +done