Disable antiforgery on auth and add quantengine migration tools
WBS-9.3 - NULL Policy CI Gate / NULL Policy Validation (push) Failing after 4s
Quant Engine CI/CD Pipeline / validate-core (push) Failing after 8s
Quant Engine CI/CD Pipeline / validate-ui-and-storage (push) Has been skipped

This commit is contained in:
2026-07-01 14:17:53 +09:00
parent 6ed3de2749
commit e97397ddbf
3 changed files with 62 additions and 2 deletions
+2 -2
View File
@@ -167,7 +167,7 @@ app.MapPost("/api/auth/login", async (LoginRequest request, IWorkspaceRepository
accessToken = rawToken,
expiresAt = expiresAt.ToString("O")
});
});
}).DisableAntiforgery();
app.MapGet("/api/auth/me", async (HttpContext context, IWorkspaceRepository workspaceRepo) =>
{
@@ -210,7 +210,7 @@ app.MapPost("/api/auth/logout", async (HttpContext context, IWorkspaceRepository
var tokenHash = Convert.ToHexString(SHA256.HashData(Encoding.UTF8.GetBytes(token)));
await workspaceRepo.RevokeSessionAsync(tokenHash, DateTimeOffset.UtcNow.ToString("O"));
return Results.Ok(new { success = true });
});
}).DisableAntiforgery();
// Operational Report serving API (WASM safe file loading substitute)
app.MapGet("/api/operational-report", async (IWebHostEnvironment env) =>
@@ -0,0 +1,39 @@
#!/usr/bin/env bash
set -euo pipefail
SRC_DB="${SRC_DB:-giteadb}"
SRC_USER="${SRC_USER:-gitea}"
SRC_PASSWORD="${SRC_PASSWORD:-}"
DST_DB="${DST_DB:-quantenginedb}"
DST_USER="${DST_USER:-quantengine_app}"
DST_PASSWORD="${DST_PASSWORD:-}"
HOST="${HOST:-127.0.0.1}"
PORT="${PORT:-5432}"
SCHEMA="${SCHEMA:-quantengine}"
if [ -z "${SRC_PASSWORD}" ] || [ -z "${DST_PASSWORD}" ]; then
echo "ERROR: SRC_PASSWORD and DST_PASSWORD must be set."
exit 1
fi
TMP_DIR="$(mktemp -d)"
trap 'rm -rf "${TMP_DIR}"' EXIT
echo "[1/4] Dumping ${SCHEMA} from ${SRC_DB}..."
PGPASSWORD="${SRC_PASSWORD}" pg_dump -h "${HOST}" -p "${PORT}" -U "${SRC_USER}" -n "${SCHEMA}" --no-owner --no-privileges "${SRC_DB}" > "${TMP_DIR}/quantengine_schema.sql"
grep -vE '^CREATE SCHEMA ' "${TMP_DIR}/quantengine_schema.sql" > "${TMP_DIR}/quantengine_schema.filtered.sql"
echo "[2/4] Ensuring destination schema exists..."
PGPASSWORD="${DST_PASSWORD}" psql -h "${HOST}" -p "${PORT}" -U "${DST_USER}" -d "${DST_DB}" -v ON_ERROR_STOP=1 <<SQL
CREATE SCHEMA IF NOT EXISTS ${SCHEMA} AUTHORIZATION ${DST_USER};
ALTER SCHEMA ${SCHEMA} OWNER TO ${DST_USER};
SQL
echo "[3/4] Restoring into ${DST_DB}..."
PGPASSWORD="${DST_PASSWORD}" psql -h "${HOST}" -p "${PORT}" -U "${DST_USER}" -d "${DST_DB}" -v ON_ERROR_STOP=1 -f "${TMP_DIR}/quantengine_schema.filtered.sql"
echo "[4/4] Verifying restore..."
PGPASSWORD="${DST_PASSWORD}" psql -h "${HOST}" -p "${PORT}" -U "${DST_USER}" -d "${DST_DB}" -Atc "SELECT schemaname || '.' || tablename FROM pg_tables WHERE schemaname = '${SCHEMA}' ORDER BY tablename;"
echo "Migration completed: ${SRC_DB}.${SCHEMA} -> ${DST_DB}.${SCHEMA}"
+21
View File
@@ -0,0 +1,21 @@
#!/usr/bin/env bash
set -euo pipefail
DB_HOST="${DB_HOST:-127.0.0.1}"
DB_PORT="${DB_PORT:-5432}"
DB_USER="${DB_USER:-quantengine_app}"
DB_PASSWORD="${DB_PASSWORD:-}"
DB_NAME="${DB_NAME:-quantenginedb}"
SCHEMA="${SCHEMA:-quantengine}"
if [ -z "${DB_PASSWORD}" ]; then
echo "ERROR: DB_PASSWORD must be set."
exit 1
fi
echo "Row counts in ${DB_NAME}.${SCHEMA}:"
for table in workspace_account workspace_session settings account_snapshot workspace_approval_v2 workspace_lock kis_tokens kis_collection_runs kis_collection_snapshots kis_collection_errors; do
count=$(PGPASSWORD="${DB_PASSWORD}" psql -h "${DB_HOST}" -p "${DB_PORT}" -U "${DB_USER}" -d "${DB_NAME}" -Atc "SELECT COUNT(*) FROM ${SCHEMA}.${table};" 2>/dev/null || echo "MISSING")
printf '%s %s\n' "${table}" "${count}"
done