Disable antiforgery on auth and add quantengine migration tools
This commit is contained in:
@@ -167,7 +167,7 @@ app.MapPost("/api/auth/login", async (LoginRequest request, IWorkspaceRepository
|
||||
accessToken = rawToken,
|
||||
expiresAt = expiresAt.ToString("O")
|
||||
});
|
||||
});
|
||||
}).DisableAntiforgery();
|
||||
|
||||
app.MapGet("/api/auth/me", async (HttpContext context, IWorkspaceRepository workspaceRepo) =>
|
||||
{
|
||||
@@ -210,7 +210,7 @@ app.MapPost("/api/auth/logout", async (HttpContext context, IWorkspaceRepository
|
||||
var tokenHash = Convert.ToHexString(SHA256.HashData(Encoding.UTF8.GetBytes(token)));
|
||||
await workspaceRepo.RevokeSessionAsync(tokenHash, DateTimeOffset.UtcNow.ToString("O"));
|
||||
return Results.Ok(new { success = true });
|
||||
});
|
||||
}).DisableAntiforgery();
|
||||
|
||||
// Operational Report serving API (WASM safe file loading substitute)
|
||||
app.MapGet("/api/operational-report", async (IWebHostEnvironment env) =>
|
||||
|
||||
@@ -0,0 +1,39 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
SRC_DB="${SRC_DB:-giteadb}"
|
||||
SRC_USER="${SRC_USER:-gitea}"
|
||||
SRC_PASSWORD="${SRC_PASSWORD:-}"
|
||||
DST_DB="${DST_DB:-quantenginedb}"
|
||||
DST_USER="${DST_USER:-quantengine_app}"
|
||||
DST_PASSWORD="${DST_PASSWORD:-}"
|
||||
HOST="${HOST:-127.0.0.1}"
|
||||
PORT="${PORT:-5432}"
|
||||
SCHEMA="${SCHEMA:-quantengine}"
|
||||
|
||||
if [ -z "${SRC_PASSWORD}" ] || [ -z "${DST_PASSWORD}" ]; then
|
||||
echo "ERROR: SRC_PASSWORD and DST_PASSWORD must be set."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
TMP_DIR="$(mktemp -d)"
|
||||
trap 'rm -rf "${TMP_DIR}"' EXIT
|
||||
|
||||
echo "[1/4] Dumping ${SCHEMA} from ${SRC_DB}..."
|
||||
PGPASSWORD="${SRC_PASSWORD}" pg_dump -h "${HOST}" -p "${PORT}" -U "${SRC_USER}" -n "${SCHEMA}" --no-owner --no-privileges "${SRC_DB}" > "${TMP_DIR}/quantengine_schema.sql"
|
||||
grep -vE '^CREATE SCHEMA ' "${TMP_DIR}/quantengine_schema.sql" > "${TMP_DIR}/quantengine_schema.filtered.sql"
|
||||
|
||||
echo "[2/4] Ensuring destination schema exists..."
|
||||
PGPASSWORD="${DST_PASSWORD}" psql -h "${HOST}" -p "${PORT}" -U "${DST_USER}" -d "${DST_DB}" -v ON_ERROR_STOP=1 <<SQL
|
||||
CREATE SCHEMA IF NOT EXISTS ${SCHEMA} AUTHORIZATION ${DST_USER};
|
||||
ALTER SCHEMA ${SCHEMA} OWNER TO ${DST_USER};
|
||||
SQL
|
||||
|
||||
echo "[3/4] Restoring into ${DST_DB}..."
|
||||
PGPASSWORD="${DST_PASSWORD}" psql -h "${HOST}" -p "${PORT}" -U "${DST_USER}" -d "${DST_DB}" -v ON_ERROR_STOP=1 -f "${TMP_DIR}/quantengine_schema.filtered.sql"
|
||||
|
||||
echo "[4/4] Verifying restore..."
|
||||
PGPASSWORD="${DST_PASSWORD}" psql -h "${HOST}" -p "${PORT}" -U "${DST_USER}" -d "${DST_DB}" -Atc "SELECT schemaname || '.' || tablename FROM pg_tables WHERE schemaname = '${SCHEMA}' ORDER BY tablename;"
|
||||
|
||||
echo "Migration completed: ${SRC_DB}.${SCHEMA} -> ${DST_DB}.${SCHEMA}"
|
||||
@@ -0,0 +1,21 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
DB_HOST="${DB_HOST:-127.0.0.1}"
|
||||
DB_PORT="${DB_PORT:-5432}"
|
||||
DB_USER="${DB_USER:-quantengine_app}"
|
||||
DB_PASSWORD="${DB_PASSWORD:-}"
|
||||
DB_NAME="${DB_NAME:-quantenginedb}"
|
||||
SCHEMA="${SCHEMA:-quantengine}"
|
||||
|
||||
if [ -z "${DB_PASSWORD}" ]; then
|
||||
echo "ERROR: DB_PASSWORD must be set."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Row counts in ${DB_NAME}.${SCHEMA}:"
|
||||
for table in workspace_account workspace_session settings account_snapshot workspace_approval_v2 workspace_lock kis_tokens kis_collection_runs kis_collection_snapshots kis_collection_errors; do
|
||||
count=$(PGPASSWORD="${DB_PASSWORD}" psql -h "${DB_HOST}" -p "${DB_PORT}" -U "${DB_USER}" -d "${DB_NAME}" -Atc "SELECT COUNT(*) FROM ${SCHEMA}.${table};" 2>/dev/null || echo "MISSING")
|
||||
printf '%s %s\n' "${table}" "${count}"
|
||||
done
|
||||
Reference in New Issue
Block a user