nns/food-market
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
food-market/deploy/anonymize-prod.sh
nns aa83f82dc5
Some checks are pending
Auto-tag / Create date-tag (push) Waiting to run
Details
CI / Backend (.NET 8) (push) Waiting to run
Details
CI / Web (React + Vite) (push) Waiting to run
Details
CI / POS (WPF, Windows) (push) Waiting to run
Details
Docker API / Build + push API (push) Waiting to run
Details
Docker API / Deploy API on stage (push) Blocked by required conditions
Details
feat(s22): data tooling — export/import + schema docs + anon dump (7 пунктов) 
1. GDPR org export — domain OrgExport + Phase22a миграция, OrgExportJob
   собирает ZIP с JSON по каждой сущности через IObjectStorage,
   DownloadToken 64-hex + 24h TTL + email-notify.
   POST /api/org/export, GET /api/org/export[/{id}], GET download/{token}.

2. 1C CSV import — POST /api/catalog/products/import/1c-csv:
   Windows-1251/UTF-8 BOM auto-detect, разделитель ;/, русские заголовки
   (Артикул/Наименование/Единица/Цена/Группа/Штрихкод) или английские.
   Нормализация unit-кодов (шт/кг/г/л/мл/упак). Делегирует на ImportCsv
   (транзакция, multi-tenant). docs/imports.md.

3. deploy/anonymize-prod.sh — pg_dump прода → restore во временную БД →
   UPDATE PII (email→user{N}@example.kz, phone→+7700111{N:04}, password→
   тестовый hash, BIN/IIN синтетические, MoySkladToken=NULL, аудиты
   TRUNCATE) → pg_dump → gz файл.

4. DbSchemaDocsJob (weekly вс 05:00 UTC) — information_schema → md с
   таблицами + колонками + FK + mermaid ER-диаграммой (топ-20 таблиц).
   Сохраняет в content-root db-schema-generated.md.

5. POST /api/admin/audit-log/export?format=csv|jsonl — streaming через
   AsAsyncEnumerable. UTF-8 BOM для CSV, JSONL для grep'a. Multi-tenant.

6. GET /api/moysklad/sync-status — агрегат по import_jobs:
   { configured, lastSuccessAt, errorCountLast7Days, pendingCount,
     byKind: { products: KindStatus, counterparties: KindStatus } }.
   Stub если MoySkladToken=null.

7. docs/ARCHITECTURE.md — финальный итог 22 спринтов:
   - Sprint 13-22 changes-сводка
   - «Реализовано полностью» секция
   - «Scaffolding» таблица с указанием что нужно от user'а
   - «Не реализовано» секция (прод, SSO callback, KZ-перевод, POS-тест)
   - Актуальная файловая структура

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-07 23:00:54 +05:00

186 lines
8.2 KiB
Bash
Executable file
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/env bash
#
# Sprint 22: создание anonymized stage-dump'a из прод-БД.
#
# Алгоритм:
# 1. pg_dump прода в кастомном формате (-Fc)
# 2. pg_restore во временную staging-БД (`food_market_anon`)
# 3. UPDATE PII-полей в staging:
# - email → user{N}@example.kz
# - phone → +7700111{N:04}
# - passwordHash → один общий тестовый hash для пароля "Test12345!"
# - IIN / БИН → синтетические но валидные
# - имена/адреса → "Test Tester {N}" / "Тестовый адрес {N}"
# 4. pg_dump anonymized → .sql.gz файл
# 5. Удалить staging-БД
#
# Результат используется на dev-vm для воспроизведения багов на реальном
# объёме данных без утечки persistent PII.
#
# Usage:
# deploy/anonymize-prod.sh [--source <conn-uri>] [--target <conn-uri>]
# [--out <file>] [--dry-run]
#
# Default source: ssh prod docker exec food-market-postgres pg_dump
# Default target: local postgres@14 with TEMP DB food_market_anon
# Default out: /home/nns/food-market-anon-YYYYMMDD.sql.gz
set -uo pipefail
SOURCE_HOST="${FM_PROD_HOST:-nns@admin.food-market.kz}"
SOURCE_CONTAINER="${FM_PROD_CONT:-food-market-postgres}"
SOURCE_DB="${FM_PG_DB:-food_market}"
SOURCE_USER="${FM_PG_USER:-food_market}"
LOCAL_USER="${PGUSER:-nns}"
LOCAL_HOST="${PGHOST:-localhost}"
LOCAL_PORT="${PGPORT:-5432}"
TARGET_DB="food_market_anon_$$"
OUT="${FM_ANON_OUT:-$HOME/food-market-anon-$(date +%Y%m%d-%H%M%S).sql.gz}"
DRY_RUN=0
while [[ $# -gt 0 ]]; do
case "$1" in
--source-host) SOURCE_HOST="$2"; shift 2 ;;
--source-container) SOURCE_CONTAINER="$2"; shift 2 ;;
--out) OUT="$2"; shift 2 ;;
--dry-run) DRY_RUN=1; shift ;;
--help|-h) grep -E '^#( |$)' "$0" | sed 's/^# \?//'; exit 0 ;;
*) echo "Unknown: $1" >&2; exit 2 ;;
esac
done
log() { echo "[$(date -Iseconds)] $*"; }
run() {
if [[ $DRY_RUN -eq 1 ]]; then echo "[dry-run] $*";
else echo "[exec] $*"; "$@"; fi
}
cleanup() {
log "cleanup: drop $TARGET_DB"
if [[ $DRY_RUN -eq 0 ]]; then
psql -h "$LOCAL_HOST" -p "$LOCAL_PORT" -U "$LOCAL_USER" -d postgres \
-c "DROP DATABASE IF EXISTS $TARGET_DB;" 2>/dev/null || true
fi
}
trap cleanup EXIT
# ── 1. pg_dump из прода ──────────────────────────────────────────────
DUMP="/tmp/food-market-prod-$$.dump"
log "Step 1/5: pg_dump from $SOURCE_HOST$DUMP (Fc format)"
if [[ $DRY_RUN -eq 1 ]]; then
log "[dry-run] ssh $SOURCE_HOST docker exec $SOURCE_CONTAINER pg_dump -Fc -U $SOURCE_USER -d $SOURCE_DB > $DUMP"
else
ssh -o ConnectTimeout=10 "$SOURCE_HOST" \
"docker exec $SOURCE_CONTAINER pg_dump -Fc --no-owner --no-privileges -U $SOURCE_USER -d $SOURCE_DB" \
> "$DUMP" || { log "FAIL pg_dump"; exit 1; }
log "dump size: $(du -h "$DUMP" | cut -f1)"
fi
# ── 2. Создать temp-БД и restore ─────────────────────────────────────
log "Step 2/5: create $TARGET_DB + pg_restore"
if [[ $DRY_RUN -eq 0 ]]; then
psql -h "$LOCAL_HOST" -p "$LOCAL_PORT" -U "$LOCAL_USER" -d postgres \
-c "CREATE DATABASE $TARGET_DB;" || { log "FAIL create db"; exit 1; }
pg_restore -h "$LOCAL_HOST" -p "$LOCAL_PORT" -U "$LOCAL_USER" -d "$TARGET_DB" \
--no-owner --no-privileges "$DUMP" 2>/dev/null || \
log "(некритично) pg_restore warnings — продолжаем"
fi
# ── 3. Anonymize PII ─────────────────────────────────────────────────
# Hash для пароля "Test12345!" — генерируется через идентичный
# алгоритм ASP.NET Identity (PBKDF2 SHA256, 10000 iter). Чтобы не
# вводить криптографию в скрипт — берём заранее известный hash.
# Сгенерировать новый можно через `dotnet run --project dev-tools/hash-pass.cs`.
TEST_PASS_HASH='AQAAAAIAAYagAAAAEHJsxbHF3MoBGSe+1bktB4O9aERPI4j5Jt6w0iN4dCqU/5jL+i5xT8E+UEqcVf0Vqg=='
log "Step 3/5: anonymize PII in $TARGET_DB"
if [[ $DRY_RUN -eq 0 ]]; then
psql -h "$LOCAL_HOST" -p "$LOCAL_PORT" -U "$LOCAL_USER" -d "$TARGET_DB" -v ON_ERROR_STOP=1 <<SQL
-- 1. AspNetUsers (Identity): email + phone + password hash + security stamp
WITH numbered AS (
SELECT "Id", row_number() OVER (ORDER BY "Id") AS rn FROM "AspNetUsers"
)
UPDATE "AspNetUsers" u
SET
"Email" = 'user' || n.rn || '@example.kz',
"NormalizedEmail" = upper('user' || n.rn || '@example.kz'),
"UserName" = 'user' || n.rn || '@example.kz',
"NormalizedUserName" = upper('user' || n.rn || '@example.kz'),
"PhoneNumber" = '+7700111' || lpad(n.rn::text, 4, '0'),
"PasswordHash" = '$TEST_PASS_HASH',
"SecurityStamp" = encode(gen_random_bytes(16), 'hex'),
"ConcurrencyStamp" = gen_random_uuid()::text
FROM numbered n
WHERE u."Id" = n."Id";
-- 2. employees — рабочий email/телефон + полное имя
WITH numbered AS (
SELECT "Id", row_number() OVER (ORDER BY "Id") AS rn FROM employees
)
UPDATE employees e
SET
"Email" = CASE WHEN e."Email" IS NOT NULL THEN 'emp' || n.rn || '@example.kz' END,
"Phone" = CASE WHEN e."Phone" IS NOT NULL THEN '+7700222' || lpad(n.rn::text, 4, '0') END,
"FirstName" = 'Тест',
"LastName" = 'Тестов' || n.rn,
"MiddleName" = NULL,
"TaxNumber" = NULL
FROM numbered n
WHERE e."Id" = n."Id";
-- 3. counterparties — БИН/ИИН/имена/контакты
WITH numbered AS (
SELECT "Id", row_number() OVER (ORDER BY "Id") AS rn FROM counterparties
)
UPDATE counterparties c
SET
"Name" = 'Контрагент-' || n.rn,
"LegalName" = CASE WHEN c."LegalName" IS NOT NULL THEN 'ТОО Контрагент-' || n.rn END,
-- Синтетические BIN/IIN (12 цифр, не валидируем checksum здесь).
"Bin" = CASE WHEN c."Bin" IS NOT NULL THEN lpad(n.rn::text, 12, '9') END,
"Iin" = CASE WHEN c."Iin" IS NOT NULL THEN lpad(n.rn::text, 12, '8') END,
"Phone" = CASE WHEN c."Phone" IS NOT NULL THEN '+7700333' || lpad(n.rn::text, 4, '0') END,
"Email" = CASE WHEN c."Email" IS NOT NULL THEN 'cp' || n.rn || '@example.kz' END,
"Address" = CASE WHEN c."Address" IS NOT NULL THEN 'г. Тестовый, ул. Тестовая ' || n.rn END,
"BankAccount" = CASE WHEN c."BankAccount" IS NOT NULL THEN 'KZ000000' || lpad(n.rn::text, 14, '0') END,
"ContactPerson" = CASE WHEN c."ContactPerson" IS NOT NULL THEN 'Контакт ' || n.rn END,
"Notes" = NULL
FROM numbered n
WHERE c."Id" = n."Id";
-- 4. organizations: имя/БИН/телефон владельца/MoySkladToken
UPDATE organizations
SET
"MoySkladToken" = NULL,
"OwnerTelegramChatId" = NULL,
"Bin" = CASE WHEN "Bin" IS NOT NULL THEN '700700700700' END,
"Name" = 'TestOrg-' || substr("Id"::text, 1, 8);
-- 5. refresh tokens revoke all (чтобы старые stage-токены не работали)
UPDATE "OpenIddictTokens" SET "Status" = 'revoked' WHERE "Status" = 'valid';
-- 6. чистим аудит-логи и feedback (могут содержать персональные тексты)
TRUNCATE TABLE org_audit_log;
TRUNCATE TABLE super_admin_audit_log;
SQL
log "anonymize done"
fi
# ── 4. pg_dump anonymized → out ──────────────────────────────────────
log "Step 4/5: pg_dump $TARGET_DB$OUT"
if [[ $DRY_RUN -eq 0 ]]; then
pg_dump -h "$LOCAL_HOST" -p "$LOCAL_PORT" -U "$LOCAL_USER" -d "$TARGET_DB" \
--no-owner --no-privileges --clean --if-exists \
| gzip > "$OUT"
log "anonymized dump: $(du -h "$OUT" | cut -f1)$OUT"
fi
# ── 5. Cleanup (через trap) ──────────────────────────────────────────
log "Step 5/5: cleanup"
rm -f "$DUMP" 2>/dev/null || true
log "✓ Готово: $OUT"
log "Восстановить можно: gunzip -c $OUT | psql -d food_market_dev"
exit 0
Reference in a new issue View git blame Copy permalink