~sircmpwn/core.sr.ht

core.sr.ht/srht-replicate-db -rwxr-xr-x 1.9 KiB
b695e020Drew DeVault Add "internal_anon" path for internal auth tokens 7 hours ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#!/bin/sh -eu
# This is a local development tool which sanitizes a production database
# locally.
#
# Usage:
#
# ssh prod.database pg_dump database-name \
# 		| ./srht-replicate-db [-e <email-domain>] [-x] database-name
#
# -x will delete extra data for a database dump which is suitable to give to
# third parties by removing all non-public information. This is only supported
# for git.sr.ht and hg.sr.ht.

email_domain=example.org
export_grade=0
while getopts e: name
do
	case $name in
		e)
			email_domain="$OPTARG"
			;;
		x)
			export_grade=1
			;;
		?)
			echo "Invalid usage" >&2
			exit 1
			;;
	esac
done
shift $((OPTIND-1))

if [ $# -ne 1 ]
then
	echo "Invalid usage" >&2
	exit 1
fi

database="$1"

dropdb "$database" </dev/null
createdb "$database" </dev/null
psql -d "$database"

# Change emails so we don't accidentally send test emails to prod users
psql -d "$database" <<EOF
UPDATE "user" SET email = CONCAT("user".username, '@', '$email_domain');
EOF

if [ "$database" = "meta.sr.ht" ]
then
	# Sets all passwords to "password" and clears sensitive info
	psql -d "$database" <<-"EOF"
	UPDATE "user" SET password = '$2b$12$nujoTspVHan1mWeZp.Fs3egKXRnWKS3nRkh3alKrpTTDYmvJNH2Gq';
	UPDATE "user" SET reset_hash = null;
	UPDATE "user" SET stripe_customer = null;
	DELETE FROM user_auth_factor;
	EOF
else
	psql -d "$database" <<-"EOF"
	UPDATE "user" SET oauth_token = null;
	UPDATE "user" SET oauth_revocation_token = null;
	EOF
fi

if [ $export_grade -eq 1 ]
then
	if [ "$database" = "git.sr.ht" ] || [ "$database" = "hg.sr.ht" ]
	then
		psql -d "$1" <<-EOF
		DELETE FROM repo_webhook_delivery;
		DELETE FROM repo_webhook_subscription;
		DELETE FROM user_webhook_delivery;
		DELETE FROM user_webhook_subscription;
		DELETE FROM oauthtoken;
		DELETE FROM access;

		DELETE FROM redirect rd
		JOIN repository rp
		ON rd.repo_id = rd.id
		WHERE rp.visibility != 'public';

		DELETE FROM "repository" WHERE visibility != 'public';
		EOF
	fi
fi