87 lines
1.9 KiB
Bash
Executable File
87 lines
1.9 KiB
Bash
Executable File
#!/bin/sh -eu
|
|
# This is a local development tool which sanitizes a production database
|
|
# locally.
|
|
#
|
|
# Usage:
|
|
#
|
|
# ssh prod.database pg_dump database-name \
|
|
# | ./srht-replicate-db [-e <email-domain>] [-x] database-name
|
|
#
|
|
# -x will delete extra data for a database dump which is suitable to give to
|
|
# third parties by removing all non-public information. This is only supported
|
|
# for git.sr.ht and hg.sr.ht.
|
|
|
|
email_domain=example.org
|
|
export_grade=0
|
|
while getopts e: name
|
|
do
|
|
case $name in
|
|
e)
|
|
email_domain="$OPTARG"
|
|
;;
|
|
x)
|
|
export_grade=1
|
|
;;
|
|
?)
|
|
echo "Invalid usage" >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
done
|
|
shift $((OPTIND-1))
|
|
|
|
if [ $# -ne 1 ]
|
|
then
|
|
echo "Invalid usage" >&2
|
|
exit 1
|
|
fi
|
|
|
|
database="$1"
|
|
|
|
dropdb "$database" </dev/null
|
|
createdb "$database" </dev/null
|
|
psql -d "$database"
|
|
|
|
# Change emails so we don't accidentally send test emails to prod users
|
|
psql -d "$database" <<EOF
|
|
UPDATE "user" SET email = CONCAT("user".username, '@', '$email_domain');
|
|
EOF
|
|
|
|
if [ "$database" = "meta.sr.ht" ]
|
|
then
|
|
# Sets all passwords to "password" and clears sensitive info
|
|
psql -d "$database" <<-"EOF"
|
|
UPDATE "user" SET password = '$2b$12$nujoTspVHan1mWeZp.Fs3egKXRnWKS3nRkh3alKrpTTDYmvJNH2Gq';
|
|
UPDATE "user" SET reset_hash = null;
|
|
UPDATE "user" SET stripe_customer = null;
|
|
DELETE FROM user_auth_factor;
|
|
EOF
|
|
else
|
|
psql -d "$database" <<-"EOF"
|
|
UPDATE "user" SET oauth_token = null;
|
|
UPDATE "user" SET oauth_revocation_token = null;
|
|
EOF
|
|
fi
|
|
|
|
if [ $export_grade -eq 1 ]
|
|
then
|
|
if [ "$database" = "git.sr.ht" ] || [ "$database" = "hg.sr.ht" ]
|
|
then
|
|
psql -d "$1" <<-EOF
|
|
DELETE FROM repo_webhook_delivery;
|
|
DELETE FROM repo_webhook_subscription;
|
|
DELETE FROM user_webhook_delivery;
|
|
DELETE FROM user_webhook_subscription;
|
|
DELETE FROM oauthtoken;
|
|
DELETE FROM access;
|
|
|
|
DELETE FROM redirect rd
|
|
JOIN repository rp
|
|
ON rd.repo_id = rd.id
|
|
WHERE rp.visibility != 'public';
|
|
|
|
DELETE FROM "repository" WHERE visibility != 'public';
|
|
EOF
|
|
fi
|
|
fi
|