From d5dc65981ad95a2bdd487cc8dda47fb5c9b30e41 Mon Sep 17 00:00:00 2001 From: Ricearoni1245 Date: Mon, 2 Mar 2026 13:35:43 -0600 Subject: [PATCH] created proper db backup on push to ensure this wont happen again --- .env | 8 ++++---- .env.example | 2 ++ scripts/restore.sh | 20 ++++++++++++++++++++ 3 files changed, 26 insertions(+), 4 deletions(-) diff --git a/.env b/.env index ad7e3a3..b8afcd7 100644 --- a/.env +++ b/.env @@ -30,9 +30,9 @@ EMAIL_FROM="SkyMoney Budget " EMAIL_BOUNCE_FROM=bounces@skymoneybudget.com EMAIL_REPLY_TO=support@skymoneybudget.com -UPDATE_NOTICE_VERSION=4 -UPDATE_NOTICE_TITLE="SkyMoney Update" -UPDATE_NOTICE_BODY="You can now set fixed expenses as Estimated Bills for variable amounts (like utilities), apply actual bill amounts each cycle for instant true-up, and auto-adjust surplus/shortfall against available budget." +UPDATE_NOTICE_VERSION=5 +UPDATE_NOTICE_TITLE="Important Service Update" +UPDATE_NOTICE_BODY="We experienced a production database incident that resulted in loss of stored account data. We have restored system access and strengthened backup/recovery protections. Please review your account and re-enter any missing data. If you need help, contact support@skymoneybudget.com." ALLOW_INSECURE_AUTH_FOR_DEV=false JWT_ISSUER=skymoney-api JWT_AUDIENCE=skymoney-web @@ -45,4 +45,4 @@ PASSWORD_RESET_CONFIRM_RATE_LIMIT_PER_MINUTE=10 EXPECTED_PROD_DB_HOST=postgres EXPECTED_PROD_DB_NAME=skymoney EXPECTED_BACKUP_DB_HOST=127.0.0.1 -EXPECTED_BACKUP_DB_NAME=skymoney +EXPECTED_BACKUP_DB_NAME=skymoney \ No newline at end of file diff --git a/.env.example b/.env.example index 7b8dd0c..73027ab 100644 --- a/.env.example +++ b/.env.example @@ -23,6 +23,8 @@ EXPECTED_PROD_DB_HOST=postgres EXPECTED_PROD_DB_NAME=skymoney EXPECTED_BACKUP_DB_HOST=127.0.0.1 EXPECTED_BACKUP_DB_NAME=skymoney +ARCHIVE_EXISTING_RESTORE_DB=1 +RESTORE_ARCHIVE_DIR=./backups/restore-archives # Auth secrets (min 32 chars) JWT_SECRET=replace-with-32+-chars diff --git a/scripts/restore.sh b/scripts/restore.sh index 0a7df38..0c0dd3d 100644 --- a/scripts/restore.sh +++ b/scripts/restore.sh @@ -53,6 +53,26 @@ if [[ -z "$RESTORE_URL" ]]; then exit 1 fi +ARCHIVE_EXISTING_RESTORE_DB="${ARCHIVE_EXISTING_RESTORE_DB:-1}" +RESTORE_ARCHIVE_DIR="${RESTORE_ARCHIVE_DIR:-./backups/restore-archives}" + +if [[ "$ARCHIVE_EXISTING_RESTORE_DB" == "1" ]]; then + DB_EXISTS="$(psql "$ADMIN_URL" -At -v ON_ERROR_STOP=1 -c "SELECT 1 FROM pg_database WHERE datname = '${RESTORE_DB}' LIMIT 1;")" + if [[ "$DB_EXISTS" == "1" ]]; then + mkdir -p "$RESTORE_ARCHIVE_DIR" + ARCHIVE_STAMP="$(date +%F_%H%M%S)" + ARCHIVE_FILE="${RESTORE_ARCHIVE_DIR}/${RESTORE_DB}_pre_restore_${ARCHIVE_STAMP}.dump" + ARCHIVE_BASENAME="$(basename "$ARCHIVE_FILE")" + ARCHIVE_DIR_ABS="$(cd "$RESTORE_ARCHIVE_DIR" && pwd)" + + echo "Archiving existing restore database: ${RESTORE_DB}" + pg_dump "$RESTORE_URL" -Fc -f "$ARCHIVE_FILE" + (cd "$ARCHIVE_DIR_ABS" && sha256sum "$ARCHIVE_BASENAME" > "${ARCHIVE_BASENAME}.sha256") + echo "Archive written to: $ARCHIVE_FILE" + echo "Archive checksum written to: ${ARCHIVE_FILE}.sha256" + fi +fi + echo "Creating restore database: ${RESTORE_DB}" psql "$ADMIN_URL" -v ON_ERROR_STOP=1 -c "DROP DATABASE IF EXISTS \"${RESTORE_DB}\";" >/dev/null psql "$ADMIN_URL" -v ON_ERROR_STOP=1 -c "CREATE DATABASE \"${RESTORE_DB}\";" >/dev/null