Joders/SkyMoney
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

created proper db backup on push to ensure this wont happen again
Some checks failed
Deploy / deploy (push) Failing after 43s
Details
Security Tests / security-non-db (push) Successful in 19s
Details
Security Tests / security-db (push) Successful in 23s
Details

Browse Source
This commit is contained in:
Ricearoni1245
2026-03-02 13:35:43 -06:00
parent 1d95056e23
commit d5dc65981a
3 changed files with 26 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.env
View File

@@ -30,9 +30,9 @@ EMAIL_FROM="SkyMoney Budget <no-reply@skymoneybudget.com>"
EMAIL_BOUNCE_FROM=bounces@skymoneybudget.com EMAIL_BOUNCE_FROM=bounces@skymoneybudget.com
EMAIL_REPLY_TO=support@skymoneybudget.com EMAIL_REPLY_TO=support@skymoneybudget.com
UPDATE_NOTICE_VERSION=4 UPDATE_NOTICE_VERSION=5
UPDATE_NOTICE_TITLE="SkyMoney Update" UPDATE_NOTICE_TITLE="Important Service Update"
UPDATE_NOTICE_BODY="You can now set fixed expenses as Estimated Bills for variable amounts (like utilities), apply actual bill amounts each cycle for instant true-up, and auto-adjust surplus/shortfall against available budget." UPDATE_NOTICE_BODY="We experienced a production database incident that resulted in loss of stored account data. We have restored system access and strengthened backup/recovery protections. Please review your account and re-enter any missing data. If you need help, contact support@skymoneybudget.com."
ALLOW_INSECURE_AUTH_FOR_DEV=false ALLOW_INSECURE_AUTH_FOR_DEV=false
JWT_ISSUER=skymoney-api JWT_ISSUER=skymoney-api
JWT_AUDIENCE=skymoney-web JWT_AUDIENCE=skymoney-web
@@ -45,4 +45,4 @@ PASSWORD_RESET_CONFIRM_RATE_LIMIT_PER_MINUTE=10
EXPECTED_PROD_DB_HOST=postgres EXPECTED_PROD_DB_HOST=postgres
EXPECTED_PROD_DB_NAME=skymoney EXPECTED_PROD_DB_NAME=skymoney
EXPECTED_BACKUP_DB_HOST=127.0.0.1 EXPECTED_BACKUP_DB_HOST=127.0.0.1
EXPECTED_BACKUP_DB_NAME=skymoney EXPECTED_BACKUP_DB_NAME=skymoney

2
.env.example
View File

@@ -23,6 +23,8 @@ EXPECTED_PROD_DB_HOST=postgres
EXPECTED_PROD_DB_NAME=skymoney EXPECTED_PROD_DB_NAME=skymoney
EXPECTED_BACKUP_DB_HOST=127.0.0.1 EXPECTED_BACKUP_DB_HOST=127.0.0.1
EXPECTED_BACKUP_DB_NAME=skymoney EXPECTED_BACKUP_DB_NAME=skymoney
ARCHIVE_EXISTING_RESTORE_DB=1
RESTORE_ARCHIVE_DIR=./backups/restore-archives
# Auth secrets (min 32 chars) # Auth secrets (min 32 chars)
JWT_SECRET=replace-with-32+-chars JWT_SECRET=replace-with-32+-chars

20
scripts/restore.sh
View File

@@ -53,6 +53,26 @@ if [[ -z "$RESTORE_URL" ]]; then
exit 1 exit 1
fi fi
ARCHIVE_EXISTING_RESTORE_DB="${ARCHIVE_EXISTING_RESTORE_DB:-1}"
RESTORE_ARCHIVE_DIR="${RESTORE_ARCHIVE_DIR:-./backups/restore-archives}"
if [[ "$ARCHIVE_EXISTING_RESTORE_DB" == "1" ]]; then
DB_EXISTS="$(psql "$ADMIN_URL" -At -v ON_ERROR_STOP=1 -c "SELECT 1 FROM pg_database WHERE datname = '${RESTORE_DB}' LIMIT 1;")"
if [[ "$DB_EXISTS" == "1" ]]; then
mkdir -p "$RESTORE_ARCHIVE_DIR"
ARCHIVE_STAMP="$(date +%F_%H%M%S)"
ARCHIVE_FILE="${RESTORE_ARCHIVE_DIR}/${RESTORE_DB}_pre_restore_${ARCHIVE_STAMP}.dump"
ARCHIVE_BASENAME="$(basename "$ARCHIVE_FILE")"
ARCHIVE_DIR_ABS="$(cd "$RESTORE_ARCHIVE_DIR" && pwd)"
echo "Archiving existing restore database: ${RESTORE_DB}"
pg_dump "$RESTORE_URL" -Fc -f "$ARCHIVE_FILE"
(cd "$ARCHIVE_DIR_ABS" && sha256sum "$ARCHIVE_BASENAME" > "${ARCHIVE_BASENAME}.sha256")
echo "Archive written to: $ARCHIVE_FILE"
echo "Archive checksum written to: ${ARCHIVE_FILE}.sha256"
fi
fi
echo "Creating restore database: ${RESTORE_DB}" echo "Creating restore database: ${RESTORE_DB}"
psql "$ADMIN_URL" -v ON_ERROR_STOP=1 -c "DROP DATABASE IF EXISTS \"${RESTORE_DB}\";" >/dev/null psql "$ADMIN_URL" -v ON_ERROR_STOP=1 -c "DROP DATABASE IF EXISTS \"${RESTORE_DB}\";" >/dev/null
psql "$ADMIN_URL" -v ON_ERROR_STOP=1 -c "CREATE DATABASE \"${RESTORE_DB}\";" >/dev/null psql "$ADMIN_URL" -v ON_ERROR_STOP=1 -c "CREATE DATABASE \"${RESTORE_DB}\";" >/dev/null