fix: adding db recovery practices (bye bye db)

2026-03-02 11:16:52 -06:00
parent 301b3f8967
commit d9df9b0fe4
11 changed files with 409 additions and 15 deletions
--- a/tests-results-for-OWASP/post-deployment-verification-checklist.md
+++ b/tests-results-for-OWASP/post-deployment-verification-checklist.md
@@ -18,6 +18,55 @@ echo "$TEST_DATABASE_URL"
 Expected:
 - single valid URL value
 - host/port match the intended test database (for local runs usually `127.0.0.1:5432`)
+5. Compose/DB safety preflight:
+- `COMPOSE_PROJECT_NAME=skymoney` is set for deploy runtime.
+- `docker-compose.yml` volume `pgdata` is pinned to `skymoney_pgdata`.
+- `scripts/validate-prod-db-target.sh` passes for current `.env`.
+- deploy runbook acknowledges forbidden destructive commands in prod:
+  - `prisma migrate reset`
+  - `prisma migrate dev`
+  - `prisma db push --accept-data-loss`
+  - `docker compose down -v` / `docker-compose down -v`
+
+## Database recoverability and safety checks
+
+### 0) Capture current container and volume bindings
+
+```bash
+docker ps --format '{{.Names}}'
+docker inspect <postgres-container> --format '{{json .Mounts}}'
+docker volume ls | grep -E 'pgdata|skymoney|postgres'
+```
+
+Expected:
+- production Postgres uses `skymoney_pgdata`.
+- no unexpected new empty volume silently substituted.
+
+### 0.1) Validate latest backup artifact exists and verifies
+
+```bash
+ls -lt /opt/skymoney/backups | head
+LATEST_DUMP="$(ls -1t /opt/skymoney/backups/*.dump | head -n 1)"
+sha256sum -c "${LATEST_DUMP}.sha256"
+```
+
+Expected:
+- latest dump and checksum exist.
+- checksum verification returns `OK`.
+
+### 0.2) Restore drill into isolated test DB (same VPS)
+
+```bash
+RESTORE_DB="skymoney_restore_test_$(date +%Y%m%d%H%M)" \
+BACKUP_FILE="$LATEST_DUMP" \
+RESTORE_DATABASE_URL="postgres://<user>:<pass>@127.0.0.1:5432/${RESTORE_DB}" \
+DATABASE_URL="postgres://<admin-user>:<admin-pass>@127.0.0.1:5432/skymoney" \
+./scripts/restore.sh
+```
+
+Expected:
+- restore completes without manual edits.
+- key tables readable in restored DB.

 ## A01 smoke checks

@@ -51,7 +100,7 @@ curl -i -X POST "${API_BASE}/admin/rollover" \
 ```

 Expected:
- HTTP `403`
+- HTTP `401` or `403` (must not be publicly callable)

 ## A09 smoke checks

@@ -98,10 +147,11 @@ Expected:
 Note:
 - A06/A07 runtime suites require PostgreSQL availability.
 - `SECURITY_DB_TESTS=0` runs non-DB security controls only.
- `SECURITY_DB_TESTS=1` includes DB-backed A06/A07 suites.
+- `SECURITY_DB_TESTS=1` includes DB-backed A06/A07/forgot-password suites.

 ## Sign-off

 1. Record outputs in `evidence-log-template.md`.
 2. Review open residual risks in `residual-risk-backlog.md`.
-3. Mark release security check as pass/fail.
+3. Record backup + restore drill evidence.
+4. Mark release security check as pass/fail.