* docs: prepare Vendoo 1.41.2 git-ignore boundary hotfix * fix: track native source modules with root-anchored runtime ignores
51 lines
3.2 KiB
Python
51 lines
3.2 KiB
Python
#!/usr/bin/env python3
|
|
import re, sqlite3, tempfile
|
|
from pathlib import Path
|
|
|
|
root = Path(__file__).resolve().parents[1]
|
|
source = (root / 'app/core/identity/identity-store.mjs').read_text(encoding='utf-8')
|
|
match = re.search(r"db\.exec\(`(.*?)`\);", source, re.S)
|
|
if not match:
|
|
raise SystemExit('Identity-Schema-Block fehlt')
|
|
schema = match.group(1)
|
|
|
|
with tempfile.TemporaryDirectory(prefix='vendoo-identity-138-') as tmp:
|
|
db_path = Path(tmp) / 'identity.db'
|
|
con = sqlite3.connect(db_path)
|
|
con.executescript('PRAGMA foreign_keys=ON;\n' + schema)
|
|
for statement in [
|
|
"ALTER TABLE users ADD COLUMN failed_login_count INTEGER NOT NULL DEFAULT 0",
|
|
"ALTER TABLE users ADD COLUMN locked_until TEXT",
|
|
"ALTER TABLE users ADD COLUMN password_changed_at TEXT",
|
|
"ALTER TABLE sessions ADD COLUMN last_seen_at TEXT",
|
|
"ALTER TABLE sessions ADD COLUMN revoked_at TEXT",
|
|
]:
|
|
try:
|
|
con.execute(statement)
|
|
except sqlite3.OperationalError:
|
|
pass
|
|
con.execute("INSERT INTO users(email,name,role,password_hash) VALUES(?,?,?,?)", ('admin@example.invalid','Admin','admin','salt:hash'))
|
|
con.execute("INSERT INTO users(email,name,role,password_hash) VALUES(?,?,?,?)", ('editor@example.invalid','Editor','editor','salt:hash'))
|
|
admin_id = con.execute("SELECT id FROM users WHERE email='admin@example.invalid'").fetchone()[0]
|
|
editor_id = con.execute("SELECT id FROM users WHERE email='editor@example.invalid'").fetchone()[0]
|
|
con.execute("INSERT INTO sessions(user_id,token_hash,expires_at,last_seen_at) VALUES(?,?,datetime('now','+1 day'),datetime('now'))", (admin_id,'admin-token'))
|
|
con.execute("INSERT INTO sessions(user_id,token_hash,expires_at,last_seen_at) VALUES(?,?,datetime('now','+1 day'),datetime('now'))", (editor_id,'editor-token'))
|
|
editor_session = con.execute("SELECT id FROM sessions WHERE user_id=?", (editor_id,)).fetchone()[0]
|
|
changed = con.execute("UPDATE sessions SET revoked_at=datetime('now') WHERE id=? AND user_id=? AND revoked_at IS NULL", (editor_session,admin_id)).rowcount
|
|
if changed != 0:
|
|
raise SystemExit('Fremde Sitzung konnte durch falschen Eigentümer widerrufen werden')
|
|
changed = con.execute("UPDATE sessions SET revoked_at=datetime('now') WHERE id=? AND user_id=? AND revoked_at IS NULL", (editor_session,editor_id)).rowcount
|
|
if changed != 1:
|
|
raise SystemExit('Eigene Sitzung konnte nicht widerrufen werden')
|
|
con.execute("CREATE TABLE IF NOT EXISTS settings (key TEXT PRIMARY KEY, value TEXT)")
|
|
con.execute("INSERT OR REPLACE INTO settings(key,value) VALUES(?,?)", ('default_language','de'))
|
|
if con.execute("SELECT value FROM settings WHERE key='default_language'").fetchone()[0] != 'de':
|
|
raise SystemExit('Settings-Persistenz fehlgeschlagen')
|
|
con.commit()
|
|
tables = {r[0] for r in con.execute("SELECT name FROM sqlite_master WHERE type='table'")}
|
|
required = {'users','sessions','auth_tokens','audit_log','login_history','settings'}
|
|
missing = sorted(required - tables)
|
|
if missing:
|
|
raise SystemExit('Fehlende Identity-/Settings-Tabellen: ' + ', '.join(missing))
|
|
print({'ok': True, 'tables': sorted(required), 'foreign_session_blocked': True, 'own_session_revoked': True})
|