From b0a2014dd759dd8786ad67c235e9133683a1df55 Mon Sep 17 00:00:00 2001 From: m17hr1l Date: Thu, 14 May 2026 13:07:53 +0200 Subject: [PATCH] Add NFP_TARGET_DB override + verify end-to-end round trip MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit bootstrap-db.sh now accepts an optional NFP_TARGET_DB env var to load into a non-default database. Useful for testing the bootstrap against a sandbox DB without wiping the platform's live data: NFP_TARGET_DB=nfp_sandbox ./bootstrap-db.sh Verified the full round trip: 1. Create fresh nfp_roundtrip_test DB as root, grant access to neuronetz 2. Run bootstrap-db.sh with NFP_TARGET_DB=nfp_roundtrip_test → all 3 SQL files load cleanly, script exits 0 3. Simulate login flow against test DB via PDO + password_verify: ✓ admin@finetune.ai/admin123 → authenticated, role=superuser ✓ testuser@example.com/test123 → authenticated, role=user ✗ admin@finetune.ai/wrongpass → password verify rejects (correct) ✗ nobody@example.com/whatever → user not found (correct) 4. Drop test DB cleanly The auth simulation runs the same query a fresh login would, including the user_to_acl JOIN — confirms ACL role is reachable via the bootstrap data. Full UI-level login (curl with CSRF token against /auth/login) not tested because that requires pointing the live platform at the test DB. The PHP- level simulation is functionally equivalent — same query, same hash, same password_verify call. --- bootstrap-db.sh | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/bootstrap-db.sh b/bootstrap-db.sh index e303e91..87a5fe7 100755 --- a/bootstrap-db.sh +++ b/bootstrap-db.sh @@ -6,6 +6,15 @@ # ./bootstrap-db.sh [path/to/finetuning-plattform] # # Defaults to the sibling repo at ../finetuning-plattform if not given. +# +# Optional environment variables: +# NFP_TARGET_DB Override the target database name. Useful for testing +# the bootstrap against a sandbox DB without wiping the +# platform's live data. Default: the value of +# MARIADB_DATABASE from local/.env. +# NFP_TARGET_DB_PASSWORD Use a custom credentials pair against the +# target DB. Defaults to MARIADB_USER / +# MARIADB_PASSWORD from local/.env. set -euo pipefail @@ -22,6 +31,9 @@ fi # shellcheck disable=SC1091 set -a; . "$PLATFORM_DIR/local/.env"; set +a +# Allow target DB override (NFP_TARGET_DB) for sandbox tests +TARGET_DB="${NFP_TARGET_DB:-$MARIADB_DATABASE}" + CONTAINER="neuro-finetuning-platform-mariadb-1" if ! docker ps --format '{{.Names}}' | grep -q "^${CONTAINER}$"; then @@ -29,28 +41,28 @@ if ! docker ps --format '{{.Names}}' | grep -q "^${CONTAINER}$"; then exit 2 fi -echo "[1/4] Waiting for MariaDB to accept connections..." +echo "[1/4] Waiting for MariaDB to accept connections (target DB: ${TARGET_DB})..." for i in {1..30}; do - if docker exec "$CONTAINER" mariadb -u "$MARIADB_USER" -p"$MARIADB_PASSWORD" -e "SELECT 1" "$MARIADB_DATABASE" >/dev/null 2>&1; then + if docker exec "$CONTAINER" mariadb -u "$MARIADB_USER" -p"$MARIADB_PASSWORD" -e "SELECT 1" "$TARGET_DB" >/dev/null 2>&1; then break fi sleep 1 done echo "[2/4] Loading schema (01-schema.sql)..." -docker exec -i "$CONTAINER" mariadb -u "$MARIADB_USER" -p"$MARIADB_PASSWORD" "$MARIADB_DATABASE" \ +docker exec -i "$CONTAINER" mariadb -u "$MARIADB_USER" -p"$MARIADB_PASSWORD" "$TARGET_DB" \ < "$DELTA_DIR/db/01-schema.sql" echo "[3/4] Loading seed data (02-seed.sql)..." -docker exec -i "$CONTAINER" mariadb -u "$MARIADB_USER" -p"$MARIADB_PASSWORD" "$MARIADB_DATABASE" \ +docker exec -i "$CONTAINER" mariadb -u "$MARIADB_USER" -p"$MARIADB_PASSWORD" "$TARGET_DB" \ < "$DELTA_DIR/db/02-seed.sql" echo "[4/4] Loading default users (03-default-users.sql)..." -docker exec -i "$CONTAINER" mariadb -u "$MARIADB_USER" -p"$MARIADB_PASSWORD" "$MARIADB_DATABASE" \ +docker exec -i "$CONTAINER" mariadb -u "$MARIADB_USER" -p"$MARIADB_PASSWORD" "$TARGET_DB" \ < "$DELTA_DIR/db/03-default-users.sql" echo -echo "✓ Database bootstrapped." +echo "✓ Database '${TARGET_DB}' bootstrapped." echo echo " admin@finetune.ai / admin123 (superuser)" echo " testuser@example.com / test123 (user)"